Home | Company | Solutions | Customers | Support | Contact



  - Solutions Overview
  - Data Warehousing and BI
  - Enterprise Information Portals
  - Custom Software Solutions




    
Solutions > Enterprise Information Portals > Portal Technologies and Architecture

Portal Technologies and Architecture

  1. Enterprise Information Portals
  2. Corporate Portal Framework
  3. Functional Components of Portals
  4. Technical Components of Portals
  5. Portals and Infrastructure
  6. Portals and Security

Enterprise Information Portals (EIP)
These are portals that are designed for B2E processes, activities and communities to improve the access, processing and sharing of structured and unstructured information within and across the enterprise. EIPs also incorporate roles, processes, workflow, collaboration, content management, data warehousing and marts, enterprise applications and business intelligence. Examples of Corporate or Enterprise Information Portals include:

  • Business intelligence portals - A business intelligence portal is a corporate portal that enables users to access and produce reports for decision-making purposes on enterprise-wide databases. Examples companies that provide business intelligence technologies include MicroStrategy, Business Objects, Cognos, Oracle, and others.
  • Business area (Intranet) portals - Business area portals support specific functions or processes and applications within the enterprise. Examples of business area portals include HR (e.g., Authoria, PeopleSoft); ERP (e.g., SAP Portals, Oracle); Sales and Marketing e.g., (Siebel); and Supply Chain Management (e.g., i2). These business area portals are emerging to provide greater employee access to information stored in enterprise specific applications.
  • Horizontal portals - Horizontal portals are generic in nature and cut across the organization. Examples of horizontal portals include the following:
    • Collaboration -Enterprise Collaborative Portals (ECP) - which provide virtual places for people to work together
    • Expertise - Enterprise Expertise Portals (EEP) - which provide connections between people based on their abilities
    • Knowledge Management - Enterprise Knowledge Portals (EKP) - which provide all of the above and proactively deliver links to content and people that are directly relevant to user's tasks in real time.
    • Content management
    • Document management (e.g., Documentum)
  • Extended enterprise portals - Examples of extended enterprise portals are: business to customer (B2C) which extend the enterprise to its customers for the purpose of ordering, billing, customer service, self-service, etc.; and business to business (B2B) which extends the enterprise to its suppliers and partners. B2B portals are transforming the supplier and value chain process and relationships.

Back to Top

Corporate Portal Framework
In order to look at a comprehensive portal solution, we have divided the various portal-related components into layers of services. This type of a framework allows a company to assemble a solid architecture for one or more portals, rather than relying on a single portal vendor. A flexible and scaleable framework allows a company's portals to evolve to incorporate new technology and functionality. Companies will want to mix and match best-of-breed elements of a portal solution by considering these layers of services.

  • Presentation services - This layer of a portal framework deals with the presentation of the portal content / portlets to the end users and serves as the web interface. The main browser window may be segmented into frames for each personalized application or a new browser window can be launched when a new application is initiated. This is typically done in HTML, but it might also be done in WML (for wireless devices) or some other format in the future. Because a portal is a collection of different panes (also referred to as portlets, or web services), the question of where the presentation work gets done may or may not be straightforward. In many portals, each portlet generates the HTML necessary for that portlet, and then the portal server aggregates these portlets into a final HTML presentation. In other portals, each portlet is really a Web Service, which returns XML and returns an XSLT, which the portal then transforms to the final presentation format.
  • Information services - A portal is an aggregation of one or more Information services. An Information service can be thought of as meaningful information - which might come from a structured data source, unstructured content sources inside the corporation, or external information available on public or private web sites. The information may be coming from third-party sources in the form of a web service (e.g. syndicated content), or might be provided in the form of documents. End users can then subscribe to one or more information service on a personalized basis as part of their portal customization.
  • Infrastructure services - A robust portal framework includes multiple levels of infrastructure services that provide a comprehensive unification and integration platform. This includes the services related to load balancing, caching, high availability and performance that are provided by the web server environment, as well as the underlying security infrastructure. The security infrastructure at this layer consists of secure access related issues (firewalls, VPN's, etc.). Also included are LDAP synchronization, unified authentication, single cross-platform login and authorization services of the portal.
  • Identity Management/ Security Services - The identify services layer deals with security issues at the level of the portal and at a cross-application level. This includes authentication services (username/password management, LDAP synchronization, single sign-on, groups, etc.). This also consists of authorization services, which map the roles, privileges of end users to individual security policies and to domains of content within the portal. While the infrastructure for managing authorizations is provided at this level, end users typically set up the security for individual Portlets or Content Folders via the Administration/Management services and/or the Content Services. In a well-integrated Portal architecture, the front end provided by those layers (Administration and Content) would communicate with an underlying, independent set of security services.
  • Administration/Management services - Administration/Management services are necessary for the portal to be easily administered and supported, allowing "power users" to configure the portal framework for the end user community. In addition, the IT organization can configure, manage and support the environment. Administration services are offered through a Web interface in many portals and in some cases there is a separate client/server program that makes administration easy. These services might include taxonomy management, user management, configuration management, role management, registration of modules and information services.
  • Access and Integration services - A comprehensive portal solution will provide the architecture for tying into back-end databases and applications. The Access and Integration services layer provides this functionality to the portal, and even to individual Portlets. This layer may tie into an existing EAI solution to get access to certain back-end adapters or APIs. A well formulated Access and Integration services layer will allow for the development of additional adapters for new systems as needed.
  • Content Services - The Content Services are an important part of a comprehensive portal solution. Content services deal with the management of unstructured digital assets within the portal. This typically includes a full text indexing engine, a set of crawlers that are capable of navigating and indexing existing content, a metadata repository, and a content management system to allow for the submittal and approval of content into the portal. This layer also includes a taxonomy manager.
  • Collaboration services - Collaboration services allow end users of the portal to work together more effectively by establishing shared workspaces, shared document repositories, interaction in real-time and shared discussion forums. Collaboration services also allow for the definition and execution of workflow across the enterprise and outside the enterprise to different content sources and back end systems.
  • Development services - Development services is an environment that allows for the development of custom portals, custom portal modules, or Portlets. Very often, these Portlets will be implemented as tiers of Web Services. The development services allow for the creation of these modules, by providing http, rendering, customization, and XML-related services. Development services also include the supporting tools and methodologies.
  • Application services - Application services are those services that are obtained via a portal engine or a portal assistant through an API interface (sometimes called gadgets or portlets) or EAI layer. Application services include interfaces and integration to enterprise software packages such as SAP's and Oracle's ERP solution, Siebel's CRM solution, PeopleSoft's HR solution and i2's SCM solution. Application services also provide access to other legacy systems, content management, document management and collaboration.

Back to Top

Functional Components of Portals
Portals provide a combination of "out of the box" and custom functionality to allow users to find, manage, categorize, and use content and applications. While not all portals have all of the following features, they describe a good high-level view of the elements that can make up a portal solution.

  • Taxonomy - Although a taxonomy can be defined simply as the content directory for an enterprise's unstructured information, it can be populated with content and presented to the user in many different ways. Both substance and behavior of the directory define a usable Taxonomy for an enterprise. Indented lists, classification trees and hierarchies are other terms used to describe Taxonomy structures. Folders and sub-folders, topics and sub-topics, categories and sub-categories are others. Regardless of the terms used to describe a taxonomy, however, it gives us a way to organize content into a structure that is easily browsed by the portal user.
  • Directory - The portal's directory is its organization of content into a structure and hierarchy of categories. The directory is the implementation within the portal of the enterprise's taxonomy.
  • Browse / Navigate Documents - This feature enables portal users to manually locate content by navigating the directory structure.
  • Search - A fundamental part of a portal implementation is its search capability, which indexes enterprise content from multiple storage systems and allows users to browse and retrieve content based on selection criteria. Searching across multiple portals and their integrated applications is referred to as "federated" or network search. In this scenario, the user can specify the search criteria once, but retrieve relevant content links from the diverse repositories targeted by the search.
  • Content management - Content management is the process of authoring, contributing, reviewing, approving, publishing, delivering, and maintaining content integrated with or accessed from a portal or other web site. Content management usually refers to text and graphical content that is viewed in a web browser.
  • Document management - Document management is similar to content management, although it typically refers to the control and management of an enterprise's documents (other than web pages) stored in electronic files, including scanned images of paper documents. It also often includes check in and check out of documents to ensure version control.
  • End User Customization - Customization refers to the capability of portals to allow users to specify their own preferences for the user interface look-and-feel attributes. Customization typically accommodates preferences for color schemes, modules that appear, and the layout of the modules and content on a page of the portal.
  • Personalization - Portal personalization can occur at multiple levels. Each individual user can have settings for each of the portal functions that they use. A community, or group of users, can have settings and settings can be established up to the organizational level. A portal provides the framework for users to store the settings and tailor the content that they are interested in seeing.
  • Expert Locator - In addition to helping users locate information that is important to them, a portal can be very useful in finding "experts" within the organization. This extends the concept of corporate knowledge to include people and their skill sets. In some cases, these skill sets are implicit in their job functions and the types of information they regularly handle. In other cases, these skill sets are explicit.
  • Collaboration - An EIP solution can be a very powerful collaborative tool. Collaboration functions enable a group of users to work together to share ideas and complete work as a team. Collaboration includes electronic interactions among users in different physical locations in real time ("synchronous") and at different times ("asynchronous"). Forms of collaboration are instant messaging ("chat") systems, team workspace, and discussion forums, document sharing, electronic white boarding, virtual conferencing, and video conferencing.
  • Business Intelligence - Most enterprise portals can act as a universal front end to the different components of a BI solution, helping its users make better business decisions. BI includes enterprise reporting, ad hoc reporting, OLAP and multidimensional analysis, and exception reporting.
  • Alerts - An alert is a notification of an event or change based on one or more conditions involving single or multiple information or application sources. These notifications can be delivered within a portal as well as by other mechanisms such as e-mail or wireless device. Alerts usually accommodate individual user preferences, such as the delivery mechanism and format, the conditions that should trigger an alert, and the frequency of notification.
  • Subscribe / What's new - Many portals (and other web sites and applications) allow individuals to register an interest in or "subscribe" to a particular component or category of content. Portals will then notify the subscribers when the content changes or new content is added.
  • Workflow - Workflow refers to the efficient electronic management of a business process, including roles, tasks, templates, checkpoints, approvals, and escalation procedures. Within a portal, workflow systems are administered and integrated to achieve the interaction between different component modules of the portal through which the business process flows. In addition, notification alerts that a workflow step or task have been assigned are typically delivered through the portal to its users.
  • Single sign-on - The ability to see information from multiple systems, in multiple formats, all presented on a single page view is perhaps the largest benefit to a portal's user community. This results in significant reduction in employee orientation and training, as well as timesaving for the users who can monitor and update multiple systems through a single web view of the enterprise. Since the different systems that make up a page within a portal may be secured with different user login credentials, single sign-on solutions facilitate the navigation among the systems through a single authentication scheme.

Back to Top

Technical Components of Portals
A comprehensive portal solution incorporates a variety of internet and application-related technology components. Because the goal of the portal is to provide a single view to the end user of information coming from multiple sources, the list of possible technologies utilized within portals is endless. However, the following list is a good introduction to the most common technologies that are included in Portal solutions. Some of these technologies (such as Web services) are constantly evolving, while others (such as the portal database, which is usually built on a SQL database) are relatively stable technologies.

  • Application Server - Application servers are typically J2EE compliant and provide the underlying development and run-time infrastructure for the portal. Examples of application servers include iPlanet, BEA WebLogic, IBM Websphere, Oracle 9iAS and Sybase Application Server. Many of the application server vendors are incorporating "portals" as add-ons to their base product. For example, IBM Websphere Portal Server, Oracle Portal, BEA Portal and Sybase Enterprise Portal are all built on top of the corresponding application server and in some cases are sold as one package. Several of the stand-alone portal products, such as Plumtree, Epicentric and Corechange have Java components or are Java-based and take advantage of an application server.
  • Web Server - The Web Server works in conjunction with the application server to provide the run-time environment for client requests. The web servers used with portals are standard HTTP web servers, such as Microsoft Internet Information Server (IIS), apache, etc. When an end user brings up the portal page, the web browser makes a request of the web server. The web server then passes the request to the application server. The portal (and its associated Portlets) runs on top of the application server.
  • Database - Most portals have an underlying database (such as Oracle, DB2, Sybase, or SQL Server) that they use to keep track of information specific to the portal - such as users, personalization settings, available web services/Portlets and security. This use of the database is in addition to a transactional system's database (e.g. ERP, CRM or SCM system) that a portal might query to present application specific data to end users.
  • Taxonomy - A taxonomy is a classification scheme to organize a collection of information. Ideally, a taxonomy would take a group of documents and make it easy to browse, search or otherwise navigate information that the user is interested in. A taxonomy is analogous to a folder structure, with the additional functional components of metadata for document classification as well as the rules for categorization. Most enterprise portals have a taxonomy for this purpose, as well as some may have automatically generated taxonomies generated based upon the metadata provided.
  • Crawler - A crawler is an automated process that reads, indexes and classifies documents at a pre-determined interval. A web crawler, for instance, would crawl target web pages periodically to determine if the content has changed. The content is then indexed into the taxonomy so that end users can easily find it. The crawler doesn't necessarily make another copy of the crawled document; rather it indexes it by creating a virtual card that describes the document. The card then lives in the portal index.
  • Metadata repository - A metadata repository contains metadata about the content within the portal and about the structure of that content. This includes the metadata about the taxonomy, as well as the metadata for the individual documents. For example, each of the documents placed in a folder called Clients might have a metadata field called "Client" which would have one or more values. The value of the Client field for a particular document is metadata about that document.
  • Portlet - A Portlet can be thought of as a "building block" of a portal. It is a user-interface for presenting data and functionality from multiple applications on a single web page. Portlets encompass the presentation layer and the business logic. They also tie into the back end data sources. Called different names by different vendors (Portlets, Gadgets, Blocks, Web Modules, Web Parts), many portal vendors have portlets for connecting to enterprise systems (such as SAP, Siebel, etc.) as well as for collaboration, news, and other functions.
  • Categorization Engine - A categorization engine is used for sorting documents into the folders of a taxonomy. The categorization engine may do this based on metadata in the documents, based on business rules, based on the content of the document, based on search criteria or filters, or some other scheme.
  • Filters - A filter is generally available in a taxonomy to restrict the documents that are admitted into a particular folder, or that are returned as part of a search. A filter can be word based (if a document has the word 'IBM"), concept based (if the document is like this other document), or rule based (if the field called CLIENT has a value of IBM).
  • Index - An index is a collection of information that allows for fast query and retrieval. Within the context of a portal, an Index is usually a combination of a full-text index and a meta-data repository for the documents/content that is included within the portal.
  • Virtual Card - Within an index or metadata repository, a virtual card is a description of a single document or piece of content within the portal. The card usually contains information about where the content physically resides, and contains the values of one or more metadata fields about that document. The card is the "placeholder" for the document within the portal.
  • Web Service - A web service is a program that accepts and responds to requests over the Internet. Typically, a web service accepts requests in an XML-based format. The actual format of the request and the response depends on the XML standards that are being used. One such standard is SOAP. There are public registries and languages - such as UDDI, WSDL - which are used to catalog the different available web services. A calling program can query the registry (UDDI) to find an appropriate web service, then use WSDL to figure out which parameters the service needs, and finally use a calling protocol and XML standard like SOAP to actually make the call to the Web Service.
  • Development Standards and Protocols - A very important component of any development project is to understand what the current industry standards are for developing Portal Solutions and how they relate to each other. A brief summary of the most common is provided below.
    • XML - Extensible Markup Language. XML is a language used to represent almost any type of data. XML is similar to HTML (they are both descendents of SGML, a generalized markup language). Whereas HTML is used to tell Web browsers how to show information to the end user, XML is more typically used to send information between programs. The XML files usually do not have information about the display of the information - the program that receives the data, often by using an XSL style sheet and XSLT, usually handles this separately. The structure of an XML file is usually defined by its DTD (document type definition) or XSD (XML Schema Definition).
    • XSL, XSLT - Acronyms for Extensible Stylesheet Language and Extensible Stylesheet Language Transformation. While XML documents contain data, XSL documents contain rules for "transforming that data" into a presentation that the user can understand. This presentation format might be HTML for web browsers or it might be WML for wireless devices or PDF for printing out the information.
    • DTD and XSD - Document Type Definition and XML Schema Definition. Both DTD and XSD are ways to define the structure and layout of XML documents. DTD and XSD become important for validating that an XML document is in the right format for passing information between different systems, or for passing information from a back end system to the portal.
    • WSDL - Acronym for Web Services Description Language. WSDL allows a Web Service to describe what actions it supports. A "stock quote" web service, for example, might have two actions that other programs can call - getStockQuote, which takes a ticker symbol and returns the closing stock price, and getTickerSymbol which takes a company name and returns one or more ticker symbols. WSDL is an XML based language that allows both calling programs and Web Services to describe legal ways to invoke the program. WSDL is important for portals because portals will typically aggregate information from multiple web services onto a single screen and so need to communicate with each one in the appropriate format.
    • SOAP - Acronym for Simple Object Access Protocol. SOAP is an XML based standard for making function calls across the Internet to another application. SOAP provides the underlying calling protocol (which can be used as an alternative to HTTP GET/POST), a wrapper so that the calling application can send parameters to the program it is calling, and a method for getting results back from that program. Because SOAP is XML based, it is completely platform independent. SOAP is quickly becoming a leading protocol for invoking and getting results from Web Services.
    • UDDI - Universal Description Discovery and Integration. UDDI refers to a specification for finding web services and a public registry where Web Services can publish information about themselves. UDDI can be used to get back XML based "descriptive information" about Web Services. This descriptive information might be in an XML format such as WSDL. UDDI has broad support from all segments of the Internet industry.
    • WSUI - Web Services User Interface. WSUI is a specification for standardizing the display of Web Services to end-users. This extends the traditional web services model, which is used to get and retrieve XML data, by providing a framework for how that data will be displayed to end users. WSUI is akin to a standard way to describe Portlets. In the WSUI model, a Portlet makes a call to a web service, gets back XML, and then users XSLT to transform that XML into HTML, which can then be displayed within the portal.
  • User Profiles - Each Portal contains a profile for each of its users. This profile is used for customization and personalization. Each of the Portlets in a portal has access to this user profile and can use it to store preference information about a user or a class of users. This profile is also how the user "configures" the home page of a portal and chooses which Portlets show up and what information they should show.
  • Content Management System - Most enterprise portals contain a Content Management System, which allows approved end users to submit information into the portal. There is typically an approval process that eventually results in the content becoming available in the correct part of the portal's taxonomy. A Content Management System can deal with documents in their original formats (Microsoft Word, PDF, etc.) or might contain Web Editing features to allow end users to author web pages. (Note: this definition than the one in the prior section)
  • EAI (Enterprise Application Integration) - EAI serves as the umbrella term for all software and services meant to integrate enterprise applications with one another. Given the complexities of each type of application (sales, manufacturing, service, HR, purchasing, etc.) this can be a difficult and expensive proposition. A number of vendors have released software that makes this effort much simpler - including Crossworlds, WebMethods, Tibco, NEON, and MQ Series, etc. EAI impacts the portal because the portal ideally will show consolidated information from multiple back end systems. An EAI layer is needed so that the queries can be coordinated and the results consolidated.

