Requirement Specification
| Document: | Requirement Specification draft |
| Specification name | Req Spec for Tukko |
| Author: | Leevi Kauranen, Janika Ruoranen |
| Version: | 1.0 |
| Date: | 22.2.2024 |
Introduction
Combitech Oy gave a project assignment to WIMMA Lab 2023's team IoTitude, during which IoTitude developed the Tukko Traffic Visualizer service. The service utilizes public traffic APIs, to create a map with visualized traffic data. Our project involves working with this mentioned open-source service, specifically aiming to implement new features, and fulfilling requirements for the service. While working with the project and implementing new features and changes, we need to follow safe coding practices and maintain the integrity of the service to keep it user friendly and safe to use. New features and requirements will be mentioned in this documentation.
Client
Subscriber of this requirements specification is Reima Parviainen, as he is the product owner o Tukko 1.0, wich is used by our client Combitech. The requirement specification serves as a formal document that outlines the specific needs, features, and functionalities that we are developing for Tukko 1.1.
About the author and project team
My name is Leevi Kauranen and im acting as the team lead in our team CodeMonkes. Our team consists of 6 students with huge passion towards learning and honing our skills toward full-stack development, project management, testing, security and most importantly, working as an effective team. Our team is specified on cyber security, so most of our focus is on improving the security aspects of TUKKO. More about us: Team introduction
Short description of service/solution
Tukko is a real-time traffic visualizer service that offers users valuable insights into current road conditions. It aggregates data from multiple sources and presents it visually, allowing commuters to plan efficient routes and avoid traffic congestion. Beyond individual users, Tukko serves transport companies, city planners, and authorities by providing data-driven insights for route optimization and infrastructure planning. It empowers commuters to make informed decisions while on the road, enhances transportation efficiency for businesses, and aids city planners in improving urban mobility. By offering alerts and notifications about accidents or road closures, Tukko ensures users stay updated and can adapt their travel plans accordingly. Ultimately, Tukko plays a pivotal role in managing traffic flow, reducing congestion, and enhancing overall transportation effectiveness for stakeholders across various sectors.
Business requirements / goals?
| ReqID | Description |
|---|---|
| BUSINESS-REQ-0001 | The service should deliver high-quality results and meet specified standards. |
| BUSINESS-REQ-0002 | The service must adhere to relevant laws, regulations, and security standards. |
| BUSINESS-REQ-0003 | The service should enhance the overall customer experience, fostering loyalty and positive reviews. |
Stakeholder map
Stakeholders and profiles
| Stakeholde/profile | Info / Link to description | Motivation? |
|---|---|---|
| CodeMonkes | Link to the website | Creates the given features |
| Combitech | Client | Wants more features to the Tukko Traffic Visualizer |
| JAMK | Fostering the Future Factory (IT) course | Collaboration between students and real life companies |
| End user 1 | End User 1 | Uses Tukko to plan fastest route from home to work |
| End user 2 | End User 2 | Uses Tukko to check traffic status on his route to cottage |
Customer storys as background information
-
As a commuter, User 1 Maija seeks to leverage the traffic visualizer tool to efficiently plan his daily journey from home to work. He desires a seamless experience that empowers him to navigate through traffic with ease and arrive at his destination in the shortest time possible.
-
With a desire to ensure a smooth journey to his cottage, User 2 Matti relies on Tukko to assess traffic conditions along his route. He aims to stay informed about potential delays or congestion, enabling him to plan his travel effectively and minimize any disruptions to his weekend getaway.
Customer need
Consider what kind of wishes / needs the end user has regarding the service? Interview some potential users in a real life situation?
