SE311 - Chapter 8: Requirements Specification

00

Overview - Where Specification Fits

In the RE process, Specification comes after Inception → Elicitation → Analysis. It is the step where we formally document what was discovered and analyzed.

Inception → Elicitation → Analysis → Specification ◀ YOU ARE HERE → Validation → Management

What is an SRS? The Software Requirements Specification (SRS) is the official document that records system requirements. It states WHAT the system should do - NOT how it should do it. It documents both user requirements and system requirements.

⚠ Common Mistake An SRS is not a design document. Don't describe implementation details or architecture in it.

Ways to Write an SRS

Style	Description
Natural language	Sentences supplemented by diagrams and tables
Structured natural language	Restricted language following a fixed standard/template
Graphical (UML + text)	Graphical models with text annotations - most common in SE311
Design description language	Language resembling a programming language
Mathematical specs	Formal notations based on math concepts

01

SRS Template - Big Picture

A standard SRS template serves as a "convenient reminder" of what knowledge to explore. The full structure:

📖

1. Introduction

Purpose, conventions, scope, references

🌐

2. Overall Description

Context, users, environment, constraints

⚙️

3. System Features

Functional requirements by feature

🗄️

4. Data Requirements

Data model, dictionary, reports

🔌

5. External Interfaces

UI, software, hardware, communications

⭐

6. Quality Attributes

Usability, performance, security, safety

🌍

7. i18n & L10n

Internationalization & localization

📎

8. Other Requirements

Legal, regulatory, compliance

📚

Appendices

Glossary, analysis models

💡 Memory Mnemonic: "I Only See Data - Every Quality Is Organized Alphabetically" Introduction · Overall Description · System Features · Data Requirements · External Interfaces · Quality Attributes · I18n · Other · Appendices

1

Introduction

Presents an overview to help the reader understand how the SRS is organized and how to use it.

1.1 Purpose

Identifies the product, application, or subsystem specified
Include the release/version number
Describe the intended reader audiences (developers, PMs, marketing, users, testers, documentation writers)

1.2 Document Conventions

Standards or typographical conventions used (meaning of specific text styles, highlighting, notations)
Manual standard for labeling requirements

Example - Typographical Convention Table

Usage	Typeface	Example
New terms	Italic	defined by keys
File/directory names	Italic	C:\derby
SQL examples	Bold/fixed-width	`SELECT city_name FROM Cities`
SQL keywords	ALL CAPS	CREATE TABLE

1.3 Project Scope

Short description of the SW and its purpose
Relate to business objectives and user/corporate goals
Summary of major features
Refer to Vision & Scope (V&S) document if it exists

1.4 References

Resources the SRS refers to (contracts, standards, system requirements spec, interface spec)
Include hyperlinks if possible
Include enough info so the reader can access each resource (title, author)

2

Overall Description

Presents a high-level overview of the product, its environment, anticipated users, and known constraints, assumptions, and dependencies.

2.1 Product Perspective

Context & origin: next product in a line? New version? Replacement? Entirely new?
If a subsystem: how does it relate to the overall system? What interfaces exist?
Consider including visual models (ecosystem map, context diagram)

2.2 User Classes and Characteristics

Anticipated user classes and their characteristics
Identify the favored user class
User classes = subset of the stakeholders defined in V&S document

Example - Movie Shop (from course material) User classes: Customer (browses reviews, receives overdue notices), Member (buys/rents digital movies online), Sales Clerk (manages physical transactions), Manager (generates reports)

2.3 Operating Environment

HW platform, OS version
Geographical locations of users, servers, and databases
Organizations that host related databases, servers, and websites
Other SW with which the system must coexist

2.4 Design and Implementation Constraints

Programming language, code library restrictions
Factors that constrain developers and the rationale for each constraint
Watch out for unnecessary design constraints - don't over-specify

2.5 Assumptions and Dependencies

Assumptions about system functionality (business-related assumptions go in V&S)
Dependencies on external components (e.g., a certain SW must be installed first)

💡 Tip Different team members may have different assumptions! Developer assumes custom code; BA assumes reuse; PM expects to buy a library. Document these explicitly to avoid conflicts.

