Presentation is loading. Please wait.

Presentation is loading. Please wait.

I n t e g r i t y - S e r v i c e - E x c e l l e n c e US Air Force Information and Services Strategy Mike Corrigan SAF/XCTX 18 February 2009.

Published byTabitha Casey Modified over 9 years ago

Similar presentations

Presentation on theme: "I n t e g r i t y - S e r v i c e - E x c e l l e n c e US Air Force Information and Services Strategy Mike Corrigan SAF/XCTX 18 February 2009."— Presentation transcript:

1 I n t e g r i t y - S e r v i c e - E x c e l l e n c e US Air Force Information and Services Strategy Mike Corrigan SAF/XCTX 18 February 2009

2 I n t e g r i t y - S e r v i c e - E x c e l l e n c e What is the problem? Tangled web of application interactions Duplicate copies of data Inconsistent results equals Operational uncertainty 1500+ Systems registered in EITDR $3+ Billion per year to maintain OSDJoint Forces Command Air Force MilPDS DCAPES DRRS JOPES MPES DIMHRS Organization Data Source GSORTS Org Server Org Server Org Server DRS FMIP GFMDI SORTS Exposes data to GCSS-AF To COCOM How we do ‘Integration’ today Force Management example Too many systems, too hard to operate, too expensive to maintain

3 I n t e g r i t y - S e r v i c e - E x c e l l e n c e A3/5 Initiatives Impact of Vocabularies and Services Point-to- Point Exposure Model Reusable, Discoverable Service Model 0 400 200 DRSFMIP Flight Scheduling elements GFMDI 4 Consumers requiring very similar sets of data elements 100 Elements 125 Elements 75 Elements 175 Elements 3 COIs defining 225 Unique Elements, served from 5 authoritative data sources Health Personnel Training PIMR SFMIS ACES ADLS DIMHRS 5 exposure services cost $0.9 million to develop $0.3 million to sustain 20 interfaces cost $6 million to develop $2 million to sustain

4 I n t e g r i t y - S e r v i c e - E x c e l l e n c e AF Information and Services Strategy Benefits Delivers information now! Desktop access to all exposed data in the format required Reduces the requirement to build large client server systems or huge data storage warehouses Rapid delivery of capability due to re-use of existing “Services” “Standard Interfaces” “Data Vocabularies” Cost to deploy and sustain capability slashed Short development cycles and re-use Standard interfaces mitigates need to continually rewrite interfaces to associated systems (80% of software sustainment)

5 I n t e g r i t y - S e r v i c e - E x c e l l e n c e How to get there? 5

6 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 6 Processes and Transparency AFSO21 Process Improvements Initiatives TIPT COI Coord Panel COI Coord Panel COI … AF Intranet Published Information Business Srvc Published Information Business Srvc SPO’s Target Data Sets Map to Source Information Standards Access rights Via Web Service, CoP, Functionals AF EA Architects providing services XC/SWG … Plan/Execute Strategic Initiatives Plan/Execute Strategic Initiatives Manage Programs and Processes Caring for people Provide IT Support Provide Infrastructure Provide Infrastructure Manage Financial Resources Manage Financial Resources Develop Warfighters Develop Warfighting Systems Deploy Conduct Air, Space, Cyber Ops AF xyz Process V1.2 AF xyz Process V1.2 AF xyz Process Bus/Info Reqs AF xyz Process Bus/Info Reqs Info/Service Existing? Info/Service Existing? Dashboard/COP SPO Service Development SPO Service Development IRB SWG CRAA…Suggestions

7 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 7 Transparency Vision & Objectives Vision Ensure the process of transforming data into information used at all echelons of Operational and Operational Support for decision making is authoritative – trustable, traceable, auditable, and demonstrably proven, or, “transparent” Objectives Accelerate AF efforts in delivering authoritative information to decision makers at all levels... Improve AF information availability and quality Realize Warfighter cross-service information requirements Implement the DoD-wide information priorities

8 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 8 Data Sharing What We Need... “Share” what we know: Information that is… Relevant Accessible Easy to find Available on demand “Understand” what we share: Information that is… Delivered in a usable form Delivered in context Expressed in a known “vocabulary” Organized for mission support “Trust” what we understand: Information that is… Current Complete Authoritative Reliable “What we don’t know can hurt us, but what we think we know, but don’t can be fatal to an organization” Larry English, Data Quality Expert

