eCommerce Server Platform V1.0 Requirement Specification
| Document | Requirement Specification |
| Specification name | eCommerce Server Platform V1.0 Requirement Specification |
| Author: | LinearB |
| Version: | 1.00 |
| Date: | 18.02.2025 |
Introduction
This project involves the development and deployment of an e-commerce platform using PrestaShop, hosted on a cPouta server. The primary objective is to create a steady and scalable online marketplace similar to established platforms such as Amazon, focusing on delivering a seamless shopping experience for users. PrestaShop, being a highly customizable and feature-rich open source e-commerce solution, serves as the backbone of the service, ensuring flexibility in design and functionality.
This project caters to customers diverse needs while ensuring reliability, security, and user friendliness. The service environment will ensure optimal performance, scalability, and data privacy, aligning with the project's technical and operational requirements.
As this is an early-stage initiative, many details regarding the product categories, target audience, and operational workflows are still under discussion. The focus remains on developing a standardized yet adaptable e-commerce solution capable of expanding and evolving alongside the business's needs.
Client
At the moment we are looking for an investor to help us develop a web shop platform to be sold as service to our future clients.
The client is a business entity seeking to establish or enhance its online retail presence using an e-commerce platform. This business will subscribe to the services provided by our team and utilize the platform to sell products directly to their customers.
About the author and project team
We are LinearB, a dedicated and versatile group of developers passionate about creating innovative and secure software solutions. As a team, we bring together expertise in project management, service design, development, testing, and cybersecurity. This collaboration ensures our ability to deliver high-quality, user-centered solutions tailored to meet the needs of modern businesses.
Our Vision is to set a benchmark in delivering impactful software solutions while showing the power of collaboration and diversity in achieving extraordinary results.
More information on our team is available at LinearB homepage or LinearB introduction page.
Description of service
The service is a PrestaShop-based e-commerce platform that allows businesses to efficiently create and manage online stores. It is designed to be scalable, customizable, and secure, targeting primarily to small and medium-sized enterprises (SMEs) aiming to expand their presence in the digital marketplace.
Therefore, potential users are business owners (SMEs) seeking to establish and maintain an online store. Another group could be existing e-commerces that wish to optimize or/and update their existing system.
The capabilities of the service are related to the features:
| Feature | Link |
|---|---|
| Feature 002 | Secure service access |
| Feature 003 | Dockerized Service Production |
| Feature 010 | Integrate with a vulnerability scanning tool |
| Feature 023 | Integrate with version control systems (e.g., Git) |
| Feature 081 | Ensure efficient bug reporting and triage processes. |
| Feature 192 | Integration with Popular Gateways |
The cost for our service will include:
| Fee | Type | Explanation |
|---|---|---|
| Setup/Onboarding | One-Time | Covers the initial configuration of service, account setup, and/or some basic training. |
| Implementation | One-Time | Integration with the client's existing systems. |
| Customization/Configuration | One-Time | Any bespoke adjustments or custom configurations the client might need. |
| Data Migration | One-Time | Moving data from legacy systems into our platform. |
| Subscription | Recurring (Monthly) | The core fee for ongoing access to the software, tiered based on features, number of users, and/or usage levels. |
| Maintenance/Support | Recurring (Monthly) | Basic support is included in the subscription, but enhanced support comes with an additional monthly cost. |
| Feature 192 | Recurring (Monthly) | Based on the payment gateway providers fees. |
Business requirements
| ReqID | Description |
|---|---|
| BR004 | We want to ensure that bug fixes are handled efficiently and effectively, preserving the overall quality and performance of the system. |
| BR010 | Minimize the risk of data breaches and unauthorized access to sensitive information. |
| BR012 | Improve user trust and confidence in the system's security. |
| BR031 | Ensure the reliability and availability of customer PrestaShop instances with minimal downtime. |
| BR032 | Offer a wide range of pre-integrated payment gateways to meet the diverse need of customers. |
| BR033 | Enable seamless integration of PrestaShop instances with other business applications and services. |
Stakeholder map
Internal and External Stakeholders
Stakeholders are individuals, groups, or organizations that have an interest in or are affected by a project, business, or service. They can be categorized into internal stakeholders, who are directly involved in the company’s operations and decision-making, and external stakeholders, who interact with the business from outside but still have a vested interest in its success.
