FDIC Enabling Content Al Maline Sr. Enterprise Architect FDIC Enterprise Technology Branch Enterprise Architecture Program Section
Agenda Quick Intro Identity is a Strategic Asset Content Analysis with Services – A Geospatial Example Publishing Content Q & A
me FDIC (almost 4 years) Prior to FDIC Division of Information Technology Enterprise Technology Branch Enterprise Architecture Program Section Al Maline amaline@fdic.gov 703-516-5230 Prior to FDIC Enterprise Architect Software Developer (Java, Application Express) PeopleSoft Administrator Oracle Database Administrator Unix Administrator Clients such as: PBGC, MSRC, Silicon Graphics, General Motors
Identity is a Strategic Asset We can not share content if we do Not know who you are
Current Practice Identity silos Multiple methods of managing identity FDIC Connect for Financial Institutions Non-Depository Claims E-FOIA FDIC Active Directory Multiple methods of managing identity
Why does a consistent identity matter? Can not answer simple questions How many submitters of claims also submit an E-FOIA request? Can not deploy new solutions quickly (or inexpensively) if each application needs to solve the identity management problem Can not reliably or easily communicate with ALL of our customers Identity becomes a stumbling block instead of an enabler
Where does security happen? No Identity Identity Assigned Identity Authorized
How is identity assigned? Security Assertion Markup Language (SAML) 2.0 XML document that contains: Issuer element, which contains the unique identifier of the identity provider Signature element, which contains an integrity-preserving digital signature Subject element, which identifies the authenticated principal Conditions element, which gives the conditions under which the assertion is to be considered valid Authentication-Statement element, which describes the act of authentication at the identity provider Attribute-Statement element, which asserts a multi-valued attribute associated with the authenticated principal
How is identity assigned? Identity Source (identity provider) Destination Application (service provider) Authentication Authority Resource Manager 3) Request + Assertion 2) Assertion 1) Authentication 4) Resource User
Anonymous Users Anonymous users are all assigned the same identity – “Anonymous” and are authorized accordingly.
Self Registration Users that register themselves and have their email address verified are authorized to see and add to the content that they have previously submitted.
Partners Business partners, such as financial institutions, that do not have their own Identity Management infrastructure would use an FDIC provided, delegated administration module, to manage their user identities.
Federated Partner Business partners that do have their own Identity Management infrastructure would be the source of the SAML assertions for their users.
FDIC User FDIC users (bother internal and telecommuting) would also be provided a SAML assertion to gain access to applications.
Cloud User FDIC users of a cloud service provider would use the same model in reverse.
Geospatial Application Architecture Analysis of Content Geospatial Application Architecture
Requirements Create a visual presentation of Failed, Problem and MDI (Minority Depository Institution) Institutions and display within States Counties Congressional Districts
Demo
Technology Javascript API Oracle Maps Javascript API Slippy Map for Draggable Display of Map Tiles Feature of Interest Interactions Oracle Mapviewer Tile Cache Feature Server Oracle Spatial Database Spatial interactions Materialized Views PL/SQL Functions Mapping Metadata Client Browser JavaScript HTML rendering HTTP Middle Tier Weblogic Mapviewer (Map/Feature rendering) JDBC Data Tier Tables with Spatial Attribute Spatial Indexes Metadata
Technology JQuery JQuery UI HTML Document Traversing Event Handling AJAX Interactions JQuery UI User Interface Widgets
Technology JQuery Datatables Plugin Java Servlet Table pagination Filtering Multi-Column Sorting Java Servlet Apache POI library
Presentation Architecture oraclemaps.js (mapping API) Oracle Mapviewer bankLayer.js (model + view updating) RSAM.css dataTables.js (table controller) Renders map tiles Fetches Features map.jsp (view) mapPage.js (controller) Behavior mapping between view And model RSAM.js (model + view updating) JSON 2 Excel JQuery Page Enhancement Event Routing to Model JavaScript/JQuery Manages Map Themes Updates View Tables HTML Only Java Servlet Convert JavaScript Object Notation to Excel
Map/Feature Architecture Base Maps Renders and Caches Base Map Tiles Oracle Mapviewer Use Oracle Mapbuilder Creates Queries for Features (and caches) Geometry Themes Creates Using Spatial Tables (Tables, Views, Materialized Views) Styles One Geometry Column (SDO_GEOMETRY) Areas Lines Spatial Metadata (USER_SDO_GEOM_METADATA) Colors Markers Spatial Index Advanced Service Application Metadata
Spatial Data Architecture Tables with Spatial Column Materialized View with Spatial Column PL/SQL Function Using Spatial Query select count(*) into v_count from FDIC_ALL_INST where sdo_relate(region,location, 'MASK=ANYINTERACT')='TRUE';
Security Architecture Perminiter Authentication with Oracle Single Sign On Mapviewer accepts HTTP header and sets identity by calling PL/SQL package for each request Mapviewer Themes can use identity set in PL/SQL package for filtering data
Enterprise GIS Architecture
Now that we know who you are, And we have content to share, Content Management Now that we know who you are, And we have content to share, how do we enable it?
