Enterprise Architecture 2009

batterycopperInternet και Εφαρμογές Web

12 Νοε 2013 (πριν από 3 χρόνια και 11 μήνες)

99 εμφανίσεις

NOT PROTECTIVELY MARKED



Enterprise

Architecture 2009


Reference Architecture

Content Management

June 2010




Version:


1.0

Editor

Mike Williams

Status:

Issued

Date:

16 June 2010






HA Reference Architecture

________________________________________________________________________


_______
__________________________________________________________________
12/11/2013

v1.0


Page
2

of
17



Document Control

R
evision History

Version

Date

Description

Author

0.1

2
2
nd


October 2009

First draft
.

Mike Williams

0
.2

26
th

October 2009

Added IRM detail


linked to GeoDRM.

Mike Williams

1.0

16
th

June 2010

Baseline issue.

Mike Williams

Forecast Changes

Version

Date

De
scription




Reviewer List

Name

Role

Ivan Wells

Reviewer

Various

External peer review

Approvals

Name

Title

Date

Version

Ivan Wells

Strategy and Architecture



Document References

Document Title

Document Links

INSPIRE Network Services Architecture

D3_5_INSPIRE_NS_Architecture_v3
-
0.pdf


Document Title

Reference Archite
cture


Content Management

Author

Mike Williams

Owner

Ivan Wells

Distribution

General


SHARE and PartnerNET

Document Status

Issued

HA Reference Architecture

________________________________________________________________________


_______
__________________________________________________________________
12/11/2013

v1.0


Page
3

of
17




CONTENTS


1

INTRODUCTION

................................
................................
................................
...........

4

1.1

P
REAMBLE

................................
................................
................................
...................

4

1.2

R
ELATIONSHIP TO
T
ECHNICAL
R
EFERENCE
M
ODEL
(TRM)

................................
.............

4

2

PLATFORM INDEPENDENT

MODEL (PIM)

................................
................................
.

6

2.1

S
UMMARY
D
ESCRIPTION AND
O
VERVIEW

................................
................................
.......

6

2.2

J
AVA
C
ONT
ENT
R
EPOSITORY

................................
................................
........................

6

2.3

JSR
-
170

L
EVELS

................................
................................
................................
.........

7

2.4

CMIS

................................
................................
................................
..........................

9

2.5

I
NFORMATION
R
IGHTS
M
ANAGEMENT
(IRM)

................................
................................
...

9

3

PLATFORM SPECIFIC MO
DEL
-

CMS

................................
................................
.......

11

3.1

O
VERVIEW

................................
................................
................................
.................

11

3.2

A
PACHE
J
ACKRABBIT

................................
................................
................................
..

11

3.3

S
LING

................................
................................
................................
........................

12

4

PLATFORM SPECIFIC MO
DEL


IRM

................................
................................
.......

14

4.1

O
VERVIEW

................................
................................
................................
.................

14

4.2

A
RCHITECTURE

................................
................................
................................
..........

14

4.3

D
EPLOYMENT
................................
................................
................................
.............

15

4.4

I
NTEGRATING
O
RACLE
IRM

................................
................................
.........................

16


HA Reference Architecture

________________________________________________________________________


_______
__________________________________________________________________
12/11/2013

v1.0


Page
4

of
17



1


INTRODUCTION

1.1

P
reamble

Reference architectures

describe one or more Architec
ture Building Blocks for architectures
in a particular domain. They also provide a common vocabulary with which to discuss
implementations, often with the aim of stressing commonality.

In Model
-
Driven Architecture

(MDA) terms
, they equate to Platform Indep
endent Models

(PIM’s).

These represent (potentially re
-
usable) components of business, ICT, or architectural capability
that can be combined with other building blocks to deliver architectures and solutions. Building
blocks can be defined at various levels

of detail,
depending on which

stage of architecture
development has been reached. For instance, at an early stage, a building block can simply
consist of a name
,

or an outline description
, in
architecture models

which repr
es
ent a
placeholder for subsequen
t specifications
. Later on, a building block may be decomposed into
multiple supporting building b
locks that

may
then
be accompanied by full specification
s
.


Reference Implementations
are examples of software specifications. These are intended as a
guide f
or Service Providers to develop concrete Solution Building Blocks (SBB’s). In Model
-
Driven Architecture (MDA) terms, they equate to Platform Specific Models (PSM’s).


