ENABLING CONTENT AL MALINE SR. ENTERPRISE ARCHITECT FDIC ENTERPRISE TECHNOLOGY BRANCH ENTERPRISE ARCHITECTURE PROGRAM SECTION FDIC 1.

ENABLING CONTENT

AL MALINESR. ENTERPRISE ARCHI TECTFDI C ENTERPRISE TECHNOLOGY BRANCHENTERPRISE ARCHI TECTURE PROGRAM SECTI ON

FDIC1

Agenda

Quick IntroIdentity is a Strategic AssetContent Analysis with Services – A Geospatial

ExamplePublishing ContentQ & A

2

me

FDIC (almost 4 years) Division of Information Technology

Enterprise Technology Branch Enterprise Architecture Program Section

• Al Maline• [email protected]• 703-516-5230

Prior to FDIC Enterprise Architect Software Developer (Java, Application Express) PeopleSoft Administrator Oracle Database Administrator Unix Administrator Clients such as: PBGC, MSRC, Silicon Graphics, General Motors

3

WE CAN NOT SHARE CONTENT IF WE DO NOT KNOW

WHO YOU ARE

Identity is a Strategic Asset4

Current Practice

Identity silos FDIC Connect for Financial Institutions Non-Depository Claims E-FOIA FDIC Active Directory

Multiple methods of managing identity

5

Why does a consistent identity matter?

Can not answer simple questions How many submitters of claims also submit an E-FOIA

request?Can not deploy new solutions quickly (or

inexpensively) if each application needs to solve the identity management problem

Can not reliably or easily communicate with ALL of our customers

Identity becomes a stumbling block instead of an enabler

6

Where does security happen?

Untrusted Zone

Federation Zone

Trusted Zone

Restricted Zone

Perimeter

Perimeter

Perimeter

Internet

Anonymous Users

AuthenticatedUsers

Controlled Administrative

Access

Identity Authorized

Identity Assigned

No Identity

7

How is identity assigned?

Security Assertion Markup Language (SAML) 2.0

XML document that contains: Issuer element, which contains the unique identifier

of the identity provider Signature element, which contains an integrity-

preserving digital signature Subject element, which identifies the authenticated

principal Conditions element, which gives the conditions

under which the assertion is to be considered valid Authentication-Statement element, which

describes the act of authentication at the identity provider

Attribute-Statement element, which asserts a multi-valued attribute associated with the authenticated principal

8

How is identity assigned?

Identity Source(identity provider)

Destination Application(service provider)

AuthenticationAuthority

ResourceManager

User

1) Authentication

2) Assertion

4) R

esou

rce

3) R

eque

st +

A

sser

tion

9

Anonymous Users

Untrusted Zone

Federation Zone

Trusted Zone

Restricted Zone

Perimeter

Perimeter

Perimeter

Internet

Anonymous Users

AuthenticatedUsers

Controlled Administrative

Access

Anonymous Client

Content Dispatcher

Content Management

Content Services

Anonymous users are all assigned the same identity – “Anonymous” and are authorized accordingly.

10

Self Registration

Untrusted Zone

Federation Zone

Trusted Zone

Restricted Zone

Perimeter

Perimeter

Perimeter

Self Registered User

SAML Producer

SAML Consumer

Directory

Content Dispatcher

Content Management

Content Services

Users that register themselves and have their email address verified are authorized to see and add to the content that they have previously submitted.

11

Partners

Partner Zone

Untrusted Zone

Federation Zone

Trusted Zone

Restricted Zone

Perimeter

Perimeter

Perimeter

Partner Client

SAML Producer

Directory

Partner Security

Administrator

Delegated Administration

SAML Consumer

Content Dispatcher

Content Management

Content Services

Business partners, such as financial institutions, that do not have their own Identity Management infrastructure would use an FDIC provided, delegated administration module, to manage their user identities.

12

Federated Partner

Partner Zone

Untrusted Zone

Federation Zone

Trusted Zone

Restricted Zone

Perimeter

Perimeter

Perimeter

Federated ClientSAML Producer

Directory

Federated Security

Administrator

Security Administration

SAML Consumer

Content Dispatcher

Content Management

Content Services

Business partners that do have their own Identity Management infrastructure would be the source of the SAML assertions for their users.

