web 2.0 in the enterprise: balancing participation and ......rich internet applications (ria) •...
TRANSCRIPT
![Page 1: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/1.jpg)
Manish Devgan
Web 2.0 in the Enterprise: Balancing Participation and SecurityManish DevganProduct Manager – Oracle WebCenter & Portal Products
![Page 2: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/2.jpg)
Manish Devgan
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
![Page 3: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/3.jpg)
Manish Devgan
Introduction
• Product Manager – Oracle WebCenter & Portal Products
• Prior Experience• Lead/Architect for WebCenter Security Framework• Architect for BEA WebLogic Portal (WLP) Services
• Patents in Collaboration, Security, Entitlement Management
• Books• BEA WebLogic Platform – SAMS Publishing 2003• Contributing author: Reshaping Your Business with Web 2.0
– McGraw Hill 2008
• Featured speaker at various conferences
![Page 4: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/4.jpg)
Manish Devgan
![Page 5: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/5.jpg)
Manish Devgan
<Insert Picture Here>
Program Agenda
• Web 2.0• Advent of Web 2.0 in the Enterprise• Security Considerations for RIA• Securing Enterprise Applications• Oracle WebCenter Security Framework• Balancing Participation and Security
![Page 6: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/6.jpg)
Manish Devgan
Web 2.0
Social networks connect and illuminate
Blogs provide information, analysis and opinion
Wikis are indispensable tools for knowledge
Widgets and mashups extend functionality
Link analysis surfaces most relevant content
Tags and bookmarks personalize content
![Page 7: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/7.jpg)
Manish Devgan
What is Web 2.0?
• Not a new technology
• Web 2.0 is the combination of three distinct avenues of Web design:• RIA (Rich Internet Application) • Collaboration / relationship based Web experience• Mashups
![Page 8: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/8.jpg)
Manish Devgan
Rich Internet Applications (RIA)
• RIAs are Web applications that have the features & functions of client/server-style applications.
• RIAs implement:• Client-side processing to allow richer, more responsive UI
than traditional Web applications• Asynchronous communication with the server (generally
AJAX) allowing partial page refresh
![Page 9: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/9.jpg)
Manish Devgan
Collaborative Web
Primary characteristics of the Web 2.0 Platform:
• Ability for users to contribute to, and collaborate on, the nature of information and how it relates to their needs
• Social networking that allows users to define relationships with others to optimize the access to, and use of, the available information
![Page 10: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/10.jpg)
Manish Devgan
Mashups
“A Web-based application that combines data from more than one disparate source into a
single integrated service”
![Page 11: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/11.jpg)
Manish Devgan
<Insert Picture Here>
Program Agenda
• Web 2.0• Advent of Web 2.0 in the Enterprise• Security Considerations for RIA• Securing Enterprise Applications• Oracle WebCenter Security Framework• Balancing Participation and Security
![Page 12: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/12.jpg)
Manish Devgan
Advent of Web 2.0 in the EnterpriseInternal Resources External Resources
EmailPhone
BrowserIM
RSS Desktop
Siebel CRM On DemandOther CRM
Oracle E-Business SuitePeopleSoft
Siebel Call CenterLegacy
Oracle Transportation ManagementJD Edwards EnterpriseOne
![Page 13: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/13.jpg)
Manish Devgan
Resolve Customer
Issue
Resolve Customer
Issue
Sales TeamSales Team
Find DocFind Doc
Structured Processes & Unstructured Interactions
![Page 14: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/14.jpg)
Manish Devgan
Creating a “Web 2.0-Enabled” Enterprise
• Deliver it all in context via highly interactive applications
• Engage the user in an interactive, collaborative experience
• Capture information, people, processes, systems, connections
![Page 15: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/15.jpg)
Manish Devgan
Translating Web 2.0 to the Enterprise
Technology Consumer (Web 2.0) Enterprise 2.0*
Blogs Sharing opinions, reviewing products
Thought Leadership, Product Evangelism
Social Networks Meeting friends & acquaintances
Connecting with Subject Matter Experts, content, and processes
Mashups Maps Integration of data from multiple applications
Search/Tagging Page ranking – relevant content
Activity Ranking – relevant business information
Wiki Sharing knowledge Project information sharing & managing deliverables
Discussions Open discussions on common topics of interest
Forums for customer support and engagement for product feedback
* Word coined by Professor MacAfee of the Harvard Business School in 2006
![Page 16: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/16.jpg)
Manish Devgan
Web 2.0 and Enterprise 2.0 Security Paradigms
• Consumer Space• Need ultimate User engagement and interaction at
the cost of lower security enforcement for viral adoption
• Enterprise Space• Need a balance between Participation and Security
![Page 17: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/17.jpg)
Manish Devgan
<Insert Picture Here>
Program Agenda
• Web 2.0• Advent of Web 2.0 in the Enterprise• Security Considerations for RIA• Securing Enterprise Applications• Oracle WebCenter Security Framework• Balancing Participation and Security
![Page 18: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/18.jpg)
Manish Devgan
RIA – AJAX Model
<script type=“text/javascript>
XMLHttpRequest
Application Container
AJAX-enabled Web page
Application Services• Method1()• Method2()• Method3()
CallbackFunction() {• process response• Update DOM}
</script>
Page Request 1
User Interaction 2
3 4
56
7
Page Submission 8
![Page 19: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/19.jpg)
Manish Devgan
AJAX / RIA Security Considerations
• All the problems of traditional Web applications and more
• Increase in attack “surface”• State resides on the client• Client injections – DOM, JSON, RSS, ..• Exposing business processes• Dynamic content entry
• Cross-site scripting (XSS)• Cross-site request forgery (CSRF/XSRF)
![Page 20: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/20.jpg)
Manish Devgan
Security cannot be achieved by obscurity!Security cannot be achieved by obscurity!
![Page 21: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/21.jpg)
Manish Devgan
<Insert Picture Here>
Program Agenda
• Web 2.0• Advent of Web 2.0 in the Enterprise• Security Considerations for RIA• Securing Enterprise Applications• Oracle WebCenter Security Framework• Balancing Participation and Security
![Page 22: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/22.jpg)
Manish Devgan
Enterprise Applications Security Considerations & measures when adopting Web 2.0
• UI framework with a mature security model• Service layer security and compliance• Message-level data security• Identities and Access Control• Proliferation of Identities• Fine-grained Authorization• Compliance Policies for your business domain
![Page 23: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/23.jpg)
Manish Devgan
A Typical Enterprise Application Today The stakes for securing content are high
• Composite application brings disparate applications together
• Users can see the transaction context across applications, allowing them to focus on the business process
![Page 24: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/24.jpg)
Manish Devgan
<Insert Picture Here>
Program Agenda
• Web 2.0• Advent of Web 2.0 in the Enterprise• Security Considerations for RIA• Securing Enterprise Applications• Oracle WebCenter Security Framework• Balancing Participation and Security
![Page 25: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/25.jpg)
Manish Devgan
“Enterprise-Ready” Web 2.0 Services
![Page 26: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/26.jpg)
Manish Devgan
Building Enterprise Mashups Using WebCenter
NotificationsNotifications
EmailEmail
DocumentsDocuments
DiscussionsDiscussions
PreferencesPreferences
SearchSearch
RecentRecent
FavoritesFavorites
Contextual WiringContextual Wiring
CommunitiesCommunities
PresencePresence
![Page 27: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/27.jpg)
Manish Devgan
WebCenter Security and Privilege Model
…enables the building of a rich application that is interactive and engaging, and enables team collaboration and productivity without giving away the keys to the castle!
![Page 28: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/28.jpg)
Manish Devgan
RIA Without the Pain
• Java Server Faces (JSF) frameworks, such as ADF, allow for:• Definition of self-contained “rich” components• Validation code to be held on the server• Targeted JavaScript with limited points of exposure• Page designers to be shielded from the complexity of
JavaScript
<af:trainButtonBar/>
<af:progressIndicator id="progId" value…}" />
<af:dialog>
![Page 29: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/29.jpg)
Manish Devgan
Mature Security Framework
• ADF comes with a security framework built upon a pluggable architecture using JAAS
• The framework includes a security- aware model layer with predefined component-specific permissions
![Page 30: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/30.jpg)
Manish Devgan
Security Enforcement at Service Layer
![Page 31: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/31.jpg)
Manish Devgan
Secure Identity Propagation
• WS-Security for Secure Identity Propagation• Complete message protection (confidentiality
and integrity)• Various token profiles supported:
• SAML• UsernameToken without password• UsernameToken with password
![Page 32: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/32.jpg)
Manish Devgan
Authorization Models Customized based on the service*
• Permission-based• Services sharing
persistence store and permission model with the application
• Role-mapping based• Services that need to
access remote back-end resources with independent permission models
* Web 2.0 Service Role-mapping based authorization
![Page 33: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/33.jpg)
Manish Devgan
<Insert Picture Here>
Program Agenda
• Web 2.0• Advent of Web 2.0 in the Enterprise• Security Considerations for RIA• Securing Enterprise Applications• Oracle WebCenter Security Framework• Balancing Participation and Security
![Page 34: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/34.jpg)
Manish Devgan
![Page 35: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/35.jpg)
Manish Devgan
Secure Out-of-the-box...
• Secure by default
• Admin needs to “open it up”
• Explicit UI actions to provision and grant access
![Page 36: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/36.jpg)
Manish Devgan
…with flexibility to open it up!
![Page 37: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/37.jpg)
Manish Devgan
Maintaining Control.. ..while maximizing participation
• Enabling public group spaces feature
• Easily opening site for maximum participation
![Page 38: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/38.jpg)
Manish Devgan
Maximizing Participation
• Ability to join public group spaces by searching• Ability to discover and subscribe to a group space
![Page 39: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/39.jpg)
Manish Devgan
Enabling Balance Between Participation and Security
![Page 40: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/40.jpg)
Manish Devgan
Key Takeaways
1 Web 2.0 is a combination of RIA, collaborative Web experience, and mashups
2
3
4
Enterprise Applications are rapidly leveraging Web 2.0 technologies
WebCenter security and privilege model provides a balance between participation and security
You can build a “Web 2.0-enabled” Enterprise Application without away giving the keys to the castle!
![Page 41: Web 2.0 in the Enterprise: Balancing Participation and ......Rich Internet Applications (RIA) • RIAs are Web applications that have the features & functions of client/server-style](https://reader033.vdocuments.site/reader033/viewer/2022042223/5ec974cb21939034e86c771c/html5/thumbnails/41.jpg)
Manish Devgan