Stakeholders and profiles
Internal Stakeholders
These are people or groups directly involved in the development, management, and execution of the eCommerce platform.
| ID | Name | Description | Motivation |
|---|---|---|---|
| SR-001 | LinearB | Developers responsible for building and maintaining the eCommerce platform. | Ensure high-quality software, gain experience, and innovate. |
| SR-002 | Product Owner | Defines the vision, prioritizes tasks, and aligns work with business goals. | Deliver a market-fit product while ensuring profitability. |
| SR-003 | Scrum Master | Facilitates agile processes, removes obstacles, and supports team efficiency. | Improve workflow, foster collaboration, and ensure project success. |
| SR-004 | Mentors | Experts providing guidance, feedback, and technical expertise. | Support learning, ensure best practices, and drive innovation. |
External Stakeholders
These are individuals or organizations outside of the company that interact with or are affected by the eCommerce platform.
| ID | Name | Description | Motivation | Defined Examples |
|---|---|---|---|---|
| SR-005 | Customers | Businesses and individuals using the e-commerce platform for transactions. | Efficiently sell and buy products online. | - Sampsa Piili, a business owner expanding his Lego store through PrestaShop. - Annukka Rosendahl, a customer buying Legos for her grandson. - Ilro Rosendahl, a Lego enthusiast receiving gifts. |
| SR-006 | Partners | Shipping companies (DHL, Matkahuolto, Posti) and payment gateways (PayPal, Paytrail). | Ensure reliable logistics and payment processing. | - Payments Gateways such as Paytrail or Paypal- Delivery companies such as Posti, Matkahuolto, DHL, etc. |
| SR-007 | Government | Regulatory bodies like the tax office. | Ensure compliance with laws and taxation regulations. | Tax Office, overseeing sales tax compliance. |
| SR-008 | Competitors | Other eCommerce providers and platforms. | Compete for market share and innovation. | - Magento - Solteq |
| SR-009 | Investors | Business angels like Onni Santala who provide seed funding. | Expect a return on investment and business growth. | Onni Santala, a business angel offering seed funding. |
| SR-010 | Lenders | Banks or financial institutions providing loans. | Secure loan repayment with interest and financial stability. | OP bank |
Customer story's as background information
Customer story's are not relevant for this project. We are designing a product for a business and their needs are recorded in Business Requirements. Customer and it's need become relevant when the web shop service is customized to meet the needs of the customers of our customer.
Customer Journey paths in Service
This journey map describes how a consumer discovers a web shop that is using our PrestaShop based service. The map continues on describing how the customers journey will progress through adding items, registration, payment and placing the order, getting delivery and finally giving customer feedback.
User Story's
| User Story ID | Description / link to issue | Issue number |
|---|---|---|
| US007 | As a security officer, I want this automated scanner to correctly report vulnerabilities in line with their severity and offer mitigation strategies where possible, to help me prioritize and address these issues appropriately. | #165 |
| US010 | As a developer, I want to be notified of critical security vulnerabilities in our dependencies, so that I can quickly update them and minimize our risk. | #163 |
| US015 | As product owner I would like to integrate Paytrail as payment service. | #174 |
| US019 | As a developer, I want to be able to check last reported bugs from issue tracker. | #166 |
| US030 | As an Operations engineer, I want to fetch the latest, stable production code from the version control system so I can deploy or rollback in case of any changes. | #171 |
| US032 | As a Team Leader, I want to track commits made by my team members to ensure proper version control usage. | #170 |
| US038 | As a project manager I want to see regular reports from the vulnerability scanning tool, providing visibility into our software security practices, and ensuring that we're maintaining good cybersecurity hygiene. | #164 |
| US092 | As a Service Provider, we need to enable HTTPS. | #182 |
| US094 | As a Developer, I would like to use Containers during development. | #180 |
| US095 | As a Service Operator, I would like to be able to run service in Containers. | #181 |
| US97 | As a developer, I would like to get enough information about the problem (recorded in bug report), so I can reproduce bugs, so that they can be quickly addressed. | #167 |
| US98 | As a developer I would like to filter new bugs from old ones by the label. | #169 |
| US99 | As developer, I would like to be able to link my commit message with reported bug, so I can link my fix with bug Issue. | #168 |
| US101 | As a Developer, I would like to use Git Branching for Bug Fixing. | #172 |
| US121 | As a Developer, I want to create a password reset function, so that users can regain access if they forget their password. | #183 |
| US191 | As a store owner, I want to easily integrate with a wide range of popular payment gateways. | #175 |
| US192 | As a store owner, I want to offer a secure and seamless checkout experience to my customers. | #173 |
| US210 | As a PrestaShop developer, I want to easily integrate my preferred database MariaDB, with my local PrestaShop development environment using Docker Compose. | #179 |
| US211 | As a PrestaShop developer, I want to mount my local code into the Docker container to easily make changes and see them reflected immediately. | #178 |
| US212 | As a PrestaShop developer, I want to use presta-configured Docker image that includes all the necessary PHP extensions and libraries for PrestaShop development. | #177 |
System Requirements
This section defines the high-level technical and production requirements for the web shop platform. The solution is implemented as a hosted Software as a Service (SaaS) and leverages cloud infrastructure to offer a scalable, secure, and cost-effective e-commerce solution.
