Software and Hardware System Requirements for a Project

Chapter 5Requirement AnalysisThe chapter describe security model demand and which is cat egorised on the dry land of exploiter interaction and ad hocation of package and hardw are demand. Besides its overview regulations specialise to the assorted substance ab exploiter.5.1 software package RequirementNameDetailssOperating SystemWindows XP and UpperDatabase ServerMySql, XMLFront EndNetbeans 7.2, JSP, Java SDK 6.0Application ServerTomcat 6.0BrowserIE 5.0 and Upper or Mozilla, Google ChromeT qualified zero(prenominal)4.1 Software Requirement5.2Hardware RequirementNameDetailssProcessorPentium IV and supra.Random-access memory256MB and aboveHard Drive40 GBNetworkLocal area networkT fitting No 4.2 Software Requirement5.3High aim Process DiagramsA high compass point description of the demands of the trade union movement is to screw item defined maps utilizing a common platform, whilst other maps for content, enrollment, individuality direction, and increase security to single finishs pass on be outside the range of the undertaking and this range is detailed in the diagram belowFigure 5.1 background knowledge of the UndertakingThis stage of the undertaking leave al whizz cover individual calculate h eithermark and provide merely convey username and call to authenticate a weave post user.The demands are split into four subdivisionsgeneric demandsSelf government activity functionalityDelegated organisation functionality assistance Desk government.The generic wine wine demands pull up stakes embrace certain facets that are generic across the ego disposal and delegated disposal functionality. The undertaking go away symbolize the following generic demands for self disposal and delegated disposalFigure 5.2 Generic demands for self disposal and delegated disposalThe undertaking leave presend the following self disposal functionalityFigure 5.3 Self disposal functionalityThe undertaking get out excessively present the followers delegated dis posal functionalityFigure 5.4 Delegated disposal functionalityThere depart excessively be the undermentioned avail Desk disposal functionality that will be delivered by the undertakingFigure 5.5 Aid Desk disposal functionality5.4 substance abuser groupsUser groupDescriptionExternal meshing put userAn external sack up land site visitant to any tissue site or actionAdministratorAn internal end recogniser who will hold the potentiality to supply rise to power direction to coat unique(predicate) external web site usersHelp Desk AdministratorAn internal end maker who will hold the potentiality to back up the security model and users of the modelT competent No 5.3 User Groups5.5 Requirements5.5.1 Generic demandsGEN-0011-Rule-2For Self disposal and purpose maker for delegated disposal enrollment shapes, the development Fieldss essential be blank on depression burden of the signifier.GEN-0011-Rule-3The dodging will non auto-generate usernames for ending makers for delegated disposal. The usernames will be entered manually.GEN-0011-Rule-4When the web site user receives the invitation electronic light and clicks the URL to lade the enrollment signifier, the username on the signifier will be pre-populated and not-editable.GEN-0011-Rule-5Auto-complete moldiness be circuit to murder.GEN-0011-Rule-6Password and replies to security inquiries moldiness be obscured.GEN-0011-Rule-7The username can non be an e get off reference.GEN-0011-Rule-8The website user must vomit up 4 security inquiries, of which 2 will be wantonly shown during future hallmark procedures.GEN-0011-Rule-9Security replies must nonBe cleanRepeat replies across the inquiriesBe individual persona or address repliesGEN-0011-Rule-10The replies to the security inquiries will be a marginal 3 alphameric characters, with a maximal 20 alphameric characters and must non take the undermentioned fussy characters ? $ % ? / or GEN-0011-Rule-11Website users will merely be translateed f or exercises/websites within a pre-defined group, i.e. for either BHW industrys or transnational finishingsGEN-0011-Rule-12The format of the username will be a minimal 6 alphameric characters, with a stop number spring of 20 alphameric characters and must non interconnected the undermentioned circumstance characters ? $ % ? / or The username will be congressman sensitive.GEN-0011-Rule-13The format of the shout will be a minimal 8 alphameric characters, with a f number limit of 20 alphameric characters and must be guinea pig sensitive.GEN-0011-Note-1The application specific demands for informations gaining control are non documented in this DBRS and will be documented at the application specific