icFoundation web site development software and icFoundation biztalk server 2000 integration
icFoundation is the core of a Web-based Electronic Commerce system. The icFoundation product provides a platform between corporate systems and e-commerce channels with common presentation and navigation, environment management, common standards, error management, auditing, and enhanced security features. One goal of icFoundation is to demonstrate enterprise value by combining three basic standards of Transaction Processing; Scalability, Reliability, and Security. icFoundation specifically takes full advantage of the Pentium class Processor running Windows NT. A single server may easily scale from 8 to 32 processors and multiple servers may be combined into a centralized or distributed architecture. icFoundation is tightly integrated with Microsoft™ Transaction Server (MTS). Integrating MTS into icFoundation provides the assurance that the integrity of data is maintained as it moves across the system. icFoundation uses Secure Sockets Layer technology in order to encrypt and protect data.
[0001] The present application claims priority from Provisional U.S. Patent Application No. 60/262,076 filed on Jan. 18, 2001, and from Provisional U.S. patent application Ser. No. 60/202,518 filed on May 9, 2000, both of which are incorporated herein by reference.
FIELD OF THE INVENTION[0002] The present invention relates to the field of computer software. In particular, the present invention relates to the filed of development and management tools for developing and managing internet websites and providing security therefor.
BACKGROUND OF THE INVENTION[0003] Programs are known in the art for generating websites. Such program “wizards” may be used to create an HTML (XTML, XML, or the like) document which may be used as a web page. Unfortunately, such prior art wizards may be useful only for initial generation of a website. If the website is to be altered or maintained, the resultant HTML document must either be edited (“hard coded”) in HTML (or the like) or a new website developed using the wizard. A need exists in the art, therefor, for a program which may maintain a website once it has been generated.
[0004] In addition, hacking on the Internet has become an increasing problem. An organization may find itself vulnerable to attack by hackers if such hackers may access a web page directly, without going through intermediary web pages (which may generate password authentication routines). Thus, a further need exists in the art for a security system which allows a web site designer or operator to prevent unauthorized outside users from directly accessing web pages.
SUMMARY OF THE INVENTION[0005] icFoundation is the core of a Web-based Electronic Commerce system. The icFoundation product provides a platform between corporate systems and e-commerce channels with common presentation and navigation, environment management, common standards, error management, auditing, and enhanced security features. icFoundation combines three basic standards of Transaction Processing; Scalability, Reliability, and Security. icFoundation specifically takes full advantage of the Pentium class Processor running Windows NT. A single server may easily scale from 8 to 32 processors and multiple servers may be combined into a centralized or distributed architecture. icFoundation may be tightly integrated with Microsof™ Transaction Server (MTS). Integrating MTS into icFoundation provides the assurance that the integrity of data is maintained as it moves across the system. icFoundation uses Secure Sockets Layer technology in order to encrypt and protect data.
BRIEF DESCRIPTION OF THE DRAWINGS[0006] FIG. 1 is a flowchart illustrating icFOUNDATION Functionality and application hierarchy.
[0007] FIG. 2 is a flowchart illustrating icFOUNDATION Architecture.
[0008] FIG. 3 is a flowchart illustrating the icFOUNDATION Site Configuration.
[0009] FIG. 4 is a flowchart illustrating Event Management Workflow.
[0010] FIG. 5 is a flowchart illustrating Reporting Management.
[0011] FIG. 6 is a flowchart illustrating Security Overview.
[0012] FIG. 7 is a flowchart illustrating icWizard Overview.
[0013] FIG. 8 is a diagram depicting a framework for Internet based applications using BizTalk Server 2000 and icFoundation.
[0014] FIG. 9 is an example of a display screen for authorized message viewing.
[0015] FIG. 10 is a block diagram of the icFoundation/Biztalk Site architecture.
[0016] FIG. 11 is a block diagram illustrating an example of a icFoundation/BizTalk Implementation.
[0017] FIG. 12 is a block diagram illustrating an example of icFoundation/BizTalk Implementation enabling a Legacy system.
[0018] FIG. 13 is an example of the icFoundation embedded BizTalk application as applied to a Bankcard Site.
[0019] FIG. 14 is a BizTalkSchema table which may be added to the icFoundation database which may contain all of the interface information necessary for handling XML requests.
