770 likes | 781 Views
Highly secured web app for foster youth to access vital documents efficiently. Includes system purpose, objectives, constraints, and security strategies.
E N D
E-lockbox • Team08 • Jian Lei: Project Manager/Builder • Mu Bai: Requirements Engineer/Builder • Hanadi Mardah: Life Cycle Planner/ UML Modeler • Xiaochen Wang: Operational Concept Engineer/Builder • Da Lu: Prototyper/Software Architect • Cheng Cheng: Feasibility Analyst/ Tester • Garret Catron: IIV&V / Quality Focal Point
Remote Member Analysis • Team Strengths • Operational • Strong Desire to Succeed • Technical • Experienced in Web Development
Remote Member Analysis • Team Weaknesses • Operational • Organization • Communication • Procrastination • Technical • Lack of Security Experience • Language Barrier
Remote Member Analysis • Weakness Mitigation • Operational • Internal Deadlines and peer review • Conscious Effort to Record all Group Communication • Documentation • Technical • Budget Additional Time for Presentations and Meetings • Research Security Best Practice
S/P Engineer Observations • All Win Conditions Agreed Upon • Moderate Complexity • Low Precedentedness • WeChat and Google Drive used between on-campus and off-campus team members
Introduction - System Purpose • The e-Lockbox is a highly secured web application to help foster youth access their vital life documents whenever they need them.
Shared Vision – Proposed New System • Current Situation: • Implemented on Salesforce.com • It cannot generate their desired reports • Foster youth cannot view their documents through it • The system developed last year was not usable and secure enough
Proposed New System • System Objectives - Capability Goals
Proposed New System • System Objectives – Level of Service Goals
Proposed New System • System Objectives – Organizational Goals • OG-1: Increased time savings • OG-2: Easier access for youth to their documents • OG-3: Improved security and usability • System Objectives – Constraints • CO -1: PHP as a Development Language • OC -2: MySQL as DBMS • OC -3: Amazon S3 as Storage for documents
Proposed New System • System Boundary • and • Environment Diagram
Proposed New System • Element Relationship • Diagram
Proposed New System • Business Workflow
Proposed New System • Business Workflow
Prototype Security New Feature: Send Mass Email & Activity Code
Prototyping on Security E-lockbox
Security Strategies Https connections (need SSL) protect the information in secure Verification code prevents login from a machine / robot Personal security questions provide a method for changing password Mobile & Email verification prevent login from other people Errors raised when login failed
Security for Youths Verification code protects against brute force attacks. Every login session has a timer which after a period of inactivity automatically logs the user out. Any access of information and documents should check the session validity and the user-id. • Youths can only access their own documents • Login failed once needs to input verification code • Youths can only view and set their own information • Any user login the system has a session with expiration time
Amazon S3 used as a safe file storage service. Deleting accounts on the system needs admin’s authorization. Security for Case Managers • Deleting Youth accounts needs admin’s authorization • All life documents are stored on Amazon S3
Administrator can access the System Logs to view activities of all users: login, logout, documents upload / update / access. Deleting Case Manager accounts in the system needs confirmation. Security for Administrator • Deleting Case Manager accounts needs confirmation • Logs record all users’ activities of system and document access
Prototyping on New Feature E-lockbox
Description: • When Administrator & Case Manager Log in • The Menu has the Mass Email Feature • When they click the Email Menu, They System will show them step 1 of sending mass email(Specify the recipients to include)
Description: • When Create New Group, Users have to enter the group name, and specify filter criteria.
Description: • Users can choose a default group or his own group • Click Go!
Description: • The step 2: select an email template and preview a template
Description: • Users can preview the template they will use when send a mass email
Description: • Users can also to Create and Edit the Email Template at the Setting menu
Description: • The step 3: Users enter the mass email name and choose a delivery option to review and confirm the email
Description: • The last step, the system will show them the result of sending mass email
MCS-Worksource Centers FU-Follow up CR-Community Resource and Referral AD-Administrative Duties IC-Individual Counseling CM-Case Management WS-Workshop SV-School Visit HV-Home Visit
Description: • Users can export the result into CSV formate and link to the specify case.
Architecture • Jian Lei
Life Cycle plan • Life cycle is to improve the quality and quantity of the project and support client relationship. Also, it is to track project and minimize the risk exposure. • strategy • weekly meetings, email, wechat, and google drive sharing documents, · • Progress report and Project plan are living documents that we can edit bi-weekly to correct them. • We also should submit our own effort report in the greenbay system. In addition, we use Bugzilla to record our process and bugs. • Foundations phase; • To identify more clearly operational concepts, win agreements, architecture, feasibility evidences and life cycle. • To use appropriate tool and strategies to remove defects, errors, and bugs from code. • To implements the security prototype/ product demo • To start test the security features in the prototype.