is task force work product - national association of ... · and data warehouse design, and...

IS Task Force Work Product National Technical Architecture (NTA)

&

NAIC Technical Reference Model (TRM)

June 21st, 2011 TCWG Members

Neil Woerman: 785-296-2060

Carol Jones: 302-674-7329

David Noronha: 916- 492-3294

James Winningham: 501-371-2664

NTA portion pending approval by the IS Task Force 2

National Technical Architecture (NTA) evolves into NAIC Technical Reference Model (TRM)

The purpose of the National Technical Architecture for State Based Insurance Regulation (NTASBIR, or

NTA) is to discuss and communicate standards and techniques for use by the NAIC to ensure that sys-

tems are built in a way to allow States to integrate with NAIC systems in an open manner

that does not restrict the States in the way that they develop their systems.

At the 2011 Tech Ex conference in Kansas City the NAIC presented their Technical Refer-

ence Model (*TRM) which has a specific section that represents the NTA. The other sec-

tions of the TRM are more specific to what is used internally by the NAIC development staff to build sys-

tems, and do not specifically address integration of systems.

Recently in discussions with the IS Task force it was made clear the NTA was only for State to NAIC inte-

gration and not any of the following:

States integrating with each other

Feds integrating with the States

Business partners integrating with the States

The original NTA did not make this very clear and there could be confusion caused by that. You can see

this by the way the NTA was originally described on www.naic.org:

“The purpose of the National Technical Architecture for State Based Insurance Regulation (NTASBIR, or

NTA) is to discuss and communicate standards and techniques for use by the NAIC, States, industry and

other stakeholders.”

NAIC staff is proposing to the IS Task Force, Technical consulting working group the following:

Updates to the NTA standards

Communication of the NTA as a portion of the NAIC TRM

Clear communication that this set of standards only applies to States integration

with the NAIC

* The Technical Reference Model (TRM) provides a foundation to categorize the standards, specifica-

tions, and technologies to support the construction, delivery, and exchange of business and application components (Service

Components) that may be used and leveraged in a Component-Based or Service-Oriented Architecture.



Click below drawing to get detail for each section of the Technical Reference Model


Access & Delivery – Service Transport

Area Category Standard Specification Description Service Access

and Delivery Service

Transport Directory Ser-

vices Active Directory Microsoft's LDAP server

Service Access



vices Novell E-Directory Novell® eDirectory is a high-end directory service that

allows businesses to manage identities and security

access for employees, customers and partners. With

eDirectory, businesses lay the groundwork for secure

identity management solutions and multiple Service Access



vices Oracle Internet Direc-

tory Oracle's LDAP server. Used as the source repository for

user accounts.

Area Category Standard Specification Description Service Platform

and Infrastruc-

Support Plat-

forms Platform De-

pendent .NET No Description Provided

Service Platform

and Infrastruc-

ture

Support Plat-

forms Platform De-

pendent VB Script VB Script is a scripting language from Microsoft. A

subset of Visual Basic, VBScript is widely used on the

Web for both client processing within a Web page

and server-side processing in Active Server Pages

Service Platform

and Infrastruc-

Support Plat-

forms Platform De-

pendent Windows Windows 2000

Service Platform

and Infrastruc-

ture

Support Plat-

forms Platform Inde-

pendent Enterprise Java Beans

(EJB) Enterprise Java Beans are a software component in

Sun's J2EE platform, which provides a pure Java

environment for developing and running distributed

applications. Service Platform

and Infrastruc-

Support Plat-


pendent J2EE J2EE

Service Platform

and Infrastruc-

ture

Support Plat-


pendent JMS Java Message Service, a Java message-oriented

middleware application programming interface for

sending messages between two or more clients Service Platform

and Infrastruc-

ture

Support Plat-


pendent Java Portlet API Java Portlet API enables interoperability between

Portlets and Portals by defining APIs tha.t address

the areas of aggregation, personalization, presenta-

tion and security. Service Platform

and Infrastruc-

Support Plat-


pendent Java Servlet (JSR 53) Java Servlets provide reusable web components that

can be incorporated into portals.

Service Platform

and Infrastruc-

ture

Support Plat-


pendent JSF JavaServer Faces (JSF) is a Java-based Web applica-

tion framework intended to simplify development

integration of web-based user interfaces. Service Platform

and Infrastruc-

ture

Support Plat-


pendent Jboss Seam Seam combines the two frameworks Enterprise

JavaBeans (EJB3) and JavaServer Faces (JSF). Howev-

er, simple POJOs can be used at the back end. One

can turn any EJB3 object or any simple POJO object

into a Seam component by just using annotations.

Once a component becomes a Seam component, it

can be accessed through JSF or through other busi-

ness-logic components in a unified manner

Platform & Infrastructure – Software Infrastructure



Area Category Standard Specification Description Service Platform and

Infrastructure Support Plat-


pendent JavaScript JavaScript

Service Platform and



pendent Asynchronous

JavaScript and

XML (AJAX)

is a group of interrelated web development methods used on the client

-side to create interactive web applications. With Ajax, web applica-

tions can retrieve data from the server asynchronously in the back-

ground without interfering with the display and behavior of the exist-

ing page. Data is usually retrieved using the XMLHttpRequest object. Service Platform and



pendent Spring Frame-

work Spring framework provides dependency management, transaction

management, web framework and testing tools. Service Platform and



pendent Linux No Description Provided




pendent Web Services

for Remote

Portals (WSRP)

WSRP (Web Services for Remote Portals (emerging)) defines an XML

and Web services standard that will allow the plug-n-play of visual,

user-facing Web services with portals or other intermediary Web appli-

cations. Service Platform and


forms Wireless / Mo-

bile N/A No Description Provided



forms Programming

Languages C C is a procedure programming language.



forms Programming

Languages C++ C++ is an object-oriented version of C that has been widely used to

develop enterprise and commercial applications. Service Platform and


forms Programming

Languages HTML

[Platform

Independent

(J2EE) -

Programming

Languages]

HTML – (Hyper Text Markup Language) is the language used to create

Web documents and a subset of Standard Generalized Markup Lan-

guage (SGML).



forms Programming

Languages JAVA No Description Provided



forms Programming

Languages Java Script A scripting language that runs within a web browser.



forms Programming

Languages Perl No Description Provided



forms Programming

Languages PHP [Platform

Dependent -

Programming

Languages]

No Description Provided



forms Programming

Languages PL/SQL Programmatic Lanaguage Proprietary to Oracle Databases used for

Stored Procedures, functions, and other calls to wrap around SQL DB

calls. Service Platform and


forms Programming

Languages SQL scripts No Description Provided



forms Programming

Languages VB Visual Basic, originally based off the BASIC programming language from

Microsoft, specialized for developing Windows applications.



Area Category Standard Specification Description

Service Platform

and Infrastruc-

ture

Support Plat-

forms Programming

Languages VB Visual Basic, originally based off the BASIC program-

ming language from Microsoft, specialized for devel-

oping Windows applications. Service Platform

and Infrastruc-

ture

Support Plat-

forms Programming

Languages VB.Net Visual Basic .NET is a version of the BASIC program-

ming language from Microsoft specialized for devel-

oping Windows applications that is used within

Microsoft’s .NET environment.

Service Platform

and Infrastruc-

ture

Support Plat-

forms Programming

Languages CGI Not Provided

Service Platform

and Infrastruc-

ture

Support Plat-


pendent (J2EE) JSE Platform > SUN JSE 1.4.2

Service Platform

and Infrastruc-

ture

Support Plat-


pendent (J2EE) Platform Independent

(J2EE) Platform Independent (J2EE)

Platform & Infrastructure – Software Engineering

Area Category Standard Specification Description Service Platform and Infrastruc-ture

Software Engi-neering

Integrated Devel-opment Environ-ment (IDE) Eclipse Development environment

Service Platform and Infrastruc-ture


Integrated Devel-opment Environ-ment (IDE) Java SDK Java software development kit



Integrated Devel-opment Environ-ment (IDE) Visual SlickEdit Text editor



Integrated Devel-opment Environ-ment (IDE) Visual Studio and .NET Microsoft IDE for .NET and VB development



Integrated Devel-opment Environ-ment (IDE) FrontPage Web page designer



Integrated Devel-opment Environ-ment (IDE) Netbeans Java development/profiling tool



Integrated Devel-opment Environ-ment (IDE) Oracle Jdeveloper


Software Engi-neering Modeling Erwin Data modeling tool


Software Engi-neering Modeling Microsoft Visio UML and data modelling


Software Engi-neering Modeling Rational Rose UML




Area Category Standard Specification Description Service Platform and Infrastruc-ture



Software Engi-neering Modeling UML


Software Engi-neering Modeling Visio EDI Tool.


Software Engi-neering Modeling

Oracle Developer Suite (Modeling)

Set of tools used for business intelligence, database and data warehouse design, and application devel-opment. Includes: Oracle Business Intelligence Beans, Oracle Reports developer, Oracle JDeveloper, Oracle Designer, Oracle Forms Developer, Oracle Software Configuration Manager, Oracle Warehouse Builder, & Oracle Discoverer.


Software Engi-neering Modeling

Balsamic Mockup - JIRA plugin No Description Provided



Software Config-uration Manage-ment Quality Center Requirements & Traceability Management



Software Config-uration Manage-ment JIRA Issue/Task/Work Request management



Software Config-uration Manage-ment Hudson Software build/test/deploy



Software Config-uration Manage-ment IVY Software build/test/deploy



Software Config-uration Manage-ment Subversion Version, software change management

Platform & Infrastructure – Software Engineering

Platform & Infrastructure – Database Storage

Area Category Standard Specification Description Service Platform

and Infrastruc-

ture

Database /

Storage Database Microsoft Access Access Database

Service Platform

and Infrastruc-

ture

Database /

Storage Database Oracle Oracle 10g, 11g


Platform & Infrastructure – Delivery Servers


Service Platform and Infrastruc-ture Delivery Servers

Application Serv-ers

Internet Information Server - IIS



Microsoft Exchange Server For email, messaging.


Application Serv-ers TomCat No Description Provided


Application Serv-ers Weblogic No Description Provided



Oracle Application Server 10.1.3.5



Sun One Application Server No Description Provided



Glassfish Application Server No Description Provided

Service Platform and Infrastruc-ture Delivery Servers Portal Servers Oracle Portal 10.2.0

Service Platform and Infrastruc-ture Delivery Servers Web Servers Apache

A widely-used public domain, UNIX-based Web server from the Apache Group (www.apache.org). It is based on, and is a plug-in replacement for, NCSA's HTTPd server Version 1.3. The name came from a body of existing code and many patch files.

Service Platform and Infrastruc-ture Delivery Servers Web Servers Oracle HTTP Server No Description Provided Service Platform and Infrastruc-ture Delivery Servers Web Servers

Microsoft IIS Web Server No Description Provided

Service Platform and Infrastruc-ture Delivery Servers Web Servers Sun One Web Server No Description Provided Service Platform and Infrastruc-ture Delivery Servers Web Servers

SunOne (formerly iPlanet) No Description Provided


Operating Sys-tem- Intel Design Microsoft Windows Windows XP


Operating Sys-tems HP-UX HP-UX v11.31


Operating Sys-tem- Linux De-sign Red Hat Linux operating system


Operating Sys-tem- Intel Design MS Windows No Description Provided


Interface/Integration – Interoperability


Service Interface

and Integration Interoperability Data Format /

Classification Document Type

Declaration (DTD)

The XML document type declaration contains or points to

markup declarations that provide a grammar for a class of

documents. This grammar is known as a document type

definition, or DTD

Service Interface


Classification Electronic Data

Interchange (EDI)

Electronic data interchange (EDI) is the structured trans-

mission of data between organizations by electronic

means.

Service Interface


Classification HTML [Data For-

mat / Class]

HTML – (Hyper Text Markup Language) is the language

used to create Web documents and a subset of Standard

Generalized Markup Language (SGML).