[0020] FIG. 15 is a block diagram illustrating Message
[0021] FIG. 16 is a table illustrating the function arguments for the authorization translator.
[0022] FIG. 17 is a table illustrating the function arguments for user authentication.
[0023] FIG. 18 is a table illustrating the function arguments for checking navigation permissions.
[0024] FIG. 19 is a table illustrating the function arguments for checking report permission.
DETAILED DESCRIPTION OF THE INVENTION[0025] FIG. 1 is a flowchart illustrating icFOUNDATION Functionality and application hierarchy. When icFoundation is installed, a default Site may be loaded into the system. Multiple sites may be added as needed (i.e., Intranet, Extranet, and various Internet sites) through the Multiple Sites sub-menu option.
[0026] The properties of the Site may be modified to reflect the preferred Site Name, Site URL, and the like. Each Site's colors, frame-set style, fonts, name and description may be configured using the Site Style Wizard. The Site Style Wizard icon may be located on the Results Tab of the Manage Sites sub menu option.
[0027] A default System Setup record may be added when icFoundation is installed; this record should not be deleted. The global properties of the system may be configured after the installation of icFoundation. The global properties include default retry intervals for IVR settings, fax, email transmissions, and file directories.
[0028] When icFoundation is installed, the Administration, Help, and Reporting menus may be loaded. As custom applications are developed utilizing icFoundation, the main-menus representation and sub-menus may be created.
[0029] After determining the functionality of each application created or being deployed with icFoundation, User Groups may be created in order to access the different areas of functionality.
[0030] If the application deployed with icFoundation generates reports, one should determine which User Groups may have access to each report. Navigation and report permissions may be assigned to each group to determine the menus presented to the user when they log on.
[0031] Each user's account information, including email address (when the user account is activated, the user may automatically be notified of his new password and PIN by email) may be collected. Each user may be mapped to their appropriate office and user groups. Each user may be a member of multiple groups; the user may inherit the sum of all of the group's permissions.
[0032] The ability to add, delete, and update Users may depend on the permissions set by the Administrator. The Manage Groups Sub-menu option uses the standard icFoundation procedures for searching, updating, viewing, adding, and deleting.
[0033] A User with the appropriate permissions may create an Office Type and Office Accounts. An Office Type category may be created before an Office may be added. After creating an office, User accounts may be assigned to that office.
[0034] Users may be readily assigned to various groups through the Add Users to Groups Sub-menu option. By allowing Users to be assigned to groups, multiple Users may easily be configured and assigned permissions by placing all the Users in a particular Group and configuring this Group accordingly. Users may be assigned to multiple Groups and multiple Users may be included in each Group.
[0035] Permissions are defined for the menus and web pages a User may access when they log on to the icFoundation site. Permissions are also defined for special business processes, such as the ability to approve an order and edit all User accounts. Permissions may be set to allow users read-only or full access to data presented on forms. “Administrative” permissions allow support people to use the same User interface and forms as a regular User. Permissions for each group are configured in the Group Permissions Sub-menu.
[0036] Permissions may be applied to three areas: Navigation, Reports, and IVR. Groups which are assigned permissions in the Navigation and Reports tabs may be directly related to the appearance of the Main Menu and Sub Menus. Permissions assigned in the IVR tab give the Group access to assigned IVR functions.
[0037] The Add Users to Sites functionality is geared towards a customer with more than one site. If only one site is to be maintained, the administrator may skip this section.
[0038] Various functions are logged to the system database and utilized for usage analysis and billing: Events, Reports and User time on-line data may be tracked. A combination of all three may be used to bill a customer for utilizing the system.
[0039] An unlimited number of billing matrices may be pre-defined. Matrix properties include a base rate and up to ten tiers of rates, each with a maximum and minimum value and an associated rate. The setup for each user account includes an attribute titled “Billing Group”. The “Billing Group” may comprise a user group from which this account may derive its Event and report billing matrices. The setup for each user account also includes an attribute titled “Billing ID”. “Billing ID” may comprise a billing matrix which may be applied to this user's time on-line usage.
