Requirement Specification
| Document | Requirement Specification Draft |
| Specification name | |
| Author: | Iina Pirinen |
| Version: | 1.0 |
| Date: | 14.2.2023 |
Introduction
The purpose of this project is to create an application called Skill Collector, which is used to collect information from companies and pass it on to educational institutions. The information collected concerns the skills that companies need now and in the future from future employees. Educational institutions can choose new courses or modify the content of the courses according to the companies' answers.
About the author
The requirement specification is mainly written by Iina Pirinen, but other members of Gang de Farine have also participated in writing the requirement specification.
Iina Pirinen works as a team leader in the project, and is responsible for the documentation.
Other members of Gang de Farine have written sections related to their own field.
Short description of service/solution
The application collects pre-defined information about the characteristics and skills that companies think they need now and in the future. With the help of the application, data obtained from companies can be studied. The users of the application are business professionals who want to help educational institutions keep up with the development of the business world, and educational institutions who want to stay on top of the wave. The application serves as a tool for companies to get great employees in the future, and for the educational institution to be honored for up-to-date training.
You log into the application with a hash code, after which you can fill out the survey. The survey asks about SFIA skills, as well as other skills related to working life. The answers are stored in a database, from which the information is finally retrieved and can be viewed at educational institutions.
Business requirements
| ReqID | Description |
|---|---|
| BUSINESS-REQ-0001 | Usage of Skill Collector application should be swift and easy so companies don't waste costly working hours too much. |
| BUSINESS-REQ-0002 | Creating and sending out new hashlinks should be a quick process so Lippa personnel don't waste costly work hours |
| BUSINESS-REQ-0003 | Skill Collector should look professional so end users take it seriously. |
Stakeholder map
Stakeholders and profiles
| Stakeholde/profile | Info / Link to description | Motivation? |
|---|---|---|
| JAMK | Educational institute | Wants information about the professional field to adjust courses according to real needs |
| Companies | Wants employees in the future that have skills applicable to real work | |
| Third-party universities | Educational institute | Can also benefit from the information collected by Skill Collector |
| Gang de Farine | Link to site | Creates the product to learn working on a software project and as a portfolio piece |
Customer story's as background information
End users' story
- End user The user comes to work and notices that he has received a message from the boss: "I hope you can spend about 10 minutes of your working time on this today. Here is the hash code I got from my contact, you can log in with it". The user sits down at his desk and enters the code into the application. He notices that the application has an info message where he can quickly see how the application is used. The user fills in the necessary information for the application and clicks "save your answer". The user no longer has to think about the application.
Customer need
| ReqID | Description |
|---|---|
| CUSTOMER-REQ-0001 | As a user I would like it to take no more than 10 minutes to fill the survey |
| CUSTOMER-REQ-0002 | As a user I want to have training video |
| CUSTOMER-REQ-0003 | As a user, I would like to propose a new skills/definitions by using the Feedback-dialog |
| CUSTOMER-REQ-0004 | As a user, we require the use of HTTPS connections in the service |
| CUSTOMER-REQ-0005 | As a user, we require the use of HTTPS connections in the service |
| CUSTOMER-REQ-0006 | As a user I can select one (1) the valuable important soft skill, one (1) the important soft skill, one (1) the most important soft skill |
| CUSTOMER-REQ-0007 | As a user I can select five (5) future skills, five (5) valuable skills, five (5) important skills, five (5) the most important skills |
| CUSTOMER-REQ-0008 | As a user, I would like to use search tool to find specific skill description or more info about skill |
| CUSTOMER-REQ-0009 | As a user, I want to be able to have search functionality to find skills. |
| CUSTOMER-REQ-0010 | As a user, I must be able to cancel my choices when filling in the survey. |
| CUSTOMER-REQ-0011 | As a user, I want to see how many selections I have to make in the survey. |
| CUSTOMER-REQ-0012 | As a user, I want to receive the CSV file via email which shows the data I filled in to the survey. |
| CUSTOMER-REQ-0013 | As a user I would like to see "progress bar" over my my selections |
Customer Journey paths in Service/solution
Customer Journey path of company
Customer Journey Path of admin
Customer Journey Path of organisation/institution
Preliminary User Storys
| User Story ID | Description | Link to issue |
|---|---|---|
| US111 | As the producer of the service, I want a report on what kind of known vulnerabilities exist in the current implementation-related libraries or modules, because I need to prepare for the future | #40 |
