Dennis E. Wisnosky, DoD BMA CTO &
Chief Architect in the Office of the Deputy Chief
Management Officer
“Towards Seamless Interoperability and Trust”
May 25, 2010
5/25/10 DWiz DoD DCMO BMA CTO & CA 1
DCMO CTO/CA
Intel Mission
Area
Enterprise Information Environment Mission Area
Business Mission
Area
Warfighter Mission
Area
Dennis E. Wisnosky, DoD BMA CTO & Chief Architect in the Office of the
Deputy Chief Management Officer (DCMO)
Missions of the DoD
The Business Operating
Environment(BOE)
Reach of the BMA
5/25/10 DWiz DoD DCMO BMA CTO & CA 2
The Business Operating Environment
"The Secretary of Defense is responsible for a half- trillion dollar enterprise that is roughly an order of
magnitude larger than any commercial corporation that has ever existed. DoD estimates that business support
activities—the Defense Agencies and the business support operations within the Military Departments—
comprise 53% of the DoD enterprise.”
Reach of the Business Mission Area
5/25/10 DWiz DoD DCMO BMA CTO & CA 3
Strategic Management PlanBusiness Priorities / Outcomes / Goals / Measures / Key Initiatives
Business Enterprise ArchitectureActivities, Processes, Data Standards, Information Exchanges, Business Rules,
System Functions, System Data Exchanges, Terms, and Linkages to Laws, Regulations, and Policies
Con
tinuo
us P
roce
ss
Impr
ovem
ent /
Le
an S
ix S
igm
a
PSA Strategic Alignment
Enterprise Transition PlanRoadmap for the Business Systems and Services Needed for BEA
Implementation
Quadrennial Defense Review (QDR)
IRB Tactical Planning
Continuous Performance Measure and Reporting against Process, Systems/Services and Initiatives
Informs
Process Systems/Services Initiatives
Component Execution
Making the Connections!
5/25/10 DWiz DoD DCMO BMA CTO & CA 4
Roadmap for DoD Business Operations TransformationBy Roadmap
By Policy!
5/25/10 DWiz DoD DCMO BMA CTO & CA 5
Symantec has signed a definitive agreement to acquire VeriSign’s security business, which includes the Secure Sockets Layer (SSL) Certificate Services, the Public Key Infrastructure (PKI) Services, the VeriSign Trust Services and the VeriSign Identity Protection (VIP) Authentication Service.
“With the combined products and reach from Symantec and VeriSign, we are poised to drive adoption of identity security as the means to provide simple and secure access to anything from anywhere, to prevent identity fraud and to make online experiences more user-friendly and hassle-free.”
Breaking News
BMA Interoperability Policy Goals
5/25/10 DWiz DoD DCMO BMA CTO & CA 6
Interoperability Policy Goals
Objective: De-conflict redundant capabilities and informational silos1. Policy to Establish functional interoperability through informational
interoperability• Identify redundant capabilities using common vocabulary• Create understandable business processes using standardized
representation (Primitives)• Create consistent and reusable vocabularies using CARP*
2. Policy to Limit the creation of new data services to only those cases when they cannot be created from existing information exchanges
3. Policy to Remove the need for custom interfaces by creating implicit interoperability• Make information understandable using information models• Create standardized and reusable methods for accessing data • Create physical instantiation of the common vocabulary
*Reference DoDAF 2.0 Journal Best Practices, Architecture Methodology
5/25/10
Kill Redundant Sources Memo x3
DoDI 8321
BECCM COI
Other
Ensuring Performance of Biz Ops
DoDI 5323
DCMO Charter DoDD
5105.82
Policy Deployment Strategy
Enterprise Interoperability
Organization
BI Program Management Office
Review
sCrite
riaMetr
icsSM
P Su
ppor
t
Respo
nsibi
lities
Roles
Func
tions
CPM R
oles
Autho
rities
Scoping Memos (X1 a-n)
HRM CBM
x1.a
FM C
BM x
1.bW
SLM C
BM x1
.c
RPILM
CBM
x1.d
MS&SM
CBM
x1.e
Extracting BI from Apps
Seman
tic D
ataSe
mantic
Stds
.