These PSM’s are described as either Commercial
-
Off
-
The
-
Shelf (COTS) or Open Source
Softwa
re (OSS). In this respect, the HA Technology Policies are aligned with Cross
-
Government Enterprise Architecture (xGEA) Technical Policies. These specify that OSS
components shou
ld be considered as
viable building block
s

wherever they can be shown to
meet t
he business requirements and offer Value for Money (VfM). Therefore,

actual product
selections will
generally
be determined through procurements
and their evaluations
of the Most
Economically Advantageous Tenders (MEAT).



Where such selections have alread
y been made, the Reference Implementation
s will be
superseded by

Level 2 (Physical) Techno
logy Policies

which reinforce

the use of those

component
s
. Some of these components will stem from a build out, through re
-
use
,

of
the HA’s
more recently acquired
,
ex
isting infrastructure assets and investments
, such as in Business
Intelligence.

In all other cases
, the PSM’s will be based on OSS projects which implement the
relevant Open Standards.

1.2

Relationship to Technical Reference Model (TRM)

This reference architec
ture refers to the
Content Management

which is a sub
-
set of
Information
Management
.


HA Reference Architecture

________________________________________________________________________


_______
__________________________________________________________________
12/11/2013

v1.0


Page
5

of
17




Figure
1

-

TRM Context


HA Reference Architecture

________________________________________________________________________


_______
__________________________________________________________________
12/11/2013

v1.0


Page
6

of
17



2

PLATFORM INDEPENDENT

MODEL (PIM)

2.1

Summary Description and Overview

The reference architecture for
Content Management

is
shown in
Figure
2

below.



Figure
2



Content Reference Architecture

The key components are described in the following sections.

2.2

Java Content Repository

The core component

of
this

Referenc
e Architecture
is the Java Content Repository

API



JSR
-
170 (JCR v1.0) and JSR
-
283 (JCR v2.0
).

JCR treats everything as Content and manages it as
trees of Nodes and Properties, using rich data types. JCR is defined as follows:


The JCR API is

a standard, i
mplementation
-
independent way to access content bi
-
directionally
on a granular level to a content repository”.

Known

compliant repositories include (sample/non
-
exhaustive list):



Apache JaCkRabbit



Oracle XML DB



Exo ECMS Platform



Microsoft Sharepoint



OpenTex
t Livelink

(as used by the HA’
s As
-
Is SHARE document management system
)

HA Reference Architecture

________________________________________________________________________


_______
__________________________________________________________________
12/11/2013

v1.0


Page
7

of
17





Day CRX



IBM FileNet P8



Xythos Repository



Alfresco ECM



Vignette v7



Interwoven Repository



IBM CM



EMC Documentum


Known JCR applications include

the following (sample/non
-
exhaustive list)
:



BEA Portal



Oracle Portal

(as used by the HA’s As
-
Is BI Portal)



Sun OpenPortal



Liferay Enterprise Portal



Fast Enterprise Search



Apache Sling, Cocoon, James and Tapestry



Interface 21 Spring Framework



Alfresco CMS


2.3

JSR
-
170 Levels

The Content Repository API
for Java Technology (JSR
-
170) is split into different
levels of
compliancy to allow repository v
endors to gradually adopt JSR
-
170
.It also allows for the
avoid
ance of

any
unnecessarily high overhead
s

for exposing

subsets

of
functionality through a
JSR
-
170 c
ompliant Interface. JSR
-
170 specifies a Level 1, a Level 2 and a set of advanced
repository feature blocks.

2.3.1

Level 1: Ease of Adoption

The Scope of Level 1 cover
s a large number of simple applications

that need
to search and

to
read from repositories. Leve
l 1 specifies a read
-
on
ly API that allows for the inspection of

Node
and Property
-
types and offers hierarchical read access to content stored in a repository.



Figure
3

-

Level 1

HA Reference Architecture

________________________________________________________________________


_______
__________________________________________________________________
12/11/2013

v1.0


Page
8

of
17



Level

1 of JSR
-
170 is geared to
wards enabling

deve
lopers

to write applications such as search
and display Portlets, CMS
-
Templates, Reports, Exports or other applications that harvest,
search, present or display information from one or multiple repositories.

2.3.2

Level 2: Writeable Repository

Level 2 of JSR
-
170

specifies all the writing capabilities need
ed

to bi
-
directionally interact with a
content repository in a fine and coarse grained fashion.


