Proj-2015-2016-Extensions IPOPO/SRS

=1.  Introduction=

1.1 Purpose of the requirements document
This Software Requirements Specification (SRS) identifies the requirements for project StartAir Safe. In case of a open source project, we must present the requirement to others potential contributors. This document is a guideline about the functionalities offered and the problems that the system solves.

1.2 Scope of the product
The goal of the project is to add to IPOPO an encrypted remote shell without using external modules as much as possible. Adding this shell would allow the use of sensitive data, such as passwords, from a client to an IPOPO application.

1.3 Definitions, acronyms and abbreviations

 * IPOPO : A Python-based Service-Oriented Component Model Documentation officielle
 * Shell : A shell is a user interface for access to an operating system's services. It is accessed through a command-line interface (CLI)
 * CLI (Command Line Interface) : A means of interacting with a computer program where the user (or client) issues commands to the program in the form of successive lines of text (command lines)
 * IPOPO internal shell : IPOPO component allowing the management of a running IPOPO application.
 * IPOPO Remote shell : IPOPO component allowing a remote access to an IPOPO internal shell.
 * PKI (Public Key Infrastructure) : a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates[1] and manage public-key encryption

1.4 References
The main page of the project: IPOPO Projects

1.5 Overview of the remainder of the document
The next chapter, the Overall Description section, of this document gives an overview of the functionality of the product. It describes the informal requirements and is used to establish a context for the technical requirements specification in the next chapter. The third chapter, Requirements Specification section, of this document is written primarily for the developers and describes in technical terms the details of the functionality of the product. Both sections of the document describe the same software product in its entirety, but are intended for different audiences and thus use different language.

=2.  General description=

2.1 Product perspective
The goal of this project to create two IPOPO extensions :
 * An encrypted version of the IPOPO remote shell
 * The creation of a PKI

The first extension will use the PKI to handle a set of users using certificates.

2.2 Product functions
Using these two extensions, an ipopo application administrator will be able to manage users and their secured access to the IPOPO remote shell.

2.3 User characteristics
The users of these two extensions are any IPOPO users.

2.4 General constraints

 * Developed in python
 * Compatible with python2 and python3
 * Without external dependencies
 * Compatible Linux and Windows

2.5 Assumptions and dependencies
If necessary, the compatibility with Windows can be ignored at first.

=3. Specific requirements, covering functional, non-functional and interface requirements=
 * document external interfaces,
 * describe system functionality and performance
 * specify logical database requirements,
 * design constraints,
 * emergent system properties and quality characteristics.

3.1 Requirement 1 : An encrypted remote shell
Description: Messages transmitted between the IPOPO instance and a client must be encrypted

Inputs: Source:

Outputs:

Destination:

Action:

Non functional requirements:

Pre-condition:

Post-condition:

Side-effects:

3.2 Requirement 2 :
Description: Clients certificates are generated by an administrator of an IPOPO application. This certificate is signed using the private certificate of the same application and will be used to remotely access to the IPOPO shell.

Inputs: User informations. It includes name and email.

Source: The information is given by the user to the IPOPO application administrator.

Outputs: A new certificate signed with the application private certificate.

Destination: The created certificate is given to the user designated in the meta-information of the certificate.

Action:
 * A user must ask for the creation of a certificate to the administrator of an IPOPO application. He will provide his name and his mail address with his request
 * The administrator shall generate a new certificate using the given information.
 * The administrator will send the generated certificate to the user who asked for it

Non functional requirements:
 * Easy to use
 * The generation can be done on any Linux system (and windows ?)

Pre-condition: The administrator must have a server (private) certificate

Post-condition: Users are identifiable from the certificate they are using

Side-effects: None

3.3 Requirement 3 : Revocation of client certificates
Description: Client certificates can be revoked. Preventing any access to the IPOPO shell using the revoked certificate.

Inputs: Information identifying a single certificate ( email address ?).

Source:

Outputs: An entry is added in the application's revocation list.

Destination:

Action:
 * The IPOPO administrator decides to revoke a certificate and retrieve its id.
 * The IPOPO administrator revokes a certificate and an entry is added to the revocation list of the application

Non functional requirements:

Pre-condition: The soon to be revoked certificate must be valid and identified

Post-condition: The revoked certificate cannot be used to access the remote shell anymore

Side-effects: Modify the revoked certificate list on the remote-shell accessible IPOPO instances

=4. Product evolution=

=5. Appendices=

5.1. SRS structure
The document is based on template of the Software Requirements Specification (SRS) inspired of the IEEE/ANSI 830-1998 Standard.

References:
 * http://www.cs.st-andrews.ac.uk/~ifs/Books/SE9/Presentations/PPTX/Ch4.pptx
 * http://en.wikipedia.org/wiki/Software_requirements_specification
 * IEEE Recommended Practice for Software Requirements Specifications IEEE Std 830-1998

=6. Index=