5-FDIC DIT CSBS Conference

Report
FDIC
1
ENABLING CONTENT
AL MALINE
SR. ENTERPRISE ARCHITECT
FDIC ENTERPRISE TECHNOLOGY BRANCH
ENTERPRISE ARCHITECTURE PROGRAM SECTION
Agenda
2
 Quick Intro
 Identity is a Strategic Asset
 Content Analysis with Services – A Geospatial
Example
 Publishing Content
 Q&A
me
3
 FDIC (almost 4 years)

Division of Information Technology

Enterprise Technology Branch
 Enterprise Architecture Program Section
• Al Maline
• [email protected]
• 703-516-5230
 Prior to FDIC






Enterprise Architect
Software Developer (Java, Application Express)
PeopleSoft Administrator
Oracle Database Administrator
Unix Administrator
Clients such as: PBGC, MSRC, Silicon Graphics, General Motors
Identity is a Strategic Asset
4
WE CAN NOT SHARE CONTENT
IF WE DO NOT KNOW
WHO YOU ARE
Current Practice
5
 Identity silos
 FDIC Connect for Financial Institutions
 Non-Depository Claims
 E-FOIA
 FDIC Active Directory
 Multiple methods of managing identity
Why does a consistent identity matter?
6
 Can not answer simple questions
 How many submitters of claims also submit an E-FOIA
request?
 Can not deploy new solutions quickly (or
inexpensively) if each application needs to solve the
identity management problem
 Can not reliably or easily communicate with ALL of
our customers
 Identity becomes a stumbling block instead of an
enabler
Where does security happen?
7
No Identity
Internet
Untrusted Zone
Perimeter
Anonymous
Users
Identity
Assigned
Federation Zone
Perimeter
Authenticated
Users
Identity
Authorized
Trusted Zone
Perimeter
Controlled
Administrative
Access
Restricted Zone
How is identity assigned?
8
 Security Assertion Markup Language (SAML) 2.0
 XML document that contains:
 Issuer element, which contains the unique identifier of the
identity provider
 Signature element, which contains an integrity-preserving
digital signature
 Subject element, which identifies the authenticated principal
 Conditions element, which gives the conditions under which
the assertion is to be considered valid
 Authentication-Statement element, which describes the
act of authentication at the identity provider
 Attribute-Statement element, which asserts a multi-valued
attribute associated with the authenticated principal
How is identity assigned?
9
Identity Source
Destination Application
(identity provider)
(service provider)
Authentication
Authority
Resource
Manager
User
Anonymous Users
10
Anonymous users are all
assigned the same identity –
“Anonymous” and are authorized
accordingly.
Anonymous
Client
Internet
Untrusted Zone
Perimeter
Anonymous
Users
Federation Zone
Perimeter
Content Dispatcher
Authenticated
Users
Content Services
Trusted Zone
Content Management
Perimeter
Controlled
Administrative
Access
Restricted Zone
Self Registration
11
Users that register themselves and
have their email address verified are
authorized to see and add to the
content that they have previously
submitted.
Self Registered
User
Untrusted Zone
Perimeter
SAML
Producer
Directory
Federation Zone
Perimeter
Content Dispatcher
SAML
Consumer
Trusted Zone
Content Services
Content Management
Perimeter
Restricted Zone
Partners
12
Business partners, such as
financial institutions, that do not
have their own Identity
Management infrastructure
would use an FDIC provided,
delegated administration
module, to manage their user
identities.
Partner
Security
Administrator
Partner Client
Partner Zone
Untrusted Zone
Perimeter
SAML
Producer
Delegated
Administration
Directory
Federation Zone
Perimeter
Content Dispatcher
SAML
Consumer
Trusted Zone
Content Services
Content Management
Perimeter
Restricted Zone
Federated Partner
13
Security
Administration
Directory
Business partners that do have
their own Identity Management
infrastructure would be the
source of the SAML assertions
for their users.
SAML Producer
Federated
Client
Partner Zone
Untrusted Zone
Perimeter
Federation Zone
Perimeter
Content Dispatcher
SAML
Consumer
Trusted Zone
Content Services
Content Management
Perimeter
Restricted Zone
Federated
Security
Administrator
FDIC User
14
Fast Access
Untrusted Zone
Perimeter
Telecommuting
User
Federation Zone
Perimeter
Remote
Desktop
Content Dispatcher
Content Services
Content Management
SAML
Consumer
SAML Producer
Active Directory
Federation Services
Trusted Zone
Perimeter
FDIC Prod
Internal User
Active Directory
Restricted Zone
Perimeter
FDIC users (bother internal and
telecommuting) would also be
provided a SAML assertion to
gain access to applications.
Cloud User
15
SAML
Consumer
Content Services
Content Dispatcher
Hosting Provider
Perimeter
Untrusted Zone
Trust Relationship
Perimeter
Federation Zone
Perimeter
SAML Producer
Active Directory
Federation Services
Active Directory
Trusted Zone
Perimeter
Restricted Zone
FDIC Prod
Perimeter
FDIC users of a cloud service
provider would use the same
model in reverse.
Content Management
Internal User
Analysis of Content
16
GEOSPATIAL APPLICATION
ARCHITECTURE
Requirements
17
 Create a visual presentation of
 Failed, Problem and MDI (Minority Depository Institution)
Institutions and display within
States
 Counties
 Congressional Districts

