final cbs work

8/6/2019 Final CBS Work

1/34

1

Component-Based Software

2010/2011

Semester 2

Group Course Work

By

Samia Nisar, KaziwaSaleh, Syed Taha, NilofarPahelvan

ID -1042926, ,

FOR

MR. RAMI BAHSOON

Submitted on 13th May 2011


2/34

2

Introduction / Background:Online bargain shop is an online store for buying and selling products. The users

are able to subscribe to this shop with a monthly subscription of 100 per

month. The system holds two types of sellers: i) Wholesalers ii) retailers. Bothsort of sellers are able to post product, advertise the product and update the

promotions on the products.

The buyers on the OBS system are able to access the system without any

subscription however they need to register so that they can browse the products

and buy them based on their needs. OBS allow buyers to rank, review and

discuss the products and their sellers. Buyers are facilitated with a secure buying

method by paying for the products online and once their payment is processed,

they are also able to track the delivery of the product. Buyers are also given a

choice to bid on specific products where possible.

OBS system uses the details of the buyers such as previous search history,purchase history and personal data to advertise the products of seller using

emails, on screens and mobiles as a medium. For the payment processing

purpose a third party consortium will be involved. The main purpose of this

consortium is to take the credit card details from the buyer or the seller and

acknowledge by sending confirmation notification to OBS system, which will

then notify the buyer/seller or both and carry out the rest of the tasks.

Assumptions:

There is no sign up fee for Buyers.

Sellers must pay 100 every month in advance and at the time of

registration.

A third party will handle delivery of the purchased products.

Scope:

The Online Bargain Shop (OBS) is an online market place allowing retailers and

wholesalers to sell their items and buyers to search the products, bid on them

and purchase them. The users will have the liberty to subscribe and unsubscribe

from the OBS services. All the transactions will be stored, managed and updatedin a single database and only OBS system administration will have the access to

that Database. The system will perform following major categories of functions.

Registration:

All users are presented with a standard web page from where they can browse

different products, log in to the system or compare prices.The system will be

designed to handle three types of users.


3/34

3

i. General users who can access the system partially.ii. Wholesalers/ Retailers.iii. Buyers.

General users who are unregistered users will only be able to access to view the

products and their prices. To gain full access they should sign up with the

system, for this the system provides a page where the user enters his/her details.The system checks the role of the user and depending on the role of the user the

system provides different services. If the user chooses the role of seller then in

order to ensure that a particular seller is an authentic seller, OBS imposes an

advance fee of 100 per month in order to be registered as seller and be able to

publish items for selling. If user selects buyer, the system checks the birth date of

the user to see if he/she is over the age of 18. If not then the user is not allowed

to use the system.If the registration was successful then the user is redirected to

the homepage where the system is offering a group of services and is

automatically registered for the advertisement subscriptions, which he/she can

change after logging in to the system.

Selling:

All sellers can upload images of their products with related price information,

description, availability, discount etc. They could also set seasonal discount rates

on selected items and provide special offers as well. Sellers are allowed to

include delivery charges in the final price. Sellers can sell selected products by a

bidding mechanism in which they are required to set a base price for the item

being sold. Once the seller is satisfied by the amount of bid, it can accept the bid

and process the order for delivery and if the bidding continues to the end the

highest bidder will automatically be a winner and the item will be sold to him. All

biddings will last for a limited period of time that cannot exceed more than seven

days. After this the highest bid is considered to be the winner and the seller mustsend the item to the last bidder.

Buying:

To buy any product that is displayed by sellers on the system a buyer has to

register to system and prove that he/she is over the age limit. After buyer has

logged in to the system he/she can search the product by either selecting the

product category or by searching the product by name. The system will then

process the search and display the results on the screen sorted by following

constraints:

Highest rated seller

Most popular product

Lowest priced item

Offers on the product

The buyer can then browse through the products and proceed to buy the product

once he/she has selected the item. Buyers are also given the choice to bid on the

item if the specific product is available for bidding. The bid must be higher than


4/34

4

the last bid or the base-bidding price. The buyer is required to leave a feedback

for the seller/product that will enable OBS system to configure the most popular

seller/product for recommendations. The review of the buyer will be visible to

all users who are using the system. The buyer can only leave feedback after the

purchase has been made. After the purchase of the product the buyer will be able

to track the delivery of the product through the system. For this purpose system

will make use of another third party for delivery of the products purposes suchas Royal mail.