[0040] Any Event may be mapped to a pre-defined billing matrix for each user group. This allows administrators to setup different rate schedules for different user groups, for each event. Also, any Report may be mapped to a pre-defined billing matrix for each user group. When a report is processed, information may be logged: User Name, Report ID, and date/time of the report.
[0041] Errors, warnings, and audits are termed “Events”. Custom events may be added to the system to track custom occurrences, such as; change in sales volume, the check of an order status, or the download of a file. Errors, warnings, and audits and custom events may be configured to notify users when they occur.
[0042] Multiple Support Types may be configured so users may be notified when the events occur, at varying time of the day. Users may also be billed when specific events occur by assigning a billing matrix to each event.
[0043] Default event settings may be modified using the User Messages sub-menu option. External processes may also be triggered to run when any message occurs. An external process could be a batch file or an executable file with command line arguments.
[0044] FIG. 2 is a flowchart illustrating icFOUNDATION Architecture. The N-Tier icFoundation architecture may comprise many components. The icFoundation product may comprise COM objects, Active Server Pages (ASP), Database Tables and NT Services. These components are tightly integrated with Microsoft Windows NT Server. The ASP Pages are processed by Microsoft Internet Information Server (IIS). The COM objects are managed and scaled using Microsoft Transaction Server (MTS). The Services run under NT as NT Services.
[0045] Individual objects may use the following Microsoft Technologies:
[0046] 1. Windows Management Interface (WMI) for starting and stopping of NT Services.
[0047] 2. Coloraborative Data Objects (CDO) and the Microsoft SMTP Service for sending of email.
[0048] 3. CRYPTO API for encryption of data using standard algorithims.
[0049] 4. ActiveX Data Objects (ADO) for database access.
[0050] This architecture allows for Distribution of objects among N-tiers in a systems and also allows for scalability by being able to add multiple servers in a web farm or clustered environment. IcFoundation may be typically configured in a three tier environment where the Presentation Tier formats HTML to be displayed in a browser, the Business Tier performs any business logic and connects to databases and legacy systems and the Data Tier performs data storage, queries and manipulation. The following is a brief summary of how the icFoundation product may be configured in a three tier architecture.
[0051] Presentation Tier—The icFoundation product may comprise hundreds of Active Server Pages (ASP) which communicate with the Business Tier COM objects and send HTML to the web browser. These ASP pages may actually comprise scripts with a mix of VBScript, JavaScript and HTML. These scripts may be processed on the server through Microsoft Internet Information Server.
[0052] Business Tier—The icFoundation product may comprise 23 COM objects which communicate with the Data Tier to process business rules and query data. COM objects may comprise compiled Visual Basic 6.0 ActiveX DLLS which conform to the Component Object Model (COM) standard. The icFoundation product may comprise 23 COM objects. Each COM object may comprise many class files which contain several code functions and/or sub-routines. These functions provide the “business-rule” processing for the icFoundation product. These processes include creating sites, user groups, users, menus, assigning permissions and may other business rules.
[0053] Data Tier—The icFoundation product may utilize 48 database tables to store information used to configure sites, users, groups, permissions, menus, audits, logs, and statistics.
[0054] FIG. 3 is a flowchart illustrating the icFOUNDATION Site Configuration. The icFoundation product allows for multiple “sites” or user interfaces to information. Each of these sites may be configured to have their own functionality, pages, users, groups, reports, menus, logos, colors, fonts and style. These sites may be administrated from a single site or from each site individually. The administrators may configure groups of users who may in turn manage individual pieces of each site such as who manages user accounts, who manages permissions, who manages site logos, colors and menus, who manages the audit logs and security settings.
[0055] All sites may run from the same icFoundation database for easy management and may be used to “brand” identical sites with different colors and logos for different groups of users or customers. All sites run off of the same ASP pages and IP address assigned in IIS. This simplifies management by managing a single set of ASP pages and components instead of many sets of the same pages. Additionally, multiple function sites may be configured and managed using the icFoundation multi-site architecture. Examples of this are having a Intranet Site, Support Site, Extranet Site and Public Web Site all managed by the same user interface.
