FDIC Enabling Content Al Maline Sr. Enterprise Architect FDIC Enterprise Technology Branch Enterprise Architecture Program Section

Agenda Quick Intro Identity is a Strategic Asset Content Analysis with Services – A Geospatial Example Publishing Content Q & A

me FDIC (almost 4 years) Prior to FDIC Division of Information Technology Enterprise Technology Branch Enterprise Architecture Program Section Al Maline amaline@fdic.gov 703-516-5230 Prior to FDIC Enterprise Architect Software Developer (Java, Application Express) PeopleSoft Administrator Oracle Database Administrator Unix Administrator Clients such as: PBGC, MSRC, Silicon Graphics, General Motors

Identity is a Strategic Asset We can not share content if we do Not know who you are

Current Practice Identity silos Multiple methods of managing identity FDIC Connect for Financial Institutions Non-Depository Claims E-FOIA FDIC Active Directory Multiple methods of managing identity

Why does a consistent identity matter? Can not answer simple questions How many submitters of claims also submit an E-FOIA request? Can not deploy new solutions quickly (or inexpensively) if each application needs to solve the identity management problem Can not reliably or easily communicate with ALL of our customers Identity becomes a stumbling block instead of an enabler

Where does security happen? No Identity Identity Assigned Identity Authorized

How is identity assigned? Security Assertion Markup Language (SAML) 2.0 XML document that contains: Issuer element, which contains the unique identifier of the identity provider Signature element, which contains an integrity-preserving digital signature Subject element, which identifies the authenticated principal Conditions element, which gives the conditions under which the assertion is to be considered valid Authentication-Statement element, which describes the act of authentication at the identity provider Attribute-Statement element, which asserts a multi-valued attribute associated with the authenticated principal

How is identity assigned? Identity Source (identity provider) Destination Application (service provider) Authentication Authority Resource Manager 3) Request + Assertion 2) Assertion 1) Authentication 4) Resource User

Anonymous Users Anonymous users are all assigned the same identity – “Anonymous” and are authorized accordingly.

Self Registration Users that register themselves and have their email address verified are authorized to see and add to the content that they have previously submitted.

Partners Business partners, such as financial institutions, that do not have their own Identity Management infrastructure would use an FDIC provided, delegated administration module, to manage their user identities.

Federated Partner Business partners that do have their own Identity Management infrastructure would be the source of the SAML assertions for their users.

FDIC User FDIC users (bother internal and telecommuting) would also be provided a SAML assertion to gain access to applications.

Cloud User FDIC users of a cloud service provider would use the same model in reverse.

Geospatial Application Architecture Analysis of Content Geospatial Application Architecture

Requirements Create a visual presentation of Failed, Problem and MDI (Minority Depository Institution) Institutions and display within States Counties Congressional Districts

Demo

Technology Javascript API Oracle Maps Javascript API Slippy Map for Draggable Display of Map Tiles Feature of Interest Interactions Oracle Mapviewer Tile Cache Feature Server Oracle Spatial Database Spatial interactions Materialized Views PL/SQL Functions Mapping Metadata Client Browser JavaScript HTML rendering HTTP Middle Tier Weblogic Mapviewer (Map/Feature rendering) JDBC Data Tier Tables with Spatial Attribute Spatial Indexes Metadata

Technology JQuery JQuery UI HTML Document Traversing Event Handling AJAX Interactions JQuery UI User Interface Widgets

Technology JQuery Datatables Plugin Java Servlet Table pagination Filtering Multi-Column Sorting Java Servlet Apache POI library

Presentation Architecture oraclemaps.js (mapping API) Oracle Mapviewer bankLayer.js (model + view updating) RSAM.css dataTables.js (table controller) Renders map tiles Fetches Features map.jsp (view) mapPage.js (controller) Behavior mapping between view And model RSAM.js (model + view updating) JSON 2 Excel JQuery Page Enhancement Event Routing to Model JavaScript/JQuery Manages Map Themes Updates View Tables HTML Only Java Servlet Convert JavaScript Object Notation to Excel