Thin
Client
Supp
ort
Info S
ecur
ity-D
DRS
Cloud C
ompu
ting
Interoperability for Architecture
Common
Voc
ab.
for In
fo Ex
chan
gePr
imitiv
es fo
r W
orkfl
ow
CARP
for B
uildin
g
Arch
itectu
res
Interoperability of Info
Memo x2
Limit New Redundant Data Sources Memo x4
Use A
uthor
itativ
e Sou
rces
Virtu
alize
Ser
vices
Make A
ll Data
Ava
ilable
as S
ervic
es
Governance of Interoperability
Methods
7All in!
DWiz DoD DCMO BMA CTO & CA
5/25/10 DWiz DoD DCMO BMA CTO & CA 8
Joint Policy ApproachDoD Business OperationsDCIO
(Synchronization & Oversight)
DBSMC
PSAs, MilDeps, etc
CIO Executive Board
IASL EGB
1. Draft Policy for Review
DCMO
MilDep CMOs and 4th
EstateLegend
Direct ReportingCoordination
2. Align, Review
with DCIO
3. SD106 Coordination
3. SD106 Coordination
3. SD106 Coordination
Now Some Details!
5/25/10 DWiz DoD DCMO BMA CTO & CA 9
Where We Are Heading!
The BOE Vision – Version 3.0
5/25/10 DWiz DoD DCMO BMA CTO & CA 10
HRM/ Med FM
Logistics RPILM WSLM/ MSSM
Strategy and Roadmap for DoD Business Operations Transformation
Performance Measures
Semantic Information
CV & Primitives
Past (BMA Federation Strategy version 2.4a)
Present (BOE Execution Roadmap)
BEA 3.0
BOE Vision
DCMO/CIO PoliciesCIO – DIEA, Segment Archi.
Arch. Fed.
MDR
Federation Implementation Plan
CIO/DISA – Federal Cloud
BEA 8.x
Business Intelligence
(BTI) NCES/CES
BOE Service Enablement
Domains
ExecutionDBSAE SOA Imp. Strategy
Future (BMA Architecture Strategy version 3.0)
Initial BOE Experience
DBSMC/IRBs DCMO/DCIO; EGB; BECCM
Version 2.4a
DoD Strategic Mgmt. Plan (SMP)
Common Vocabulary (Ontologies)
RDF OWL other
Enterprise Stds.
Vision & Strategy
Planning & Roadmap
Infrastructure
Governance
Data Integration
Biz. Intelligence
Rules/Workflow
Dat
a S
harin
g an
d B
I Ena
blem
ent
Roadmap: Architecture Governance Socialization Services Infrastructure
Security
How Are We Getting There?
5/25/10
11
BEA Strategy : SMP-E2E-BEA
DWiz DoD DCMO BMA CTO & CA 11
Common Vocabulary is necessary!
5/25/10 DWiz DoD DCMO BMA CTO & CA 12
Common Vocabulary
Technical / Systems
Functional / Requirements
Building the Vocabulary
Using the Vocabulary
• Governance• Identify Conflicts• Resolve Conflicts
• Review Vocabulary• Approve Vocabulary
• Alignment• Unify Format• Parse Input
• Cleanse Vocabulary• Match Terms
• Publish Results
• Architecture• C.A.R.P. / AV-2 Template
• Match Terms• Build Models / Primitives
• Validate Models
• Mediation & Virtualization• Routing
• Content-based Addressing
• Protocol Adaptation• Messaging
mediation pathways
BEA Common Business Vocabulary
Common Vocabulary RDF Store
Common Semantics
Legacy Systems Mediation Virtualization
common vocabulary
common
vocabularyCARP ensures Common Vocabulary use
5/25/10 DWiz DoD DCMO BMA CTO & CA 1313
Building Common Vocabularies
Define Capabilities
What is the architecture supposed to achieve?