[0056] FIG. 4 is a flowchart illustrating Event Management Workflow. Errors, warnings, and audits are termed “Events” or “User Messages”. Custom events may be added to the system to track custom occurrences, such as change in sales volume, check of an order status, or download of a file. Errors, warnings, and audits and custom events may be configured to notify users when they occur. Multiple Support Types may be configured so users may be notified when an event occurs, at varying times of day.
[0057] Users may also be billed when specific events occur by assigning a billing matrix to each event. User Messages Default event settings may be modified using the User Messages sub-menu option. External processes may also be triggered to run when any message occurs. An external process could be a batch file or an executable file with command line arguments.
[0058] Errors, Warnings, audits, and custom events may be configured to notify users when they occur. Each event may be mapped to a single Support Type and thus determine the type of automated support which may occur when the event occurs. Support Types may be configured for help desk support when errors and warnings occur. Support Types may also be configured for different departments within the company, which may in turn manage events for different applications, such as Order Entry versus Intranet events. Default support settings may be modified using the Manage Support sub-menu option.
[0059] Multiple Support Types may have multiple support resources (personnel) associated with it. Support resources could be help desk individuals, customer support representatives, department heads, managers, or other individuals who need to be notified when an event occurs. Support Resources may be scheduled to be notified by email, page, phone, or fax at different hours each day.
[0060] There are approximately 700 events defined in the standard installation of the icFoundation product. These events include the occurrence of errors, warnings and system audits which occur in the icFoundation COM objects and Services. An unlimited number of events may be added to the database and incorporated to new COM objects and services as applications are built on top of icFoundation.
[0061] The icFoundation MTXUserMsg.dll COM object contains all of the required functions to process the events when they occur. The Audit and AppLog tables store the date/time, event number, server and user logged on when the event occurred.
[0062] The icFoundation MTXMessaging.dll COM object manages the description and processes to perform when an event occurs. These settings for all events are stored in the icFoundation UserMsg table.
[0063] The icFoundation MTXSupport.dll COM object manages the support types, support schedule and support resource management to configure the assignment of who gets notified when each event occurs. These settings are stored in the SupportType, SupportSchedule, SupportResource and SupportIssue tables.
[0064] Events may be managed from the ADMIN/Manage User Messages screen in the icFoundation management site. From this screen all properties for each event may be configured.
[0065] 1. Events, Support Types, Support Resources and Support Schedule are configured in the icFoundation management screens.
[0066] 2. An event occurs such as an error, warning or Audit.
[0067] 3. The icFoundation MTXUserMsg.dll queries the UserMsg table and gets the properties of the event knowing the event number.
[0068] 4. This object processes the event depending on these properties.
[0069] 5. If a value is contained in the External Process property then this executable or batch file may be ran on the server. The executable or batch file may perform any function the administrator configured it to perform on the server such as delete a file.
[0070] 6. If Log to NT Event Log property is set to TRUE (−1) then the object may add a record to the Windows NT Event Log with the description and cause of the event contained in the UserMsg table for this particular event.
[0071] 7. If Log to Application Log property is set to TRUE (−1) then the object may add a record to the AppLog table in the icFoundation database with the description and cause of the event contained in the UserMsg table for this particular event.
[0072] 8. If Log to Audit Log property is set to TRUE (−1) then the object may add a record to the Audit table in the icFoundation database with the description, cause, date/time, server and user ID of the event contained in the UserMsg table for this particular event.
[0073] 9. If the Support Type property for the event contains a value other than a 1 then the MTXUserMsg object may notify support by following the following processes.
[0074] 10. If the Support Type property has support resources (personnel) scheduled to be notified for this event then it may query the Support tables to determine who and how to notify the individual(s).
[0075] 11. If the Support Type requires opening of a new issue when this event occurs then a record may be added to the SupportIssue table containing the event number, description, cause and the user who was logged on when the event occurred.
[0076] A support issue may comprise a ticket containing the resolution status of an event which occurs. These tickets may be configured to be auto-generated when an event occurs for each support type. Individual tickets contain detailed information about the event and also workflow fields for issue resolution.
[0077] Each Support Type may be configured to open a new Support Issue when an event occurs. Support Types are managed from the ADMIN/ Manage Support screen in the icFoundation management site. Issues may be viewed, approved and resolved using the ADMIN/Manage Issues screen in the icFoundation management site.