| US110 | As the administrator of the service, I want the logs to be in a machine-readable format so that various searches and parsing can be done on them | #41 |
| US109 | As a user of the service, I hope that the service is reliable and that it uses a secure HTTPS connection, because I don't dare to use HTTP services nowadays | #42 |
| US108 | As a service producer, I want to receive feedback from end users, based on which the product can be developed better | #43 |
| US107 | As a tester, I like to use Docker containers because it makes it easier to set up a test environment | #44 |
| US106 | As a developer, I want to start a development environment quickly using containers | #47 |
| US105 | The service can be set up by running the docker-compose up command | #46 |
| US104 | As a service developer, I want to receive development feedback from the end user in the form of an Issue, because it is clearer to process further | #45 |
| US103 | As a service producer, I want to help the end user through a separate support portal without burdening the development team with extra questions | #48 |
| US102 | As a service developer, I want to receive the end user's feedback in the form of an Issue, because it is clearer to process further | #49 |
| US101 | As a service producer, I want to publish the service using Docker technology, because it makes production easier | #51 |
| US128 | As the administrator of the service, I hope that the format of the user log is visually interpretable, but it contains the attributes presented above | #53 |
| US131 | As a service administrator, I want to be able to search and visualize the collected usage log | #54 |
| US130 | User ID, time, performed function, possible status are saved in the usage log | #56 |
| US129 | As a service provider, we must be able to save active events in the service for at least the last week so that they can be viewed quickly (max 5 min) | #57 |
| US127 | As a service provider, I would like to collect a usage log related to the use of the service, based on which possible abuses can be determined | #58 |
| US126 | As a system administrator, I require that the database backup is verified on another machine or separate from the production server in date-tar.gz format | #60 |
| US125 | As a service producer, I would like to save a week's worth of usage logs on a separate server, because those who break into the service are not allowed to destroy the logs | #61 |
| US124 | As a service administrator, I want the service to be served behind a reverse proxy, so the real servers are hidden in the internal network | #62 |
| US123 | As a service producer, I want to visualize the active usage time and user numbers of the current customer base during the week, because it clarifies the understanding of the service's popularity | #63 |
| US122 | As the administrator of the service, I want the various logs to be collected at the internet border of the service | #64 |
| US121 | As a tester, I can use a pre-defined backup file as a basis for tests if necessary | #66 |
| US120 | As a data protection officer, I want to know how I can find the actions taken by a selected person in the log | #68 |
| US119 | As a service producer, I want to know what browsers our customers use, because it clarifies the development of features to serve the end customer better | #70 |
| US118 | As a service producer, I want to receive feedback from end users, based on which the product can be developed better | #72 |
| US117 | The service provider must find a data protection description information page on our service, because GDPR requires it | #74 |
| US116 | As the producer of the service, I want to publish a "release note" description of the service, where you can find the changes and existing faults | #75 |
| US115 | As a service producer, I want to monitor the usage rate of the service using the Google Analytics service, as it has been used before | #77 |
| US114 | As a service producer, I want to use labranet's gitlab registry to share containers | #78 |
| US113 | As a system administrator, I want the production database to be able to take a backup from the command line if necessary | #79 |
| US112 | The service provider must find a data protection description information page on our service, because GDPR requires it | #81 |
| US147 | As a data protection officer, I would like to check, if necessary, the actions taken by an individual in the user log at a certain point in time (default 1h)" | #83 |
| US135 | As a customer, we require the use of HTTPS connections in the service | #84 |
| US134 | For the customer, I hope to have a training video available, which I can use to inform users about the features of the application | #86 |
| US133 | As a software developer, I want to know what information about the customer is stored so that we can make a GDPR description | #87 |
| US146 | As a service administrator, I want to be able to search and visualize the collected usage log" | #85 |
| US145 | User ID, time, performed function, possible status are saved in the usage log" | #82 |
| US144 | As a service producer, we must be able to save active events in the service for at least the last week so that they can be viewed quickly (max 5 min)" | #80 |
| US143 | As the administrator of the service, I hope that the format of the user log is visually interpretable, but it contains the previously defined attributes" | #76 |