Items:• Objectives• Features• Services
Define Resources
Which data/
resources will be consumed or produced?
Items:•Nouns
Define Activities
Which processes/
activities will provide the capabilities?
Items:• Verbs
Define Performers
Who/What will be involved?
Items:• Roles• Systems• Actors
Capability Vocabulary
Activity Vocabulary
Resource Vocabulary
Performer Vocabulary
Capability View
Process View
Data & Rule View
Process ViewMany moving parts!
5/25/10 DWiz DoD DCMO BMA CTO & CA 14
Task/Mission
CBM COI Extensions
Service/Organization Specific Extensions
Common Core
FM
HRM
MSLLM
WSLM
RPILM Business EnterpriseCommon Vocabularies
Metadata COI
Common Core Data Schema
DoD Governance of DoD Core Data, Universal Core
Business Enterprise Common Vocabulary COI, Common Core, DCMO
BTA P&R- CSE
CTO CV Tool Team
FM COI Data Governance
HRM COI Data Governance
WSLM COI Data Governance
MSSLM COI Data Governance
RP&ILM COI Data Governance
Business Enterprise
Architecture (BEA)
Well Documented Intentions!
5/25/10 DWiz DoD DCMO BMA CTO & CA 15
Architecture Primitives Series
DoD Architecture Framework Processes Best‐Practice
http://cio‐nii.defense.gov/sites/dodaf20/journal_exp3.html
OV-6c
The Design Pattern!
5/25/10 DWiz DoD DCMO BMA CTO & CA 16
Patterns & Primitives
PrOntoPriMo
A style guide provides subjective advice that will ensure the design of high quality products
A style guide advises on– Choice of words
• Which constructs are appropriate in a given situation
– Choice of grammar• How to combine
constructs to maximum effect
Provides basic definitions of the architecture model semantics
Provides elementary rules for the connectivity of primitive constructs
Provides foundation building blocks for constructing architecture products
Caveat: A common vocabulary by itself does not guarantee high quality products
Dictionary
Style Guide
Will Industry Care?
We are Underway!
5/25/10 DWiz DoD DCMO BMA CTO & CA 17
5/25/2010 DWiz DoD DCMO BMA CTO & CA 18
National Strategy for Identity, Credential, and Access Mgmt
5/25/10
Example Problem:
BTA Supplier Portal Integration
DWiz DoD DCMO BMA CTO & CA 19
5/25/10
Portal Solution for P2P - High Level Requirements View
Vendors
Portal
iSupplier
DAIiSupplier
DEAMSSUS
GFEBSSUS Navy
ERPWAWF
Account
Creation
Account Management
Routing
Single Sign‐on
Creation of Transaction
Data Visibility
Storage of Data
Identity Transfer Data Visibility
DWiz DoD DCMO BMA CTO & CA 20
5/25/10
Supplier Portal: Vision
Continue to maintain common supplier engagement via the WAWF User Interface while allowing suppliers to easily login to ERP portals for creating documents and viewing detailed transactions.
Minimize changes to WAWF user interface and workflow.
Friction-less way of logging in from WAWF to “correct” ERP.
Maximize use of ERP supplier portal capabilities.