[0078] 1. Events, Support Types, Support Resources and Support Schedule are configured in the icFoundation management screens.
[0079] 2. An event occurs with a support type configured to open a new issue with each event occurrence.
[0080] 3. A record may be added to the icFoundation SupportIssue table with a status of PENDING REVIEW.
[0081] 4. If the support type for this issue requires which the issue be approved before it may be worked or processed then the approval person may be notified of the event.
[0082] 5. If the issue is approved then the issue status may be updated to PENDING RESOLUTION.
[0083] 6. Support resources may be notified and be able to resolve the issue and update the record with the resolution.
[0084] Billing Types are managed from the ADMIN/Manage Billing screen in the icFoundation management site. The ADMIN/Assign To Reports and Assign to Events screens are used to assign Billing types to events and reports.
[0085] 1. Billing Types may be created and configured with the reference number, description, base rate, and rate schedule for each Billing Type.
[0086] 2. Billing user groups may be created to associate billing types (rate schedules) to.
[0087] 3. Billing Types (rate schedules) are associated with each billing user group and with each event.
[0088] 4. Billing Types (rate schedules) are associated with each billing user group and with each report.
[0089] 5. Properties may be configured for each user account including Billing Group which determines the user group the user may be a member of an use the rate schedules from for the events and reports.
[0090] 6. Properties may be configured for each user account including Billing ID which determines the Billing Type (rate schedule) which may apply to the user for time-online billing.
[0091] 7. Auditing may be turned on for each event which may be billed. Auditing may be turned on by setting the UserMsg.UseAudit field to TRUE (−1) for each event which may be billed.
[0092] 8. When events occur the user who was logged and performed the event may be logged to the Audit table.
[0093] 9. When a user runs a report it may be logged one of the queue tables including Email, Fax and HTML.
[0094] 10. Each time the user logs on to the site a record may be added to the LogonLog table which contains the date/time the user logged on and their time online.
[0095] 11. Billing and Usage may be determined by queries performed on the Audit table sorted by user account and event.
[0096] FIG. 5 is a flowchart illustrating Reporting Management. The icFoundation reporting infrastructure includes the following four functions. End users have the ability to Download reports in common formats such as Word, Excel, ASCII and others. End users have the ability to view reports in their web browser. End users have the ability to forward reports to multiple users via email and fax. End users and administrators may schedule reports to be emailed or faxed to multiple user accounts on a regular basis such as daily, weekly and monthly.
[0097] The reporting infrastructure consists of many icFoundation components which work together to send the reports. These components include: Report Scheduler Service (icScheduler.exe)—This icFoundation executable schedules reports to be delivered on a regular basis. IVR Service (icIVR.exe and icIVRRetrieveReport.exe)—These executables allow retrieval of reports by using a touch tone telephone. The reports are then sent to the user via email or fax. ASP Page—This script allows selection, viewing and downloading of reports. This ASP page calls the icFoundation MTXQueue.dll which adds records to the email or fax queue tables in the database.
[0098] The email and fax queue services may then pick up and send the email. Email Queue Service (buildemail.exe)—This executable reads email properties from a queue table in the database, creates the report attachments using the icFoundation MTXRunReport.dll and sends the report via email using the icFoundation MTXEmail.dll. Build Report Service (BuildFax.exe)—This executable reads fax properties from a queue table in the database, creates the report output files using the icFoundation MTXRunReport.dll and prints them using the icFoundation print to fax driver (icP2Fax.exe). Send Fax Service (icFaxQ.exe)—This executable sends fax documents.
[0099] icFoundation may include 20 standard environment reports. There may also be provided a reporting infrastructure for building and deploying an unlimited number of custom reports. Custom reports are designed to a standard allowing them to be integrated into icFoundation; this allows them to benefit from the Filter and Preview in HTML functionality as well.
[0100] To secure reports, only assign specific user groups permissions to each report; this allows only authorized users to generate a particular report. Reports may be distributed in various ways, including real-time previewing using a web browser, downloading a report data in a file, forwarding of a report to external individuals via fax or email, and scheduled distribution of reports via email and/or fax. Reports may be scheduled for automatic distribution on a regular interval such as hourly, daily, weekly, and monthly.
