The term vertical slice refers to a cross-sectional slice through the layers that form the structure of the software code base. It is mostly used in Scrum terminology where the work is planned in terms of features (or stories). For example, as a very basic approach, a software project may consist of three layers (or components):
In this common approach, a vertical slice means a bit of every layer. Again as an example, a new feature request like "showing x information on main screen" would contain these work bits:
Work in the UX/UI that will display the information
Work in the service layer to transform the information
Work in the database layer to store / fetch the information.
So a vertical slice can be defined as "the sum of the work that has to be done in every layer that is involved in getting a specific feature working." A vertical slice doesn't necessarily affect every component in the software. For example, if the solution contains a web service, it would live in the same "floor" as the UI, and a feature like "supporting login/logout in webservice" that involves only the web service does not require a change in the UI, but the business and database access layers.
Vertical user stories
A vertical user story encapsulates the action of one function.
An example of a vertical user story is, "As an end user I must be able to log into my company portal so that I can perform the functions of my job."
Acceptance criteria
Acceptance criteria are conditions of satisfaction. This story is "done" when the detailed functionalities are completed.
For example:
Verify that I can log into the system
Verify that my login credentials will be remembered
Verify that I can reset my own password by clicking the "Forgot Password" link
Verify that I cannot navigate back to the landing page without first logging in
Dissected by layer
As a developer, you will need to think about every file encapsulated in each layer that needs to be created and/or extended in order to complete this "Login User" story.
A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services that a typical individual accesses can make memorization of unique passwords for each service impractical. Using the terminology of the NIST Digital Identity Guidelines, the secret is held by a party called the claimant while the party verifying the identity of the claimant is called the verifier. When the claimant successfully demonstrates knowledge of the password to the verifier through an established authentication protocol, the verifier is able to infer the claimant's identity.
The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.
Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.
In software and systems engineering, the phrase use case is a polyseme with two senses:
A usage scenario for a piece of software; often used in the plural to suggest situations where a piece of software may be useful.
A potential scenario in which a system receives an external request and responds to it.
Java Authentication and Authorization Service, or JAAS, pronounced "Jazz", is the Java implementation of the standard Pluggable Authentication Module (PAM) information security framework. JAAS was introduced as an extension library to the Java Platform, Standard Edition 1.3 and was integrated in version 1.4.
A one-time password (OTP), also known as a one-time PIN, one-time authorization code (OTAC) or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid several shortcomings that are associated with traditional (static) password-based authentication; a number of implementations also incorporate two-factor authentication by ensuring that the one-time password requires access to something a person has as well as something a person knows.
Keychain is the password management system in macOS, developed by Apple. It was introduced with Mac OS 8.6, and has been included in all subsequent versions of the operating system, now known as macOS. A Keychain can contain various types of data: passwords, private keys, certificates, and secure notes.
Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to guess it correctly. The strength of a password is a function of length, complexity, and unpredictability.
There are several forms of software used to help users or organizations better manage passwords:
There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.
Password fatigue is the feeling experienced by many people who are required to remember an excessive number of passwords as part of their daily routine, such as to log in to a computer at work, undo a bicycle lock or conduct banking from an automated teller machine. The concept is also known as password chaos, or more broadly as identity chaos.
A functional specification in systems engineering and software development is a document that specifies the functions that a system or component must perform.
A CCSO name-server or Ph protocol was an early form of database search on the Internet. In its most common form, it was used to look up information such as telephone numbers and email addresses. Today, this service has been largely replaced by LDAP. It was used mainly in the early-to-middle 1990s. The name-server was developed by Steve Dorner at the University of Illinois at Urbana–Champaign, at the university's Computing and Communications Services Office (CCSO).
An information card is a personal digital identity that people can use online, and the key component of an identity metasystem. Visually, each i-card has a card-shaped picture and a card name associated with it that enable people to organize their digital identities and to easily select one they want to use for any given interaction. The information card metaphor has been implemented by identity selectors like Windows CardSpace, DigitalMe or Higgins Identity Selector.
Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection. RDS was first released in 1998 as Terminal Server in Windows NT 4.0 Terminal Server Edition, a stand-alone edition of Windows NT 4.0 Server that allowed users to log in remotely. Starting with Windows 2000, it was integrated under the name of Terminal Services as an optional component in the server editions of the Windows NT family of operating systems, receiving updates and improvements with each version of Windows. Terminal Services were then renamed to Remote Desktop Services with Windows Server 2008 R2 in 2009.
Multi-factor authentication is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism. MFA protects personal data—which may include personal identification or financial assets—from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.
User provisioning software is software intended to help organizations more quickly, cheaply, reliably and securely manage information about users on multiple systems and applications.
Apple ID is a user account by Apple for their devices and software. Apple IDs contain the user's personal data and settings. When an Apple ID is used to log in to an Apple device, the device will automatically use the data and settings associated with the Apple ID.
SAP Logon Tickets represent user credentials in SAP systems. When enabled, users can access multiple SAP applications and services through SAP GUI and web browsers without further username and password inputs from the user. SAP Logon Tickets can also be a vehicle for enabling single sign-on across SAP boundaries; in some cases, logon tickets can be used to authenticate into 3rd party applications such as Microsoft-based web applications.
Google Authenticator is a software-based authenticator by Google. It implements multi-factor authentication services using the time-based one-time password and HMAC-based one-time password, for authenticating users of software applications.
This page is based on this Wikipedia article Text is available under the CC BY-SA 4.0 license; additional terms may apply. Images, videos and audio are available under their respective licenses.