Map/Feature Architecture Base Maps Renders and Caches Base Map Tiles Oracle Mapviewer Use Oracle Mapbuilder Creates Queries for Features (and caches) Geometry Themes Creates Using Spatial Tables (Tables, Views, Materialized Views) Styles One Geometry Column (SDO_GEOMETRY) Areas Lines Spatial Metadata (USER_SDO_GEOM_METADATA) Colors Markers Spatial Index Advanced Service Application Metadata

Spatial Data Architecture Tables with Spatial Column Materialized View with Spatial Column PL/SQL Function Using Spatial Query select count(*) into v_count from FDIC_ALL_INST where sdo_relate(region,location, 'MASK=ANYINTERACT')='TRUE';

Security Architecture Perminiter Authentication with Oracle Single Sign On Mapviewer accepts HTTP header and sets identity by calling PL/SQL package for each request Mapviewer Themes can use identity set in PL/SQL package for filtering data

Enterprise GIS Architecture

Now that we know who you are, And we have content to share, Content Management Now that we know who you are, And we have content to share, how do we enable it?

Requirements - Content Enabling Content Company and industry news Staff directory and employee profile pages Expertise finders (locating coworkers with specific knowledge) Integrating internal and external information sources Keeping the intranet up-to-date (content management) Employee self service Multimedia and video on intranets Consistent navigation Data analysis and visualization

Requirements - Community Employee and department weblogs CEO blogging On boarding of new employees Corporate calendars Project collaboration tools Discussion boards Internal wikis Online meeting

Requirements - Technology Robust Search Mobile intranets (including iPhone apps for intranet access) Personalization Customization Alerts Video platform Database Integration (from other systems)

Goals Build value for users Enable integration and personalization Establish new communication channels Bi-directional Scale Number of users Amount of content

Problems with Existing Architecture Static content Manual processes Content and presentation intermingled Content can not be reused No place to store newly captured content Dreamweaver Manual Updates Browser Web Server Static Content

Need a better architecture Support for Content directed applications Web Content Management is only one content application Multiple repositories SharePoint Documentum Internally Managed Website author roles in production In-Page editing Drag and Drop Workflow Page approval Content integration and aggregation Live dashboards Integration with content services Digital Asset Management Scaling & Cropping, Metadata Extraction, Thumbnail Generation, Format Transcoding

Need a better architecture Browser Content Services Content Repository Content Applications

Need a better standards based architecture Web 2.0 Content Driven Applications Browser Content Services Content Repository Content Applications JavaScript JSON AJAX JSP + scripting language support REST based services Java Content Repository (JCR 2.0)

Open source architecture Web 2.0 Content Driven Applications Apache Sling Apache Jackrabbit Browser Content Services Content Repository Content Applications JavaScript JSON AJAX JSP + scripting language support REST based services Java Content Repository (JCR 2.0)

Architecture that supports portals Web 2.0 Content Driven Applications Apache Sling Apache Jackrabbit Browser Content Services Content Repository Widget Gadget Portlet Widget Content Applications JavaScript JSON AJAX JSP + scripting language support REST based services Java Content Repository (JCR 2.0) A portal is simply a web page with configurable widgets that transforms content

Architecture that supports services Web 2.0 Content Driven Applications Apache Sling Apache Jackrabbit Browser Content Services Content Repository Widget Gadget Apache Felix OSGi Services Portlet Widget Content Applications Service Service JavaScript JSON AJAX JSP + scripting language support REST based services Java Content Repository (JCR 2.0) The OSGi framework is a module system and service platform that implements a complete component model

Day Software (now Adobe) Web Content Management solution based on open standards and open source Day contributed and uses Apache Open Source: Content Repository Content Services Service Integration SharePoint Content Services Browser Widget Widget Day Content Repository Portlet Portlet Content Adapters Content Applications Gadget Gadget Documentum Day CQ5 WCM

In page editing

Drag and drop

Workflow

Demo

Q&A Questions