[0101] Users with appropriate permissions may view Usage reports, an Audit Log and a System Log. These Logs detail any events, Report, or messages which have been activated while a user has been navigating through the icFoundation application.
[0102] icFoundation provides instructions, standards and templates on how to integrate with the following services. All of the services may be managed from web-based consoles, and each service includes its own report for statistics, status, and exceptions.
[0103] Scheduler Service—This service monitors the Schedule database and places faxes, emails and pages on to their respective Queues.
[0104] Fax Queue Service—This service monitors the Fax Queue database and pulls batches of faxes off of the queue and sends them. This updates the database with statistics such as transmission time and fax status. Busy or failed faxes are automatically scheduled to be re-sent.
[0105] Email Queue Service—This service monitors the Email queue database and pulls batches of emails off the queue and sends them, updating the database with the status of transmission.
[0106] Pager Queue Service—This service monitors the Pager Queue database and pulls batches of pages off of the queue and sends them, updating the database with the status of transmission.
[0107] Batch Report Service—This service monitors the Reports queue database and pulls batches of reports off of the queue and builds them, updating the database with the status of the processing.
[0108] Print-To-Fax Driver—This program acts as a virtual printer on the machine upon which it is installed. When documents are queued to this printer, they are converted to a faxable document.
[0109] Report Types and Reports may be managed from the ADMIN/Manage Reports screen in the icFoundation management site. Report Parameters are managed from the ADMIN/Report Parameters screen in the icFoundation management site. To process a report, the following steps may occur:
[0110] 1. Select the Reports Main Menu option. The Reports Home page may appear.
[0111] 2. At Reports Home Page, the sub menu changes to reflect the Report Types and Reports per Report Type.
[0112] 3. Select the Report Type, then select the appropriate Report. (Example: Report Type—Audit Messaging Report—User Messages)
[0113] 4. The Report Parameters may appear for the specified Report (Example: User Messages).
[0114] a) To View the report, verify “View in Browser” radio button is selected (View in Browser is default selection) click on the Run Report button.
[0115] b) To Download the report, select the “Download this report as a file” radio button. Select the file format needed (Word for Windows is default). Click on the Run Report button.
[0116] c) To Email the report, select the “Email this report to” radio button. Type in the Email address, Email subject and file format. Click on the Run Report button.
[0117] 5. If “Viewed in Browser”, The report appears in the contents frame.
[0118] FIG. 6 is a flowchart illustrating Security Overview. The icFoundation product utilizes several levels of security from the NT operating system to special routines embedded in the icFoundation objects. The 5 levels of security include: NT File Security (NTFS)—This secures files stored on the web server. Standard NT user permissions are applied to directories on the server. IcFoundation uses several system level NT user accounts for page level security. End users do not have access to these accounts. SQL Server Login Security (or similar login security in other RDBMS)—This secures data in the database.
[0119] IcFoundation may use several system level SQL Login accounts to access the data. End users do not have access to these SQL Login accounts. Microsoft Transaction Server (MTS) Role Based Security—This secures the object function calls into the database only authorized users may access business logic. IcFoundation uses several system level Roles to access the objects. End users have no access to these roles.
[0120] IcFoundation Security Routines insure that icFoundation users only have access to menus, HTML/ASP pages and reports that they are authorized for by an icFoundation administrator. IcFoundation Architecture utilizes server side scripts which retrieve data from the database, convert it to an HTML stream and send it to the browser. Data is generally not stored on the web server. Only the processing scripts and COM objects are located on the web server. These objects interact with the database to retrieve data and display it to the end user in the browser.
[0121] The ASP scripts process the COM object calls which connect to the database. These ASP scripts display the data real-time to the end user in a stream of HTML. An actual HTML text file is not created and placed on the server. Therefore if the file system is compromised the actual data from the database is not lost. Only a portion of the script code may be accessed. This script code does not contain any data from the database.
[0122] FIG. 7 is a flowchart illustrating icWizard Overview. The COM/ASP wizard, which is included as part of the icFoundation product, is a utility to create Visual Basic COM Components. By selecting which options to include in the final output, you may customize the functionality of the final code. The icWizard process tokens in templates and merges multiple files into the final generated files. The icWizard also enforces the icFoundation naming and development standards, providing one seamless development environment.