Back to Top

Portals and Infrastructure
Because a portal collects information from multiple back end sources and applications, infrastructure issues are often critical for the success of a portal deployment. The infrastructure issues related to portals tend to magnify the issues that each back end application or content source may have. Infrastructure here refers less to the physical hardware, and more to the interconnection of hardware and software. Here is an introduction to some relevant infrastructure topics for portals:

  • Hosting Service Providers - Hosting service providers operate and maintain the portal services. These can be internal to an organization, such as an IT department, or even external to an organization, such as an Application Service Provider, (ASP,) or an off-site hosting services vendor. The typical tasks that a hosting service provider performs are Systems Management and Site Administration.
  • Service Level Agreement - Service Level Agreements define the proper levels of service to provide systems' customers with. It is typically a list of performance and availability specifications, given a certain workload.
  • Platforms - Several different types of platforms have evolved. The most pervasive platform is the Operating system. These are pervasive: the critical operating systems in the market today are the Microsoft Windows Operating Systems and the MacIntosh (for the client layer,) along with Windows NT, Windows 2000, Unix and its variants, (i.e., Sun Solaris, IBM AIX, IBM OS/390, Linux) for the servers, along with the traditional mainframe-oriented operating systems, (OS/390, OS/400, etc.) which also classify as server.
    • Client Layer - This typically consists of an operating system, a web browser, and an email/Groupware client (such as Lotus Notes or Microsoft Outlook.) Client layer software is often architected with a Presentation Layer, an Application Layer, and a Data Layer. In web applications, it may also include plug-in's, or Active/X controls, depending upon your browser.
    • Presentation Server - The presentation server typically supports the user interface operations of a portal. This is typically a web server, such as Apache, Microsoft IIS, or NetScape iPlanet. (Other web servers exist, but these are the top three.) Presentation servers tend to support web-based applications.
    • Application Server - The Application Server is often kept separate from the presentation server. This is done to separate the presentation layer from the application layer, an often-adopted practice that minimizes the effect that the change in a look-and-feel item would have upon the actual business code. High-end application server architectures, such as Microsoft's COM architecture or Sun's J2EE architecture intentionally enforce this separation. While the presentation server "draws screens," it also invokes the application server when "real-work" needs to be done, the processing of information entered in the screens. Typical Application Servers are BEA Weblogic, Oracle 9iAS, IBM Websphere, and Microsoft MTS.
    • Integration Server - An integration server is a type of application server. An examples of a server would be an IBM MQ Series server.
    • Data Server - The top players in this market are Oracle, IBM (with DB2), Microsoft (with MS SQLServer) and Sybase. Not all data is saved in a relation database, however. High-End search engines, such as Autonomy store data in flat files.
  • Systems Management - Systems management is a continual struggle against Murphy's Law. There are generally two segments of the systems management task: the management of Operations and Engineering. Operations Management tends to focus on the day-to-day tasks required to operate and maintain the system at the desired service levels.
  • Network - Central to the concept of a portal is the concept of a network. A portal is a device that organizes a person's desktop within a network. It allocates appropriate screen placement for each service provided by a portal.
  • Interoperability - Interoperability is critical to a portal. A typical portal integrates several web applications, (which can be of multiple architectures, i.e., Microsoft and Sun architectures,) different applications, (i.e., XML Applications and Database Applications,) with traditional desktop applications, (such as word processors and spreadsheets.) Through the use of portal technologies, many of these components, and more, can be consolidated into a single, organized desktop.
  • Deployment Technology - Once deployment is done, an operation commences. Operations consist of the day-to-day maintenance of services inherent to an application, preferably within a singles service level agreement. Closely related, performance and availability tend to have separate tasks in an organization. (One can argue that an application that does not perform well is not available, in turn, one can argue that an application that is not available does not perform.)
    • Performance - Performance is critical to any portal. A portal that does not perform will not be seen as adding value to a user community. Performance management consists of two types of tasks, those that occur at run time, and those that occur in the long-term.
    • Availability - The other goal of deployment technologies is availability. A system must meet its availability expectations. To ensure availability, a QA process is used by development. To further ensure availability, the application of redundant hardware and software has long been an established process.
  • Unified development environment -The unified development environment simplifies portal implementation. In practice, it tends to be a combination of a Microsoft oriented environment and a Java Environment; however, they both can work in concert on a single Microsoft Operating System developer workstation.
  • Unity - The true utility of the portal is its ability to integrate multiple technologies within a single web screen. These screens will be able to support the integration of technologies over multiple platforms in a high-end portal. A portal implementing unity may need to interact with all layers in the typical application stack.

Back to Top

Portals and Security
Portals aggregate services from multiple providers and place them into organized presentations that are appropriate to their customers' workflows. The providers use multiple systems, which all have different hardware, different operating systems, and different application paradigms for managing security.