Figure
4

-

Level 2


Applications written against Level 2 of JSR
-
170 include management ap
plications or
,

generally
speaking
,

any application that generates data, information or content for both structured and
unstructured information.

2.3.3

Advanced Options

On top of Level 1 and
Level 2
,

a number of functional block
s

serve
more

advanced repository
fu
nctionality. This includes functions like: Versi
oning, (JTA) Transactions, Queries using SQL,
explicit locking and content o
bservation.

HA Reference Architecture

________________________________________________________________________


_______
__________________________________________________________________
12/11/2013

v1.0


Page
9

of
17




Figure
5

-

Advanced Options

A fully JSR
-
170 compliant repository encompasses all the

functionality

and therefore lends itself
as general purpose, off
-
the
-
s
helf infrastructure for Content, Document

and Source Code
Management or for just about any other a
pplication that persists content.


2.4

CMIS

Content Management Int
eroperability Services (CMIS) is an emerging OASIS standard which

will build upon existing specifications to "define a domain model and bindings that are designed
to be layered on top of existin
g Content Management systems and their existing programmatic
in
terfaces. CMIS

will not prescribe how specific features should be implemented within those
Enterprise Content Management (ECM) systems. Rather it will seek to define a
generic/universal set of
capabilities provided by an ECM system and a set of services for
working with those capabilities."


2.5

I
nformation Rights Management (IRM
)

2.5.1

Introduction


I
nfo
rmation Rights Management (IRM)

is a new form of information

security technology that
secures and trac
ks sensitive digital information everywhere it is stored and used. Conventional
information management products only manage documents, emails and web pages while they
remain stored within server
-
side
repositories.
Information Rights Management uses encrypt
ion
to extend the management of information beyond the repository


to every copy of an
organis
ation’s most sensitive information, everywhere it is stored and used


on end user
desktops, laptops and mobile wireless devices, in other repositories, inside a
nd outside the
firewall.


IRM is generally intended to prevent the unauthorised use (such as industrial or corporate
espionage or inadvertent release) of proprietary documents. IRM typically integrates with
content management system software for the contro
l of access to corporate documents such
as Microsoft Word, PDF, AutoCAD files, emails, and Intranet web pages.


HA Reference Architecture

________________________________________________________________________


_______
__________________________________________________________________
12/11/2013

v1.0


Page
10

of
17



2.5.2

Linkage to GeoDRM


There is a direct relationship between I
RM and Geospatial Rights Management (Geo
RM)



this
maps to the INSPIRE Blueprint as s
hown in
Figure
6
.


Figure
6

-

INSPIRE Blueprint


This will require that any IRM solution will need to b
e compliant with the OGC Abstra
ct
Specification


“Geospatial Digital Rights Manageme
nt Reference Model (GeoDRM)
, published
by the OGC’s GeoRM
1

Working Group.

For further information see Ref.[1] and
www.opengeospatial.org/projects/groups/georm1.0swg
.




1

The OGC eventually dropped the “Digital” from GeoDRM in recognition of the fact that DRM was a subset of a
wider IRM issue.

HA Reference Architecture

________________________________________________________________________


_______
__________________________________________________________________
12/11/2013

v1.0


Page
11

of
17




3

PLATFORM SPEC
IFIC MODEL

-

CMS

3.1

Overview

The chosen r
eference implementation for Content Management
is
Day

Software’s

CRX
.

This is
based on the fact that the HA
is a “Greenfield site” for
federated

Content Management

coupled
with the fact that it’s Open Source Software (
OSS), which is in line with Government policy.

Day CRX is

a commercially packaged distribution

of the Apache Jackrabbit and Sling open
source projects:



Apache Jackrabbit

is the reference implementation of the Java Content Repository
(JCR) standard
.



Apache

Sling

is a rapid web
-
application framework designed to unleash the full power
of the Java Content Repository to the web
.

3.2

Apache Jackrabbit

The general architecture of Jackrabbit can be described in three Layers: A Content Application
Layer, an API Layer a
nd a Content Repository Implementation Layer
, as shown in
Figure
7

below
.

HA Reference Architecture

________________________________________________________________________


_______
__________________________________________________________________
12/11/2013

v1.0


Page
12

of
17




Figure
7

-

Jackrabbit Architecture

3.3

Sling

Sling, an Apache incubator project,
builds on top of JCR
, optionally pro
viding:



A s
criptable applications layer on top of JCR
.



An
OSGi
-
based industrial
-
strength framework
.