9 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 9 DoD Guidance DoDD 8320.02, Data Sharing and a Net-Centric Department of Defense certified 23 Apr 07 Guidance document (DoD 8320.02-G) provides guidance about COIs Directs... Data shall be made visible, accessible, and understandable to any potential DoD user as early as possible in life cycle to support mission objectives Directs establishing “metadata” and use of DoD Discovery Metadata Specification (DDMS) Promotes use of communities (e.g. COIs) for semantic and structural agreements for data sharing

10 I n t e g r i t y - S e r v i c e - E x c e l l e n c e COI Background A COI is defined as “a collaborative group of users who must exchange information in pursuit of their shared goals, missions or business processes, and who therefore must have shared vocabulary for the information they exchange” COI Types Institutional vs Expedient Joint vs Service-specific 10

11 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 11 Transparency IPT Charter Signed on 29 Aug 06 by Secretary Wynne (former SecAF) Forms three star-level IPT formed to accelerate transparency within the Air Force by guiding and directing: The process of turning data into information The provisioning of required information technology environment and tools The support of an integration and test framework Kicked off 2 May 06

12 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 12 TIPT Structure Today CMO/DCMO AF/A1 Personnel COI Coordination Panel -- Enterprise Vocabulary Team Process Analysis Enterprise Information Space Integration and Test Framework AF COI TIPT/CoI SupportSub-IPT Joint COI Senior Working Group AF/SG Health Services AF/A2 ISR AF/A3/5 Operational AF/A4/7 Logistics and Installations SAF/AQ Acquisition SAF/FM Financial SAF/XC Warfighter Integration Manpower, Personnel & Services Recruiting, Training, & Education Human Resource Mgt Health Service Health/MHS ISR Counter Intelligence Joint Targeting Int Geospatial Intelligence DoD Training Force Presentation Flight Scheduling Global Force Mgt (GFM) METOC C2 Space SA Air & Missile Defense Strike Common Op Battlespace Readiness Logistics Real Property Emergency Response DISDI Installation Mgt (IM) Logistics Data Integrat. Supply Mgt FM Data Panel Acq Domain Data Panel Program Mgt Sourcing Science & Technology System Engineering Product Support Reqt Development Test & Evaluation AT&L Acq Visibility Financial Mgt Information Assurance Air Operations JAN-TE Time Sensit Targeting CSWG CIS Architectures Computer Net Def NETOPS * * * denotes AF sponsored Joint COI * * * * Transparency Integrated Product Team Distribution Data Joint Air Track *

13 I n t e g r i t y - S e r v i c e - E x c e l l e n c e CMO and the Air Force “Corporate” Structure Secretary of Defense Deputy Secretary of Defense (DoD CMO) Deputy CMO Air Force Council ( VCSAF/CMO) BTA Process Council (SECAF/CSAF) Secretary Air Force Under Secretary CMO Deputy CMO DBSMC Investment Review Boards Air Force Board (A8P, FMB, DCMO) OBRC AFSO21 TIPT DoD Strategic Management Plan AF GRP IBRC SWG Air Force Strategic Plan Programming Execution Business Planning CSAF Nested Enterprise Functional/MAJCOM Plans

14 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Service Oriented Architecture Presentation Services Aggregation Services Exposure Services ADS Warfighter Core Enterprise Services Centralized Enterprise Management Exploitation via COI Singularly Managed Infrastructure Metadata Environment Enterprise Level Security

15 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Mission Assurance Engineering and Management The Dual Pathway CONTENT DELIVERY Service Level Management PHYSICAL DATA LINK NETWORK TRANSPORT SESSION PRESENTATION APPLICATION CONTENT GENERATION Service Lifecycle Management CAPABILITY DESIGN INFORMATION ASSET MANAGEMENT DATA SOURCING PITP Presentation Service Aggregation Service Exposure Service Exposure Service ADS