| ReqID | Description |
|---|---|
| CUSTOMER-REQ-0001 | As a user, the service should be available consistently without errors or interruptions. |
| CUSTOMER-REQ-0002 | As a user, the service must protect users' personal information and adhere to privacy regulations. |
| CUSTOMER-REQ-0003 | As a user, the service must be compatible with various devices and integrate seamlessly with other tools. |
| CUSTOMER-REQ-0004 | As a user, the service should allow users to customize settings and personalize their experience. |
| CUSTOMER-REQ-0005 | As a user, I want to be able to sign in the service and save my favorite LAM stations. |
Customer Journey paths in Service/solution
Preliminary User Storys
| User Story ID | Description / link to issue |
|---|---|
| US001 | As a user, I want to be able to compare different LAM stations side by side. #73 |
| US002 | As a user, I want to be able to create an account and securely authenticate myself to the web app. #74 |
| US003 | As a data analyst, I want to export data to csv from the database. #75 |
| US004 | As a customer, I want secure authentication mechanisms, such as password hashing and session management, to protect user accounts. #76 |
| US005 | As a user, I want to save some favourite LAM stations to my account. #77 |
| US006 | As a user, I want data analytics pipelines that process and transform the raw traffic data into meaningful information. #78 |
| US007 | As an administrator, I want developers to identify and optimize performance bottlenecks in the backend code to improve response times and reduce resource usage. #79 |
| US008 | As a user, I want e-mail summaries of road work and traffic situations. #80 |
| US010 | As a user, I want to export history data from specific dates. #81 |
| US011 | As a user, I want to choose an area and count average traffic. #82 |
| US012 | As a user, I want to see road tolls in Nordic countries. #83 |
| US013 | As a developer, I want to visualize the analyzed data in a user-friendly way, such as charts and graphs, to facilitate understanding and decision-making. #84 |
| US014 | As a user, I want the backend to have secure API endpoints to protect against unauthorized access and data breaches. #85 |
| US015 | As a system administrator, I want to configure rate limiting on certain API endpoints, so that the system can prevent abuse and ensure fair usage of resources. #86 |
| US016 | As a user, I want the backend to have proper authentication and authorization mechanisms to ensure only authorized users can access and modify data. #87 |
| US017 | As a developer, I want to regularly scan the codebase and dependencies for known security vulnerabilities and address them promptly. #88 |
| US018 | As a developer, I want to enforce secure coding practices, such as input validation and output encoding, to prevent common security vulnerabilities like cross-site scripting (XSS) attacks. #89 |
| US019 | As a developer, I want to have an automated security testing pipeline that detects and reports security issues during the development process. #90 |
| US020 | As a developer, I want to have different environments (staging, testing, production) with automated deployments to ensure smooth and controlled releases. #91 |
| US021 | As a developer, I want to set up a CI/CD pipeline that automatically builds, tests, and deploys the web app to different environments, such as staging and production. #92 |
| US022 | As a developer, I want to have automated tests that run as part of the CI/CD pipeline to ensure the quality and correctness of the deployed code. #93 |
| US023 | As a product owner, I want to collect and analyze usage data of the web app to gain insights into user behavior and make data-driven decisions. #94 |
| US024 | As a developer, I want to implement logging and error tracking mechanisms to capture and analyze any issues or errors occurring in the web app. #95 |
| US025 | As a developer, I want to integrate analytics tools, (NOT Google Analytics), to track and monitor user interactions and performance metrics. #96 |
| US026 | As a platform engineer, I want to set up log management and analysis tools, such as ELK stack, to centralize and analyze logs for troubleshooting and performance optimization. #97 |
| US027 | As a platform engineer, I want to set up a scalable and resilient infrastructure using containerization, such as Docker, to ensure easy deployment and management of the web app. #98 |
| US028 | As a platform engineer, I want to configure security measures, such as SSL/TLS certificates and secure network configurations, to protect the web app and its data from unauthorized access. #99 |
| US029 | As a platform engineer, I want to implement an automated build and deployment pipeline using tools like GitLab CI/CD to streamline the release process and ensure consistent deployments. #100 |
| US030 | As a platform engineer, I want to configure and manage a cloud-based infrastructure, such as CSC Pouta server, to ensure high availability and scalability of the web app. #101 |
| US031 | As a platform engineer, I want to set up monitoring and alerting systems, such as Prometheus and Grafana, to proactively monitor the health and performance of the web app and quickly respond to any issues. #102 |
| US032 | As a platform engineer, I want to implement automated backups and disaster recovery mechanisms to ensure data integrity and minimize the impact of any potential failures or data loss. #103 |