Payment:

For security and ease of usage purpose all the payments are processed using a

Third party consortium. In this design the third party consortium will be a bank

or PayPal, depending on the payment method that the user will select. There will

be two types of payment methods provided: i) Credit card/Debit card ii) PayPal.

After the user has selected to pay for the specific service, the system will take the

user to the page of a third party consortium where he/she will enter the card

details or bank account details. The third party will verify the details and processthe payment. In case of a successful payment user will be re-directed to the OBS

system where he/she can continue using the services and in case of an

unsuccessful payment, the user will be notified and asked to repeat the process if

possible.

In any payment scenario users will be asked to provide the password to

authenticate them. In case of a wrong password, the third party will provide

three chances to provide the correct password and if the user fail to do so, the

system will automatically decline the payment process and the user will not be

allowed to use the services any further.

Advertisement:

All advertisements will be controlled by OBS system while sellers can only post

advertisement about their products/update promotions on the system. The

advertising to the buyers will be taken care by OBS, as the system will have

access to the interests of the buyers. OBS will be able to access buyers profile

including search history, purchase history, credit card details, and address. This

will be saved in the system for the ease of the buyer while sellers will only have

access to limited amount of buyer/bidder information such as name, email,

birthday and purchase history. The users can unsubscribe from the

advertisements at any point they like by changing their preferences in the OBS

system.

Security:

For the security it has been assumed that all the transactions will done via a

secure SSL channel as the system will be handling sensitive user data. The

system will be monitored by ADMIN, who will have the authority to update and

modify the system.


5/34

5

Functional Requirements:

REQ 1. User Access.

1.1The system must provide all users with access to the main page.1.2The system must provide all users with access to registration.1.3The system must allow all users to search products and see their prices.1.4The system must allow users to compare prices of selected products.

REQ 2. Registration.

2.1 The system must allow all users to be registered as Buyers.2.2The system must collect user preferences from the user.2.3The system must allow registered users to log in securely.2.4The system must collect 100 advance payment on registration.2.5The system must allow anyone to be registered as a Seller.

REQ 3. Buying the Products.

3.1 The system must allow all buyers to purchase selected items.3.2The system must allow buyers to make bids on products.3.3The system must allow users to compare prices of selected products.3.4 The system must provide buyers with an e-cart mechanism.

3.5The system must allow buyers to provide feedback after they make apurchase.

3.6The system must allow a buyer to track a delivery.

REQ 4. Selling the Products.

4.1 The system must collect seller description.

4.2 The system must allow sellers to publish their products through theiraccounts.

4.3The system must allow seller to set price for their products.4.4The system must allow seller to upload item details.4.5The system must allow sellers to view all the orders.

4.6The system must allow sellers to accept or reject all orders.4.7The system must allow sellers to put selected items for bidding.

4.8The system must allow sellers to accept bid.

4.9 The system must provide seller with customer details such as postaladdress and contact information.

REQ 5. Account Setting and Advertising.

5.1 The system must allow buyers to change their personal information.

5.2The system must allow buyers to change their payment information.5.3The system must allow buyers to change their preferences.


6/34

6

5.4 The system must be able to advertise offers on selected products toBuyers through email, SMS, messages and banners on the OBS.

5.5 The system must provide recommendations to the buyer based on thehighest rated seller or product.

REQ 6. Payment.

6.1 The system must collect the payment details (credit card and PayPal)

from the buyer.

6.2 The system must collect payment information from the Seller.6.3 The system must collect 100 per month from Seller account.

Non-functional requirements:

REQ 7. System requirements.

7.1 (Efficiency -> Performance) The system shall redirect the buyer to thirdparty to verify the payment within 15 seconds.

7.2 (Usability) The system shall allow users to be registered as buyers if theyare above 18 years old.