| US142 | As a service provider, I would like to collect a usage log related to the use of the service, on the basis of which possible abuses can be determined" | #73 |
| US141 | As a system administrator, I require that the database backup is verified on another machine or separate from the production server in date-tar.gz format" | #71 |
| US140 | As a service provider, I would like to save a week's worth of usage logs on a separate server, because those who break into the service are not allowed to destroy the logs" | #69 |
| US139 | As a service administrator, I want the service to be served behind a reverse proxy, so the real servers are hidden in the internal network" | #67 |
| US138 | As a service producer, I want to receive feedback from end users, based on which the product can be developed better | #65 |
| US137 | In charge of security, I hope to get a report on the security level of the software implementation, aka "npm audit" | #55 |
| US136 | As a customer, I would like to receive a summary of the product handover in the form of a Release Note, which explains the final failure situation and the level of information security | #52 |
| US132 | As a data protection officer, I would like to check, if necessary, the actions taken by an individual in the user log at a certain point in time (default 1h) | #50 |
| US322 | As a end user I can select one (1) the valuable important soft skill | #105 |
| US321 | As a end user I can select one (1) the important soft skill | #106 |
| US320 | As a end user I can select one (1) the most important soft skill | #107 |
| US319 | As a end user I can select five (5) future skills | #108 |
| US318 | As a end user I can select five (5) valuable skills | #109 |
| US317 | As a end user I can select five (5) important skills | #110 |
| US316 | As a end user I can select five (5) the most important skills | #111 |
| US315 | As a adminuser, I would like to be able check latest results in database using Admin UI/CLI | #112 |
| US314 | As a adminuser, I would like to be able export latest results from skill collector database in CSV Format | #113 |
| US313 | As a end user, I would like to propose a new skills/definitions by using the Feedback-dialog | [#114 |
| US312 | As a end user, I would like to use search tool to find specific skill description or more info about skill | #115 |
| US311 | As a adminuser, I would like use Command Line tool/script for configuration of service | #116 |
| US310 | As a adminuser, I would like use Admin UI for configuration of service | #117 |
| US308 | As a product owner, I want the ability to choose max 20 skills (5+5+5+5) from SFIA-Skills. | #119 |
| US307 | As a adminuser, I would like to set end user specific hash value using cli tool or UI | #120 |
| US302 | As a end user, I want to be able to have search functionality to find skills. | #121 |
| US303 | As a end user, I must be able to cancel my choices when filling in the survey. | #122 |
| US304 | As a product owner, I want service to have limited amount of "tokens" that end user has available filling | #123 |
| US305 | As a end user, I want to see how many selections I have to make in the survey. | #124 |
| US306 | As a end user, I want to receive the CSV file via email which shows the data I filled in to the survey. | #125 |
| US301 | As a end user I would like to see "progress bar" over my my selections | #126 |
Selected Use Case of service
Use Case of a regular user
| Use Case | Domain |
|---|---|
| Use Case 1 - User enters hash | Enter hash |
| Use Case 2 - User fills survey | Fill survey |
| Use Case 3 - User sees progress bar | Progress bar |
| Use Case 4 - User gives feedback | Give feedback |
| Use Case 5 - User gets help | Get help |
| Use Case 6 - User sees info | See info |
| Use Case 7 - User quits | Quit |
Preliminary MockUp-prototype layouts for solution/service
- Company/answerer specific hash is inputted here
- A short introduction to the questionnaire is then given, contents TBD
- The questionnaire splits skills by category, which can be browsed through buttons/navigation menu. Undecided so far.
Everything is subject to change according to user requirements, or mere whim.
System requirements
Development environment:
- Service provider for the initial hosting environment: CSC high performance computing cloud hosting service.
- Server specifications: 4 VCPU, 7.8GB RAM, DISK 80GB
- Operating system: Ubuntu-20.04
- Basic security updates and hardening
- Access via SSH
Cloud Hosting Requirements:
The project will be hosted on "CSC Clouds" with server specifications of 4 VCPU, 7.8GB RAM, and 80GB disk space running Ubuntu 20.04 with basic security patches and hardening applied. There will be both testing and production environments that are identical to each other. These servers are provided to the project for free during the development phase.
Docker Container Requirements:
The project will implement a lightweight software with a lightweight Linux distribution, resulting in a Docker image size that is likely to be below 200MB. The Docker container will require minimal resources, ensuring that it is suitable for deployment on a variety of machines. The network requirements for the Docker container will be kept to a minimum, allowing for easy deployment and integration with existing infrastructure. The goal is to make the product ready for deployment and easy to install on any machine once it is complete.