16 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Domain Vocabulary Team (DVT) Enterprise Vocabulary Team (EVT) RT&E Domain Community of Interest (CoI) Establish Policy Develop Vocabulary Execute Governance Establish Roles & Permissions Designate Authoritative Data Sources Create SIS Glossary Semantic Model Contextual Model ID Business Process & Information Requirements Document Information Assets Develop Semantics Write Schema Register Web Service In UDDI Register Documents In Metadata Repository (MDR) Write Request Instructions Validate & Align SIS Validate & Align Schema Deploy Web Service Start Points End Point Develop America's Airmen Today... for Tomorrow Vocabulary & Development Process

17 I n t e g r i t y - S e r v i c e - E x c e l l e n c e AETC Spiral 1: Information Requirement (Input) Plain English ADLS Field Name (Not corrected!!!) TypeDefinition / LOVSample DataAvailability Social Security NumberSTUDENT_IDVARCHAR2(9)9-character SSN123456789ADLS Web Service Course IDCOURSE_IDVARCHAR2(3)PDS Course IDADLS Web Service Last NameLAST_NAMEVARCHAR2(30)Self explanatorySMITHADLS Web Service First NameFIRST_NAMEVARCHAR2(30)Self explanatoryBOBADLS Web Service Course Completion Date COMPLETION_DATEDATE Date student completed Course. 2008-10-31ADLS Web Service Branch of ServiceSERVICEVARCHAR2Army, Navy, etcAir ForceADLS Web Service Rank abbreviationRANKVARCHAR2(10)Short nameSSgtADLS Web Service GradeRANK GRADEAlphanumeric Alphanumeric designator E5ADLS Web Service Rank IdentifierRANK IDNumeric Unique ADLS identifier (numeric) ADLS Web Service RankRANK PLAINTEXTAlphaLong nameStaff SergeantADLS Web Service ComponentRANK TYPEAlpha Active/Reserve/Guar d/Civilian, etc. ADADLS Web Service Major Command or “sister” service MAJCOMVARCHAR2 Air Force major command or sister service AMCADLS Web Service BaseBASE IDAlpha Plain text name of base Scott AFBADLS Web Service

18 I n t e g r i t y - S e r v i c e - E x c e l l e n c e AETC Spiral 1: SIS Inputs (8 hours) Identify Concepts Person Course Proposed Sentences (Draft 0): This person’s social security number is 123456789. This person completed course [ID] on 2008-10-31. This person’s last name is Smith. This person’s first name is Bob. This person is a member of the Air Force. This person belongs to AMC. This person is stationed at Eglin AFB. This person’s rank is Staff Sergeant. The grade corresponding to this person’s rank is E5. The abbreviation for this person’s rank is SSgt. This person is part of the Air National Guard component. Existing Vocabulary from Manpower, Personnel and Services COI: Person A person’s first name A person’s last name A person’s social security number A person’s rank The name of the service to which a person belongs The name of the major command to which a person belongs The name of the base where a person is stationed Vocabulary from RT&E COI Course (concept) Course Identifier Being a student in a course The completion date of a course

19 I n t e g r i t y - S e r v i c e - E x c e l l e n c e AETC Spiral 1: OWL (4 hours)

20 I n t e g r i t y - S e r v i c e - E x c e l l e n c e AETC Spiral 1: XSD & WSDL (4 hours)

21 I n t e g r i t y - S e r v i c e - E x c e l l e n c e “As Is” Deployment Readiness Data Challenge Example: Training Completion Data Origination Process (Generic) Files Copy in Mobility Folder Student Completes Course Authoritative Source (Instructor) Creates Completion Record Attendance list / Graduation roster Course certificate UDM / UTM Obtains Copy of record Email Form Specialized System Fax/Copier Distribution In-Person UDM / UTM Manages Record Copy Specialized System Time Flow Manually enter some data elements from record into one or more of the following systems: Other Functional Systems ( MRDSS, LSA, etc.) Local Solutions (Excel, Access, Custom Apps) ACES-PR SFMIS LOGMOD CAMS ARMS MilPDS AND (May)

22 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Example Initial Use Case First set of services for the environment Bring deployment readiness data to the UDM’s desktop Get personnel data Get medical data Get education data Roll up into readiness statuses Transform to widgets