| US033 | As a platform engineer, I want to establish automated testing and quality assurance processes to ensure the stability and reliability of the web app across different environments. #104 |
| US034 | As a platform engineer, I want to keep good documentation of the architecture and pipelines. #105 |
| US035 | As a platform engineer, I want to regularly update and patch the underlying technology stack, including React, MongoDB, Redis, TypeScript, Express, Node.js, to ensure the web app benefits from the latest features, improvements, and security fixes. #106 |
| US036 | As an platform engineer, I want the containers doubled, if one crashes, another pops up. #107 |
| US037 | As an administrator, I want to monitor server loads with a GUI. #108 |
| US038 | As a developer, I want to have automated tests for both frontend and backend code to ensure the reliability and correctness of the web app. #109 |
| US039 | As a developer, I want to set up continuous integration (CI) and continuous deployment (CD) pipelines to automate the testing and deployment processes. #110 |
| US040 | As a tester, I want to implement Robot Framework and browser libraries. #111 |
| US041 | As a user, I want the web app to be accessible and usable for people with disabilities, including support for screen readers and keyboard navigation. #112 |
| US042 | As a developer, I want to follow accessibility best practices and guidelines, such as WCAG 2.2, to ensure the web app meets accessibility standards. #113 |
| US043 | As a developer, I want to conduct accessibility testing and address any accessibility issues identified by users or automated tools. #114 |
| US044 | As a user with assistive technologies, I want the web app to have proper semantic markup and ARIA attributes, so that my assistive devices can interpret and navigate the content accurately. #115 |
| US045 | As a user, I want the dark mode colors to not pop out as much. #116 |
| US046 | As a user with color blindness, I want the web app to have sufficient color contrast between text and background elements, so that I can easily read and understand the content. #117 |
| US047 | As a user, I want to have favorite LAM stations which I can follow under my user. #118 |
| US048 | As a user, I want road condition reports. #119 |
| US049 | As a user, I want to be able to plan the best route from place A to place B. #120 |
| US050 | As a user, I want to follow statistics on my chosen stations and routes. #121 |
| US051 | As a security specialist, I want all the GitLab Security dashboard problems mitigated. #122 |
| US052 | As a user, I want to search location by name. #123 |
| US053 | As a user, I want to see traffic situation in Sweden. #124 |
| US054 | As a user, I want to see traffic situation in Norway. #125 |
| US055 | As an administrator, I want to protect my application with Web Application Firewall. #126 |
| US056 | As a security specialist, I want to harden all the containers. #127 |
| US057 | As a security specialist, I want to have controls over who can access the server. #128 |
| US058 | As a Swedish person, I want to use the user interface in my native language, Swedish. #129 |
| US059 | As a Norwegian person, I want to use the user interface in my native language, Norwegian. #130 |
| US060 | As a product owner, I want the testing to include exploratory testing. #131 |
| US061 | As a team member I want to have maintainable documentation #132 |
Selected Use Cases of service/solution
| Use Case | Domain |
|---|---|
| UC01 - Securely authenticate user accounts | Security |
| UC02 - Save favorite LAM stations to user account | Traffic Visualizer |
| UC04 - Secure API endpoints | Security |
| UC05 - Configure rate limiting on certain API endpoints | Backend |
| UC06 - Enforce secure coding practices | Security |
| UC07 - Implement automated security testing pipeline | Security |
| UC08 - Harden all the containers | Security |
| UC09 - Protect application with Web Application Firewall | Security |
| UC10 - Plan routes from place A to B | Traffic Visualizer |
Preliminary MockUp-prototype layouts for solution/service
This MockUp is related to the feature FEA107.
System requirements
| RequirementsID | Description |
|---|---|
| SYSTEM-HW-REQ-0001 | Frontend server has to have atleast 4VCPUs |
| SYSTEM-HW-REQ-0002 | Backend server has to have atleast 4VCPUs |
| SYSTEM-HW-REQ-0003 | Frontend server memory capacity has to be atleast 2Gb |
| SYSTEM-HW-REQ-0004 | Backend server memory capacity has to be atleast 2Gb Frontend |
Constraints and standards that affect on service design
| ReqId | Description |
|---|---|
| CONSTRAINT-REQ-S00000 | End user data shall be handled in a way that complies with EU GDPR Act |
| CONSTRAINT-REQ-S00001 | The service should be accessible by Directive (EU) 2019/882 |
| CONSTRAINT-REQ-S00002 | Service design should take into account the agreed-upon service levels and performance metrics that will be used to monitor the service's performance. |
| CONSTRAINT-REQ-S00003 | The service must be designed with usability in mind to ensure that it is easy to use and understand. |
| CONSTRAINT-REQ-S00004 | The design of the service must take into account the technical constraints and opportunities presented by available technology. |
| CONSTRAINT-REQ-S00005 | The service design must consider the ability of the service to integrate with other systems and technologies as necessary |
Service primay features and functionalities
-
Describe main features by using Product Mind Map?