3

System Features

Documents functional requirements organized by system feature (one possible way among several).

📌 Other valid organization styles By functional area, by process flow, by use case, by user class, or hierarchical combinations. There is no single right choice - select what makes it easy for readers to understand intended capabilities.

3.x System Feature X (repeated for each feature)

Sub-section	What to include
3.x.1 Description	Short description of the feature + its priority (priorities often change - manage them!)
3.x.2 Functional Requirements	Itemized list of capabilities that must be implemented; responses to error conditions; use unique labels for each requirement

Past Exam From Major-2 (Term 251) - Municipality System The exam asked students to identify use cases and actors from a project description. In an SRS 3, these use cases would map to system features. E.g., "Submit Permit Application" becomes a feature with functional requirements like: citizen logs in with national ID, uploads documents in PDF/image format, pays fees electronically.

💡 Tip - Naming Features Name features in a few words using a verb-noun pattern, e.g., "3.1 Spell Check", "3.2 Buy Movie", "3.3 Reserve Movie". Don't make them too broad or too granular.

4

Data Requirements

Describes the data the system will consume as inputs, process, or create as outputs.

4.1 Logical Data Model

Visual representation of data objects and their relationships
Use ER diagrams or UML class diagrams

Example - Movie Shop Domain Model (Chapter 5) Key classes: Customer, Member, Movie, RentalCopy, Purchase, Rental, Review. This would appear in 4.1 of the SRS as the logical data model.

4.2 Data Dictionary

Composition of data structures
Meaning, data type, length, format, and allowed values for each data element
May be stored as a separate artifact for reusability

Past Exam From Major-2 (Term 251) Q2 Part 4 "Differentiate between an ERD and a Data Dictionary in specifying data requirements. Explain how both work together."

Model answer: The ERD provides a high-level visual view of data structure and entity relationships. The Data Dictionary complements it by providing precise details about each entity's attributes (data type, constraints, valid values). Together they ensure both the overall data model and specific data definitions are clear, complete, and unambiguous.

Example Data Dictionary Entry

Entity: RentalCopy
copyNumber  | Integer | Unique identifier for physical copy | e.g., 001, 002
returnDate  | Date    | Scheduled return date               | Format: YYYY-MM-DD
isOverdue   | Boolean | Whether copy is past due date       | true / false

4.3 Reports

Describe any reports to be generated and any layouts they must follow
Defer detailed report layout to the design stage

4.4 Data Acquisition, Integrity, Retention, and Disposal

How data is acquired and maintained (e.g., initial dump + incremental feeds)
Techniques: backups, checkpointing, data accuracy verification
Policies for retaining or disposing of data (temporary data, local copies, deleted records)

💡 Shared Data Dictionary Benefit (Past Exam Topic) Two benefits: (1) Consistency - all team members use the same definitions. (2) Improved Communication - acts as a common reference for developers, analysts, and stakeholders.

5

External Interface Requirements

Ensures the system will communicate properly with users and with external HW or SW elements.

⚠ Key Note Reaching agreement on external and internal system interfaces has been identified as a software industry best practice. For complex multi-component systems, create a separate interface specification.

5.1 User Interfaces

References to UI standards or product style guides
Standards for fonts, icons, button labels, images, color schemes, field tabbing sequences
Screen size, layout, or resolution constraints
Standard buttons/navigation appearing on every screen (e.g., help button)
Shortcut keys, message display conventions
Data validation guidelines
Accommodations for visually impaired or color-blind users

5.2 Software Interfaces

Connections to other SW systems (name + version), message formats, data exchanged
E.g., other applications, databases, websites, OS, commercial components
Input/output data mappings and translations between systems
Services needed from external SW components

Example - Riyadh Seasons System (Mid Exam) The system connects to Secure Payment Inc. for online payment security. 5.2 would specify: the payment API protocol, data format for transaction records, and how the festival website integrates with the payment gateway.

5.3 Hardware Interfaces

Characteristics of each interface between SW components and HW components
Supported device types, communication protocols
Lists of inputs/outputs, their formats, valid value ranges, and timing

Example - Riyadh Seasons System (Mid Exam) The self-check-in terminal and the bracelet reader are hardware components. 5.3 would specify: the terminal's ticket identification protocol, the NFC/chip communication standard for the bracelet, and data formats for loading money.