  • Single Sign On - Single Sign-On technologies are critical to portals. In short, a portal may need to coordinate information from several web sites, Data Stores, XML Feeds, and other transactional systems. All of these have different security paradigms that single-sign-on solutions will address. Single Sign-On (SS0) technology alleviates this. Examples of vendors in this arena are Netegrity, Oblix, IBM, and Entrust.
  • Delegated Management - An evolution of single-sign-on technologies. Where SSO attempts to facilitate activity, Delegated Management Systems attempt to act as a single point for managing all application and operating system level security issues. Delegate Management systems will eventually replace Single-Sign-On systems as they mature. Examples of vendors in this arena are Netegrity and IBM.
  • Firewalls - Firewalls are computers that run software that analyzes and filters network packets and makes security decisions based upon them.
  • Intrusion Detection - Intrusion Detection software also analyzes patterns of activity within a network to determine if it is under "attack".
  • Cryptography - The science of Cryptography provides for a mathematically rigorous means of authentication, encryption, and non-repudiation. Highly secure portals all implement cryptography for all of these capabilities.
  • Access Controls - Access control systems enforce rules upon lists of identity to determine whether an identity, which is part of a role or a group, may have an appropriate level of access to perform an operation against a resource. The science of Computer Security is a combination of access control and cryptographic technologies. All portals use Access Controls.
  • Authentication - Authentication has both a cryptographic form and an access control form. Cryptographic forms of authentication use a certificate-based schema for ensuring identity. Access control forms are simpler; they generally use credentials such as user-id/password.
  • Non-Repudiation - The act of proving that the data has not been tampered with is called non-repudiation. The science of cryptography provides an elegant and efficient means of non-repudiation through the use of public key technologies and cryptographic hash functions. Financial Portals, Health Care Portals will benefit most from this technology.
  • Authorization - This is essentially an access control function. Essentially, a portal will maintain an authorization list, (a.k.a., access control list,) to determine the appropriate level of access that each identity will have to a resource. Such a system will determine if a user is authorized to act upon that resource.
  • Policy - Prior to implementing a security paradigm, a security policy needs to be established for any organization. This security policy outlines the business needs for security and the organizational procedures for meeting these business needs. Such a policy is used to define access control and certificate policies.
  • Certificates -Digital Certificates are part of the X.509 standard. They are public documents, based upon Public Key Infrastructures that provide security services such as authentication, encryption, and non-repudiation. Portals can use these to secure transaction and provide non-repudiations. From a technical standpoint, a Digital Certificate contains identity information, at least one public key from a Certificate Authority, and a public key representing the identity in questions.
  • Groups - Groups are organized collections of identities. They are configured by administrative personnel and maintained on a day-to-day basis. Portals always need to manage groups as an economic convenience to manage the privacy, integrity, and appropriate accessibility of the data.
  • Roles - Roles are organized collections of capabilities. The collections of capabilities tend to be maintained by developers. Roles may have groups and/or users as members who have access to the capabilities defined by the developers. The memberships of the roles tend to be maintained by administrators.
  • LDAP - The Lightweight Directory Access Protocol. A common directory structure accepted through most of the industry. Portals use these to maintain user information, organizational information, as well as access control and cryptographic certificate information.
  • Certificate Authorities - Certificate Authorities are arbitrators of proofs of digital identity, although they tend not to stand liable for their work. Due to this, and the broadly based Digital Signatures Act, they have not been widely adopted. Certificate Authorities can generate certificates. While there are public CA's, such as Valicert and Verisign, companies are generating their own certificates. CA's are useful to Portals which provide high-value trade services or health care services, however, as they provide a third party mechanism for validating identity. Smaller portal applications may generate their own certificates. The Digital Signature Act allows for Self-Certification. These Self-Certified certificates are legally valid for transactions.
  • Validation Authorities - The X.509 standard is vague, and not all certificates generated from all vendors are alike. In addition, when companies exchange certificates prior to performing e-Business, the "source" company generating the certificate would be in control of the certificate maintenance. In other words, if a source user "goes-bad", the source user's company would need to revoke the certificate. A validation authority allows a destination company to perform a "local certificate revocation" operation, thus alleviating the need for strong organization communication between two companies performing cryptographically certified transactions. In addition, VA's have real-time validation capabilities, making them suited for extremely high-end, highly secure environments. Validation Authorities will be highly useful to portals that wish to provide cryptographic protections to their customers, yet maintain the highest levels of both interoperability and control over their certificates.
  • Public Key Infrastructure - Public Key Cryptography provides elegant implementations of Encryption, Non-Repudiation, and Authentication that require a minimum of key management activity. This makes Public Key Infrastructures more efficient to manage than traditional Symmetric Key Infrastructures. Portals needing cryptographic security will use PKI's.
  • Secure Sockets Layer - A standard for securing transactions through the use of public key cryptography and X.509. It specifically provides for Authentication (two-way) and encryption of information sent over a TCP/IP socket. Portals that require financial or Health-Care transactions will all use SSL.
  • Secure Access Markup Language - Inspired by Netegrity, this language has been developed to facilitate a Delegated Management strategy. It contains non-reputable transactions for managing access controls. It is expected that software vendors will embrace SAML to facilitate their own SSO (soon to be known as Delegate Management) strategies. Portals will reduce their costs in the mid-term by adopting SAML, as their integration with other security paradigms will be simpler.
  • Digital Signatures - Digital Signatures exploit the non-repudiation capabilities of PKI's to provide a cryptographic means of ensuring that data has maintained its integrity.

Back to Top

Reference: http://www.portalscommunity.com/

Home | Company | Solutions | Customers | Support | Contact
All Rights Reserved. © Yómarí, 2004.