Deployment Requirements:
In order to deploy the ready Docker image, it is necessary to install Docker on the target machine. The Docker image can be pulled from a registry using either the Docker CLI or a web interface such as Docker Hub. The Docker container can then be started using the docker run command, with configuration options such as port mapping, resource limits, and environment variables specified as needed.
Software Dependencies:
The specific software dependencies of the Docker container may vary and will be documented in the Docker image's documentation or in the build context of the Dockerfile used to build the image. Currently, the software dependencies for this project are unknown but will be updated as the project progresses. The customer will initially only need to install the necessary Docker software to deploy the image. If any additional dependencies are required, a step-by-step guide for downloading and installing them will be provided to the customer.
Monitoring and Logging:
During development, the server and Docker container will be monitored using basic authentication and security logging. The development team will create automated logging for the product owner, which will be implemented during deployment. As the product becomes ready, it will be the responsibility of the product owner to monitor the logging.
Backup and Recovery:
During development, backup and recovery will be automated into daily tasks to ensure the integrity of the data. Once the product is handed over to the product owner, it will have built-in backup for the database using crontab. This will provide a reliable and efficient means of backing up and recovering the server and Docker container in the event of a failure.
Service Level Agreement (SLA) and data storage
Gang De Farine will follow the Service Level Agreement (SLA) which outlines the scope of work, performance standards, support and maintenance, data security, pricing, and dispute resolution. The SLA has been described in detail elsewhere in the documentation. Our team will provide the product to the customer and will not hold any responsibilities beyond that unless specifically agreed upon in the SLA. The customer and product owner will be responsible for validating and approving the product and its features to ensure satisfaction.
In terms of data storage and archiving requirements for the service, the implementation will utilize PostgreSQL as its database solution. The finished product will include a robust database implementation capable of generating hashes for customer use in surveys. It is important to note that the software will not collect any information that could be linked to the customer's identity. Furthermore, the implementation will follow all standards set by the General Data Protection Regulation (GDPR) to ensure that the customer's data is secure and protected.
| RequirementsID | Description |
|---|---|
| SYSTEM-HW-REQ-0002 | 1 Development and 1 Production server |
| SYSTEM-HW-REQ-0003 | Server memory capacity: 7.8GB |
| SYSTEM-HW-REQ-0004 | 4 VCPU |
| SYSTEM-HW-REQ-0005 | 80GB Disk space |
| SYSTEM-HW-REQ-0006 | Ubuntu-20.04 |
| SYSTEM-HW-REQ-0007 | SSH access only |
Constraints and standards that affect on service design
| ReqId | Description |
|---|---|
| CONSTRAINT-REQ-S00000 | End user data shall be handled in a way that complies with [EU GDPR Act] (https://en.wikipedia.org/wiki/General_Data_Protection_Regulation) |
| CONSTRAINT-REQ-S00001 | The service should be accessible by Directive (EU) 2019/882 |
| CONSTRAINT-REQ-S00002 | Service design should take into account the agreed-upon service levels and performance metrics that will be used to monitor the service's performance. |
| CONSTRAINT-REQ-S00003 | The service must be designed with usability in mind to ensure that it is easy to use and understand. |
| CONSTRAINT-REQ-S00004 | The design of the service must take into account the technical constraints and opportunities presented by available technology. |
| CONSTRAINT-REQ-S00005 | The service design must consider the ability of the service to integrate with other systems and technologies as necessary |
Service primay features and functionalities
Priorization of essential features / functions
- P1 = Mandatory
- P2 = Important
- P3 = Nice to have
Functional requirements of the service
| ReqID | Description | Affected feature? |
|---|---|---|
| FUNC-REQ-C0001 | Service admin can easily create new user hashes to the database | FEA27 Admin panel |