degree.GEN-0011-Note-2The signifier will non capture opt-in /opt-out for selling intents. This will be done at application degree and non at the security degree.GEN-0011-Note-3Website users will be able to register for specific wares at an application degree.GEN-0011-Note-4The we bsite user will merely be able to take a security interrogation one time from the list, i.e. the inquiry selected in Security inquiry 1 will non look in the dropdown for Security inquiry 2 and so on.GEN-0011-Note-5Any individuality inner(a) informations, i.e. name and reference, will be captured at an application degree.GEN-0012Send electronic mail verification on successful enrollment to the web site userGEN-0012-Note-1A byplay determination has been made to go on with the preferable plectrum that does non necessitate email confirmation and therefore to merely hold one measure enrollment. The website users will have an electronic mail corroborating that they have registered successfully.GEN-0012-Note-2 Without capturing more(prenominal) informations on the enrollment signifier, any electronic mails that are sent will non be customised to the website user and the salute will be Dear User.GEN-0013Post lumber-in, all designated assets ( pages ) will be protected by the Security curriculum.GEN-0020The watchword volume must be either medium or strong and must be displayed on the undermentioned signifiersRegistrationChange watchwordSecurity at heart informationsGEN-0020-Rule-1Mandatory ( 1 point each and a entire 2 points in the marking mechanism )Minimum of8 characters in lengthMaximum of 20 characters in lengthA combination of letters and at least 1 numeralOptional ( 1 point each )At least one particular character from this list , , $ , , & A , _ , , A mixture of upper and lower instance lettersPoints scoredDisplay& lt = 2Weak ( Red saloon )3Medium ( Amber saloon )4Strong ( Green saloon )GEN-0020-Rule-2The watchword stance saloon will expose the coloring material and besides the diction to follow with the ingressibility criterionsGEN-0020-Rule-3On page burden the watchword strength index will be clean.GEN-0030The enrollment signifier must incorporate Captcha functionalityGEN-0030-Rule-1The Captcha functionality must follow with the Accessibility criterionsGEN-0030-Rule-2The Captcha functionality must be instance sensitive.GEN-0040Provide registered website users with the competency to login to an application or merchandise on any web site that has migrated to the Security FrameworkGEN-0040-Note-1While the website user will be able to login to any web site or application, they may be required to register for each merchandise at an application degree.GEN-0050Website users must be able to reset their watchword through and through disregarded watchword functionalityGEN-0050-Rule-1The website users must do 2 security inquiry ( s ) right to reset their watchword.GEN-0050-Rule-2The 2 inquiries will be displayed indiscriminately for the set of 4 inquiries answered on initial enrollment.GEN-0060Website users must be able to recover their username through disregarded username functionality to doctor their powerfulness to log in.GEN-0060-Rule-1An electronic mail will be generated incorporating the website users username.GEN-0070A website users account will be locked if the website user exceeds the maximal figure of login efforts or fails to reply their security inquiries rightGEN-0070-Rule-1There should be 2 error messagesFor inputting monstrous indoors informations, e.g. username and watchwordFor autobiography lockupGEN-0070-Note-1The figure of login efforts and replying of security inquiries should be set to 3 efforts, so the account is locked and an enlightening mistake message is displayed.GEN-0070-Note-2For the account open up procedure, web site users will be advised to reach the Help Desk in order to unlock their history.GEN-0070-Note-2There will be triple history lock out full stops. The starting line two lockouts will be impermanent and last for 20 proceedingss. The concluding lockout will be undestroyable and necessitate Helpdesk to unlock the history.GEN-0080The system must be able to run out a web site users password at a specified interval, e.g. monthlyPremiseThe watchword termination w ill be set at a generic degree and if an application requires an alternate watchword termination policy, this must be applied at the application specific degreeGEN-0090The system must be able to stop a user session after a specified period of inertia on the web site.GEN-0090-Rule-1The in agreement length of dress for the period of inaction must be set across the platform and non at application degree.GEN-0090-Rule-2The inaction timeout will be