23 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Example Initial Use Case Moving Parts Training ADS Health ADS Personnel ADS Personnel Exposure Service Health Exposure Service Training Exposure Service Personnel Readiness Aggregation Service Personnel Readiness Presentation Service BrowserUser Personnel Message Health Message Training Message Personnel Readiness Message Personnel Readiness Widget(s) Personnel WSDL Health WSDL Training WSDL Personnel Readiness WSDL Personnel Readiness UI WSDL Personnel Vocabulary Health Vocabulary Training Vocabulary Personnel Readiness Vocabulary Personnel XSD Personnel Readiness XSD Health XSD Training XSD

24 I n t e g r i t y - S e r v i c e - E x c e l l e n c e ROM Developer Lines of Code Training ADS Health ADS Personnel ADS 1000 Personnel Exposure Service Health Exposure Service Training Exposure Service 3000 Personnel Readiness Aggregation Service 5000 Personnel Readiness Presentation Service BrowserUser Personnel Message Health Message Training Message Personnel Readiness Message Personnel Readiness Widget(s) 75 Personnel WSDL 75 Health WSDL 75 Training WSDL 75 Personnel Readiness WSDL 75 Personnel Readiness UI WSDL Personnel Vocabulary Health Vocabulary Training Vocabulary Personnel Readiness Vocabulary 200 75 Personnel XSD Personnel Readiness XSD 75 Health XSD 75 Training XSD 75 50 200 50 13375 lines of code 1575 Auto-generated 2500 Pattern-based

25 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Re-use Case Next set of services for the environment Expose equipment readiness, roll together with personnel readiness, and produce unit readiness Get personnel readiness Get equipment readiness Make unit readiness calculations Transform to widgets

26 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Re-use Case Lines of Code Personnel Readiness Vocabulary Training XSD Training ADS Health ADS Personnel ADS Personnel Exposure Service Health Exposure Service Training Exposure Service Personnel Readiness Aggregation Service Personnel Message Health Message Training Message Personnel Readiness Message Personnel WSDL Health WSDL Training WSDL Personnel Readiness WSDL Personnel Vocabulary Health Vocabulary Training Vocabulary Personnel XSD Personnel Readiness XSD Health XSD Equipment ADS 5000 Equipment Exposure Service Equipment Message 75 Equipment WSDL Equipment Vocabulary 300 Equipment XSD 50 800 50 8000 Unit Readiness Aggregation Service 5000 Unit Readiness Presentation Service BrowserUser Unit Readiness Message Unit Readiness Widget(s) 75 Unit Readiness WSDL 75 Unit Readiness UI WSDL Unit Readiness XSD 75 50 20100 new lines 1025 Auto-generated 1500 Pattern-based 13375 re-used lines Unit Readiness Vocabulary 200 50

27 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Singularly Managed Infrastructure with Enterprise Level Security (SMI-ELS) Mike Corrigan SAF/XCTX 18 February 2009

28 I n t e g r i t y - S e r v i c e - E x c e l l e n c e What is SMI-ELS? Singularly Managed Infrastructure Centrally controlled enterprise Unified tool set for managing networks, services and applications – common interfaces Automated tools to reduce manpower and simplify operations Enterprise Level Security Ensure all interactions between people, machines and services are verified using security policy Confirmed 2-way authentication using DOD-PKI credentials Authorization to access data based on groups and roles All activities will be monitored and logged Anomalous behavior detectable using real time/logged information Delegation of roles and groups based on policy Mediated access to data including DoD, Joint, etc users Information available anywhere using CAC and web browser

29 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Why is it important? Reduces development, management and sustainment costs Service Oriented Architecture (SOA) designed for re-use Maximize COTS products compliant with industry standards Industry provided services reduces overall costs Eliminates numerous identified and emerging threats Reduces the complexity of enterprise management DoD/Joint mandate compliance--extends NCES services Industry best practices demonstrate a significant savings – Gartner estimates 75% Industry Best Practices Demonstrate a Significant Saving in a SOA Environment

