Skip to main content

Access Integration: Select Application pattern

Overview

The Access Integration pattern gives users a single, consistent, and seamless access mechanism to various applications that would otherwise require the use of several different access mechanisms. This Integration pattern is useful when:

  • Users need access to multiple applications and information sources without every application requiring its own sign-on to establish a separate security context.
  • These applications need to be accessed using multiple devices such as fat clients, browsers, voice response units, mobile devices, and PDAs.
  • A common look and feel is required for all applications.
  • The user wishes to customize the choice of applications and how they are presented.

Some of the above requirements can be observed within Application patterns elsewhere on the Patterns for e-business Web site, such as the Self-Service::Router application pattern or Self-Service::Decomposition application pattern. These Application patterns provide a way for users to access various back-end applications using a single presentation mechanism.

The Access Integration pattern, however, can be used to enable more complex e-business solutions composed of multiple Business patterns. For example, a browser-based, personalized portal can be developed by combining applications that automate the Self-Service business pattern and the Collaboration business pattern. Additionally, this personalized portal might add accessibility to mobile devices.

Explanation for re-engineering of Access Integration application patterns

Application patterns

It is highly probable that a solution will utilize more than one of these Application patterns. Because of this, you'll notice that, in addition to unique Runtime patterns for the Single sign-On and Personalized Delivery application patterns, these two Application patterns are documented in combination in the form of advanced, multifunctional Runtime patterns.

Client

Follow the link to Client application patterns for the detailed pattern descriptions.
Select this Application pattern Client application pattern

Single Sign-On

The Single Sign-On application patterns provide a framework for seamless application access through unified authentication services. Two Application patterns for Single Sign-On are shown below: a basic pattern where the single-sign on functions are performed in the Web tier, and an extended pattern where the security context is extended to include the back-end systems.

Web Single Sign-On application pattern

Business and IT Drivers

  • Provide single sign on across multiple applications
  • Reduce Total Cost of Ownership (TCO)
  • Reduce user administration cost

The primary business driver for choosing this Application pattern is to provide seamless access to multiple applications with a single sign-on while continuing to protect the security of enterprise information and applications.

Simplification and increased efficiency of user profile management is the main IT driver for Single Sign-On.

Solution

Select this Application pattern Single Sign On application pattern

The Single Sign-On application pattern uses the Security and Administration service discussed above.

This Application pattern is built using three logical tiers: Client, Single Sign-On, and Application.

  • The Client tier represents the user interface client such as a browser, mobile phone, or PDA.
  • The Single Sign-On tier implements the Security and Administration service, which provides a seamless sign-on capability across multiple applications. This tier uses a user profile data store, which is primarily read-only. However, this data store can also be used in a read/write manner to keep track of the last sign-on, the number of invalid sign-on attempts, and so on. The SSO tier intercepts all sign-on requests, authenticates the user, and establishes a user credential upon successful authentication. Subsequently, if the user tries to access another application that also requires a sign-on, this service automatically passes the user credential on to that application. The target application recognizes the user credential established by the security service and uses it for authorization locally. As a result, users can sign on once to access all the applications integrated using this Application pattern.
  • The Application tier may represent a new application, a modified existing application, or an unmodified existing application.

Guidelines for use

  • Having a single source for authentication services could create a single point of failure for dependent applications. Care must be taken to provide for high availability of this service.
  • Typically, Single Sign-On works well to support authentication services only, leaving the supported applications to handle their own authorization as appropriate. Combination of these services is generally possible only with new applications that can make use of the common services from the start.

Benefits

  • Users can access their application portfolio easily and securely.
  • User profile information is centralized in a common directory, simplifying profile management and reducing costs.
  • Application development cost is reduced by providing a standard security solution.

Limitations

Many existing applications are not capable of accepting a standard set of user credentials as a substitute for local authentication. Integration with such systems can be difficult or even impossible.

Putting the Application pattern to Use

An insurance company wants to create an Enterprise Information Portal (EIP) that consolidates various applications and information sources. Such a portal must provide single sign-on capability. To implement the requirement the insurance company chooses the Single Sign-On application pattern.

Extended Single Sign-On application pattern

Select this Application pattern Extended Single Sign On application pattern

Extending the security context to include the back-end systems enables non-repudiation of back-end system transactions. For solutions with strong privacy and/or audit requirements, this approach is needed. As shown in the figure below, these solutions will almost always require a centralized user administration model. Examples include financial services transactions and access to health care clinical document systems.

Personalized Delivery

The Personalized Delivery application pattern provides a framework for giving access to applications and information tailored to the interests and roles of a specific user or group. This pattern extends basic user management by collecting rich profile data that can be kept current up to the user’s current session. Data collected can be related to application, business, personal, interaction, or access device-specific preferences.

Business and IT Drivers

The primary business driver for choosing this Application pattern is to increase usability and improve the efficiency of Web applications by tailoring their presentation to the user’s role, interests, habits and/or preferences.

Solution

Select this Application pattern Personalized Delivery application pattern

The Personalized Delivery application uses three of the previous four common services for Integration business patterns discussed above:

  • Personalization
  • Security and Administration
  • Pervasive Device Support

This Application pattern is built using three logical tiers: Client, Personalization, and Application.

  • The Client tier represents the user’s access device, such as a browser, PDA, phone, etc.
  • The Personalization tier works in concert with the application or portal in question to tailor the application components and data presented to the user based on the desired approach (Participatory, Predictive, Prescriptive). Personalization services typically provide a centralized repository for user profile information related to preferences, access history, and aggregate use statistics. The services also give developers the capability to define and store rules and filters, which can be used by applications to provide Personalized Delivery of content and applications.
    This tier implements the Personalization service for data/rule/preference storage and collection and the Security and Administration service to determine a user’s identity.
  • The Application tier may represent a new application, a modified existing application, or an unmodified existing application.

Guidelines for use

Successful implementation of the Personalized Delivery pattern requires a careful examination of business rules, business objectives, and applications’ ability to interact with the Personalization services. Without definition of clear, measurable success criteria for implementation and careful results tracking, costs can quickly spiral beyond the plan without recognizing tangible benefit.

Benefits

  • Users’ interaction with the site is benefited because of increased perception of control and efficiency.
  • Fine-grained control of users’ access to applications is enabled according to role and preferences by the enterprise.
  • Improved user effectiveness is enabled by adapting the complexity and detail of content to a user’s skill level.

Limitations

Personalized Delivery can be very complex and expensive to fully implement.

Putting the Application pattern to Use

The insurance company introduced in the Single Sign-On application above wants to extend their Enterprise Information Portal (EIP) such that it provides a managed window for all customer-facing employees such as customer service reps, agents, and brokers. Such a portal must personalize the welcome screen of the portal based on the user’s identity. To implement these requirements the insurance company chooses the Personalized Delivery application pattern.

Content navigation