Orchestrating External Engagement Through Access Patterns

David Miller, Covisint CSO, December 2012

Enterprise-grade, Global and Proven

One Platform

500+ Global Customers

22M+ Users

1B+ Yearly Transactions

100% Availability

External Engagement Platforms

• Automotive• Energy

Supply Chain Joint Venture

• Automotive • Energy

Performance-based Care

• Healthcare• Public Sector

Customer

• Automotive• Healthcare• Travel• Financial Services

Dealer

• Automotive• Energy• Financial Services

Consumer/Patient

• Automotive• Healthcare

cloud cloud cloud

cloud

cloud

Cloud Engagement Platform

Applications ManagementPersonalized Dashboard

Remote CommandsService History, Parts/Accessories

Diagnostics

Consumer Finance

Preferred Retail Outlet Integration with Social Media

Accessing Applications, Services, Data

• ID/Password• 2 Factor• Risk-based Authentication• Policy Enforcement

Cloud Authentication

Services

Trusted Identity Broker

• Security Token Service• Federation Protocols• Translations and Mapping

General Services

• Password Strength• User Name Suggestion• Captcha

Administration • Administration Tools• Reporting

Trusted Identity Provider

• Password Management• Provisioning• Profile Management• Authorization Management• Role Management• Workflow Engine

Cloud Identity Services Framework Overview

RESTful & JSON, SOAP

Mobile Web Site

RESTful & JSON, SOAP

APIs

APIs

• Configurable and extensible• Used for suppliers,

employees, consumers, etc.• Use any to all of the services

Solution Integrations

Token Consumer

Token Consumer

Token Consumer

Token Consumer

WS-Fed, Open ID

SAML, WS-Fed

Logon

APIs

APIs

SAML

Token Producer

SAML APIs

Identity Stores- ITIM for Administrators- User Registration

Batch-driven Event-driven

SPMLFTP

HTTP(S)Internal

Web Service

Employee

Administrator

Consumers

Service 1

Service 2

Service 3

Third-party Providers

Service A

Service B

Third Party IdP

Primary Company

Covisint Cloud API: High-level Architecture

Hosted Apps

RESTful & JSON/HTTPS

Covisint Cloud API

Mobile Web Site

Hybrid/Native Mobile App

Device Apps

Hosted by Covisint

PortalMobile UI

• ID/Password• 2 Factor• Risk-based Authentication• Policy Enforcement

Cloud Authentication

Services

Trusted Identity Broker

• Security Token Service• Federation Protocols• Translations and Mapping

General Services

• Password Strength• User Name Suggestion• Captcha

Administration • Administration Tools• Reporting

Trusted Identity Provider

• Password Management• Provisioning• Profile Management• Authorization Management• Role Management• Workflow Engine

Integration Patterns

Pattern 1: Hyperlink-based Integration

• Redirects user’s browser to target application/service- Can include user context- Single sign-on experience

• Implementation effort- Simple portal configuration- Potential security integrations

www.portal.com

www.pandora.com

User

1

2

Pattern 2: iFrame-based Integration

• Target application/service is rendered within a window on the portal• Implementation effort

- Fit target application within the available portal window- Requires security integrations

Pattern 3: Portlet-based Integration

• Select target service functionality surfaced to the user via portlet• Implementation effort

- Portlet creation- Establish API integration

• Security – SAML, WS-Federation, provisioning (potentially), etc.• Routing to target service (direct or via ESB)

- Surface target service’s functionality via API

Target Service

Service 1

Covisint AppCloud API Key Features

• Drive Developer Adoption- Developer Community Portal- API Productivity Tools- Developer Onboarding and Management

• Understand API Usage- API Analytics- Real-time Operational Data- Debugging and Root-cause Analysis

• Control Traffic Flow- Rate Limiting- Traffic Shaping and Queuing- API Load Balancing

Covisint AppCloud API Key Features

• Scale to Millions of Customers and Devices- Caching and Compression- High Concurrency, Low Latency- Horizontal and Vertical Scale

• Transform Existing APIs- Protocol Mediation and Transformation- Optimize API for Mobile Devices- Manage API Versioning

• Secure and Connect- Authentication and Authorization- Data and Threat Protection- Fine-grained Access Control

Pattern 4: Mash-up Based Integration

• Functionality from multiple services (requires correlation criteria) surfaced to the user via a portlet

• Implementation effort- Mash-up portlet creation (with correlation criteria)- Establish API integration

• Security – SAML, WS-Federation, provisioning (potentially), etc.• Routing to target service (direct or via ESB)

- Surface target services’ functionality via APIs

Service 1

Service 2

Service 3

Service “n”

Target Services

Pattern 5: Mobile App-based Integration

• Target services’ functionality surfaced to the user on a smart device

• Implementation effort- App creation- Establish API integration

• Security – SAML, WS-Federation, provisioning (potentially), etc.• Routing to target service (direct or via ESB)

- Surface target services’ functionality via APIs

Service 1

Service 2

Service 3

Service “n”

Target Services

API Integration Reuse

• Portlets and mobile apps leverage the same API integrations- Minimizes development efforts- Accelerates implementations- Leverages business logic- Tailors user interface to platform’s capabilities/constraints

Service 1

Service 2

Service 3

Service “n”

Target Services

Service Provider: A

Service 4

Accelerating Service Migrations

Presentation Abstraction

Web Service Abstraction

• Portlet Enabler

• Faster Implementation

• Flexible Integration

• Future Proof

• Accelerate Development

• Reduce Costs

• Cross-platform Consistency

Presentation Services

Content/ Aggregation

Services

Service Bus

Security Framework

Covisint Environment

Service Provider: A

Service 1

Service 2

Service 3

Service 4

Service Provider: B

Service 1, 2, 3

JSON Object

JSON Object

Thank You