7.2.1 (Reliability) The system shall be available for 99.9% of the time.7.3 (Reliability) The system must be able to roll back any transactions if some

error occurs.

REQ 8. External requirements.

8.1 (Interoperability) The system shall be compatible to various browsers

(Firefox, Chrome, IE, Safari).

8.2 (Legislative) The system shall keep record of every transaction.8.2.1 (Legislative -> Privacy) The system must protect all private data including


7/34

7

Use Case Diagram:

This is the use case diagram for the OBS system. The actors are denoted outside

the system boundary and will be interacting with the system. The major use

cases involved are shown in the diagram below and the interaction of these use

cases with the Actors.

Figure 1 Use-case Diagram

Online Bargain Shop

system

Registration

Buyer

*

*

Bid products

*

*

Seller

Loginto thesystem

Search products

review products

buy products

Track delivery

Provide carddetails

provide biddingprice

Provide productprice

adverise products

update delivery

statusUpdate prmotionaldeals

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

*

**

*

-*

*

*

delivery

payment

*

***

check forsubscription

uses

verify age

uses

checkcard details

**

not verified

extends

verified

*

*

*

*

uses

sell to higgestbidder

uses

*

*


8/34

8

Documented Use-cases:

From the use cases shown above in the diagram two use cases have been

selected for further documentation. These use cases are mentioned below:

Use case: Provide Card Details

Actors Buyer, Seller, Payment, OBS.

Pre-Conditions 1. User is registered.2. User is above age of 18.3. User is paying for subscription/product.

Flow of events 1. User is doing this process after registration.

2. Directed to 3rd party page within 15 seconds.

3. After the user has reached the page he/she willperform any one of the following function

a. Pay by card.b. Pay by PayPal.

4. Once the user has selected the method, he/she will betaken to payment page.

5. If user has selected option a then he/she is asked toupload card details.

6. In case of selection of process b, user is asked toupload bank details.

7. After the uploading, user is asked to insert thepassword of the bank that will be accessed for the

verification purposes of users identity.8. If the third party successfully verifies the details, user

is redirected to the OBS system to complete

registration process.

9. If the details are not verified, the registration processterminates.

10.Reason for decline is mentioned.11.The webpage of third party closes automatically.

12.User is redirected to OBS homepage as general user.

Post-conditions If payment is Successful:

1. User is registered.

2. The amount is deducted from users account.3. User is able to use full services of OBS system.

If payment is Unsuccessful:

1. User is not allowed to buy/sell products.2. User is redirected to OBS system where he/she can

only browse the products.

3. User can retry the payment process.


9/34

9

Use case: Buy products

Actors Buyer, Seller, Payment, Delivery.

Pre-Conditions 1. User is registered.

2. User is above age of 18.3. User is buying a product.

Flow of events 1. User is browsing the product.

2. User has selected the product to buy.3. After the user has selected the product, he will be

given tow choices.

a. Add to basket.b. Proceed to payment/ Buy now.

4. Once the user has selected choice the system will be

directed to the page based on the selection.5. If user has selected option a then he/she will be

taken to the initial page to browse the products

further.

6. He/She can add as many products in the basket asthey require.

7. If the user chooses the second method, then he/ shewill be asked to login using the username and

password they registered with.

8. After successful login he/she will be taken to

payment page and asked to enter the delivery

address and other details.

9. The user can either choose from the details that arealready stored in the system that were provided at

the time of registration or he/she can add new

details.

10.Once the payment is done the user can track the

ordered package using the tracking number that is

uploaded by the third party for delivery such as royal

mail.

Post-conditions If payment is Successful:

1. User has bought item successfully.

2. User is able to leave feedback.3. OBS has updated tracking information.

4. User receives the delivery successfully.


10/34

10

Activity Diagram:

The use case Buy Products was used for further analysis and developing an

activity diagram.

This diagram involves three actors: Buyer, OBS system, Bank (the third party).

The user starts with logging into the system. Once the login is successful he/se

can start browsing the products. If the login was unsuccessful he will be given

three attempts to retry and if he/she still is unable to login, the user will be

redirected to home page and will not be able to buy and products.