Requirements - Content Enabling Content Company and industry news Staff directory and employee profile pages Expertise finders (locating coworkers with specific knowledge) Integrating internal and external information sources Keeping the intranet up-to-date (content management) Employee self service Multimedia and video on intranets Consistent navigation Data analysis and visualization
Requirements - Community Employee and department weblogs CEO blogging On boarding of new employees Corporate calendars Project collaboration tools Discussion boards Internal wikis Online meeting
Requirements - Technology Robust Search Mobile intranets (including iPhone apps for intranet access) Personalization Customization Alerts Video platform Database Integration (from other systems)
Goals Build value for users Enable integration and personalization Establish new communication channels Bi-directional Scale Number of users Amount of content
Problems with Existing Architecture Static content Manual processes Content and presentation intermingled Content can not be reused No place to store newly captured content Dreamweaver Manual Updates Browser Web Server Static Content
Need a better architecture Support for Content directed applications Web Content Management is only one content application Multiple repositories SharePoint Documentum Internally Managed Website author roles in production In-Page editing Drag and Drop Workflow Page approval Content integration and aggregation Live dashboards Integration with content services Digital Asset Management Scaling & Cropping, Metadata Extraction, Thumbnail Generation, Format Transcoding
Need a better architecture Browser Content Services Content Repository Content Applications
Need a better standards based architecture Web 2.0 Content Driven Applications Browser Content Services Content Repository Content Applications JavaScript JSON AJAX JSP + scripting language support REST based services Java Content Repository (JCR 2.0)
Open source architecture Web 2.0 Content Driven Applications Apache Sling Apache Jackrabbit Browser Content Services Content Repository Content Applications JavaScript JSON AJAX JSP + scripting language support REST based services Java Content Repository (JCR 2.0)
Architecture that supports portals Web 2.0 Content Driven Applications Apache Sling Apache Jackrabbit Browser Content Services Content Repository Widget Gadget Portlet Widget Content Applications JavaScript JSON AJAX JSP + scripting language support REST based services Java Content Repository (JCR 2.0) A portal is simply a web page with configurable widgets that transforms content
Architecture that supports services Web 2.0 Content Driven Applications Apache Sling Apache Jackrabbit Browser Content Services Content Repository Widget Gadget Apache Felix OSGi Services Portlet Widget Content Applications Service Service JavaScript JSON AJAX JSP + scripting language support REST based services Java Content Repository (JCR 2.0) The OSGi framework is a module system and service platform that implements a complete component model
Day Software (now Adobe) Web Content Management solution based on open standards and open source Day contributed and uses Apache Open Source: Content Repository Content Services Service Integration SharePoint Content Services Browser Widget Widget Day Content Repository Portlet Portlet Content Adapters Content Applications Gadget Gadget Documentum Day CQ5 WCM
In page editing
Drag and drop
Workflow
Demo
Q&A Questions