Usability
| ID: | NR001 |
| Description: | The ea-Geier is easy to use for users with basic knowledge of accounting on cash basis. |
| Rationale: | Users with basic knowledge of accounting on cash basis shall be able to navigate the ea-Geier and find relevant keywords to be able to use system without additional training. |
| Fit Criterion: | The ea-Geier provides means for easy navigation using accounting-specific keywords and adequate help pages. [pA1] |
| ID: | NR002 |
| Description: | The user has the possibility to choose her or his favorite language and to adjust the currency of the system. |
| Rationale: | The basic system is indented for Austrian SMEs. Thus its primary language is German. To address also users form other countries the system is adjustable for other languages or currencies. The user should have the possibility to select her or his favorite language and to select different currencies. |
| Fit Criterion: | The ea-Geier provides means to provide multiple languages and currencies and to store the preferences of the user. [pA5] |
Performance
| ID: | NR003 |
| Description: | Lengthy tasks either run unnoticed by the user or provide the user with appropriate information |
| Rationale: | As web application the speed and latency of the system depends mostly on the internet connection between the server which runs the ea-Geier and the browser of the user. However the ea-Geier might add to the time the user has to wait, when it runs lengthy tasks. |
| Fit Criterion: | Lengthy tasks run asynchronous to the user request e.g. by scheduled cron jobs. If this is not possible the user is notified accordingly. [future feature – no lengthy tasks yet] |
| ID: | NR004 |
| Description: | The ea-Geier provides data of appropriate amount and splits large pages into suitable sub pages. |
| Rationale: | The ea-Geier might add to the time the user has to wait, by providing to much information and thus sending large files. |
| Fit Criterion: | The ea-Geier creates web pages smaller then 300 kBytes. [pA1] |
| ID: | NR005 |
| Description: | The ea-Geier is able recognize disrupted communication. |
| Rationale: | As web application the communication between server and browser might be disrupted. |
| Fit Criterion: | The ea-Geier provides means to recognize and handle disrupted communication. [pA1] |
| ID: | NR006 |
| Description: | The ea-Geier creates regular backups and allows users to create backups of their own. |
| Rationale: | The entered data is most valuable to the user. Thus the data must be secured regularly. |
| Fit Criterion: | The ea-Geier provides means of backup management. [rcA5-] |
| ID: | NR007 |
| Description: | The capacity of the ea-Geier is limited only by the used resources. |
| Rationale: | The capacity of the system is theoretically limited only by the used hardware and internet resources. |
| Fit Criterion: | The ea-Geier does not provide artificial capacity limits. [pA1] |
Operation
see also PC001, PC002, PC003, PC004, PC005, PC006, PC007, and PC008.
| ID: | NR008 |
| Description: | The source code of the ea-Geier is available for download at SourceForge. |
| Rationale: | As Open-Source project the source code of the ea-Geier will be available in different formats. |
| Fit Criterion: | Releases of ea-Geier are packaged as zip and gzip files, and are available on SourceForge. Code in development will is available in the CVS system of SourceForge. [pA1] |
| ID: | NR009 |
| Description: | The ea-Geier project uses release handling. |
| Rationale: | The code of the ea-Geier will follow a standard software life cycle. |
| Fit Criterion: | Working code which passed through all test phases, is packaged as pre-releases. If no major bug appears within one month after pre-release it is marked as stable. [pA1] |
Security
| ID: | NR010 |
| Description: | No user has access to the account of an other user. |
| Rationale: | The accounting data is most valuable and has to be secure. |
| Fit Criterion: | Each access is verified if it is justified. [pA1] |
| ID: | NR011 |
| Description: | The login data is stored one-way encrypted. |
| Rationale: | One-way encryption of the login data secures an account. |
| Fit Criterion: | see description [pA1] |
| ID: | NR012 |
| Description: | The ea-Geier provides means for secure password recovery. |
| Rationale: | If a user looses the password, the identity has to be proven by email. |
| Fit Criterion: | Inaccessible accounts – due to lost passwords – can only be recovered by appropriate email identification. [pA1] |
| ID: | NR013 |
| Description: | The user originally assigned to a client has the power to opt in additional users. |
| Rationale: | To prevent abuse, the administrator shall not have the power to randomly assign users to clients. |
| Fit Criterion: | After the administrator assigns a user to a client the original user of this client has to opt in. [pA1-] |
| ID: | NR014 |
| Description: | The user has only access to its assigned clients. |
| Rationale: | The accounting data is most valuable and has to be secure. |
| Fit Criterion: | Each access is verified if it is justified. [pA1] |
| ID: | NR015 |
| Description: | Each entry in the database is encrypted. |
| Rationale: | If a data base is not encrypted, an attacker might get all data by simply accessing the data base. |
| Fit Criterion: | see description [pA1 – depends on used database] |
| ID: | NR016 |
| Description: | The user has the possibility to opt in for a special encryption key. |
| Rationale: | Even if the data base is encrypted, an attacker might get access to the data by knowing the way of the encryption. Using a special key, which the user has to enter at login time, even the administrator has no access to the data. On the other hand, all data might be lost if the user looses that key. |
| Fit Criterion: | see description [future feature – not feasible yet] |
| ID: | NR017 |
| Description: | The system provides means of integrity checks for the stored data. |
| Rationale: | Storing a hash of the data allows to check for the integrity of the data. |
| Fit Criterion: | Hash keys of the data are stored in separate tables. [future feature – only feasible after the table design is completely finished] |
| ID: | NR018 |
| Description: | The ea-Geier provides means of secure communication between browser and server. |
| Rationale: | The communication between server and browser is insecure without further measurements. |
| Fit Criterion: | The communication between server and browser either runs over a https protocol, uses other means of security, or explicitly tells the user that the communication is not secure. [pA1 – depends on used web server] |
| ID: | NR019 |
| Description: | The ea-Geier checks and validates each user input. |
| Rationale: | Each input might be an attack. |
| Fit Criterion: | see description [pA1] |
| ID: | NR020 |
| Description: | The ea-Geier provides means of spam recognition. |
| Rationale: | Due to the capability of sending emails (e.g. for password recovery) the system might be susceptible to become a spam portal. |
| Fit Criterion: | The system checks user inputs for spam attacks.[pA1] |
Legal
| ID: | NR021 |
| Description: | The ea-Geier uses only open source tools for development. |
| Rationale: | As open source project under GPL license no proprietary code must be included in the system. |
| Fit Criterion: | Each module or library integrated in the system must be open source.[pA1] |