30 I n t e g r i t y - S e r v i c e - E x c e l l e n c e National Intelligence Community Industry Partners Industry Partners Interagency and Coalition Family, Retirees, Internet INTEL Enclave Combat Support Enclave Space C2 Enclave DMZDMZ TRUST RELATIONSHIP TRUST RELATIONSHIP DMZ MDE Enclave Architecture DMZ NECC 5.1.1 Air and Space Planning NECC 5.1.16 Automated Immediate Targeting Capability NECC 5.1.12 Immediate Air Support Request NECC 5.1.7 Monitor ATO Execution AOC Enclave TRUST RELATIONSHIP MDE Special Ops Enclave TRUST RELATIONSHIP TRUST RELATIONSHIP MDE TRUST RELATIONSHIP Leverage SMI-ELS and SOA

31 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Service Oriented Architecture Presentation Services Aggregation Services Exposure Services ADS Warfighter Core Enterprise Services Centralized Enterprise Management Exploitation via COI Singularly Managed Infrastructure Metadata Environment Enterprise Level Security IIB Security Access Logic ADS Security

32 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Service Oriented Architecture Presentation Services Aggregation Services Exposure Services ADS Warfighter Core Enterprise Services Centralized Enterprise Management Exploitation via COI Singularly Managed Infrastructure Metadata Environment Enterprise Level Security IIB Security Business Logic IIB Security

33 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 33 Semantic SOA End State Request Response DBMS Web SAN … Core Data Exposure Services Existing Infrastructure Request Response Core Data Payloads Aggregation Services Request Response Request Response Aggregation Payloads Metadata Population MDE Metadata Catalog ADS Access Rules Ontologies Access Rules Ontologies COI Vocabulary Products – Managed in Metadata Registry inside MDE Federated Search Service Query Processing Service End Users

34 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 34 Discovery = Search in Context Typical consumer search behavior with keyword search I need a car car Too much sports car Near me sports car akron

35 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 35 Discovery = Search in Context COI Vocabularies provide authoritative context to less knowledgeable searchers I need vaccination s vaccinationimmunization status Vocabulary

36 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 36 Discovery = Search in Context COI Vocabularies provide authoritative context to less knowledgeable searchers I need to know about health healthimmunization status Vocabulary equipment status PHA status IMR status   X X

37 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 37 MDE Components – Spiral 1 Semantic Metadata Registry (COI Vocabularies) DDMS Metacard Index DDMS Metacard Catalog Service Registry Query Federation Engine Metadata Search Engine Federated Query Interface Service Registering Interface Asset Registering Interface Vocabulary Registering Interface Metadata Population Metadata Indexer Peers Metadata Population Interface

38 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 38 Metadata Tagging Memorandum Air Force formed Automated Metadata Population Service (AMPS) Working Group NSA formed Information Assurance sub-group Participation Government Air Force JFCOM NSA Army DISA Navy DIA NGA Industry Booz Allen Hamilton eCompex MITRE Apache

39 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 39 Spiral 1 Scope DDMS elements Creator (DISA) Title (DISA) Date (DISA) Subject (AF) Format (Army) Identifier (DISA) Security (NSA) Type (AF) Description (AF) Geospatial (AF/DISA) Asset types Microsoft Office PDF Message/email HTML XML XSD, OWL, WSDL COI Readiness Blue Force Tracking Information Assurance Generic Produce Discovery Metadata from COI Assets Exploit Open Standards: UIMA, OWL, WSDL Label Metacards with CAPCO Markings Cryptographically Bind Metacards with Original Assets

40 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 40 AMPS CPE AMPS CPM AAE Flow Controller CAS Collection Reader CAS FormatAE Format Text Sofa URI Sofa TypeAE Type COIAE COI NativeMDAE NativeMD IDAE ID CreatorAE Creator TitleAE Title DateAE Date SubjectAE Category SecurityAE Security Keyword GeoAE Geo CreatorSecAE CreatorSec DescAE Description TitleSecAE TitleSec UIMA AMPS Flow Disk Storage Assets DDMS Transform Process Vocabulary Assets COI,Default Settings

41 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Trusted Forest Security is the Cornerstone Trusted Forest Evolution Users in AFNETOPS Forest SOA in Trusted Forest Trusted Forest cannot directly access the Internet Shared Storage Services (independent physical pathways) WS-Federation obviates need for AD accounts in Trusted Forest (no duplicate accounts needed) Internet NIPRNet Enterprise Information Management (EIM) Network Services Computing Services Active Directory (AD) Transport Services Core Enterprise Services COOP/DR Boundary Credentialing Users Storage Services Token Server Token Server AFNETOPS Forest Messaging Services Exposure Service A Exposure Service A’ Do you know where your data has been lately? Exposure Service B Exposure Service C ADS