5.4 Communications Interfaces

Communication functions: email, web browser, network protocols, electronic forms
Message formatting standards
Communication security and encryption, data transfer rates
Constraints on interfaces (e.g., acceptable email attachment types)

6

Quality Attributes

Specifies non-functional requirements other than constraints (those go in 2.4) and UI interface requirements (those go in 5.1).

⚠ Critical Rule Quality requirements must be specific, quantitative, and verifiable. "The interface shall load quickly" is BAD - it's not verifiable. "The page shall load within 3 seconds on a standard broadband connection" is GOOD.

Past Exam From Major-2 (Term 251) Q1 #4 "The phrase 'The interface shall load quickly' violates which characteristic of excellent requirements?" → Answer: Verifiability. The requirement cannot be measured or tested as written.

6.1 Usability

Ease of learning, ease of use, error avoidance and recovery
Efficiency of interactions, and accessibility
Helps the UI designer create the optimum user experience

6.2 Performance

Specific performance requirements for various system operations
If different functional requirements have different performance needs, specify those together

Example "When sending welcome emails, the server must send them within 10 minutes of registration." (Good - specific and measurable)

6.3 Security

Requirements regarding security or privacy issues that restrict access/use
Security requirements often originate in business rules - reference the business rules document if it exists

Example - Riyadh Seasons (Mid Exam) "The Riyadh Seasons online payment service shall be secure." (This is a security NFR, though it's still too vague - should specify encryption standard, e.g., TLS 1.3)

6.4 Safety

Requirements about possible loss, damage, or harm from using the product
Safeguards or actions that must be taken
Potentially dangerous actions that must be prevented

6.x Others

Create a separate section for each additional quality attribute important to customers, developers, or testers:

🔄

Availability

🔧

Modifiability

💼

Portability

🛡️

Reliability

♻️

Reusability

💪

Robustness

Past Exam From Midterm MCQ "Which of the following statements explains portability in non-functional requirements?" → Answer: "It is a degree to which software running on one platform can easily be converted to run on another platform."

Past Exam From Midterm MCQ "Which one of the following is a functional requirement?" Options: Maintainability, Portability, Robustness, None of the mentioned → Answer: None of the mentioned (all three are NFRs / quality attributes).

7

Internationalization & Localization Requirements

Ensure the product is suitable for use in nations, cultures, and geographic locations other than those where it was created.

What to Address

Category	Examples
Currency	SAR, USD, EUR formats
Date/Number formats	DD/MM/YYYY vs MM/DD/YYYY; 1.000,00 vs 1,000.00
Language	Arabic, English; Arabic right-to-left layout
Spelling conventions	American vs British English
Name order	Given name vs family name first
Time zones	AST (Arabia Standard Time) vs UTC
Weights & measures	Metric vs imperial
Legal / Cultural	International regulations, cultural sensitivities

💡 Tip - Reusability Internationalization and localization requirements are often reusable across projects. Consider maintaining an enterprise-level i18n document.

8

Other Requirements & Appendices

8. Other Requirements

Requirements not covered elsewhere in the SRS, such as:

Legal, regulatory, or financial compliance and standards requirements
Requirements for product installation, configuration, startup, and shutdown
Logging, monitoring, and audit trail requirements

Appendix A: Glossary

Define specialized terms, acronyms, and abbreviations
Consider building a reusable enterprise-level glossary
Note: Data definitions belong in the data dictionary, not the glossary

Appendix B: Analysis Models (Optional)

Data flow diagrams, feature trees, state-transition diagrams, ER diagrams
May be better placed inline in relevant sections rather than all at the end

💡 Final Tips from the Slides

Avoid duplicating information in multiple sections - pick one place and cross-reference
Use version control and include a revision history (who changed what, when, and why)
Organize requirements so readers can understand the product's intended capabilities
Priorities often change - manage them actively throughout the project