Service Production Model
-
Service Model:
The web shop platform is offered as a hosted SaaS solution based on PrestaShop. This model allows customers to access the platform via the web without the need to manage hardware or software updates. -
Infrastructure:
The solution will be deployed on a cloud service provider to take advantage of scalability, redundancy, and cost-effective resource management. -
Hybrid Service Integration:
Although the core platform is cloud-hosted, the design allows for integration with external services such as payment gateways, inventory systems, and shipping providers, effectively creating a hybrid service environment. -
Availability & SLA:
The platform is designed for near 24/7 operation with a target uptime of 99.9%. A formal Service Level Agreement (SLA) will be established to define maintenance windows, support response times, and redundancy measures (N+1 architecture). -
Cost Efficiency:
By utilizing cloud services, the system can dynamically allocate resources based on demand. This approach minimizes upfront hardware investments and operational costs while ensuring optimal performance. -
Data Storage & Archiving:
Customer and transactional data will be stored in a cloud-based database with automated backup and archiving procedures in place. The solution will adhere to data protection and retention policies suitable for e-commerce applications. -
Security & Compliance:
The platform will implement industry-standard security measures, including encrypted data transmission, secure payment processing (compliant with PCI-DSS), and regular security audits to protect customer data.
System Environment Requirements
The following table outlines the hardware, runtime, and operational requirements necessary to support the web shop platform:
| RequirementsID | Description |
|---|---|
| SYSTEM-SVC-REQ-0001 | The service shall be implemented as a hosted SaaS solution using a cloud-based infrastructure. |
| SYSTEM-SVC-REQ-0002 | The primary services must be duplicated (N+1 redundancy) to ensure high availability and fault tolerance. |
| SYSTEM-HW-REQ-0003 | Server instances must be provisioned with a minimum of 16GB of memory and an appropriate CPU to handle expected traffic loads. |
| SYSTEM-HW-REQ-0004 | The hardware infrastructure shall be based on Intel/AMD x64 architecture. |
| SYSTEM-DATA-REQ-0005 | Data shall be stored in a secure, cloud-based environment with automated backups and archiving capabilities. |
| SYSTEM-PERF-REQ-0006 | The system must support a predefined concurrent user load (to be determined based on market research) with response times below 2 seconds for standard operations. |
| SYSTEM-SLA-REQ-0007 | A Service Level Agreement (SLA) shall guarantee a 99.9% uptime, detailing maintenance windows, support response times, and recovery procedures. |
| SYSTEM-SEC-REQ-0008 | The platform must comply with industry security standards, including PCI-DSS for payment processing and encryption for data both in transit and at rest. |
Below is an example of the "Constraints and Standards that Affect Service Design" section tailored for your web shop platform intended for use in Finland:
Constraints and Standards that Affect Service Design
The design and implementation of the web shop platform are subject to a range of laws, regulations, and standards. Given that the service will be used in Finland, it must adhere to both European Union and local Finnish requirements. These constraints impact areas such as data protection, privacy, accessibility, and security. It is essential to identify these early in the development process to avoid costly rework later and to ensure compliance with relevant standards.