Demo
18
Technology
19
 Oracle Maps



Javascript API
Slippy Map for Draggable
Display of Map Tiles
Feature of Interest
Interactions
 Oracle Mapviewer


Tile Cache
Feature Server
 Oracle Spatial Database




Spatial interactions
Materialized Views
PL/SQL Functions
Mapping Metadata
Client Browser
JavaScript
HTML rendering
HTTP
Middle Tier
Weblogic
Mapviewer
(Map/Feature rendering)
JDBC
Data Tier
Tables with Spatial Attribute
Spatial Indexes
Metadata
Technology
20
 JQuery



HTML Document
Traversing
Event Handling
AJAX Interactions
 JQuery UI

User Interface Widgets
Technology
21
 JQuery Datatables Plugin



Table pagination
Filtering
Multi-Column Sorting
 Java Servlet

Apache POI library
Presentation Architecture
oraclemaps.js
(mapping API)
RSAM.css
dataTables.js
bankLayer.js
(model +
view updating)
(table controller)
Oracle
Mapviewer
• Renders map tiles
• Fetches Features
mapPage.js
map.jsp
(view)
HTML
Only
(controller)
Behavior mapping
between view
And model
RSAM.js
(model +
view updating)
JQuery
JavaScript/JQuery
•Page Enhancement
• Manages Map Themes
•Event Routing to
Model
• Updates View Tables
22
JSON 2 Excel
Java Servlet
• Convert JavaScript
Object Notation to Excel
Map/Feature Architecture
Renders and Caches
Base Map Tiles
Base Maps
Oracle
Mapviewer
Use
Queries for
Features (and
caches)
Creates
Geometry Themes
Oracle
Mapbuilder
Creates
Using
Spatial Tables
Styles
(Tables, Views, Materialized Views)
One Geometry Column
(SDO_GEOMETRY)
Spatial Metadata
(USER_SDO_GEOM_METADATA)
Spatial Index
Service
Application
Metadata
Areas
Lines
Colors
Markers
Advanced
23
Spatial Data Architecture
24
Materialized
View with
Spatial Column
Tables with
Spatial Column
PL/SQL Function
Using Spatial Query
select count(*) into v_count
from FDIC_ALL_INST where
sdo_relate(region,location,
'MASK=ANYINTERACT')='TRUE';
Security Architecture
25



