Open srikumarks opened 3 days ago
One way to go about this is to first consider what is called the "happy path" - where everything is well. Then you critically look at all the things that can go wrong either inadvertently or deliberately and address those and iterate.
When describing a step, do not labour on details that are expected to be broadly known. For example, it is sufficient to say "the server sets a cookie on the client with XYZ information" without detailing it like "the service handler uses the Set-Cookie header with XYZ info as value in its HTTPS response which the browser stores in its local cookie store associated with the app's origin".
Your system design needs to be clarified as a sequence of steps starting from a student signing in to the final point when the student's vote gets registered in the system. You'll have to be as detailed as possible in this description and break down the steps into sufficiently "atomic" units of activity. By that, what I mean is if a student does some action purely within the user agent (i.e. the browser), that can all be lumped into a single step, but the moment data crosses over to the server, that would need to be broken into a separate step and you'll have to describe what all data moves from client to server (or vice versa). Similarly, within the server environment, you have your "backend process" and the database.
Once you make this detailed picture based on your current understanding, you'll have to critically look at it and ask "what assumptions are we making about this step in articulating it this way and how could those assumptions be broken?". Then you'll have to put in adequate mechanisms to protect against the process breaking due to those broken assumptions.
For example, you described the student "signing in" by giving their email address which results in a link being sent to their email after validation of the email address. There are many steps here that need to be broken down -
I will be weighting this analysis fairly significantly since this is the crux of your application.