★

Memory Tips & tricks; Study Tricks

The Golden Rules of SRS Writing

Rule	Explanation	Bad Example	Good Example
Specific	Avoid vague terms	"The system shall be fast"	"The system shall respond within 2 seconds"
Verifiable	Must be testable	"User-friendly interface"	"A new user shall complete registration in under 3 minutes"
WHAT not HOW	No design in SRS	"Use a MySQL database"	"The system shall store customer records persistently"
Unambiguous	One interpretation	"Requests of 5 days or under need no approval, 5-10 days need approval"	"1 - 4 days: no approval. 5 - 10 days: supervisor approval"

Past Exam From Major-2 (Term 251) Q2 Part 3 - Ambiguity Types

"Vacation requests of up to 5 days do not require approval. Vacation requests of 5 to 10 days require supervisor approval." → Boundary ambiguity / Overlapping ranges (what happens at exactly 5 days?)
"The-system-shall-allow-the-user-to-search-using-a-name-and/or-email." → "and/or" ambiguity (must both be entered? Either? Both?)

Quick Reference - What Goes Where

If you need to specify…	Put it in…
A discount rule (10% off for members)	3 (System Feature) - it's a functional requirement
Response time for a page load	6.2 Performance
Screen resolution constraints	5.1 User Interfaces
The programming language to use	2.4 Design and Implementation Constraints
Database ER diagram	4.1 Logical Data Model
Definition of "Member" vs "Customer"	Appendix A: Glossary
Data type and length of memberNumber	4.2 Data Dictionary
Integration with a payment API	5.2 Software Interfaces
Legal compliance requirement	8 Other Requirements
Arabic RTL support	7 Internationalization

Exam Checklist - Things to Remember

✅ SRS states WHAT, not HOW
✅ NFRs must be quantitative and verifiable
✅ ERD + Data Dictionary work together to specify data requirements
✅ User classes ≠ stakeholders (user classes are a subset)
✅ Priorities change - use version control on the SRS
✅ Don't duplicate information - use cross-references instead
✅ "Login" is a security (non-functional) requirement, not a use case
✅ Agile methods argue SRS is wasteful (requirements change quickly)

📝

Consolidated Past Exam Questions

Past Exam Major-2 Term 251 · MCQ #2
"A good SRS should avoid: (a) Describing functional behavior (b) Stating measurable constraints (c) Mixing design decisions with requirements (d) Identifying external interfaces"
Answer: (c) - SRS should not mix design decisions with requirements.

Past Exam Major-2 Term 251 · MCQ #3
"If every requirement stated in the SRS has only one interpretation, the SRS is said to be: (a) Correct (b) Unambiguous (c) Consistent (d) Verifiable"
Answer: (b) Unambiguous

Past Exam Major-2 Term 251 · MCQ #6
"Which requirement below best expresses a data-quality constraint?"
(a) "The system shall respond within 3 seconds." (b) "Each employee record shall contain a valid, unique national-ID number." (c) "The system shall encrypt all communications." (d) "The interface shall be user-friendly."
Answer: (b) - It constrains specific data content (unique, valid national-ID).

Past Exam Major-2 Term 251 · Q2 #1 - Traceability
"Requirements should be traceable to two different things. What are these two things and why?"
Answer: (1) Backward traceability - to the source (stakeholder / business goal) to ensure every requirement is necessary. (2) Forward traceability - to implementation (design, code, test cases) to ensure every requirement is implemented and verified.

Past Exam Midterm MCQ
"Which of the following is NOT defined in a good SRS?" Options include: Functional Requirement, Nonfunctional Requirement, Goals of implementation, Algorithm for SW implementation.
Answer: Algorithm for SW implementation - The SRS states WHAT, not HOW.

Past Exam Midterm MCQ
"Which one of the following is NOT a step of requirement engineering?" (a) Elicitation (b) Design (c) Analysis (d) Documentation
Answer: (b) Design - Design is part of software engineering, not requirements engineering.

Past Exam Major-2 Term 251 · Q2 #2 - 4 Challenges in Prioritization
List four challenges in requirements prioritization:
1. Conflicting Stakeholder Interests
2. Limited Resources (time, budget, technical)
3. Unclear or Ambiguous Requirements
4. Changing Requirements