CSE 370: Software Engineering Principles

W03 Team Activity: Case Study Discussion

Overview

Meet with your team and follow this outline to discuss this week's case study.

Instructions

(Before the meeting) Prepare yourself

Before meeting with your team, you need to:

If you have not read the case study you will not be able to participate with your team.

Begin with prayer

The lead student should ask someone to pray to begin the meeting.

Review the case study basics

Discuss the following:

  1. What timeline did the company allocate for the new MyRugsStuff.com site to be created and deployed?
  2. What was the security issue that Aiden needed to address?
  3. What was the opinion of Sean, the VP of emerging business, with regard to the security issue?
  4. What was the opinion of Jericho, the team lead that reported to Aiden, with regard to the security issue?
  5. What was the opinion of Alvin, who oversaw the API gateway for MyHomeStuff.com, regarding using an API gateway on the new site?

Identify Christlike attributes

Disciples of Jesus Christ

As a team, discuss the following:

  1. Are there any people or actions in this case study that exemplify the way the Savior would act in that circumstance?
    • If so, do you think acting this way was difficult for that person?
  2. Are there any people in this case study that behave contrary to the teachings of the Savior?
    • If so, how could that person have achieved their overall goal in a different way?

Dig a little deeper

Answer the following questions:

  1. What types of design artifacts were used at the company?
    2. After you have answered the question, expand this box.

    Design artifacts were required for each component and stored in the company's wiki.

    Two kinds of artifacts were specifically mentioned: informal box-and-sticks diagrams and UML sequence diagrams. In addition, Jericho created a design document showing the way an API gateway would work.

  2. How did the design artifacts in this example facilitate communication among developers, among business stakeholders, and communicate for future use?
    3. After you have answered the question, expand this box.
    • With developers: Aiden and Jericho were able to share the artifacts with each other to see how an API gateway would work and also how the microservices would be called and what data would be passed (even though this data was not complete). In addition, they were able to share these artifacts directly with the security team.
    • With future developers: By requiring each microservice to have a design document stored on the company's wiki, Aiden ensured that future developers would be able to look back to the design of each one.
    • With business stakeholders: This was not mentioned as directly in the case study, but in principle the CTO, and the various VPs could look at the design artifacts for the components at the center of the important decisions that were about to be made.

Analyze the case

Answer the following questions:

  1. What were some of the benefits during the design phase of using established design patterns such as microservices and API gateways?
    2. After you have answered the question, expand this box.

    Using design patterns provided a shared vocabulary among the developers. When one of them mentioned microservices or an API gateway, the other instantly knew a number of items about the proposed solution, without having to discuss every one of them in detail.

    Using these patterns allowed them to stay at a higher level in their decision making and make determinations about an entire family of options rather than having to focus on how each particular call would work in an API gateway approach.

  2. What are some specific ways the design of this system could be more thorough? In what ways might a more thorough design have identified risks earlier in this project?
    3. After you have answered the question, expand this box.

    The most important components that could have been more thorough would have been to better specify the data dictionary of the JWT token that would be stored.

    In a similar fashion the interface of each of the services could have been much more explicitly documented to define every piece of data that was passed.

    If these details were present, Aiden's team may have picked up on the security vulnerability during their design phase. Also, when performing the audit, the security team could have instantly seen the problem that they later uncovered through further conversation.

    It is worth noting that in this case study, the elevated privileges of the rewards program were identified and these were dismissed as non-critical by the VP of emerging products. However, with a more thorough listing of the data stored in the JWT, additional vulnerabilities might be found that might be more critical.

Conclude

As you finish your meeting, select a person to be the lead student for your next meeting.

Submission

Other Links: