ui modernization
TRANSCRIPT
State of GeorgiaState of Georgiae-Government Privacy and Accesse-Government Privacy and Access
State of New JerseyState of New Jersey
Internet Portal Case StudyInternet Portal Case Study
Web Portal Services
Business ActivityEnvironmental Protection (eNJEMS, Right-to-Know); Revenue (Business Gateway); Taxation (SAVER, Partnership Filings); OMB (Vendor Payment); Corrections (Inmate Search); State Police (Recruitment,
Megan’s Law); Agriculture (Child Nutrition); Community Affairs (PermitsNJ, GovConnect); Labor (UI Payments); Motor Vehicle (eMVC Services); Lottery (VIP Club); Commerce (License & Cert Inquiry)
Unstructured DataStatic Web Pages
Dynamic Web PagesPictures, Video, Multi-Media
Structured DataJ2EE & MS Data Driven Transactional Systems
GIS, Directories
Enterprise SystemsLegacy Mainframe
Groupware, Workflow, eForms, COTS
• Community & Identity Management (Role Based Access Control, Provisioning)
• Location Based Service Delivery
• Multi-Access (Device Aware)
• Personalization (Self Service, Knowledge Management, Content Filtering, Alerts)
• Communication & Collaboration (Document Sharing, Instant Messaging)
CommunitiesCitizens - Businesses - Local Governments - Employees
Computer
Laptop
PDA
Wireless
Broadband
LAN / WANModem
• Security (Data Encryption, PKI)
• Presentation & Aggregation (Branding, Intentions Based, Index & Search)
Enabling BusinessEnabling BusinessEnabling BusinessEnabling Business
NJ NJ SharedShared IT Architecture IT Architecture
Platforms, services and support leveraged Platforms, services and support leveraged across multiple Agency initiatives in order across multiple Agency initiatives in order to minimize risk and lower the overall cost to minimize risk and lower the overall cost of ownership of IT projectsof ownership of IT projects
Service ArchitectureService Architecture Primarily based on a J2EE software stackPrimarily based on a J2EE software stack
– Sun ONE, Oracle (Database)Sun ONE, Oracle (Database)
NJ Shared IT ArchitectureNJ Shared IT Architecture
Presentation Layer
Application
Layer
DataLayer
SunOne J2EE Application SunOne J2EE Application ServerServer
Web ServicesWeb Services SunOne Identity SunOne Identity SunONE DirectorySunONE Directory IBM MQ Series MessagingIBM MQ Series Messaging IBM CICS Transaction IBM CICS Transaction
GatewayGateway DB2 ConnectDB2 Connect Adobe Form & Doc ServersAdobe Form & Doc Servers
Business ObjectsBusiness Objects DataStageDataStage Metadata ManagementMetadata Management Workflow EnginesWorkflow Engines Real Time GeocodingReal Time Geocoding ArcIMSArcIMS Verisign PKIVerisign PKI ePaymentePayment eRegistrationeRegistration
Sun ONE PortalSun ONE Portal SunONE Web ServersSunONE Web Servers Cisco Load BalancersCisco Load Balancers
Adobe eFormsAdobe eForms Interwoven Content MgmtInterwoven Content Mgmt Inktomi Search EngineInktomi Search Engine
OracleOracle DB2DB2 IMSIMS
Infr
astr
uct
ure
, N
etw
ork
& S
yste
m M
anag
em
ent,
Hel
p D
esk
T
ivol
i Fra
mew
ork
Tiv
oli F
ram
ewor
k
Com
pu
war
e P
red
icti
ve T
esti
ng
Com
pu
war
e P
red
icti
ve T
esti
ng
E
mp
irex
– L
oad
Tes
tin
gE
mp
irex
– L
oad
Tes
tin
g
Per
egri
n S
ervi
ce C
ente
r –
Pro
ble
m T
rack
ing
Per
egri
n S
ervi
ce C
ente
r –
Pro
ble
m T
rack
ing
P
ereg
rin
Ser
vice
Cen
ter
– C
han
ge C
ontr
olP
ereg
rin
Ser
vice
Cen
ter
– C
han
ge C
ontr
ol
24x7
Cal
l Cen
ter
24x7
Cal
l Cen
ter
Application RosterApplication RosterDeptDept ApplicationApplication
MultiMulti eCATSeCATS
AGRIAGRI Child Nutrition AppChild Nutrition App
CommComm SAVISAVI
CommComm License & Certification InquiryLicense & Certification Inquiry
DCADCA Boilers and Pressure VesselsBoilers and Pressure Vessels
DCADCA Permits NJ OnlinePermits NJ Online
DCADCA Municipal Contact InformationMunicipal Contact Information
DEPDEP Right To Know – CorporateRight To Know – Corporate
DEPDEP Right To Know - PublicRight To Know - Public
DEPDEP NJDEP OnlineNJDEP Online
DEPDEP Online Fishing LicenseOnline Fishing License
DHSDHS Child Support PaymentsChild Support Payments
DOBIDOBI Insurance ComplaintsInsurance Complaints
DOCDOC Inmate SearchInmate Search
DOLDOL Extended Benefits OnlineExtended Benefits Online
DOLDOL Customized TrainingCustomized Training
DOLDOL Unemployment CompensationUnemployment Compensation
DOLDOL Job Match ProgramJob Match Program
DOLDOL Tax Web-Enabled SystemTax Web-Enabled System
DOLDOL Web Enabled UI paymentsWeb Enabled UI payments
DOPDOP CPM Test InfoCPM Test Info
DOPDOP Online Training CatalogOnline Training Catalog
DeptDept ApplicationApplication
DOTDOT Construction Status DatabaseConstruction Status Database
DOTDOT Position Action Tracking Position Action Tracking
DOTDOT Research & Technology SearchResearch & Technology Search
DOTDOT Bicycle & Pedestrian ResourcesBicycle & Pedestrian Resources
S.P.S.P. Online Sex OffendersOnline Sex Offenders
S.P.S.P. Recruitment InquiryRecruitment Inquiry
MVCMVC eMVC Online ServiceseMVC Online Services
MVCMVC International Registration ProgramInternational Registration Program
OITOIT Telephone Line RegistrationTelephone Line Registration
MultiMulti Open Public Records ActOpen Public Records Act
LotteryLottery Lottery VIP ClubLottery VIP Club
LotteryLottery Lottery Agent ReportingLottery Agent Reporting
TreasTreas Partnership FilingPartnership Filing
TreasTreas Vendor Payment InquiryVendor Payment Inquiry
TreasTreas Duplicate W2 Duplicate W2
TreasTreas Payroll Bond Admin ToolPayroll Bond Admin Tool
TreasTreas Employer Pensions and BenefitsEmployer Pensions and Benefits
TreasTreas Pensions Account HistoryPensions Account History
TreasTreas Purchase Bureau Vendor ChangePurchase Bureau Vendor Change
TreasTreas Automated Email to RequestorsAutomated Email to Requestors
TreasTreas Business FilingsBusiness Filings
TreasTreas Emergency ResponseEmergency Response
Common Services Layer - ApplicationCommon Services Layer - Application
ePayment shared componentePayment shared component
Oracle Access shared componentOracle Access shared component
XML Wrapper to Single Sign-on for Non-Java XML Wrapper to Single Sign-on for Non-Java Apps (esp. SFT)Apps (esp. SFT)
Portal myNJDirect Pager AppPortal myNJDirect Pager App
eMalleMall New Jersey New Jersey
Secure File TransferSecure File Transfer
Enterprise Public Key InfrastructureEnterprise Public Key Infrastructure
Portal Discussion ForumPortal Discussion Forum
Portal Document LibraryPortal Document Library
Portal FeedbackPortal Feedback
Proof of Concept: Connectivity to Integrity Proof of Concept: Connectivity to Integrity Address Validity Routines in Real TimeAddress Validity Routines in Real Time
NJ Portal MetricsNJ Portal MetricsMembership Growth RateMembership Growth Rate 3,000 per month3,000 per month
Daily LoginsDaily Logins Approx 2,000Approx 2,000
EmployeesEmployees 4,0004,000
CitizensCitizens 25,00025,000
Business PartnersBusiness Partners 4,2004,200
Local Gov OfficialsLocal Gov Officials 2,5002,500
Application VPN (Netlet)Application VPN (Netlet) 1,0001,000
Groupware AccessGroupware Access 25 Systems25 Systems
Secure File TransferSecure File Transfer 260260
Government to Employee - Intranet Desktop w/Mail, Calendar, Document Library, Government to Employee - Intranet Desktop w/Mail, Calendar, Document Library, Discussion forums, etc.Discussion forums, etc.
Cur
rent
App
lica
tions
Cur
rent
App
lica
tions
Government to Employee - Intranet Desktop Displaying Application VPN and 3270 Government to Employee - Intranet Desktop Displaying Application VPN and 3270 Mainframe Access on the fly Mainframe Access on the fly
Cur
rent
App
lica
tions
Cur
rent
App
lica
tions
Government to Employee - Intranet Displaying Enterprise Directory Text Paging AccessGovernment to Employee - Intranet Displaying Enterprise Directory Text Paging Access
Cur
rent
App
lica
tions
Cur
rent
App
lica
tions
Government to Employee – Treasury IntranetGovernment to Employee – Treasury Intranet
Cur
rent
App
lica
tions
Cur
rent
App
lica
tions
Government to Business - Lottery Agent Desktop w/Web Content, Online Services, Government to Business - Lottery Agent Desktop w/Web Content, Online Services, Document LibraryDocument Library
Cur
rent
App
lica
tions
Cur
rent
App
lica
tions
Government to Business - Lottery Agent Desktop Displaying Realtime Online Sales Government to Business - Lottery Agent Desktop Displaying Realtime Online Sales HistoryHistory
Cur
rent
App
lica
tions
Cur
rent
App
lica
tions
Government to Business - Lottery Agent Desktop Displaying Realtime Online Ticket Government to Business - Lottery Agent Desktop Displaying Realtime Online Ticket InventoryInventory
Cur
rent
App
lica
tions
Cur
rent
App
lica
tions
Government to Business - State Vendor Desktop Displaying Realtime Online Payment Government to Business - State Vendor Desktop Displaying Realtime Online Payment InquiriesInquiries
Cur
rent
App
lica
tions
Cur
rent
App
lica
tions
Government to Government - Municipal Clerk Desktop w/News, Doc Lib, Inter-Gov Government to Government - Municipal Clerk Desktop w/News, Doc Lib, Inter-Gov Directory,Discussion ForumsDirectory,Discussion Forums
Cur
rent
App
lica
tions
Cur
rent
App
lica
tions
Government to Citizen – Citizen Desktop w/GIS Events Calendar customized w/citizen Government to Citizen – Citizen Desktop w/GIS Events Calendar customized w/citizen preferencespreferences
Cur
rent
App
lica
tions
Cur
rent
App
lica
tions
Government to Citizen – Setting Preferences for the GIS Events CalendarGovernment to Citizen – Setting Preferences for the GIS Events Calendar
Cur
rent
App
lica
tions
Cur
rent
App
lica
tions
Government to Citizen – Getting Driving Directions to an event on the GIS Events Government to Citizen – Getting Driving Directions to an event on the GIS Events CalendarCalendar
Cur
rent
App
lica
tions
Cur
rent
App
lica
tions
Business Owner and Portal Team collaborate to create an Business Owner and Portal Team collaborate to create an application specific channel (aka portlet).application specific channel (aka portlet).
Business owner provides user record(s) including the Business owner provides user record(s) including the primary key used to identify each user.primary key used to identify each user.
Portal Team adds the role, entity, and a randomly generated Portal Team adds the role, entity, and a randomly generated authentication code to each user record and bulk loads them authentication code to each user record and bulk loads them into the Portal.into the Portal.
Business Owner and Portal Team design a communication Business Owner and Portal Team design a communication vehicle to notify users of their personal authentication code, vehicle to notify users of their personal authentication code, how to register for the Portal.how to register for the Portal.
When the user registers and enters the authentication code, When the user registers and enters the authentication code, we assign the myNewJersey membership number to the we assign the myNewJersey membership number to the application’s primary key.application’s primary key.
Portal API makes credentials (including application primary Portal API makes credentials (including application primary key) available whenever the user logs on.key) available whenever the user logs on.
Portal Application IntegrationPortal Application Integration
Large channel with lots of information?
Small, simple channel with minimal information?
OrBoth?
Business Owner and Portal Team Business Owner and Portal Team Design a PortletDesign a Portlet
NameName AddressAddress EmailEmail A unique code for the A unique code for the
applicationapplication Primary Key for this Primary Key for this
UserUser
Data
Business Owner Provides User InfoBusiness Owner Provides User InfoRecords to Portal TeamRecords to Portal Team
Portal Team adds Role, Entity, and a randomly Portal Team adds Role, Entity, and a randomly generated Authentication Code to each Recordgenerated Authentication Code to each Record
NameName AddressAddress EmailEmail A unique code for your A unique code for your
applicationapplication Primary Key for this userPrimary Key for this user RoleRole EntityEntity Authentication CodeAuthentication Code
Data
Business Owner and Portal Team design a communication vehicle to Business Owner and Portal Team design a communication vehicle to notify users of their personal authentication code and how to register notify users of their personal authentication code and how to register
for the Portalfor the Portal
Letter e-Mail
When User Registers he/she is assigned a unique Portal When User Registers he/she is assigned a unique Portal membership number.membership number.
When User enters the authentication code, we assign the When User enters the authentication code, we assign the Portal membership number to the application primary key.Portal membership number to the application primary key.
Enter the authentication code here.