The successful user can proceed to browse and buy the products and bid on

them. He can add the products to basket while he is browsing more products and

once he is finished he can proceed to the payment where he will be required to

enter his details.

The payment page will ask the user of the payment option from t he two available

options a) PayPal b) Credit card. After the successful selection of the paymentoption he will be redirected to the third party website based on the option that

was chose earlier.

The third party will take over the payment process from there it can be either

bank or Pay Pal. The website will ask for the payment details of the user and

verify the details with the bank mentioned by the user. After the successful

payment process the user will be redirected to OBS website to further browse

the products or to logout of the system.

If the user was unable to pay then the third party website will display the error

and redirect to the OBS system. OBS system will warn the user about

unsuccessful payment and end the transaction there. User can restart the buyingprocess in this case after he is redirected to the home page.

Assumptions

The third party will be the bank of the user that will be selected by user orthe Pay Pal.

The transfer of websites will be monitored by SSL protocols to make itmore secure.


11/34

11

Figure 2 Activity Diagram

BankOBS systemBuyer

Login to system

[verified]

issue warning

[try again]

Choose category Display products

Choose products

[not finished]

Add to Basket

[finished]

proceed to checkout ask for payment option

choose payment type Ask details

enter details

verify details

[verified]

deduct send notification

successful notification

Acknowledge

[not verified]show error

notify user

[try again]

[End]

[Terminated]


12/34

12

Noun/Verb Analysis:

Noun/Verb analysis was performed on the scope and the system introduction to

identify the possible candidate classes and operations. Nouns mentioned below

are expected to be a class while the verbs are expected to be operations of the

system. The following analysis outlines the Class diagram that will be displayed

further in this report.

Candidate classes noun:

Product Payment Wholesalers

Promotions OBS system Register

Third party consortium Advertisement Buyer

Credit card Delivery Seller

Administration Item Account

User Bidding Profile

Authentic seller Royal Mail Feedback

Fee Bank Password

Logger Category Order

Role Preferences Retailers

Candidate Operations Verb:

buyTheProduct() acceptBid() checkDOB()

bidOnProduct() registerTo System() comparePrices()

trackTheDelivery() acceptBid() searchProducts()

browseProducts() unsubscribe() provideRecommendations()

leaveFeedback() subscribe() deliveryCharges()

activateUser() paySubscriptionFee() verifyUser()

deactivateUser() sortProducts() deductAmount()

advertiseTheProducts() processOrder() sendNotification()


13/34

13

Responsibility-DrivenAnalysis:

Product

Responsibilities Collaborators

Maintain the product specifications

such as name, quantity etc.

Seller

Buyer

OBS system

Advertisement

User

Promotions


Maintain the promotions and deals

about various products. The seller can

update the promotions on specificproducts and this class will keep the

system updated.

Seller

Product

OBS systemAdvertisement

User

OBS system


Maintain the system functionalities by

providing search, browsing and

comparison services for a product. It

will also manage the payment byprocessing the order.

Seller

Buyer

Bank

LoggerDelivery

Administration

User

Register


Maintain the data concerning the

details for a user that will be using the

system.

Seller

Buyer

Administrator

OBS systemUser


14/34

14

Administration


Maintains the users that are under the

role of admin and enables them to

access the system with the privilege of

maintaining the system.

OBS system

User

Users


Maintain the data concerning the role

of the users.

Seller

Buyer

OBS system

Administration

User

Advertisement


Maintain the data relating to the

advertisement of products and sellers.

Seller

Buyer

OBS system

Product

Promotion

User

Delivery


Maintain the information concerning

the delivery of the bought products

such as their tracking number etc.

Seller

Buyer

OBS system

Administrator

Product

Payment

BankResponsibilities Collaborators

Maintain the details concerning the

payment of the products and verify the

payments after processing.

Seller

Buyer

OBS system

Payment


15/34

15

Payment


Maintain the data concerning the bank

details of the users such as their credit

card details, expiry date, bank name

etc.

User

Seller

Buyer

Bank

DeliveryProduct

OBS system

Feedback


Maintain the data involving the ranking

and reviewing of the products and

sellers.