Service Interface


Classification

Industry Image File

Formats (JPG, GIF,

TIFF, PNG, SVG,

BMP) No Description Provided Service Interface


Classification Namespaces Namespaces are contexts for identifiers. Used in Schema

definitions. Service Interface


Classification PDF No Description Provided Service Interface


Classification Unicode No Description Provided Service Interface


Classification XML [Data Format /

Class] No Description Provided Service Interface


Classification SQL Import/Export No Description Provided Service Interface

and Integration Interoperability Data Transfor-

mation XPATH No Description Provided Service Interface

and Integration Interoperability Data Transfor-

mation XSLT [Data Transfor-

mation] No Description Provided Service Interface

and Integration Interoperability Data Types /

Validation DTD No Description Provided

Service Interface

and Integration Interoperability Data Types /

Validation

XML Schema N/A

W3C, SAX (Simple

API for XML), DOM

(Document Object

Model) No Description Provided

Interface/Integration – Interface

Area Category Standard Specification Description Service Interface

and Integration Interface Service De-

scription /

Interface

Application Program

Interface (API) /

Protocol

Application Program Interface (API) is a language and

message format used by an application program to com-

municate with the operating system or some other con-

trol program such as a database management system

(DBMS) or communications protocol.

Service Interface

and Integration Interface Service De-

scription /

Interface

Web Services De-

scription Language

(WSDL)

WSDL is an XML based Interface Description Language for

describing XML Web Services and how to use them.

Service Interface

and Integration Interface Service Discov-

ery Universal Data

Description Inter-

face (UDDI)

Defines the method in which applications, systems or web

services are registered and discovered.


NTA: Interface/Integration – Integration


Service Interface and Integration Integration

Enterprise Application Integration

Business Process Management



Enterprise Service Bus

In computing, an enterprise service bus (ESB) is a software architecture construct which provides fundamental ser-vices for complex architectures via an event-driven and standards-based messaging engine (the bus).



Transformation and Formatting General pattern of transforming and formatting.

Service Interface and Integration Integration Middleware COM

COM / COM+ / DCOM are a component software archi-tecture from Microsoft, which defines a structure for building program routines (objects) that can be called up and executed in a Windows environment.

Service Interface and Integration Integration Middleware

Object Request Broker (ORB): Com-mon Object Request Broker Architecture (CORBA)

CORBA is useful because it enables separate pieces of software written in different languages and running on different computers to work with each other like a single application or set of services. More specifically, CORBA is a mechanism in software for normalizing the method-call semantics between application objects residing either in the same address space (application) or remote address space (same host, or remote host on a network).


Remote Method Invocation (RMI) - EJB

RMI is a distributed communication protocol. EJB technol-ogy is built on top of that.


Remote Procedure Call (RPC)

RPC is similar to RMI. It is a mechanism that allows distrib-uted comuting programs to talk to each other. When used in object-oriented systems, its called RMI.

Service Interface and Integration Integration Middleware Oracle AQ

Oracle Advanced Queuing is a message-oriented-middleware solution that is integrated into the Oracle database.

Service Interface and Integration Integration Middleware XML-RPC RPC using XML as the input/output. Service Interface and Integration Integration Middleware Informatica ETL

Software that allows exchange and transformation of data.


Application Connectivity Telnet

Telnet is a network protocol used on the LANs or internet to provide communications facility using a virtual terminal connection.


Application Connectivity CRT Telnet software


Component Framework – Security


Component

Framework Security

Certificates /

Digital Signa-

ture ANSI X930, 199x

part 1

ANSI X9.30 [ANS97] is the United States financial industry

standard for digital signatures based on the federal Digital

Signature Algorithm (DSA)

Component

Framework Security

Certificates /

Digital Signa-

ture Secure Sockets

Layer (SSL) SSL is a cryptographic protocol that provides communica-

tions security over the internet.

Component

Framework Security

Certificates /

Digital Signa-

ture X509

X. 509 – (International Telecommunication Union - Tele-

communication Standardization Sector (ITU-T) Certificate

Authentication) is the international standard for the digi-

tal certificate authentication that is used for user identifi-

cation.