configured to 20 proceedingss.GEN-0100Functionality must be provided to let the website user to log out of the Security Framework.GEN-0100-Note-1The logout user transit will be an application degree specific user journey.GEN-0100-Note-2This will be locally configurable for each concern unit.GEN-0110Provide individual sign-on capableness much(prenominal) that when a website user registries for one web site or application, they are able to login to another web site or application.GEN-0110-Note-1While the website user will be able to login to any web site or application, they may be required to register for each merchandise at an application degree.GEN-0120The system should supply scrutinizing and describing functionality of both self disposal web site users and delegated disposal web site users.GEN-0120-Note-1 This functionality will be provided to the Help Desk Administrators as a theatrical role of the Oracle Identity and Access merchandise suite.GEN-0120-Note-2Any web analytical coverage will be provided through the Omniture toolGEN-0130The system should supply scrutinizing and describing functionality of the decision makers using the delegated disposal toolsGEN-0130-Note-1 This functionality will be provided to the Help Desk Administrators as a portion of the Oracle Identity and Access merchandise suite.GEN-0130-Note-2Any web analytical coverage will be provided through the Omniture toolGEN-0140The concern units should supply an attack and procedure for managing website users concerned with possible history via m edia, whether this be via electronic mail or via a auspicate CentreGEN-0150The system must dispute an terminal user when theyAttempt to entree unauthorized contentAttempt to entree via a bookmark when already logged outGEN-0160The system shall be capable of observing that a user is enter in a 2nd clip from a different topographic point, in which instance the installation should be configurable to reject the 2nd session, end the bing session, or consent to coincident Sessionss.Table No.5.4 Generic demands5.5.2 Self disposal demandsRqt No.DescriptionSource/OwnerPrecedenceSA-0020Provide registered and logged in website users with self disposal capablenesss to alter their generic security inside informationsSA-0020-Rule-1A website user must be able to amend the undermentioned security inside informationsEmail referencePasswordSecurity inquiries and repliesSA-0020-Rule-1A website user will non be able to amend the username.SA-0020-Note-1Any application or merchandise specific informat ions will be amended at application or merchandise degree and as such will non be documented in this DBRS and will be documented at the application specific degree.SA-0021The system must direct an electronic mail to the registered web site user when an amendment has been made to their inside informationsSA-0021-Rule-1The electronic mail must province which inside informations have been amended, butnonwhat the inside informations have been changed from or to.SA-0021-Rule-2If the web site user has amended their electronic mail reference, the system must direct an electronic mail to the old and new electronic mail references advising of the amendment.SA-0021-Note-1This electronic mail will besides incorporate instructional schoolbook for the web site users in instance they are concerned that their history has been compromised.Table No. 5.5 Self disposal demands5.5.3Delegated disposal demandsRqt No.DescriptionSource/OwnerPrecedenceDA-0010Provide decision makers with delegated disposal capablenesss to make an history for external web site usersDA-0010-Rule-1decision makers will merely be able to register Website users for applications/websites within a pre-defined group, i.e. for either BHW applications or international applications.DA-0010-Rule-1decision makers will non be able to utilize the same username across pre-defined groups as the username must be alone.DA-0011Provide decision makers with the ability to advise website users of their enrollment inside informations via an invitation electronic mailDA-0011-Rule-1The point at which the invitation electronic mail is sent to the website user will be configurable for each application, i.e. the electronic mail may be sent when the user has been created by the decision maker or at a ulterior phase following updating of application specific history inside informations.DA-0012Provide decision makers with delegated disposal capablenesss to modify an bing history electronic mail referenceDA-0012-Rule-1The system must direct an electronic mail to the registered web site user when an amendment has been made to their inside informations by the decision maker.DA-0012-Note-1The