A s
imple, powerful

user interaction layer interface with

JCR inside
.



Runs on Apache Jackrabbit by default
.


The Sling architecture is shown in
Figure
8

below.


HA Reference Architecture

________________________________________________________________________


_______
__________________________________________________________________
12/11/2013

v1.0


Page
13

of
17




Figure
8

-

Sling Architecture


HA Reference Architecture

________________________________________________________________________


_______
__________________________________________________________________
12/11/2013

v1.0


Page
14

of
17



4

PLATFORM SPECIFIC MO
DEL



IRM

4.1

Overview

The chosen reference impl
ementation for IRM is
Oracle Information Rights Management (IRM,
formerly SealedMedia a
nd Stellent Information Rights Management)
. The rationale is as
follows:



No
suitable
Open Source Software (OSS) identified.



Re
-
use of the existing Oracle
-
based infrastructure deployed for Business Intelligence
(BI) and Geographical Information Systems (GIS
).



As Oracle IRM is delivered as a Fusion Middleware service, integration with INSPIRE
may be delivered via Web Services (SOAP) as part of the Interoperable Rights
Managed Framework.



Oracle’s classification
-
based rights model results in users being assigne
d rights to
related sets of information, rather than to individual files. This results in orders of
magnitude fewer rights “under the hood”. Far fewer rights make it possible to
periodically and automatically synchronise rights and audit records between th
e IRM
Desktop and the IRM Server.



Automated synchronisation enables completely transparent mobile (offline) working
sealed information, while retaining rapid centra
lis
ed revocation and updating of rights.

4.2

Architecture

Oracle Information Rights Management

has a patented architecture that distributes rights
management between centralised IRM Servers and IRM Desktop agents, which must be
installed on every user device on which users intend to create or use sealed information.


Figure
9

-

Oracle IRM Architecture



Figure
9

provides a
simplified,
step
-
by
-
step illustration of how the Oracle
IRM

architecture
operates.


HA Reference Architecture

________________________________________________________________________


_______
__________________________________________________________________
12/11/2013

v1.0


Page
15

of
17



1.

Authors continue to create documents and emails in their existing document and

email applications such as Microsoft Office, Microsoft Ou
tlook, Adobe Reader
, etc.

2.

Oracle IRM

enables documents
(and/or

emails
)

to be automatically or manually
sealed at any stage in their lifecycle, using sealing tools integrated into the Windows
deskto
p, authoring
applications, email clients,
content management and collaborative
repositories.
The s
ealing
process
wraps
the documents/
emails within a layer of strong
encryption and digital signatures, together with indelible links back to ne
twork
-
hosted
Ora
cle IRM Servers,
which store the decryption keys and associated access rights.

3.

Sealed documents and emails can be distributed by any existing means, such as
email, web, file share, etc.

4.

The rights governing end user access to sealed documents or emails c
an be
assigned at the time of sealing, or separately

(according to policies)
, the latter being
much more typical in enterprise deployments (where end users do not want to make
complex rights management decisions every time they author a new document or
ema
il). Rights are stored separately from sealed documents and emails on Oracle
IRM Servers, which is what enables them to be assigned, updated or unassigned at
any time.

5.

To create and use sealed documents and emails within their existing desktop
application
s end users must download and install a single, universal agent called the
Oracle IRM Desktop. The Oracle IRM Desktop is small, easy
-
to
-
install and is
responsible for authenticating the user, transparently requesting rights from the
Oracle IRM Server and p
rotecting an
d tracking sealed documents/
emails while "in
use" within native desktop applications. Note: Oracle’s patented distributed
archi
tecture automatically synchronis
es user rights and audit records between the
Oracle IRM Desktop and Oracle IRM Server
, ensuring completely transparent offline
working without sacrificing revocability or requiring end

users to remember to
synchronis
e.

6.

The Oracle IRM Desktop and Oracle IRM Server together audit all attempted and
actual end user access (online and

offline)

to sealed documents/
emails, and all
administrative operations such as assigning or revoking rights. The level of auditing is
configurable and audit records can be stored in the Oracle IRM Server database, sent
to message queues for use by external monitor
ing applications, or exported to log
files for import by standard reporting tools.

7.

The Oracle IRM Management Console and Oracle IRM Web Service SDK provide
query
-
based audit reporting, with useful pre
-
defined reports such as "End User
Activity" or "Item A
ctivity" and user
-
defined reports.

