There's other forms of software requirements. There's also architectural requirements. By component naming, you want to be consistent. Compatibility with other systems. Interfaceability, you want loose coupling to allow you to meet that one. Upgradability, so this is important if you want to -- if you think you'll be putting out future versions at a later time. And even buildability, can you do daily builds? Can you make that easy to be able to deploy more software, more quickly to more customers. So there's a lot of things that go into the architectural aspects of how you build your software that roll up into non-functional requirements. There's constraints -- requirements related to constraints like system design, there may be hardware restrictions, standards conformance, legal issues, organizational issues, we've talked about functional or non-functional, and may even come from users and organizations and be conflicting, so those all need to be resolved as well. So these fall into the category of contraints. Good requirements have to be -- have to have a number of attributes. They have to be possible, feasible to actually do within budget. You have to be necessary, someone has to really want them, you have to trace it back to a use case or user story. You have to be prioritized. Unfortunately, our customers can't say that everything is top-priority, so we have to find a way of prioritizing them. Unambiguous is only one interpretation. It's easy to read, easy to understand. You have to be concise. Only the information needed, don't need to go into noisy explanation, that's not necessary. And then Verifiable. If you can't test it or measure it, then you don't know whether you'll be done. So these are just some imporant characteristics of requirements that need to be understood. In this next section, let's talk about the requirements development process. Here, Weinberg shows these steps to ellicit and analyze requirements. Starts with problem recognition, discovering and gathering, then evaluation and synthesis. Modeling, we'll talk about modeling, and then specification -- packaging and format final review for -- this is his process for eliciting and analyzing requirements. And the first circled section there is what we'll concentrate on first, the elicitation analysis, then we'll go into the modeling, and then finally talk a little bit about -- we'll talk about specification then a little bit about modeling and validation. At a high level, Carl Weiger's requirements development process is somewhat similar. Elicitation into analysis, there may be some clarification that has to go back into the elicitation phase. Into the specicication, validation may cause us to rewrite the specification. Validation may also cause us to reevaluate the requirements and even to close and correct gaps in the requirements which takes us all the way back to the elicitation phase. So you can see even in the requirements process, it can't be waterfall-ish. It's got to have feedback. Re-do clarification, reevaluation, so even just the requirements phase itself is a multi-phase process or subprocess and so rework and reevaluation often is necessary. From a capability maturity model integrated software framework at level two maturity -- maturity level two, you start to already see requirements, management coming into play, so this is important already at level two. The staged model and so what this is basically saying -- saying that of the seven basic things you need to be able to do from project management perspective and key knowledge areas, requirements management along with project planning, project monitoring and control, supplier agreement, management measurement analysis, project planning and quality assurance, and configuration management. These are the top seven that form the basis, one of which is requirements. Some more details here. Each of the maturity levels. The name of that maturity level -- initial, managed, defined, quantitatively managed and optimizing -- And you can see where requirements management is at level two, but requirements development is at level three. These things show early and are very important to set the basis, the foundations for all the maturity levels to come, so requirements are very important to address early. There's a five-step process to do problem analysis during the requirements phase. Step one is to identify the problem. The little template there can be used to specify that problem. You basically fill it out, so on the left, the problem of, then you describe your problem effects, and then you identify the stakeholders affected by the problem, the result of which is an impact on some set of stakeholders in business activities, you need to describe that. And then the benefits of your new system are indicated. The proposed solution -- you indicate the proposed solution, list of few key benefits that your new system wiill provide. Once you identify the problem. we have the root cause of problems, so you can use in step two, fishbone or Ishikawa diagram to help you identify the problem. Step three, identify the actors. Step four, draw the system boundaries so you know what's inside and what's outside. And step five, you need to be able to identify the constraints on your proposed solution. This is an actual example of an Ishikawa diagram from industry trying to address the issue or the problem of a Linux distribution technology that was difficult to use. You can see the main focal areas are on technology, people, process and quality and customer support, and logistics, and you can see some of the details -- we went down to about three levels here... to allow us to get the data we needed to make adecision on the requirements, changes we needed to get our new product out the door. So