Key regulatory and standards-related constraints include:
-
EU General Data Protection Regulation (GDPR):
The platform must comply with GDPR, ensuring that all personal data is collected, processed, and stored with the user's explicit consent, and that adequate measures are in place to protect user privacy. -
Finnish National Legislation:
Finnish data protection laws and e-commerce regulations must be observed, including requirements on consumer rights, transaction security, and electronic communications. -
Accessibility Standards:
The platform should meet international accessibility standards (such as WCAG 2.1) to ensure that it is usable by individuals with disabilities. -
Security Standards:
Implementation of industry-standard security protocols is required. This includes secure login processes, encrypted data transmission, and compliance with any payment card industry standards where applicable.
The table below outlines the key constraints and standards that will impact the service design:
| ReqId | Description |
|---|---|
| CONSTRAINT-REQ-S00000 | The service login process must adhere to secure authentication policies as defined by the latest industry best practices and relevant local security standards. |
| CONSTRAINT-REQ-S00001 | The platform must be compliant with the EU GDPR, ensuring proper handling of personal data, obtaining explicit user consent, and providing data access rights. |
| CONSTRAINT-REQ-S00002 | The solution must comply with Finnish national laws regarding e-commerce, including consumer protection and electronic transaction security. |
| CONSTRAINT-REQ-S00003 | The service interface must meet WCAG 2.1 Level AA accessibility standards to ensure usability for all users, including those with disabilities. |
| CONSTRAINT-REQ-S00004 | Payment processing must comply with PCI-DSS requirements and any additional Finnish financial regulations applicable to online transactions. |
Service Primary Features
The web shop platform will provide a set of essential functionalities that support secure access, efficient service production, and integration with external systems. The following are the primary features and functionalities planned for the service:
-
Secure Service Access:
Users will have access to the platform through a secure authentication process that adheres to current industry standards and security best practices. -
Dockerized Service Production:
The platform will be built using Docker containers to streamline deployment, scalability, and management of the underlying services. -
Vulnerability Scanning Integration:
The system will integrate with a vulnerability scanning tool to help maintain high security standards by identifying and mitigating risks. -
Version Control System Integration:
Integration with popular version control systems (e.g., Git) will be provided to support code management and continuous delivery practices. -
Efficient Bug Reporting and Triage:
The platform will include features that allow users to report bugs efficiently, ensuring that issues are tracked, prioritized, and resolved in a timely manner. -
Integration with Popular Payment Gateways:
The service will offer seamless integration with various payment gateways, ensuring secure and efficient transaction processing for online purchases.
The following PlantUML mind map illustrates the core structure of the product's features:
Prioritization of essential features
- P1 = Mandatory
- P3 = Required
- P5 = Nice to have
Service non-functional requirements
The following non-functional requirements ensure that the system meets quality attributes beyond its functional behavior. These requirements address performance, usability, security, maintainability, and scalability, helping to identify potential bottlenecks and guiding system design.