4.3

Deployment


Figure
10

below illustrates a typical deployment of Oracle Information Rights Management.

HA Reference Architecture

________________________________________________________________________


_______
__________________________________________________________________
12/11/2013

v1.0


Page
16

of
17




Figure
10

-

Oracle IRM Deployment Model

A single
[logical]
server, typically hosted in the DMZ, runs the Oracle IRM Server and the
Oracle IRM Standard Rights Model web application. The Oracle IRM Server
is typically
implemented as

a high
-
availability database clust
er hosted in the “
private
cloud”
. All en
d
-
users
need the Oracle IRM Desktop, and some users with administrative roles may also need the
Oracle IRM Management Console.

This is a simple but re
presentative deployment model
, capable of scaling to large user
populations
and information volume
s. As i
t

stores all it
s

internal state
s

with
in the database and
ca
ching can be disabled, more sophisticated models

may include
deploying

a second
ary

Oracle I
RM Server in failover configurations
.

Desktop dependencies are as follows:

Hardware

Standard desktop PC,
10 MB free disk space.

Operating
system

Mic
rosoft Windows 2000, Windows XP,
Windows Vista
or Windows 7.

Formats/
applications



䵩cr潳潦琠t晦ic攠e〰0
-
㈰07
W潲搬⁅c敬
慮搠Po睥wPoi湴⤠



A摯扥 Acr潢慴爠剥慤敲e6⸰.



Em慩l㨠:icr潳潦琠t畴u潯k′ 〰
-
㈰〷Ⱐ
䱯瑵
s⁎潴os‶ 5
-
㜮7⁡ 搠乯vell
Gr潵pWis攠e⸵
-
㜮7



Em慩l㨠:l慣kB敲ey⁦潲⁅oc桡湧e⁡ 搠
䑯Di湯Ⱐ,ES 㐮4.4



䡔䵌⁡ 搠dM䰠⡉湴Lr湥琠E灬潲敲‶ 〫)



⹔XT⁡ 搠d剔F⁤ cum敮瑳



G䥆ⰠIPEG⁡湤 P乇⁩m慧es

Brows敲e

剥煵ir敳⁉ t敲湥琠Epl潲敲 㘮6+⁴ 扥 i湳瑡ll敤
(摯敳 t e
搠d漠o攠e敦慵l琠trows敲e⸠

䥮I瑡tl
慴i潮


㡍B⁍S䤠
i湳瑡tl敲

re煵ir敳⁡ mi湩s瑲慴ar爠
敬ev慴敤 i湳瑡ll 灲pvil敧敳⸠

S異灯r琠t潲⁳il敮琯t慮慧ed⁩湳瑡ll慴a潮s⸠


4.4

Integrating Oracle IRM


Although Oracle Information

Rights Management can meet
many
needs of ou
t
-
of
-
the
-
bo
x, it is
also designed for integration with third
-
party products and infrastructure.

HA Reference Architecture

________________________________________________________________________


_______
__________________________________________________________________
12/11/2013

v1.0


Page
17

of
17



The Oracle IRM Directory Gateway integrates with enterprise LDAP directories such as
Microsoft Active Directory, Oracle Virtual Directory and
/or

Sun ONE Direct
ory Server to
synchronise the

Oracle IRM Server with centralis
ed uer and group definitions. The Oracle IRM
Directory Gateway also supports script and plug
-
in extensions for synchronising users and
groups from enterprise databases, Windows domains or other
sources.

The Oracle IRM Web Services
Systems Developer Kit (
SDK
)

provides documentation and
samples for a comprehensive set of SOAP/WSDL web services (implemented by the Oracle
IRM Server) which provide developers with access to sealing and ad
ministration
services.
A
pplications for the Oracle IRM Web Services SDK include:



Dynamically sealing files as they enter or leave a repository, for example file shares,
content management systems, collaborative repositories, etc.



Temporarily unsealing files so that t
hey can be indexed (for full
-
text search),
transformed to other formats (e.g. Word to PDF), or scanned for malware.



Sealing or resealing files as part of automated business process workflows.



Integrating Oracle IRM with user pro
visioning systems, Identit
y Management (IdM) and
Enterprise Single Sign
-
On (ESSO) services.




Integrating Oracle IRM with

the OGC Interoperability Rights Managed Framework.


All
of
these web services are subject to the same user and administrative rights model as other
Oracle IRM co
mponents