150 likes | 234 Views
EAS310: Creating B2B XML Applications in EAServer. Paul Jacobs Technical Leader paul.jacobs@eds.com Brad Wanzer Technical Leader brad.wanzer@eds.com August 15-19, 2004. Agenda. Presenter Background Prior Team Experience Project Background High-Level Project Requirements
E N D
EAS310: Creating B2B XML Applications in EAServer Paul Jacobs Technical Leader paul.jacobs@eds.com Brad Wanzer Technical Leader brad.wanzer@eds.com August 15-19, 2004
Agenda • Presenter Background • Prior Team Experience • Project Background • High-Level Project Requirements • Transaction Security & Processing Requirements • Initial Design • Detailed Design Choices • Construction and Implementation • Summary • Questions
Presenter Background • Brad Wanzer • 17 years IT industry experience. • 14 years supporting the mortgage industry • 7 years PowerBuilder experience • 4 years EAServer experience • Paul Jacobs • 13 years IT industry experience. • 10 years supporting the mortgage industry • 7 years PowerBuilder experience • 4 years EAServer experience
Prior Team Experience • Formed in 1996 • Distributed PowerBuilder 5.x & 6.x • Client and Batch Applications • 16 & 32 bit support • Web application (2000) • EAServer 3.61 • PowerBuilder 7.x • PowerDynamo • iPlanet • Migrated to JSP (2002) • JRun 3.x • Apache • Limited XML
Project Background • Mortgage industry client • Project objectives • Provide ESIGN and UETA Section 16 “safe harbor” for investors to purchase electronic notes • Central registry to identify the current controller and location of the “authoritative copy” of the electronic note • Existing standard for electronic notes • Industry entities • Timeline
High-Level Project Requirements • B2B • XML transactions • Incoming transaction requests • Outgoing notification requests • Security • Secure, high performance environment • Satisfy interagency guidelines for safeguarding customer information • Provide multi-level security • Trusted point-to-point traffic only • Audit trails • Aggressive timetable
Transaction Security & Processing Requirements • Transaction security • Digitally sign (Envelope Signature) all transactions • Digital certificate validation & authentication (PKI) • OID validation for assurance level • Certificate Revocation List (CRL) check • Certificate distinguished name validation (x509 Subject name) • Transaction processing requirements • Digital signature tamper seal validation (Registration) • Compare digital signatures (All other transactions) • Initiate XML transaction
Initial Design • Development tool criteria • XML support • XML digital signature processing • PKI support • Scalable • Leverage team expertise • Development tools and platform decisions • EAServer 4.2.x • PowerBuilder 9.x • Java (J2EE 1.4) • Windows 2000 • DBMS
Initial Design Flow Electronic Note Registry Lender’s System Parse XML Process Request Transaction Request Mechanism XML Request Digital Signature Processing DB XML Response PKI Business Logic Process Unsolicited Notifications Notification Request Mechanism XML Request Notification XML XML Response
Detailed Design Choices • Business logic • PowerBuilder 9.x components • Database stored procedures • XML parsing • Java (Xerces) • Database stored procedures (XPath) • Certificate validation (PKI) • Custom Java code • J2EE 1.4 JRE (java.security.cert, sun.security.x509) • Betrusted XML KeyTools
Detailed Design Choices (Cont.) • Digital signature validation • Custom Java code • J2EE 1.4 JRE (java.security.cert) • Betrusted XML KeyTools • Java Cryptography Extension (sunjce_provider.jar) • XML response • PowerBuilder 9.x (XML DataWindow) • Initiate XML request • PowerBuilder 9.x (XML DataWindow) • Custom Java code
Detailed Design Flow Lender’s System Electronic Note Registry (EAServer) ParseXML Transaction Request Mechanism XML Request Servlet DB XML Response Digital Signature Processing XML DataWindow PKI Process Request Business Logic XML Parsing Business Logic Process Unsolicited Notifications Notification Request Mechanism XML Request Notification XML XML Response XML DataWindow Java PowerBuilder
Construction and Implementation • PowerBuilder components • Java CORBA components • Wrapper for Java classes • Invoking 3rd party Java Classes • Environment settings • Component interoperability • Unit testing • Run EAServer as service • Bootclasspath • Classpath • Order of classes (jsse.jar)
Summary • PowerBuilder • Simple syntax • Less lines of code • DataWindow technology • Java • Secure • Portable • Rich class library • EAServer • Supports multiple component models and development languages • Scalable • Fast time-to-market • Developer’s Edition is free!