I just wanted to show you what it looks like when you do this in real industry environments. These techniques I'm talking to you about are actually used in industry settings and are very effective. Constraints actually come in many forms. You can see the different sources here, system constraints, environmental resource, and schedule, economic, political, and technical. There's some examples there. Each of these sources of constraints needs to be evaluated very closely. In the past, I've been burned by not properly understanding the constraints that, for example, legal issues with open source software if you don't have that documented very carefully. People have been bitten on that one. Security requirements, there's different security requirements for here versus Europe. So you have to really go into the details, you know, licensing issues. There are multiple licensing types for open-source software, which one are you going to use? So these all have to be considered during a requirements phase as constraints on the problem, these limit the degrees of freedom so you need to consider these early during this phase. The next thing you want to do is separate the problem from the solution. You have the problem situation, you need to obviously create a problem statement and implementation statement and then that's going to be used ultimately for verification, the implementation, definition back to the problem statement to make sure you're building what you were told to build and then there's going to be a validation step back to the problem situation to make sure you're actually solving problem. There will be some correctness and correspondence relationships between the problem statement and the problem situation to the system and we will -- but it first starts with, rather than proposing the solution, first separate problem situation and look at it from top-down. The most obvious problem might not be the one that you need to solve, so that's why it's good to separate the problem first, look at it independently, discuss the problem statement with your stakeholders, and look at the different design choices. So, again, the most obvious problem may not be the one you're actually trying to solve. You want to check for the solution correctly solves the stated problem. But, also, check that the problem statement corresponds to the real needs of the stakeholders. Problems can be separated in different ways. For example, let's consider this one requirement. You want to prevent unauthorized access to a University of Texas machine. Well, we can separate this into different domains. On the left, you see the application domain. These are the things that the machine -- the computer, cannot observe directly. Like, students, intruders, sysadmin, signed forms, even stickies with your password on them. This is in, I'll call this the real world domain, or the application domain. On the right-hand side is the machine domain. This is where your software is going to run things that are private to the machine. The encryption algorithms, the password files, etc. And then the that thing in the middle -- the shared things -- Think of this almost as the interphase requirements for the system. Where you need to deal with things, like T-cards, or passwords, or user names, or things being typed at the keyboard. Shared things between the real world, and the machine. Normally in the form of the user interphase, and this is where we also begin to think about our user interphase requirements. So, now we can think of these domain properties, and requirements, on the left. Again, that's the application domain. That's where we have domain properties, and requirements. Domain properties, think of them as things in the application domain that remain true whether or not we ever build the system. You know the sun's going to come up, and the sun's going to set. These things are true regardless of whether we ever build a system or not. The requirements are the things in the application domain that we want to be true by delivering on the system we're proposing. So, those are the things in the application domain. On the right-hand side, in the machine domain, we have computers and we have programs. The things that actually implement -- that control one way or the other the application domain. And then in the middle, we have the specification. The specification is a description of the behaviors that our program has to have in order to meet the requirements. Normally written in terms of shared phenomenon. Again, things through the user interphase. Data being passed back and forth between the machine and the user. Things like this. Some of that is described in the specification. Which is the shared phenomenon. Now, in this application, and machine domain, kind of Venn diagram here, we can shift things around as well. We can move the boundaries. If we're building an elevator control system, for example, here's how that might look. The application domain would be the real world. You know, people waiting; people in the elevator; people wanting to go to a particular floor; the elevator motors and safety rules that are bolted to the elevator. We have the scheduling algorithms, and the control programs actually running in the machine domain, and then we have all this overlap. All this intersection. The elevator call buttons; the floor request buttons; etc. Now, we could move things from the application domain into the shared domain by changing how the system's going to behave. We can add sensors, for example, to detect when people are waiting. And doing this type of thing changes the nature of the problem being solved. So, all this -- The application domain, the shared domain, the machine domain, what goes where can change based on how we define the problem.