Component

Framework Security

Supporting

Security Ser-

vices 3DES Tripe DES Data encryption algorithm

Component

Framework Security

Supporting

Security Ser-

vices AES Data encryption algorithm

Component

Framework Security

Supporting

Security Ser-

vices S/Mime

S/MIME – (Secure Multipurpose Internet Mail Extensions)

provides a consistent way to send and receive secure

MIME data. Based on the Internet MIME standard, S/

MIME provides cryptographic security services for elec-

tronic messaging applications: authenticate

Component

Framework Security

Supporting

Security Ser-

vices SAML

SAML – (Security Assertion Markup Language) is an XML-

based framework for exchanging security information

expressed in the form of assertions about subjects, where

a subject is an entity (either human or computer) that has

an identity in some security dom

Component

Framework Security

Supporting

Security Ser-

vices Secure Shell (SSH) a network protocol for remote administration of Unix

computers

Component

Framework Security

Supporting

Security Ser-

vices Transport Layer

Security (TLS)

TLS – (Transport Layer Security) is the standard for the

next generation SSL. Provides communications privacy

over the Internet. The protocol allows client/server appli-

cations to communicate in a way that is designed to pre-

vent eavesdropping, tampering,

Component

Framework Security

Supporting

Security Ser-

vices Web Services Secu-

rity (WS-Security)

WS-Security – (Web Services Security) describes enhance-

ments to SOAP messaging to provide message integrity,

message confidentiality, and single message authentica-

tion. These mechanisms can be used to accommodate a

wide variety of security models and encr


Component Framework – Presentation Interface


Component

Framework Presentation /

Interface Content Ren-

dering

Dynamic Hypertext

Markup Language

(DHTML) Dynamic Hypertext Markup Language (DHTML) Component



dering (Adobe) Macrome-

dia/Flash Flash is used to add animation, videos and interactivity to

web sites. Component



dering Adobe Photoshop A graphics editing program.

Component


Interface

Dynamic /

Server-Side

Display

.NET (Incl. ASP,

Visual BASIC, C#,

C++, etc.)

[Dynamic /Server

Side Display]

Microsoft’s .Net and Sun’s J2EE are the two dominant

distributed computing architecture frameworks. .Net

supports a wide range of languages but is primarily tied to

the Microsoft Windows operating system and Intel hard-

ware.

Component


Interface

Dynamic /

Server-Side

Display JSP (Java Server

Pages) Java technology that allows software developers to dy-

namically generate web pages in HTML, XML etc.

Component


Interface

Dynamic /

Server-Side

Display PHP Scripting tool designed to generate dynamic web pages.

Component


Interface Static Display HTML [Static Dis-

play]

HTML – (Hyper Text Markup Language) is the language

used to create Web documents and a subset of Standard

Generalized Markup Language (SGML).

Component


Interface Static Display Adobe

Different file types are present on the NAIC/NIPR Web

sites that may require third-party software to open. Be-

low is a list of the file types and the third-party software

titles used to open them. While most of these file types

are proprietary, there are various commercial, freeware,

and shareware applications which may be used to read or

open these file types.

Component


Interface Content Filter-

ing Mcafee Anti-Virus Mcafee Anti-Virus Component



dering Adobe Photoshop A graphics editing program.

Component Framework – Data Interchange


Component

Framework Data Inter-

change Data Exchange MoveIt FTP Server 3rd party File Transfer software Component


change Data Exchange SecureFTP FTP over SSH Component


change Data Exchange XFER Data transfer acronym

Component


change Data Exchange SOAP (Simple Ob-

ject Access Protocol) Protocol used for web services communications Component


change Data Exchange MoveIt FTP Server 3rd party File Transfer software


Component Framework – Business Logic

Area Category Standard Specification Description Component

Framework Business Logic Business Rule

Engine SBRE In house rules engine for licensing

Access & Delivery – Service Transport




vices Active Directory Microsoft's LDAP server

Service Access



vices Novell E-Directory Novell® eDirectory is a high-end directory service that




identity management solutions and multi-pla Service Access



vices Oracle Internet Direc-

tory Oracle's LDAP server. Used as the source repository for

user accounts.