[0123] COM Components For COM Components, the icWizard provides:
[0124] 1. VB source code which makes up the COM component
[0125] 2. Database functionality (ADO)
[0126] 3. Standard error handling and multilingual user messages
[0127] 4. Microsoft Transaction Server (MTS) infrastructure and role-based security
[0128] 5. Auditing of functions
[0129] 6. Data validation before database updates
[0130] 7. Required field checking before updating the database
[0131] 8. Replacing single quotes and double quotes before updating the database
[0132] 9. Function header comments, input parameters, output parameters, function description, return values, and the like
[0133] 10. Creates Visual Basic source code including: .vbp (Visual Basic Project File) and get data, save data, and delete data classes.
[0134] 11. Enforcement of IcFoundation naming and development standards
[0135] ASP Pages For ASP Pages, the icWizard provides:
[0136] 1. ASP code providing integration with the COM components and presentation of search, add, edit, and delete user interfaces in HTML.
[0137] 2. Enforcement of icFoundation naming and development standards
[0138] 3. Page security and initialization functions
[0139] 4. Standard styles and colors
[0140] 5. Standard footer
[0141] 6. Standard error and warning dialog boxes
[0142] Other icWizard Functionality:
[0143] 1. Provides the developer with a help file
[0144] 2. Creates end-user help pages detailing how to use the newly generated user interface
[0145] 3. Updates the database with standard errors, and audits for the functions it creates
[0146] 4. Creates SQL script files for migrating data across servers
[0147] The icFoundation(tm) product provides an infrastructure for web applications developed on Windows 2000. This infrastructure may include security, user management, site management, presentation, auditing, billing, event notifications, reporting and multiple site branding. The icFoundation object model may also provide common business logic for web, wireless and IVR applications. icFoundation provides a robust, thin browser based user interface to interact with the standard icFoundation object model. This user interface may be used for management and configuration of all icFoundation parameters.
[0148] Microsoft BizTalk Server 2000 enables the development and management of application integration within and between organizations using the universal standard of XML. BizTalk Server 2000 (BTS) provides comprehensive process management and is a platform for reliable business document interchange and business processes integration. BTS uses Windows 2000, SQL Server 2000 and Host Integration Server 2000 server products as the underlying technology components.
[0149] BTS may comprise two major components including an orchestration workflow engine and an XML-based messaging engine. Workflows are orchestrated using the BizTalk Application Developer Desk. This Visio-based application visually depicts the business processes to be performed and the implementation of those processes or messages. This visual depiction may then be converted to an XML dialect called XLANG. The BizTalk Scheduler then executes this workflow against documents received by BTS.
[0150] A Message may comprise a single BTS transaction or business process typically made up of an incoming document in XML, EDI or other format. Messages may be sent to BTS using many common protocols such as HTTP, HTTPS, FTP, file and others. Each message type has a published schema, which determines the format of the data in the message. This “external” or “incoming” message enters BTS through a channel into a published external schema. The message's destination or delivery option is an AIC, Orchestration, HTTP, File, MSMQ, FTP or other protocol. In most cases icFoundation may use an AIC or an Orchestration.
[0151] BizTalk Messaging may accept XML, EDI or other documents from external or internal applications. These documents may be converted to XML, mapped to a new form and delivered to trading partners, Orchestration Workflows or Application Integration Components (AIC). AICs are custom-built COM objects which talk to external systems such as SAP, ODBC, J. D. Edwards, McHugh and others. An Application Integration Component (AIC) may comprise a COM objects which may accept the entire XML message document, parse it and pass it to a standard icFoundation COM object. AICs implement a standard COM interface published by BTS.
[0152] Orchestration is a visual drag-and-drop environment based on the Visio graphics tool and used to design document workflows. A document is created which may then be converted into an XLANG schedule. This schedule is then executed in response to a message. Workflows implement long-running transactions and are designed to separate business analysis from the implementation details of the schedule.
[0153] icFoundation enhances BizTalk by adding message process security, schema management, standard error handling and standard messages for account management and report retrieval. BizTalk orchestrations and AICs may also take advantage of icFoundation objects including its security, auditing, billing, email, fax and page queuing. icFoundation also enhances BTS by providing a user interface for partners to view transaction activity reports and authorized message schema definitions.
