Scribd
Upload
35 views

Hard Code 2013 Basic Requirements

The document outlines basic functional requirements for a marketplace application. It specifies that registered and non-registered users can browse, search for items, and view item details. Registered users can post, edit, and delete their own items. Administrators can delete any item and deactivate registered users. Items have attributes like title, description, price, and expiration dates. The application allows registered users to communicate about items via a secure messaging system within the application, but does not handle payments. Security requirements include protecting against vulnerabilities and logging certain user and system events.

Uploaded by

vic900
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
35 views

Hard Code 2013 Basic Requirements

The document outlines basic functional requirements for a marketplace application. It specifies that registered and non-registered users can browse, search for items, and view item details. Registered users can post, edit, and delete their own items. Administrators can delete any item and deactivate registered users. Items have attributes like title, description, price, and expiration dates. The application allows registered users to communicate about items via a secure messaging system within the application, but does not handle payments. Security requirements include protecting against vulnerabilities and logging certain user and system events.

Uploaded by

vic900
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Ref#

BA
BA01

BasicFunctionalRequirement
UserAccountsandAccountActions
TheApplicationallowsbothNonRegisteredUsersandRegisteredUsersto: 1. Browsethewebsiteand 2. SearchforItems TheApplicationallowsuserstocreateloginaccounts(theApplicationshouldsupportRegisteredUsers)and allowsRegisteredUserstologinandlogoutoftheApplication. TheApplicationallowsRegisteredUserstodeletetheiraccountandeasilyremovealltheirdatafromthe Applicationinbothcases,itshouldbeaseasyasgoingtotheuserprofilepage,clickingonaDeleteYour AccountorDeleteAllYourUserDatabuttonandconfirmingtheaction. TheApplicationsupportsthecreationofAdministratoraccountsandallowsAdministratorstologinandlogoutof theApplication. AdministratorscandeactivateanyRegisteredUser.

BA02 BA03

BA04 BA05

BB
BB01 BB02 BB03 BB04

Items
RegisteredUserscanpostItemsanddeleteItemsthattheyposted. RegisteredUserscaneditItems. AdministratorscandeleteanyItempostedtotheApplication. WhenItemsarecreated,thefollowingattributesarecreatedforeachItem: 1. Title 2. Description 3. Price 4. ItemCreationTime(whentheItemwaspostedtotheApplication)

BB05 BB06 BB07

Itemsareassignedanexpirationdate.AnexpiredItemshouldonlybevisibletotheRegisteredUserwhocreate theItemandAdministrators. AllitemsshouldbeassociatedwithaRegisteredUser.

RegisteredandNonRegisteredUserscanviewItemdetailsbyclickingonlinksshowninsearchresults(seeBC andwhereItemsarelisted(forexample,iftheoptionalVirtualShopsareimplemented,byclickingondisplayed Items).Itemdetailswillinclude: 1. Title 2. Description 3. Price 4. ItemCreationTime 5. SellerName 6. Abuttontocommunicate/messagetheSellerasdescribedinBD

BC
BC01

Search

TheApplicationallowsRegisteredandNonRegisteredUserstosearchforItemsbasedonanyofthefollowing Itemfields: 1. Title 2. Description 3. Price Thiswillbeabasicsearchfunctionalitybasedonasinglekeywordorasingle,exactstring(exactmatchonly). Thatis,thesearchdoesnotneedtosupporttheabilitytoparsemultiplekeywordsorderivationsofkeywords.Fo example,asearchforthetermmathtutorwillONLYmatchonmathtutorandNOTmathbyitself,tutorby itself,variationslikemathtutorsortutoringmath,etc.

TheabilitytoparsemultiplekeywordsandderivationsofkeywordsiscoveredintheoptionalrequirementOC01 BC02 SearchresultswilldisplaytheTitle,Description,andPriceforeachItemfound.

BD
BD01

Buyer/SellerCommunication
BuyersusetheApplicationtocommunicatewithSellersinordertonegotiatefinalprice,terms,andmeansfor payment.TheApplicationdoesNOTprovideanypaymenttransactionservices.TheApplicationwillprovidea webbaseduserinterfaceforcommunication.TeamscanbecreativeinhowBuyersandSellerscommunicate throughtheApplicationswebinterface(webbasedemail,instantmessaging,etc.),andteamswillbeawarded bonuspointsforgoodexecutionorcreativeimplementations.

TheApplicationshouldnotrequireuserstosignupforexternalaccountsordiscloseinformationonexternal accounts.Thatis,teamsshouldnotrelyonexistingcommunicationserviceslikeGmail,Google+,existinginstan messagingservicesorthelikewhendevelopingthecommunicationsystem.Theoneexceptionallowedforusing existingexternalcommunicationandsocialmediaistheuseofvotingonItemsorSellersviatheGoogle++1 buttonorsimilar(seeoptionalrequirementOD02). BD02 BD03 OnlyRegisteredUserscanusetheApplicationscommunicationsystem.

Ataminimum,eachcommunicationshouldincludeanddisplaytocommunicatingparties: 1. Senderinformation(RegisteredUserID) 2. Recipientinformation(RegisteredUserID) 3. Dateandtimethemessagewassent 4. Content/bodyofthemessage 5. IfthecommunicationisrelatedtoanItem,theItemtitleandthepriceoftheItematthetimethattheBuye initiatedthecommunicationshouldalsobedisplayedtobothparties. Messagerecipientscanrespond/replytocommunications. AmessagecanbesenttomultipleRegisteredUsers.

BD04 BD05 BD06

Messagingshouldbesecuredwiththefollowingfeatures: Encryptedcommunicationprotocolsareused(i.e.,SSL) Messagecontentandinformationaboutthemessagesenderandrecipientarenotleakedtopeoplewho arenotrecipientsofthemessage. Personalinformationisnotdisclosedbythemessagingsystem(forexample,unlessthesenderdecidest sendtheirnameandaddress,thisinformationwillnotbeincludedbytheApplication).Onlymessage recipientsandthesendercanseethesendersandotherrecipientsRegisteredUserIDs.

BE
BE01

Security&Privacy
TheApplicationwillbesecuredfromcommonwebsecurityvulnerabilitiessuchasCrossSiteScripting(XSS), CrossSiteRequestForgery(CSRF),SQLInjection(ifapplicable),andapplicationsecuritylogicflaws(for example,authenticationbypass).

BE02

TheApplicationwillgeneratealogofeventsthatcanbeusedtoinvestigatepotentialsecuritybreaches.Thelog shouldcontain: 1. ChangestoItems 2. ChangestoaccountsettingsforRegisteredUsersandAdministrators 3. Changestoapplicationsettings(actionsthatcanbeperformedbyAdministrators) 4. ChangestoVirtualShops(optionalifimplemented) 5. Logsofusercommunicationmessageswhichincludesonlythefollowing: a. SenderuserID b. RecipientuserID c. Date/timestamp d. ItemTitle(ifapplicable)

You might also like