Buyer

OBS system

Product

Payment

Preferences


Maintain the data regarding the

subscription of users to various

advertisement and products.

Product

Advertisement

Promotions

User

Role


Maintain the data relating to specific

functions that a user can access.

Seller

Buyer

OBS system

Administration

Order

Responsibilities CollaboratorsMaintain the details of the products

that a user has ordered or wants to

order.

Seller

Buyer

OBS system

Product

Payment

Delivery


16/34

16

Seller


Maintain the details of the user that is

specified under the role of a seller.

OBS system

Role

Buyer


Maintain the details of the user that is

specified under the role of a buyer.

OBS system

Role


17/34

17

First-Cut Class Diagram:

Following the noun verb analysis for candidate classes, the diagram below shows

the first cut class diagram that shows the relation of classes with each other. The

more detailed class diagram is displayed further in this report.

Figure 3 First cut class diagram


18/34

18

Class Diagram:

Figure 4 Class Diagram


19/34

19

Sequence Diagram:

In this section all the sequence diagram of the identity management systems are

displayed. This includes service based, device based and identity based. The

diagrams cover the login function of the system and the analysis for the diagrams

was performed using the ATAM. In the later sections of this report the pros and

cons of these three architectures will be discussed keeping in view the OBS

system.

Service based sequence diagram:

Figure 5 Service based

User OBS system Encrypted Database

Login

Username and Password

redirect to login page

Provide

AuthenticateUser

Decrypt session

Authenticate

successfull

redirect to main page

UserDetails

Provide details

Usuccessfull

RepeatLogin

Enterdetails

Record attempts

UserBlocked if attempts > 3


20/34

20

Device based sequence diagram:

Figure 5 - Device based

User Device OBS system

Login attempt

ask for username and code

Enter password

Verify user

generate random code

random code

Enter code and username

security question

Provide

authorize

redirect to Home page


21/34

21

Identity based sequence diagram:

Figure 6 Identity based

User Identity Provider OBS system Trusted Entity

Login attempt

Userdetails

Username and Password

Provide

Successfull

Verify Identity provider

Verify

Authorized

verifed

Ask user details

Provide stored details

Redirect to main page


22/34

22

Component Diagram:

The following diagrams show the key components involved in the login process

of the three management systems.

Service based Component diagram:


Sign in panel

Username

Password

Authentication component

Encrypted database

Session ID

Username

User Details


23/34

23

Device based component diagram:

Figure 8 Device based

Device applicationOBS application

encrypted code

Session ID

Access to system

Password

Logger


24/34

24

Identity based component diagram:


Identity Provider system

OBS application

Trusted Entity system

Authorization

Verify

Session IDUsername

Password

website authorization

Username

Password

Interface4


25/34

25

Deployment Diagram:

The following diagrams show the mapping of the software components of the

identity management systems into the OBS platform.

Service based Deployment diagram:


OBS system

Sign in panel

Username

Password

Authentication component

Encrypted database

Session ID

Username

User Details


26/34

26

Device based Deployment diagram:

Figure 11 Device based

OBS system

Device application

OBS application

encrypted code

Session ID

Access to system

Device

Device CPU


27/34

27

Identity based Deployment diagram:


OBS system

Identity Provider system

OBS application

Trusted Entity systemAuthorization Verify

Session ID

Username

Password

Identity Provider Trusted Identity

Identity provider database

Trusted Entity database


28/34


29/34

29

Device based State chart diagram:

The device-based diagram is divided in two parts. The first diagram is the device

state and the second diagram is the OBS system.