| FUNC-REQ-C0002 | Service admin can easily delete user hashes from the database | FEA27 Admin panel |
| FUNC-REQ-C0003 | Service admin can easily update user hashes from the database | FEA27 Admin panel |
| FUNC-REQ-C0004 | Service admin can easily check user hashes from the database | FEA27 Admin panel |
| FUNC-REQ-C0005 | Service admin can easily check user hashes from the database | FEA27 Admin panel |
| FUNC-REQ-C0006 | Admins can easily export survey data in CSV format | FEA25 Skill data exporter |
| FUNC-REQ-C0007 | End user can use the service with a hash link | FEA24 User Management |
| FUNC-REQ-C0008 | End user can find appropriate skills fast | FEA28 Skill Search |
| FUNC-REQ-C0008 | End user can find appropriate soft skills | FEA28 Skill Search |
| FUNC-REQ-C0009 | Root Admin can quickly deploy production version | FEA06 Service Containerized |
| FUNC-REQ-C0010 | Root Admin can quickly deploy test version | FEA06 Service Containerized |
| FUNC-REQ-C0011 | Service is ran through HTTPS connection | FEA10 Secured Connection |
Service non-functional requirements
Performance Requirements
| ReqID | Description |
|---|---|
| PERF-REQ-0000 | CSV exporting should be quick |
| PERF-REQ-0001 | Backups should se made without affecting performace |
| PERF-REQ-0002 | New hashes can be made in mass quantities quickly |
| PERF-REQ-0003 | Service uptime should be almost 100% |
| PERF-REQ-0004 | Instances should hold up in the event of a DDoS |
Security Requirements
| ReqID | Description | Link | |
|---|---|---|---|
| SECURITY-REQ-0001 | Non-Functional Security | Service has to have encypted connection between browser and application. | FEA10 TLS/HTTPS |
| SECURITY-REQ-0002 | Non-Functional Security | Service has to handle personal data by GDPR standards | GDPR |
| SECURITY-REQ-0003 | Non-Functional Security | Service has to be (npm) audited before release. | US137 |
| SECURITY-REQ-0004 | Non-Functional Security | Informational security report in the Release Note | US136 |
| SECURITY-REQ-0005 | Functional Security | Server must keep usage logs. | FEA05 |
Accessibility Requirements
| ReqID | Description |
|---|---|
| USAB-REQ-0000 | The service will meet WCAG 2.1 Accessibility guidelines on the basic level |
| USAB-REQ-0001 | User interface should be visible in high contrast mode. |
| USAB-REQ-0002 | Font size will be large enough for better viewing experience. |
| USAB-REQ-0003 | The user inteface can be operated with keyboard only. |
Quality Assurance
All features and the whole service need to be extensively tested before the release. We need to do the testing from the end users' point of view but also test the functionalities related to the admin users of the service. The service is going to go through functional, performance, security and availability testing. All the tests will be shown with detail in the master test plan.
- Link to Master Test Plan
Preliminary Acceptance Tests
With acceptance tests we can determine if the service is efficient and secure enough for the end users.
| AcceptanceTestId | Description | Feature |
|---|---|---|
| ACCTEST001 - Acceptance Test 1 | Verify that customer feedback system is working | FEA03 Customer Feedback-system 1.0 |
| ACCTEST002 - Acceptance Test 2 | Verify that skill highlighting works correctly | FEA31 Highlight suitable skills |
| ACCTEST003 - Acceptance Test 3 | Verify that the progress bar works correctly | FEA30 Progress bar |
| ACCTEST004 - Acceptance Test 4 | Verify that user authorization is secure and working | FEA26 User authorization |
| ACCTEST005 - Acceptance Test 5 | Verify that data can be exported to csv | FEA22 Data csv exporter |
Software architecture, placement view, database description, and integrations
The system topology can be seen from the picture below, and the link contains a page with more detailed explanations.
- Link to Software architecture
Deployment diagram
Integrations with other systems
- Link to Software architecture
General view of integrations as UML Deployment Diagram
Describing integration as a sequence diagram
Skill Collector - Doorbell.io
Standards and sources
| ID | Linkki | |
|---|---|---|
| JHS 165 ICT | http://www.jhs-suositukset.fi/c/document_library/get_file?uuid=b8118ad7-8ee4-459a-a12b-f56655e4ab9d&groupId=14 | Vaatimusmäärittely |
| SO 9241-11 | https://fi.wikipedia.org/wiki/K%C3%A4ytett%C3%A4vyys | Käytettävyys |
| ISO9001 | https://www.sfs.fi/julkaisut_ja_palvelut/tuotteet_valokeilassa/iso_9000_laadunhallinta/iso_9001_2015 | - |
| - | - | - |