| ReqID | Description | Category |
|---|---|---|
| NFR-REQ-S0001 | The system shall support a minimum of 500 concurrent users without performance degradation. | Performance |
| NFR-REQ-S0002 | The average response time for all user actions under normal load shall be less than 2 seconds. | Performance |
| NFR-REQ-S0003 | The platform shall maintain an uptime of at least 99.9% per month, with scheduled maintenance communicated in advance. | Performance / Availability |
| NFR-REQ-S0004 | All data transmitted between the client and server must be encrypted using TLS 1.2 or higher. | Security |
| NFR-REQ-S0005 | The system shall store sensitive data in an encrypted format, both at rest and in transit. | Security |
| NFR-REQ-S0006 | The user interface shall follow WCAG 2.1 Level AA accessibility guidelines to ensure that the platform is usable by individuals with disabilities. | Usability |
| NFR-REQ-S0007 | The platform’s codebase shall be documented and structured in a modular fashion to facilitate maintainability and future enhancements. | Maintainability |
| NFR-REQ-S0008 | The deployment environment shall support continuous integration and continuous deployment (CI/CD) to enable rapid bug fixes and feature updates. | Maintainability |
| NFR-REQ-S0009 | The system shall be scalable both vertically and horizontally to accommodate increased loads without significant rearchitecture. | Scalability |
| NFR-REQ-S0010 | Logging and monitoring must be implemented to track performance metrics and detect anomalies, with alerts generated for any deviations from normal parameters. | Maintainability / Operations |
Performance Requirements
| ReqID | Requirement | Description |
|---|---|---|
| PERF-REQ-0000 | Response Time | The gateway service should respond to requests within a specified time frame under normal load conditions. |
| PERF-REQ-0001 | Throughput | The gateway service should be able to handle a certain number of requests per second without degradation of performance. |
| PERF-REQ-0002 | Scalability | The gateway service should be able to scale up to handle increased load, either by adding more resources (vertical scaling) or by distributing the load horizontally. |
| PERF-REQ-0003 | Availability | The gateway service should be available for use a certain percentage of the time, often expressed as a "five nines" (99.999%) availability requirement. |
| PERF-REQ-0004 | Resilience | The gateway service should be able to recover quickly from failures and continue to function. |
Security Requirements
| ReqID | Requirement | Description |
|---|---|---|
| SEC-REQ-0001 | Secure Communication | All communication between clients and servers must be encrypted using protocols such as TLS to prevent interception and ensure data confidentiality. |
| SEC-REQ-0002 | Authentication | All users must be authenticated using secure methods (e.g., multi-factor authentication) before accessing protected areas of the system. |
| SEC-REQ-0003 | Data Integrity | The system must ensure that critical data (e.g., transaction records, user details) is protected from unauthorized modification and remains accurate. |
| SEC-REQ-0004 | Access Control | Access to system resources must be restricted based on user roles and permissions, ensuring that only authorized personnel can perform sensitive operations. |
| SEC-REQ-0005 | Audit Logging | The system shall maintain detailed audit logs of security-related events to facilitate monitoring, forensic analysis, and compliance reporting. |
Quality Assurance
To be updated.
Preliminary Acceptance Tests
To be updated.
Software architecture, placement view, database description, and integrations
-
Software Architecture: The overall structure of the Prestashop service, including components, their interactions, and technologies used (e.g., Docker, Ubuntu VM, cPouta).
-
Placement View: A representation of where different components (e.g., Prestashop, database, Docker, and supporting services) are deployed within the infrastructure (Ubuntu VMs on cPouta).
-
Database Description: Details about the database used by Prestashop (in our case MariaDB), including schema design, data storage, and connections.
-
Integrations: How Prestashop connects with other services, such as payment gateways, shipping providers, or external APIs.
Our setup
-
cPouta: Provides cloud-based virtual machines for hosting your services.
-
Ubuntu VM: Running as a host machine where Docker is installed.
-
Docker: Used to containerize the Prestashop application, making deployment and management more efficient.
-
Challenges: Ensuring correct networking, database connections, and persistent storage between Dockerized Prestashop and its dependencies within the Ubuntu VM.
Deployment diagram
A visual representation of how the Prestashop service is deployed within cPouta, including the Ubuntu VM, Docker containers, networking, and connections to external systems (e.g., database, storage, APIs).
Integrations with other systems
Prestashop typically integrates with payment gateways (e.g., PayPal, Stripe), shipping services (e.g., DHL, FedEx), ERP systems, and other e-commerce tools. Our setup may also involve API integrations for managing products, orders, or user authentication.
Standards and sources
- General Data Protection Regulation (GDPR): This regulation protects privacy and gives individuals control over their personal data.
- ePrivacy Directive: This directive complements the GDPR and provides rules on confidentiality of communications and tracking technologies such as cookies.
- Directive on the legal protection of computer programs ('Software Directive'): This directive protects computer programs by means of copyright.
- Directive on the enforcement of intellectual property right ('IPRED'): This directive enforces intellectual property rights.
- Directive on the legal protection of databases ('Database Directive'): This directive protects databases.
- EU Cybersecurity Act: This act ensures safer hardware and software.
- Digital contract rules: These rules make it easier for consumers and businesses to buy and sell digital content, digital services, goods, and 'smart goods' in the EU.