mgs fed portal

Copyright Copyright 2003 MG Solutions LLC (MGS). All Rights Reserved2003 MG Solutions LLC (MGS). All Rights Reserved

Copyright & Disclosure © 2003 All rights reserved. No part of this document may be reproduced in any form including photocopying or translation to another language, without prior consent of MG Solutions LLC.

This document in no way implies a commitment to perform any or all of the functions described herein, unless accompanied by a signed Statement of Work specifically mentioning this version of the document.

This document contains confidential material and requires written permission to be disseminated outside of MGS.

Federated Identity Portals

Creating A Global Delivery Platform


Copyright & Disclosure © 2003 All rights reserved. No part of this document may be reproduced in any form including photocopying or translation to another language, without prior consent of MG Solutions LLC.

This document in no way implies a commitment to perform any or all of the functions described herein, unless accompanied by a signed Statement of Work specifically mentioning this version of the document.

This document contains confidential material and requires written permission to be disseminated outside of MGS.

Presentation Outline:

The Big Picture: Expanding The Portal ROI

Taking A 360° Degree View To Application Development & Services Deployment

Impact Of Federated Portals


Federated Identity Portal ROI

What often times started as a specific purpose portal can be expanded to become a Global Delivery Platform for services and content – taking fully advantage of Sun’s core infrastructure focus:

First Stage:

Specific Purpose Portal (i.e. Employee Portal)

Global DeliveryPlatform

• Global Directory Services

• Content Management

Secure Remote / Mobile Access

• Enterprise SSO and Global SSO (Federation)

• Application Development Framework

Increasing PortalROI

• Services Inventory Management


The Big Picture: Creating A Global Delivery Platform Via Federated Identity Portals

First Stage:


• Application Development Framework


Companies can reap great rewards and cost savings from designing and developing applications using the Federated Portal Concept:• Component based development• Expand use of portlets using WSDL • Easily integrate new services with other JSR 168 compliant portal environments• Simplify integration of external applications / services using GSO• More standards based integration points (STRUTS support)


Federated Portals Serving As An Application Development Framework

WSDL services can be utilized within the portal or elsewhere

By using portals as an application framework, development can be done in a modular fashion, since adding / changing features will not impact the overall services of the web site

GSO allows companies to extend easy access to new services provided by partners, etc. instead of expensive integration efforts

JSR 168 compliant development allows for easy reuse (exchange) of portlets in other compliant environments

WSRP – invoke remote portlets from other web/portal instances



First Stage:


• Enterprise And Global Identity Management


Companies can reap great rewards and cost savings from taking advantage of the underlying Identity / Directory Services of the Federated Portal Concept:• Manage external users and their access by using the same building blocks & tools as deployed for the enterprise• Create common access validation architectures among CoT’s• Delegate access control as needed to any of the offered portal services as opposed to managing each underlying application access individually


Global Delivery Architecture

Building A Global Delivery Infrastructure Solution

ExternalClient

Sun Gateway Servers

Content / DocumentManagement Services are managed through the Portal/Identity Server’s Profiles/Policies to provide for consistent Content Work Flow and only authorized access to any of the Portal Content (Doc’s, RDBMS based content, etc.)

Sun Portal Servers & Sun Application Server (or Third Party Application Server) including Middleware Connectors

Existing Applications and Services are protected via the Sun agents to ensure only authorized access. Mainframe and other non-web enabled apps are delivered through Citrix integrated emulation software. The Citrix Password Manager handles Mainframe and Client/Server applications.

InternalClient

Firewall 1

DMZ

Firewall 2

Enterprise wide LDAP Sun Directory Services including Meta Directory Services

Building A Global Delivery Infrastructure Solution

ExternalClient

Sun Gateway Servers

Content / DocumentManagement Services are managed through the Portal/Identity Server’s Profiles/Policies to provide for consistent Content Work Flow and only authorized access to any of the Portal Content (Doc’s, RDBMS based content, etc.)

Sun Portal Servers & Sun Application Server (or Third Party Application Server) including Middleware Connectors

Sun Identity Server enforcing global Network Identity Services including Policy / Role based Authentication and Authorization consistently for Extranet as well as Intranet users that can extend to Federated GSSO. The WaveSet component handles workflow based provisioning to various backend system’s user stores.