Access & Delivery – Service Requirements


and Delivery Service Re-

quirements Single Sign-on LDAP

[Authentication /

Single Sign-on ]

LDAP V3 (RFC 1779) – (Lightweight Directory Access

Protocol) is a subset of X.500 designed to run directly

over the TCP/IP stack. LDAP is, like X.500, both an

information model and a protocol for querying and

manipulating it. LDAPv3 is an update develop Service Access


quirements Authentication /

Single Sign-on

(SSO)

Active Directory

[Authentication /

Single Sign-on]

Microsoft's LDAP server

Service Access



Single Sign-on

(SSO)

eDirectory Novell® eDirectory is a high-end directory service that




identity management solutions and multi-pla Service Access



Single Sign-on

(SSO)

OAM and OIM Oracle Access Management and Identity Management

applications provide support for identity provisioning

and access management. Service Access



Single Sign-on

(SSO)

Oracle Single Sign-On Oracle SSO application with OAM provides Single-Sign

on capability for applications running in a web tier.

Service Access


quirements Authentication Private / Public Key Public Key cryptography refers to a widely used set of

methods for transforming a written message into a

form that can be read only by the intended recipient.


Access & Delivery – Delivery Channels


and Delivery Delivery Chan-

nels Extranet Extranet Extranet

Service Access


nels Internet Internet Internet

Service Access


nels Network-to-

Network Com-

ponent

Cisco VPN Virtual private network

Access & Delivery – Access Channels


Service Access and Delivery

Access Chan-nels

Other Electronic Channels System to System

System to System involves at least two computers that exchange data or interact with each other independ-ent of human intervention or participation.


Access Chan-nels

Other Electronic Channels

Uniform Resource Locator (URL)

URL is an identifier that identifies the location of a resource and the mechanism to retrieve it.


Access Chan-nels

Other Electronic Channels Web Service

Web services (sometimes called application services) are services (usually including some combination of programming and data, but possibly including human resources as well) that are made available from a business's web server for Web users or other Web-


Access Chan-nels

Other Electronic Channels Citrix ICA Client

Software to allow communication between a desktop/PC client and the servers hosting applications.


Access Chan-nels

Other Electronic Channels Citrix Web Client

Software to allow communication between a desktop/PC client and the servers hosting applications.


Access Chan-nels Web Browser Internet Explorer

Microsoft Internet Explorer (MSIE) is the most widely used World Wide Web browser


Access Chan-nels Web Browser Web Browser

Define the program that serves as your front end to the World Wide Web on the Internet. In order to view a site, you type its address (URL) into the browser's location field.


Access Chan-nels Web Browser FireFox Internet browser


Access Chan-nels Wireless / PDA

RIM/Blackberry Cell-phone/PDA/iPhone Mobile smartphones


Access Chan-nels

Collaboration / Communica-tions Distance Learning No Description Provided


Access Chan-nels

Collaboration / Communica-tions

Electronic Mail (E-mail)

E-mail (electronic mail) is the exchange of computer-stored messages by telecommunication.


Access Chan-nels

Collaboration / Communica-tions Outlook Email and messaging software


Access Chan-nels

Collaboration / Communica-tions InComm Conferencing Audio, Video and Web Conferencing service


Access Chan-nels

Collaboration / Communica-tions Chorus Call Audio, Video and Web Conferencing service


Access Chan-nels

Online meeting services Meetings application Internal application to schedule meetings


Access Chan-nels FAX Faxcom for Exchange Software to send/receive Faxes



Although the NTA section of the TRM outlines how the NAIC should develop their applications to allow

for open integration with the States, there still may be a need to figure out how to integrate with spe-

cific applications at the NAIC. More thought and effort needs to be put into how to assist in this area,

but the below diagram does a good job of putting the issue in front of us at a high level.

is task force work product - national association of ... · and data warehouse design, and...

Documents