13

FDIC User

Untrusted Zone

Federation Zone

Trusted Zone

Restricted Zone

Perimeter

Perimeter

Perimeter

Content Management

Content ServicesSAML

Consumer

FDIC Prod

Active Directory

SAML ProducerActive Directory

Federation Services

Per

ime

ter

Content Dispatcher

Telecommuting User

Remote Desktop

Fast Access

Internal User

FDIC users (bother internal and telecommuting) would also be provided a SAML assertion to gain access to applications.

14

Cloud User

Hosting Provider

Untrusted Zone

Federation Zone

Trusted Zone

Restricted Zone

Perimeter

Perimeter

Perimeter

Content ServicesSAML Consumer

FDIC Prod

Active Directory

SAML ProducerActive Directory

Federation Services

Trust Relationship

Per

imet

er

Content Dispatcher

Internal User

Perimeter

Content Management

FDIC users of a cloud service provider would use the same model in reverse.

15

Analysis of Content

GEOSPATIAL APPLICATION ARCHITECTURE

16

Requirements

Create a visual presentation of Failed, Problem and MDI (Minority Depository

Institution) Institutions and display within States Counties Congressional Districts

17

Demo18

Technology

Oracle Maps Javascript API Slippy Map for Draggable

Display of Map Tiles Feature of Interest

Interactions Oracle Mapviewer

Tile Cache Feature Server

Oracle Spatial Database Spatial interactions Materialized Views PL/SQL Functions Mapping Metadata

Client BrowserJavaScriptHTML rendering

HTTP

Middle TierWeblogicMapviewer(Map/Feature rendering)

JDBC

Data TierTables with Spatial AttributeSpatial IndexesMetadata

19

Technology

JQuery HTML Document

Traversing Event Handling AJAX Interactions

JQuery UI User Interface

Widgets

20

Technology

JQuery Datatables Plugin Table pagination Filtering Multi-Column Sorting

Java Servlet Apache POI library

21

oraclemaps.js(mapping API)

bankLayer.js(model +

view updating)

RSAM.js(model +

view updating)

HTML Only

RSAM.css

map.jsp(view)

JQuery• Page

Enhancement

• Event Routing to Model

JavaScript/JQuery• Manages Map

Themes

• Updates View Tables

Presentation Architecture

JSON 2 Excel

Java Servlet• Convert JavaScript

Object Notation to Excel

OracleMapviewer

• Renders map tiles

• Fetches Features

dataTables.js(table controller)

mapPage.js(controller)

Behavior mappingbetween view

And model

22

Geometry Themes

Styles

Areas

Colors

Lines

Markers

Advanced

Spatial Tables(Tables, Views, Materialized Views)

One Geometry Column(SDO_GEOMETRY)

Spatial Metadata(USER_SDO_GEOM_METADATA)

Spatial Index

OracleMapbuilder

Creates

Using

Base Maps

Use

Renders and Caches Base Map Tiles

Queries for Features (and caches)

OracleMapviewer

Map/Feature Architecture

Creates

Service Application Metadata 23

Spatial Data Architecture

PL/SQL FunctionUsing Spatial Query

select count(*) into v_count from FDIC_ALL_INST where sdo_relate(region,location, 'MASK=ANYINTERACT')='TRUE';

Tables withSpatial Column

MaterializedView with

Spatial Column

24

Security Architecture

Weblogic

«ear»Oracle Mapviewer

«war»Mapping Application

Oracle HTTP Server

«shared lib»mod_osso

«executable»Apache HTTP Server

«file»SSO Configuration

«file»Mapviewer Config

RSAM Database

Spatial Schema

«pl/sql package»web_user_info

«table»RSAM_USER_AUDIT

map_data_source: name="RSAM" plsql_package="web_user_info" web_user_type="OSSO_USER"