-
P1 = Mandatory
- P2 = Required
- P3 = Nice to have
Functional requirements of the service
| ReqID | Description | Affected feature? |
|---|---|---|
| FUNC-REQ-C0001 | Securely authenticate user accounts | FEA102 |
| FUNC-REQ-C0002 | Save favorite LAM stations to user account | FEA103 |
| FUNC-REQ-C0003 | Plan routes from place A to B | FEA107 |
| FUNC-REQ-C0004 | Secure API endpoints | FEA401 |
| FUNC-REQ-C0005 | Configure rate limiting on certain API endpoints | FEA402 |
| FUNC-REQ-C0006 | Enforce secure coding practices | FEA404 |
| FUNC-REQ-C0007 | Implement automated security testing pipeline | FEA405 |
| FUNC-REQ-C0008 | Harden all the containers | FEA406 |
| FUNC-REQ-C0009 | Protect application with Web Application Firewall | FEA409 |
Software / service non-functional requirements
Performance Requirements
| ReqID | Requirement | Description |
|---|---|---|
| PERF-REQ-0000 | Login is possible for 100 users at the same time (100 request/s). | |
| PERF-REQ-0001 | The traffic data on the map should update quickly, with minimal delay. | |
| PERF-REQ-0002 | The application should load the initial map view promptly upon user interaction. | |
| PERF-REQ-0003 | The application should handle a large number of cities and traffic data points without performance issues. | |
| PERF-REQ-0004 | Zooming and panning across the map should be smooth and responsive. | |
| PERF-REQ-0005 | The application should perform well on various devices and screen sizes. |
Security Requirements
| ReqID | Requirement | Description |
|---|---|---|
| SEC-REQ-0001 | The password must use at least MD5-level encryption, as required by the XY112 standard | |
| SEC-REQ-0002 | Regularly update and patch the application's software components and libraries to address known security vulnerabilities. |
Accessability Requirements
| ReqID | Requirement | Description |
|---|---|---|
| ACC-REQ-0001 | Font should be size at 16pt. | |
| ACC-REQ-0002 | User interface should be visible in high contrast mode. | |
| ACC-REQ-0003 | User should be able to use dark mode in the application. | |
| ACC-REQ-0004 | User should be able to text search for a specific city | |
| ACC-REQ-0005 | Traffic Visualizer application should be as user-friendly as possible | |
| ACC-REQ-0006 | Display real-time traffic data from reliable and up-to-date sources. | |
| ACC-REQ-0007 | Provide historical traffic data that allows user to predict where traffic jams might happen. | |
| ACC-REQ-0008 | The application should have clear and intuitive navigation menus. |
Quality Assurance
- Link to Master Test Plan
Preliminary Acceptance Tests
| AcceptanceTestId | Description | Feature |
|---|---|---|
| ACCTEST001 - Acceptance Test 1 | Verify secure authentication, registeration and used data management. | FEA102 |
| ACCTEST002 - Acceptance Test 2 | Succesful saving of LAM stations and retrievement of saved data | FEA103 |
| ACCTEST003 - Acceptance Test 3 | Succesfully creating a route between chosen points | FEA107 |
| ACCTEST001 - Acceptance Test 1 | Ensuring API endpoint security | FEA401 |
| ACCTEST002 - Acceptance Test 2 | Automate security testing with pipeline | FEA405 |
| ACCTEST003 - Acceptance Test 3 | Ensure that during this project secure coding practices are implemented | FEA404 |
| ACCTEST003 - Acceptance Test 3 | Secure docker containers by hardening | FEA406 |
| ACCTEST002 - Acceptance Test 2 | Improve security with web application firewall | FEA409 |
| ACCTEST003 - Acceptance Test 3 | Limiting api call rate on certain api endpoints | FEA402 |
Software architecture, placement view, database description, and integrations
- Link to Software architecture
Standards and sources
- General Data Protection Regulation (GDPR): This regulation protects privacy and gives individuals control over their personal data.
- ePrivacy Directive: This directive complements the GDPR and provides rules on confidentiality of communications and tracking technologies such as cookies.
- Directive on the legal protection of computer programs ('Software Directive'): This directive protects computer programs by means of copyright.
- Directive on the enforcement of intellectual property right ('IPRED'): This directive enforces intellectual property rights.
- Directive on the legal protection of databases ('Database Directive'): This directive protects databases.
- EU Cybersecurity Act: This act ensures safer hardware and software.
- Digital contract rules: These rules make it easier for consumers and businesses to buy and sell digital content, digital services, goods, and 'smart goods' in the EU.
Please note that these are just a few examples and the specific laws and rules may vary depending on the context and the specific needs of your software service. It's always a good idea to consult with a legal expert to ensure compliance with all relevant laws and regulations.