InternalClient

Firewall 1

DMZ

Firewall 2

Enterprise wide LDAP Sun Directory Services including Meta Directory Services


Infrastructure Solution for Network Identity

Portal Portal Server Server

Directory Directory Server Server

Central Directory Central Directory

Application SecurityApplication Security

Certificate SevicesCertificate Sevices& Management& Management

CustomerCustomer

Employee Employee SupplierSupplier

PartnerPartner

PBXPBX HR HR DatabaseDatabase

MessagingMessagingServerServer

MS ActiveMS ActiveDirectoryDirectory

Identity Provisioning Identity Provisioning & Synchronization & Synchronization Identity ManagementIdentity Management

ProfilesProfiles/Attributes/Attributes

AuthorizationAuthorization

AuthenticationAuthentication

AdministrationAdministration

WaveSet Workflow Management WaveSet Workflow Management

● Java System Identity Server

Central Access Management,authentication, Web SSO, federation, self-service, delegated authority

Identity Identity Server Server

SSOSSO

AuditAudit

FederationFederation

Self-serviceSelf-service

PoliciesPolicies

MetaMeta––Directory Directory

Java System Directory Server● Stores Identity Profiles● Massive Scalability● Multi-platform

Java System Meta-Directory Server / WaveSet Provisioning● Consolidates & Synchronizes Identity Information● Works with Microsoft Active Directory

● Java System Portal Server integrated with Citrix Web Interface and Citrix Password Manager


Creating A Common Access Validation Architecture - CAVA

ClientClient

Organization A Web Organization A Web Services secured Services secured and managed by the and managed by the Local Identity Local Identity Infrastructure (Infrastructure (LPDLPD))

Organization D Organization D Web Services Web Services secured and secured and managed by the managed by the Local IdentityLocal Identity Infrastructure Infrastructure ((LPDLPD))

Organization C Organization C Web Services Web Services secured and secured and managed by the managed by the Local Identity Local Identity Infrastructure Infrastructure ((LPDLPD))

AuthNAuthN based on based on CAC or CAC or UserID/Password UserID/Password AuthenticationAuthentication

GPDGPD

GPDGPD

CoTCoT

IdPIdP

IdPIdP SPSP

SPSP

GSOGSO

GLOGLO

AuthZAuthZ

AuthZAuthZ

GPDGPD

IdPIdP SPSP

GPDGPDIdPIdP SPSP

AuthZAuthZ

AuthZAuthZ

Organization B Organization B Web Services Web Services secured and secured and managed by the managed by the Local Identity Local Identity Infrastructure Infrastructure ((LPDLPD))



First Stage:


• Services Inventory Management


Companies can reap great rewards and cost savings from managing their applications as a centralized Services Inventory using the Federated Portal Concept:• Coordinate more easily SW releases and license requirements due to centralized delivery• Monitor service quality and performance centrally• Arrive at broader needs analysis based on global analytics data• Organize services more efficiently and avoid redundancy


Service Inventory Management

Steps Towards Creating A Services Inventory Via Federated Identity Portals:

• Organize Portal Content/Applications as Services using Tabs / Nested Tabs

• Create Reports:• To Monitor Usage Of Specific Services (Applications or Content)• To Monitor Service Quality (Uptime, Response Delays, etc.)• To Bill Users For Specific Services• To Identify Redundant Or Unused Services• To Centrally Manage SW License Needs/Purchases

• Create A Deployment Infrastructure:• To Automate Distribution Of New/Modified Applications• To Automate Publishing Of New Content


Example: Measurement Of Portal

1.) Portal Usage Based Measurement • Tracks login and logout time• Provides for Time Out Reminder feature• No channel / application level changes required• Least details, but simplest approach• Provides for overall portal usage based Bill Back Information

2.) Services (Tabs) Based Usage Measurement• Tracks login and logout time• Provides for Time Out Reminder feature• Tracks switching of Tabs• No channel / application level changes required• Provides for service centric Bill Back Information

3.) Applications Based Usage Measurement• Tracks login and logout• Provides for Time Out Reminder feature• Requires channel / application level changes• Tracks usage per channel and underlying application• Most detailed Bill Back Information


Impact Of Federated Identity Portals

By Building Out A Global Delivery Platform Based On Federated Identity Portals:

• Companies will be able to save millions in integration costs typically associated with trying to incorporate each others services

• Companies will be able to reuse their IT investments in the broadest sense saving them millions in leveraged HW/SW and development costs

• Companies will be enabled to enforce a consistent service delivery model, that allows them to increase quality across the board while providing for a faster delivery of new applications and content

• Companies can rely on a strong security model that extends seamlessly from intranet to extranet, and from internal users to external users

• Companies can rely on a standards based approach for application dev / integration as well as identity services validating their investments for many years to come


Sun Microsystems, Inc.www.sun.com

Citrix, Inc.www.citrix.com

MGS - MG Solutions LLCwww.mgsportal.com

THANK YOU


APPENDIX


Quick Glossary

Auth N AuthenticationAuth Z AuthorizationGSSO / GSO Global Sign ONGLO Global Logout

SAML Security Assertion Markup Language

SOAP Simple Object Access ProtocolPKI Public Key InfrastructureCoT Circle of TrustIdP Identity ProviderISF Identity Services FrameworkSP Service ProviderUDDI Universal Description Discovery and IntegrationLPTA Leightweight Third-Party Token AuthenticationJCO Java Connector ObjectJCA Java Connector ArchitectureWSDL Web Services Description LanguageBPC Business Process Connector