OID

LDAP Directory

OSSO Identity AsserterOID Authenticator

Active Security Realm

«pl/sql package»LDAP Group Verification

Web Context Config

Perminiter Authentication with Oracle Single Sign On

Mapviewer accepts HTTP header and sets identity by calling PL/SQL package for each request

Mapviewer Themes can use identity set in PL/SQL package for filtering data

25

Enterprise GIS Architecture

Spa

tial D

ata

Man

agem

ent

(Ora

cle

Spa

tial)

Use

r S

uppl

ied

Laye

rs &

Com

plex

Geo

proc

essi

ng (

Arc

GIS

)

Application D

evelopment

Using an E

lastic Resource (M

apviewer)

GIS Architecture

26

27

Content Management

NOW THAT WE KNOW WHO YOU ARE,

AND WE HAVE CONTENT TO SHARE,

HOW DO WE ENABLE IT?

28

Requirements - Content

Enabling Content Company and industry news Staff directory and employee profile pages Expertise finders (locating coworkers with specific

knowledge) Integrating internal and external information

sources Keeping the intranet up-to-date (content

management) Employee self service Multimedia and video on intranets Consistent navigation Data analysis and visualization

29

Requirements - Community

Community Employee and department weblogs CEO blogging On boarding of new employees Corporate calendars Project collaboration tools Discussion boards Internal wikis Online meeting

30

Requirements - Technology

Technology Robust Search Mobile intranets (including iPhone apps for intranet

access) Personalization Customization Alerts Video platform Database Integration (from other systems)

31

Goals

Build value for usersEnable integration and personalizationEstablish new communication channels

Bi-directionalScale

Number of users Amount of content

32

Problems with Existing Architecture

Existing architecture Static content Manual processes Content and presentation intermingled

Content can not be reused No place to store newly captured content

StaticContent

WebServer

Browser

Dreamweaver

ManualUpdates

33

Need a better architecture

Support for Content directed applications

Web Content Management is only one content application Multiple repositories

SharePoint Documentum Internally Managed

Website author roles in production In-Page editing

Drag and Drop Workflow

Page approval Content integration and aggregation

Live dashboards Integration with content services

Digital Asset Management Scaling & Cropping, Metadata Extraction, Thumbnail

Generation, Format Transcoding

Need a better architecture

ContentRepository

ContentServices

ContentApplicationsBrowser

34

Need a better standards based architecture

ContentRepository

ContentServices

ContentApplications

JavaContentRepository(JCR 2.0)

RESTbased services

JSP + scripting language support

JavaScriptJSONAJAX

Browser

Web 2.0 Content Driven Applications

35

Open source architecture

ContentRepository

ContentServices

BrowserContent

Applications

JavaContentRepository(JCR 2.0)

RESTbased services

JSP + scripting language support

JavaScriptJSONAJAX

Apache Sling Apache Jackrabbit

Web 2.0 Content Driven Applications

36

Architecture that supports portals

ContentRepository

ContentServices

BrowserContent

Applications

JavaContentRepository(JCR 2.0)

RESTbased services

JSP + scripting language support

JavaScriptJSONAJAX

Widget

Portlet

Gadget

Widget

A portal is simply a web page with configurable widgets that transforms content

Apache Sling Apache Jackrabbit

Web 2.0 Content Driven Applications37

Architecture that supports services

ContentRepository

ContentServicesBrowser

ContentApplications

JavaContentRepository(JCR 2.0)

RESTbased services

JSP + scripting language support

JavaScriptJSONAJAX

Widget

Portlet

Gadget

Widget

The OSGi framework is a module system and service platform that implements a complete component model

Apache Sling Apache Jackrabbit

Web 2.0 Content Driven Applications

Apache FelixOSGi

Services

ServiceService

38

39

Day Software (now Adobe)

Web Content Management solution based on open standards and open source Day contributed and uses Apache Open Source:

Content Repository Content Services Service Integration

DayContent

Repository

Content Services

Browser

ContentApplications

SharePoint

Documentum

ContentAdapters

Widget Widget

Portlet Portlet

Gadget Gadget

Day CQ5 WCM

40

In page editing

41

Drag and drop

42

Workflow

43

Demo

44

Q&A

Questions