42 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 42 Type 2 Forest AFNETOPS forest is a consolidation of MAJCOM Windows Forests Consolidated legacy Application Management and Consolidated User Accounts No MDE components in AFNETOPS forest Type 2 Forest built from scratch initially hosts all MDE and IIB DOD Standard based Naming, Full credentialing, Authentication, Authorization, Audit Assurance of components EAL 4 Located in DECC Type 1 Forest similar to Type 2 for security mechanisms but assurance level EAL 5 and other threat mitigation mechanisms Type 2 Forest NIPRNet (AFNETOPS Forest) Internet Type 1 Forest

43 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 43 WS-Security Application SOAP HTTP TLS/SSL TCP IP MAC Client Application Service Invoker TLS/SSL TCP IP MAC Application SOAP HTTP TLS/SSL TCP IP MAC SSL Endpoint SSL Processor or HTTP Service Implementation Code Service Provider UNTRUSTED NETWORK Intermediaries Web Services Security (Authentication, Integrity, Confidentiality, Non-Repudiation) SSL (Integrity, Confidentiality) End-to-End 2-Way Authentication

44 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Multi-Forest Service Hosting – Case 1 COI Develops a New, Compliant Exposure Service AFNetOps MAJCOM Type 2 Legacy ADS AD UDDI MDC STS App Server Exposure Service App Server Discovery Service ES URI User Browser If groups and roles differ between forests, manual data entry is required to achieve STS interoperability Metacard for ES ES URI 2 1,3.0 3.1 1 User authenticates to AFNetOps forest via local STS and receives a SAML assertion. User invokes MDE discovery service in Type 2 forest using the SAML assertion which is recognized and understood via the federation agreement between the AFNetOps STS and the Type 2 STS. The Metacard that comes back holds the URI needed for the user to invoke the exposure service. 2 User invokes exposure service in AFNetOps forest after obtaining another SAML assertion. Exposure service engages in 2-way authentication and role-based access control on the user side. Exposure service engages the legacy ADS with whatever it uses for Au/Az. If MAJCOM migration has not been completed, the user’s account and groups/roles will have to be created in AFNetOps 3.2 3.1 3.2 3.0 Service compliant with ELS Service not compliant with ELS Legend

45 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Multi-Forest Service Hosting – Case 2 COI Wraps a Legacy Exposure Service with a Compliant Service AFNetOpsType 2 Legacy ADS AD UDDI MDC STS App Server’ Exposure Service’ App Server Discovery Service ES URI User Browser If groups and roles differ between forests, manual data entry is required to achieve STS interoperability Metacard for ES ES URI 2 1 User authenticates to AFNetOps forest via local STS and receives a SAML assertion. User invokes MDE discovery service in Type 2 forest using the SAML assertion which is recognized and understood via the federation agreement between the AFNetOps STS and the Type 2 STS. The Metacard that comes back holds the URI needed for the user to invoke the exposure service. 2 App Server Exposure Service 1,3.0 3.1 3.2 User invokes exposure service in AFNetOps forest after obtaining another SAML assertion. Exposure service engages in 2-way authentication and role-based access control on the user side. Exposure service engages the legacy exposure service with whatever it uses for Au/Az. Legacy exposure service accesses ADS. 3.1 3.2 3.3 3.0 MAJCOM AD If MAJCOM migration has not been completed, the user’s account and groups/roles will have to be created in AFNetOps Service compliant with ELS Service not compliant with ELS Legend

46 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 46 Standards Based  WS -  OASIS  W3C  IETF  OAGIS

47 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Presentation Services Dashboard Requirements Drag and drop widgets Bind widgets to XML data Display in Standard Desktop Configuration (SDC) browser Leverage SMI-ELS security Interact with MetaData Environment Flexible, Flexible, Flexible XML data is interesting to engineers Presentation is what the warfighter wants