decision maker will merely be able to modify the electronic mail reference for an history.DA-0013Provide decision makers with the ability to seek for an bing web site user by username and/or electronic mail.DA-0013-Rule-1The hunt capableness will be application degree particular and will non return users non registered for that application.DA-0014Provide decision makers with delegated disposal capablenesss to disenable and enable an bing history from the applicationDA-0014-Rule-1The decision maker will merely be able to disenable an bing history from the specific application the decision maker is logged into.The decision maker will merely be able to enable an history if it has antecedently been modify from the application.DA-0014-Rule-2Presentment must be sent to the Help Desk decision makers when a user has been disabled for a specific application.DA-0014-Rule-3Presentment must be sent to the bing user when their application particular history has been enabled.DA-0015Provide decision makers with the ability to re-send an invitation electronic mail to a website user during the URL expiry period and post the URL expiry period.DA-0015-Rule-1This functionality will merely be available if the web site user has non logged in and completed their profile for the first clip.DA-0015-Rule-2If the invitation is re-sent during the expiry period, so the URL from the initial electronic mail will be invalid and the expiry period will be resetDA-0020Invitation electronic mails from the delegated decision maker must incorporate the undermentioned information for the website userUser nameEncrypted URL to automatically log the user into their historyDA-0020-Rule-1The URL will run out on first successful usage and the website user must alter the watchword, enter their personalised inside informations, select the security inquiries and input their replies to their chosen security inquiries on loginDA-0020-Rule-2The fresh URL should be expired after a configurable clip period and the recommendation is that this is less than 2 hebdomads.DA-0020-Rule-3As a lower limit the watchword must be encrypted.DA-0030Hard transcript invitations could be sent from the delegated decision maker and must incorporate the undermentioned information for the website userUser nameImpermanent watchwordFriendly URLDA-0030-Rule-1The impermanent watchword will run out on first usage and the website user must alter the watchword, enter their personal inside informations, select the security inquiries and input their replies to their chosen security inquiries on loginDA-0030-Note-1The ability to capture reference inside informations for poster of the difficult transcript invitations has non been captured in this DBRS and will be documented at the application specific degree.DA-0030-Note-2The concern procedure for the despatching of the difficult transcript invitation is out of range of the Security Platform and must be put in topographic point by the concern unitsDA-0040Provide decision makers with the screens and functionality for the delegated disposal which will be deployed at an application specific degree.DA-0060Provide decision makers with the ability to re-enable a user that has antecedently been disabled from the applicationDA-0070Provide decision makers with the ability to seek for handicapped users by username or electronic mail.Table No 5.6 Delegated disposal demands5.5.4Help desk disposal demandsRqt No.DescriptionSYS-0010Provide Help Desk decision makers with the ability to expect for an historyModify an historyDisable an historyEnable an historyDe-register an history from the security modelRe-register an history on the security modelDe-register an history from an applicationRe-register an history to an applicationUnlock an historyReset watchwordUpload users in majoritySYS-0010-Rule-1The Help D esk decision makers will be able to de-register an history at the security model degree. This will forestall the website user from logging into any application and sites.SYS-0010-Rule-2Presentment must be sent to each of the decision makers when a user has been de-registered at the security model degreeSYS-0010-Rule-3Presentment must be sent to the bing user when their history has been de-registered from the Security FrameworkSYS-0010-Rule-4Presentment must be sent to the bing user when their history has been modified in any manner on the Security Framework.SYS-0010-Note-1 This functionality will be provided to the Help Desk Administrators as a portion of the Oracle Identity and Access merchandise suite.SYS-0010-Note-1An electronic mail will be sent to the terminal user for the alteration of each property.Table No. 5.7 Aid desk disposal demands