The record we retain contains all the information necessary to The record we retain contains all the information necessary to link the person logged in to the primary key of the link the person logged in to the primary key of the
application.application. Name Address Email A unique code for your
application Your Primary Key for this
person Role Entity Authentication Code Portal Membership
Number
Data
The link is established between The link is established between the portal and your applicationthe portal and your application
Portal Membership NumberPortal Membership Number
Agency APrimary Key X
Agency BPrimary Key Y
Agency CPrimary Key Z
Online administration of rolesOnline administration of roles
• Distributed management of rolesDistributed management of roles• Search for people by name, role, etc.Search for people by name, role, etc.• Multiple changes easily managedMultiple changes easily managed• Revoke single and multiple roles from one or Revoke single and multiple roles from one or
more peoplemore people• Add additional roles or new people to a role Add additional roles or new people to a role
with easewith ease• Self registration with out-of-band Self registration with out-of-band
communication or immediate grant of rolecommunication or immediate grant of role
Single sign on - SSOSingle sign on - SSO
User authenticates once to myNewJerseyUser authenticates once to myNewJersey Persistent session created on portal serverPersistent session created on portal server Allows link to Allows link to anyany web application on the web application on the
Garden State NetworkGarden State Network Application checks with portal server for Application checks with portal server for
valid session for this user via a Java or valid session for this user via a Java or XML API callXML API call
Application requests the primary key for Application requests the primary key for this user via the Java or XML API callthis user via the Java or XML API call
Looks complicated?Looks complicated?
Accomplished with calls to one APIAccomplished with calls to one API Here is an outline of the necessary Java codeHere is an outline of the necessary Java code
public void doGet(HttpServletRequest req, HttpServletResponse res) {public void doGet(HttpServletRequest req, HttpServletResponse res) { try {try { PortalUserInfo user = new PortalUserInfo(req, ROLES);PortalUserInfo user = new PortalUserInfo(req, ROLES); if (!user.isValid())if (!user.isValid()) // send "not logged in" message to user// send "not logged in" message to user else if (!user.hasRoleName("Some Role"))else if (!user.hasRoleName("Some Role")) // send "not authorized" message to user// send "not authorized" message to user else {else { // your business logic follows here...// your business logic follows here... // send your app's first screen to user, etc.// send your app's first screen to user, etc. }} }} ...... }}
Authentication MethodsAuthentication Methods
Authenticate ‘regular’ through name and Authenticate ‘regular’ through name and passwordpassword
Authenticate ‘high’ through Public Key Authenticate ‘high’ through Public Key Infrastructure also known as PKI or digital Infrastructure also known as PKI or digital certificatescertificates
Applications can further authenticate Applications can further authenticate through secret datathrough secret data
» Ex. Car registration for the massesEx. Car registration for the masses
Identity ManagementIdentity Management
Currently contained within the Currently contained within the Black BoxBlack Box of the Portal infrastructureof the Portal infrastructure
Will be migrated to an external Identity Will be migrated to an external Identity Management infrastructure – 6-9 monthsManagement infrastructure – 6-9 months
Portal will become a Portal will become a consumerconsumer of Identity of Identity Services instead of its Services instead of its providerprovider
Identity Services will be available to other Identity Services will be available to other applications (e.g., web, app, provisioning applications (e.g., web, app, provisioning tools, etc.)tools, etc.)
Portal v6 ArchitecturePortal v6 Architecture
Public Tier
Internet UserBrow ser Based
Cisco Content Services Sw itchLoad Balancer
Secure Tier
Core Tier
PortalGatew ayServer
Sun 420R4 cpu/4 GB
PortalGatew ayServer
Sun 420R4 cpu/4 GB
LDAP Proxyw as NJEDS1
Sun 4501 cpu/1Gb
HTTP Proxyw as NJEDS2
Sun 4501 cpu/1 Gb
LDAP ProxySun v480
2 cpu/ 16 GB
PortalGatew ayServer
Sun 420R4 cpu/4 GB
PortalGatew ayServer
Sun 420R4 cpu/4 GB
LDAP Masters 1,2Sun v480
2 cpu/16 GB
HTTP Proxyw as NJEDS3
Sun 4501 cpu/1 Gb
Existing ProductionServers
New ly acquiredequipment to beadded to existing
infrastructure for V6Project
Login & Secure Traffic Post Login non-Secure Traffic
Sun ONE App Server 7.x
Directory & IdentityManagement
Data
ApplicationServers
InternetWeb Servers
DataOS/390
MessagingCalendarServers
IntranetWeb Servers
Authenticated Users
Platf orm
Gateway
LDAP
Identity
Platf orm
Gateway
LDAP
Identity
Dev V100s Test V100s
Identitiy Mgmt 1,2LDAP Consumers
Sun 4804 cpu/16Gb
Portal 6PlatformServer
Sun 45008 cpu/16 GB
Portal 6PlatformServer
Sun v8808 cpu/32 GB
SummarySummary
Common entry point for Government Common entry point for Government ServicesServices
User customizable interfaceUser customizable interface Aggregation of services into ‘channels’Aggregation of services into ‘channels’ Authentication of usersAuthentication of users Authorization of users to applicationsAuthorization of users to applications Secure encrypted communication through Secure encrypted communication through
InternetInternet Support for a variety of applicationsSupport for a variety of applications