48 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Dashboard Top Level Concept 48 Browser Service Invocation Handler Dashboard Presentation Manager Local Widget/Gadget Store Services -MDE Services -Exposure Services -Aggregation Services -Widget/Gadget library Service Invocation Following security rules URI Invocation -Dashboard manager, service invoker and Mashup Manager operates in user’s security context -Service invocation handler complies with all Enterprise security rules XML to Widget and Mashup Manager

49 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Widget Framework FM Example Flexible presentation, not-hardwired, framework available today

50 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Initial Infrastructure Build 50 Sep 07Sep 08Dec 08IOC Pilot Extend Produce DECC Transfer Standards Architecture Chenega Contract Outsourced Maintenance Monitoring Production Contract CIETBD Ready to Register Services Transfer Standards Architecture

51 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Initial Infrastructure Build Spiral 1 IIB Spiral 1 Demonstration Security Architecture Java application interfacing with security flows.Net application interfacing with security flows Cross platform interactions within security environment.Net to Java Java to.Net Authentication and authorization using PKI, AD, SAML Enterprise Services Service registration, discovery, management and configuration Business Process Execution Language (BPEL) Management tools built into the SOA Suite Service registration in UDDI, MDE and Active directory

52 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Initial Infrastructure Build Spiral 1 Metadata Environment (MDE) Add vocabulary and metacards Update metacards – includes cloning to preserve lineage Deprecation/retirement of vocabulary and metacards Change management of metacards based on vocabulary deprecation/retirement Search metacards using keyword, phrase and context with inference Deployment Readiness Service (DRS) Integration with security environment Access to Authoritative Data Sources (ADS) via services PIMR (medical), ACES-PR (CBRNE), SFMIS (small arms), ADLS (training), vPSC (personnel) Demonstrated live during Spiral 1

53 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Implementation of the Extend Phase Type 2 Forest Pod Concept Integrate with DECC Architecture 53

54 I n t e g r i t y - S e r v i c e - E x c e l l e n c e 54 Pod Concept IIB J-Pod Operational IIB J-Pod Test IIB J-Pod Development COI J-Pod Development COI J-Pod Test Physical Pods Virtual Pods DECC AFNETOPS Monitoring Active DirectoryUsers/Requesters DMZ Pod A Pod B Pod C Virtual Dev RACE Virtual Test RACE

55 I n t e g r i t y - S e r v i c e - E x c e l l e n c e Virtual Pod Schedule Rapid Access Computing Environment (RACE) 20 Nov – Assess DISA RACE capability Dec – Jan – Engineer and Cost RACE extensions Feb – Mar – Pilot Dev and Test RACE capability 55 CBA

56 I n t e g r i t y - S e r v i c e - E x c e l l e n c e SOA Outreach High Level Road Map 56 Governance Architecture/Guidance/Tools Technology FY2007FY2008FY2009FY2010FY2011 OctJanAprJulOctJanAprJulOctJanAprJulOctJanAprJulOctJanAprJul TIPT SWG COI Coord Panel CMO/DCMO TIPT ~ AFSO ~ Council HAF Planned Successes NIPRNet IIB (J PODs) AFNETOPS Planning AMPs Pilot AMPs v1 Dashboard Pilot Dashboard v1 AFNETOPS Full Implementation SOA Playbook COI Primer Process (PITP) Reference Models Prioritize & Resource Vocab Work Service Develop Data Architecture Service Mgt DoD Security Framework & Identity Mgt CONOPs Initial Infrastructure Build (IIB) Pilot SIPRNet IIB (J PODs) Establish Program Office & Acquisition Path Production Today IIB (JPOD) TIPT AFNETOPS Process (PITP) Vocab Work Service Develop Process (PITP) Vocab Work Service Develop Approval COI MAJCOM Planned Successes Go Work! PAD Documented SMI-ELS Architecture Other Infrastructure Next Generation Wireless GCSS-AF Content Hosting Infrastructure Lessons Learned Recruiting, Training & Educ DIMHRS Interfaces Flight Scheduling Expeditionary Combat Support System (ECSS) TBD System Lifecycle Integrity Mgt (SLIM) AF Command & Control TBD Force Presentation TBD CE Transformation – Real Property Energy Mgt Deployment Readiness Service ACS C2 Medical Data Consolidation – Phase 1 Medical Data Consolidation – Phase 2 ADDM Acquisition DAMIR Logistics, Installations, & Mission Support (LIMS-EV) TBD Intragovernmental Eliminations FM Data Quality Service TBD Acquisition PMRK DEAMS (TRANSCOM) – Spiral 1 DEAMS (TRANSCOM) – Spiral 2 TBD 56

Download ppt "I n t e g r i t y - S e r v i c e - E x c e l l e n c e US Air Force Information and Services Strategy Mike Corrigan SAF/XCTX 18 February 2009."