Figure 14 (a) device based

Idle

Waiting Password

Reading Password

Checking Password

Checking no. of attempts Encrypting password

Device locked

[Turn ON]

[Enter Password]

[Passwrod Entered]

[Verified Status]

[Verified][NotVerified]

[attempts checked]

[attempts >3]

[End] [End]

[Password checked]

Generating random number

Show code

[Obtained]

[attempts


30/34

30

Figure 14 (b) device based

Idle

Displaying login page

Waiting for username and code

Checking with Database

Fetching notification page Fetching user details

checking choice

providing session ID

redirecting to homepage without session ID

redirecting to homepage with session ID

[Press Login]

[Login]

[Enter Username and Code]

[Verified][Not Verified]

[Choose option]

[Re-Login]

[Terminate]

[User detail obtained]

[Session ID granted]

[End][End]


31/34

31

Identity based State chart diagram:


Idle

Displaying login page

Waiting for username and password

Connecting to Identity Provider

Fetching notification page Checking Identity provider with Trusted Entity

checking choice


[Press Login]

[Login]

[Enter Username and Password]

[Connected]

[Authorized][Not Authorized]

[Choose option]

[Re-Login]

[Terminate]

[End][End]

Authorizing User details

[Check]

[Passed]

Returning User Details

Granting Session

redirecting to homepage with session ID

[Obtained]

[Granted]


[Not Passed]

[End]


32/34

32

Comparison and selection ofIdentity management using ATAM:

The steps mentioned below are used to construct the evaluation of the

management systems. These steps involve various assumptions that were made

for the system trade offs and metrics.

Step 1 Scenario

Following is a possible scenario of a user logging into the system and trying to

access it.

User John browses to OBS website and is provided with a general page

available to all non-registered users. He could log in by using the log in

panel that send the username and password over a secure channel or

uses SSL and based on the identity management system used, the login

request is processed as it was shown in the sequence diagrams showed

earlier in the report for each management architecture.

Step 2 Basic Requirements/Assumptions

- All transactions are to be done via SSL protocol.

- Privacy of customers should be protected.

- The login system should be simple and easy to use.

- The system should be able to handle a considerable amount of concurrent

users.

- The system should be able to scale up or down easily.

Step 3 Possible Stakeholders

There has been three major stakeholders have been identified using the

assumptions made previously. These stakeholders are the Buyer, OBS

organization, Third parties involved for the delivery, payment and possibly the

Identity providers.

Step 4 Attribute Specific Analyses

The team has observed the three different architectures for the OBS system

based on the following constraints:

Security of system.

Privacy of data.

Cost effectiveness of the system.

Performance.

Scalability of the system.

The table below provides the in detailed view of the attributes that were

considered for each of the architecture and based on this analysis the identity

management system was chosen.


33/34

33

Device Based Identity Based Service Based

Advantages

For

OBS system

This type of system

stores the password in

encrypted form insidethe device.

User does not

require registration

and hence the user

is saved from

managing multiple

usernames and

passwords.

Everything is within

the system

boundary of OBS

and the database

used is encrypted.

After 3 unsuccessful

attempts to log in the

device will

automatically be locked.

Identity based

systems can manage

multiple services

accounts for a single

user account.

Easier and simpler

to implement.

As all the data is storedin OBS database, the

system can be

considered to have

good privacy

It is easy to use and

update information.Simple interface

Device can be stolen

this is a potential risk.

It is cost effective. Allows simple

access to users.

Fewer resources are

required.

Faster performance

Privacy is protected

E.g. Open id.

It is good because

user have

established trust

with the identity

provider.

Easy to scale

because the user

data is managed by a

reliable third partythat specializes in

that particular area.

Can handle more

concurrent users.


34/34

Device Based Identity Based Service Based

Disadvantages

For

OBS system

Although it provides

strong security but

such a system is not

convenient to use for

the users.

The implementation

can be complicated

because of the

integration of OBS

with another

provider.

Very difficult toscale

The requirement to

distribute separate

devices to users makes

the implementation of

this system cost

inefficient.There might be

performance issues

because of the

overhead ofcommunication with

the identity

provider.

Not cost effective,

as it will require

more resources.

(E.g. hardware,

database etc.)

It is not easy to

implement because ofthe requirement to

distribute devices to

every user.It is easier to

launch attack

against such

services.User must remember

the pass code for the

device (he/she cant

change it).

Step 5 Decision

Keeping the view of the above analyses the team came to conclusion to use

Identity provider architecture for the implementation in the OBS system because

of the various advantages of this architecture over the rest of the two.

final cbs work

Documents