Perminiter Authentication
with Oracle Single Sign On
Mapviewer accepts HTTP
header and sets identity by
calling PL/SQL package for
each request
Mapviewer Themes can use
identity set in PL/SQL
package for filtering data
Oracle HTTP Server
«executable»
Apache HTTP Server
OID
LDAP Directory
«shared lib»
mod_osso
Web Context Config
«file»
SSO Configuration
Weblogic
OID Authenticator
OSSO Identity Asserter
«ear»
Oracle Mapviewer
Active Security Realm
«file»
Mapviewer Config
«war»
Mapping Application
map_data_source:
name="RSAM"
plsql_package="web_user_info"
web_user_type="OSSO_USER"
RSAM Database
Spatial Schema
«pl/sql package»
LDAP Group Verification
«pl/sql package»
web_user_info
«table»
RSAM_USER_AUDIT
r)
ent
opm apviewe
evel
M
ion D ource (
licat
s
App stic Re
Ela
g an
Spatial Data Management
(Oracle Spatial)
U si n
Com User Su
p
plex
Geo plied La
y
p ro c
essi ers &
ng (
ArcG
IS)
Enterprise GIS Architecture
26
GIS Architecture
Content Management
NOW THAT WE KNOW WHO YOU ARE,
AND WE HAVE CONTENT TO SHARE,
HOW DO WE ENABLE IT?
27
Requirements - Content
28
 Enabling Content
 Company and industry news
 Staff directory and employee profile pages
 Expertise finders (locating coworkers with specific
knowledge)
 Integrating internal and external information sources
 Keeping the intranet up-to-date (content management)
 Employee self service
 Multimedia and video on intranets
 Consistent navigation
 Data analysis and visualization
Requirements - Community
29
 Community
 Employee and department weblogs
 CEO blogging
 On boarding of new employees
 Corporate calendars
 Project collaboration tools
 Discussion boards
 Internal wikis
 Online meeting
Requirements - Technology
30
 Technology
 Robust Search
 Mobile intranets (including iPhone apps for intranet access)
 Personalization
 Customization
 Alerts
 Video platform
 Database Integration (from other systems)
Goals
31
 Build value for users
 Enable integration and personalization
 Establish new communication channels
 Bi-directional
 Scale
 Number of users
 Amount of content
Problems with Existing Architecture
32
 Existing architecture
 Static content
 Manual processes
 Content and presentation intermingled


Dreamweaver
Content can not be reused
No place to store newly captured content
Browser
Web
Server
Manual
Updates
Static
Content
Need a better architecture
 Support for

Content directed applications





Page approval
Content integration and aggregation



Drag and Drop
Workflow


SharePoint
Documentum
Internally Managed
Website author roles in production
In-Page editing


Web Content Management is only one content application
Multiple repositories


33
Live dashboards
Integration with content services
Digital Asset Management

Scaling & Cropping, Metadata Extraction, Thumbnail Generation, Format
Transcoding
Need a better architecture
34
Browser
Content
Applications
Content
Services
Content
Repository
Need a better standards based architecture
35
Web 2.0
Browser
JavaScript
JSON
AJAX
Content Driven Applications
Content
Applications
JSP +
scripting
language
support
Content
Services
REST
based
services
Content
Repository
Java
Content
Repository
(JCR 2.0)
Open source architecture
36
Web 2.0
Content Driven Applications
Apache Sling
Browser
JavaScript
JSON
AJAX
Content
Applications
JSP +
scripting
language
support
Apache Jackrabbit
Content
Services
REST
based
services
Content
Repository
Java
Content
Repository
(JCR 2.0)
Architecture that supports portals
37
Web 2.0
Content Driven Applications
Apache Sling
Apache Jackrabbit
Widget Gadget
Portlet
Widget
Browser
JavaScript
JSON
AJAX
Content
Applications
JSP +
scripting
language
support
Content
Services
REST
based
services
Content
Repository
Java
Content
Repository
(JCR 2.0)
 A portal is simply a web page with configurable widgets that
transforms content
Architecture that supports services
38
Web 2.0
Content Driven Applications
Apache Sling
Apache Felix
OSGi
Services
Widget Gadget
Portlet
Widget
Browser
JavaScript
JSON
AJAX
Content
Applications
JSP +
scripting
language
support
Content
Service
Service
Apache Jackrabbit
Content
Repository
Services
REST
based
services
Java
Content
Repository
(JCR 2.0)
 The OSGi framework is a module system and service platform
that implements a complete component model
Day Software (now Adobe)
39
 Web Content Management solution based on open
standards and open source

Day contributed and uses Apache Open Source:
Content Repository
 Content Services
 Service Integration

Widget
Widget
Portlet
Portlet
Gadget
Gadget
Browser
SharePoint
Content Services
Content
Applications
Day CQ5 WCM
Content
Adapters
Day
Content
Repository
Documentum
In page editing
40
Drag and drop
41
Workflow
42
Demo
43
Q&A
44
 Questions

similar documents