Similar presentations

Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.

Presented to: By: Date: Federal Aviation Administration Registry/Repository in a SOA Environment SOA Brown Bag #5 SWIM Team March 9, 2011.
My Two Cats Are a Community of Interest Dr. Scott Renner

My Two Cats Are a Community of Interest Dr. Scott Renner
Inter-Institutional Registration UNC Cause December 4, 2007.

Inter-Institutional Registration UNC Cause December 4, 2007.
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,

Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,
5/17/2015 1 SUPPORT THE WARFIGHTER DoD CIO 1 (U) FOUO DoD Transformation for Data and Information Sharing Version 1.0 DoD Net-Centric Data Strategy (DS)

5/17/ SUPPORT THE WARFIGHTER DoD CIO 1 (U) FOUO DoD Transformation for Data and Information Sharing Version 1.0 DoD Net-Centric Data Strategy (DS)
Transformations at GPO: An Update on the Government Printing Office's Future Digital System George Barnum Coalition for Networked Information December.

Transformations at GPO: An Update on the Government Printing Office's Future Digital System George Barnum Coalition for Networked Information December.
USAF Condition-Based Maintenance Research Environment Air Force Research Laboratory 17 June 2009.

USAF Condition-Based Maintenance Research Environment Air Force Research Laboratory 17 June 2009.
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
1 Introduction to XML. XML eXtensible implies that users define tag content Markup implies it is a coded document Language implies it is a metalanguage.

1 Introduction to XML. XML eXtensible implies that users define tag content Markup implies it is a coded document Language implies it is a metalanguage.
I n t e g r i t y - S e r v i c e - E x c e l l e n c e United States Air Force The Vocabulary Driven Value Chain DoD CoI Forum July 31, 2007.

I n t e g r i t y - S e r v i c e - E x c e l l e n c e United States Air Force The Vocabulary Driven Value Chain DoD CoI Forum July 31, 2007.
Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.
UNCLASSIFIED Strike COI Spiral 1 Lessons Learned and Implementation JFCC Global Strike and Integration Col Bryan Bartels JFCC GSI J32, C2 Development.

UNCLASSIFIED Strike COI Spiral 1 Lessons Learned and Implementation JFCC Global Strike and Integration Col Bryan Bartels JFCC GSI J32, C2 Development.
1 How Semantic Technology Can Improve the NextGen Air Transportation System Information Sharing Environment 4th Annual Spatial Ontology Community of Practice.

1 How Semantic Technology Can Improve the NextGen Air Transportation System Information Sharing Environment 4th Annual Spatial Ontology Community of Practice.
Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director

Automated Policy Enforcement Adam Vincent, Layer 7 Federal Technical Director
Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases 1234576891011 Copyright Wonderlane Studios.

Effort in hours Duration Over Weeks Or Months Inception Launch Web Lifecycle Methodology Maintenance Phases Copyright Wonderlane Studios.
CORDRA Philip V.W. Dodds March 2004. The “Problem Space” The SCORM framework specifies how to develop and deploy content objects that can be shared and.

CORDRA Philip V.W. Dodds March The “Problem Space” The SCORM framework specifies how to develop and deploy content objects that can be shared and.
Understanding Active Directory

Understanding Active Directory
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
UNCLASSIFIED US Army Combined Arms Center Automated Metadata Population Service (AMPS) Spiral 1 Workshop Mark Uhart, CKM, CSC Verlynda Dobbs, Ph.D., Atlantic.

UNCLASSIFIED US Army Combined Arms Center Automated Metadata Population Service (AMPS) Spiral 1 Workshop Mark Uhart, CKM, CSC Verlynda Dobbs, Ph.D., Atlantic.

Similar presentations

Ads by Google