DWiz DoD DCMO BMA CTO & CA 21
5/25/10
Supplier Portal: Our Vision
The same login…
DWiz DoD DCMO BMA CTO & CA 22
5/25/10
Supplier Portal: Our VisionThe same single point of visibility for searching
and
viewing summary…
SEARCHINGSEARCHING
SUMMARYSUMMARY
DWiz DoD DCMO BMA CTO & CA 23
5/25/1024
Supplier Portal: Our VisionWeb links to “punch in”
to the correct ERP supplier
portals to create
documents and view details…
CREATECREATE VIEWVIEW
DWiz DoD DCMO BMA CTO & CA 24
5/25/10
Benefits
Still maintain single point of entry for suppliers and single point of visibility for documentsSuppliers able to seamlessly log into ERP
systems responsible for acceptance and paymentPre-population of header and line-level
detail directly from purchase order significantly enhances accuracy of data submission by supplier
DWiz DoD DCMO BMA CTO & CA 25
5/25/10
WAWF(UI)
AggregationEngine
ERPPortal ERP
ERPPortal ERP
ERPPortal ERP
ERPPortal ERP
ERPPortal ERP
invoice / receipt data
Oauth (Open Authorization) +
OpenID
DWiz DoD DCMO BMA CTO & CA 26
High Level Architecture
5/25/10 DWiz DoD DCMO BMA CTO & CA 27
Stove Pipes Tiered Accountability
Allies
Global Collaboration
Service providers Contractors
In DoD
Agile, Adaptive, Net-Centric
Was IS“To Be”
Getting the Word Out
5/25/10 DWiz DoD DCMO BMA CTO & CA 28
Websites for SOA and Business Operating Environment Updates
http://www.bta.mil/products/training/SOA/index.html
http://www.bta.mil/products/bea_7_0/BEA/html_files/soa.html
By Reaching Out
5/25/10
An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications. http://oauth.net/
An open, decentralized standard for authenticating users that can be used for access control, allowing users to log on to different services with the same digital identity where these services trust the authentication body. http://en.wikipedia.org/wiki/OpenID
DWiz DoD DCMO BMA CTO & CA 30
5/25/10
WAWF(UI)
AggregationEngine
ERPPortal
ERP
Hey, what active duns do you haveand for each duns what are your open
invoices?
User is searching for the list
of invoices for duns “xyz”
that are currently open.
Ooh, this status has changed, go ahead
and notify user
User wants more details on invoice,
hyperlink to ERP Router
ERPRouter
User is redirected to
correct page
‐or‐
if they don’t
have an account in
ERP
[WAWF CONNECT]Handshake and confirmation
of user identify using Oauth
2.0 Standard + OpenID
Create user and
session
DWiz DoD DCMO BMA CTO & CA 31
A Little More Detail
5/25/10
High Level Technical “Dance” for a User who does NOT have an account in the ERP system
WAWF.mil ERP.milhttps://erp.mil/onestoprouter?action=view&
number=CFAB001ERP
Router ERP
Router
[WAWF CONNECT]
https://wawf.mil/authorize?type=web_server&client_id=xxx&redirect_uri=https://erp.mil/callback&scope=
openid
An ERP would like to leverage
your WAWF login?
An ERP would like to leverage
your WAWF login?
OKOK NONOhttps://erp.mil/callback?code=i1WsRn1uB1
Generate verification code (ex. i1WsRn1uB1) Generate verification code (ex. i1WsRn1uB1)
https://wawf.mil/authorize?type=web_server&client_id=xxx&client_secret=yyy&code=i1WsRn1uB1
&redirect_uri=https://erp.mil/callback
Redirect back with additional data and returned
code
Redirect back with additional data and returned
code
HTTP/1.1 200 OK {“access_token”:”ABC”,
“expires_in”:”3600”, “refresh_token”:”WXYZ”,
“user_id”:”http://user.wawf.mil/john_doe”,”issued
_at”:”123456789”,”signature”:”akljsdflaksjdf”}
Request User Info Request User Info
‐or‐
Oauth protected URI rep of WAWF users
https://user.wawf.com/{userna me}
Oauth protected URI rep of WAWF users
https://user.wawf.com/{userna me}
https://user.wawf.mil/john_doe?access_token=ABC
Generate and return access token
Generate and return access token
Logged in? NO
HTTP/1.1 200 OK {“user_id”:”
http://user.wawf.mil/john_doe”,”display_name”:”John
Doe”,”wawf_username”:”johndoe”}
ADD USER
TO ERP USING
ERP API
ADD USER
TO ERP USING
ERP API
UsersUsers32