[0154] An XML schema defines the valid format for a class of XML documents. The form of XML schema used by BTS is XML-Data Reduced (XDR). This alternative to traditional Document Type Definitions (DTD's) represents the format as an XML document and allows representing formats other than XML documents (files, EDI, and the like) and data types.
[0155] FIG. 8 is a diagram depicting a framework for Internet based applications using BizTalk Server 2000 and icFoundation.
[0156] The BizTalk Framework assumes that application programs are distinct entities, and application integration takes place using a loosely coupled, message-passing approach. There is no need for a common object model, programming language, network protocol, database or operating system for two applications to exchange XML messages formatted using the BizTalk Framework. The two applications simply need to be able to format, transmit, receive and consume a standardized XML message.
[0157] Messages are the basis for the most significant contributions of the BizTalk Framework. A message flow between two or more applications is a means to integrate applications at the business-process level by defining a loosely coupled, request-based communication process. Since many business processes involve one party performing a service at the request of another party, the mapping of messages to requests is natural. Approaches making tighter integration demands such as those based on special programming languages or shared distributed computing “platforms,” are highly appropriate to tightly connected applications on single machines or in controlled environments, but they do not adequately support distributed, loosely coupled, extensible business process integration. An XML-based messaging system with open, extensible wire formats captures the essentials of a business communication while allowing flexible implementations.
[0158] It is anticipated that the vast majority of interchanges—the exchange of XML documents and messages between trading partners or applications—implemented using the BizTalk Framework may use a simple HTTP post transport but business may also use other transports including FTP and message queuing technologies including IBM Corp.'s MQSeries and the Microsoft Message Queue Server.
[0159] Since few software applications today provide native support for XML, it is anticipated that businesses and software companies implementing layers of adapters to enable their existing applications to participate in the first generation of BizTalk Framework interchanges. For many applications, these adapters take an existing function call, translate it into an XML document, and route the document to a target destination, whether it is a trading partner or another application within a corporate Internet. Until applications have native support for XML, these types of BizTalk Framework interchanges may require layers of software which transforms native data types into XML and then performs the XML document routing. The BizTalk Framework may also provide support for schemas describing more complex interchanges involving these types of XML document transformers and routers in-house. Microsoft is developing a BizTalk Server 2000 which automates many of the functions required in a BizTalk Framework interchange.
[0160] There are limitation to the prior art implementations of BizTalk. The present implementation of BizTalk may require a BTS Channel be setup for each message type for each partner. Managing a large amount of partners or message types becomes a difficult task. Enrollment of new partners requires interaction with the BTS management desk and duplication of channels and ports. A BizTalk channel defines an interaction which may be received by BTS. Specifically, a channel defines the source organization, input/output document types and any mapping which may be performed on an incoming XML document.
[0161] When an XML document is received through a BizTalk channel, it is delivered to a port. The port determines the method of delivery for the document. It defines the destination organization or application to receive the document and how it may be delivered by BizTalk (HTTP, AIC, Orchestration, STMP, and the like).
[0162] In addition, in BizTalk, there is no “partner” based transaction reporting. The present reporting interface consists of a single web page sample, which is meant for administrators to view transaction activity for all message types for all partners. Moreover, in BizTalk, there is no interface for “partners” to view message types they are authorized for or their schemas. These schemas are required for development of the XML messages. There are also no standard acknowledgments or error messages have been defined. BTS does not include any standard message types.
[0163] icFoundation Solves most if not all of these BizTalk Limitations. Each partner may be issued a standard icFoundation login account. Each message may contain the standard icFoundation Authentication XML elements. Multiple partners may be able to send messages through the same channel. Partners may be added and removed without administrative user interaction with the BTS management desk. Assignment of which partners may process which message type is configurable using the icFoundation web interface and may be changed real-time without interaction with the BTS server(s). Partners may logon to an icFoundation web site and view their authorized message types and full schema detail. This solution eliminates having duplicate channels in BTS for each message type for each partner.
[0164] An icFoundation web site may be provided to allow “partners” to logon and view various transaction activity reports. These reports may be filtered to only allow viewing of the logged on partner's transaction activity. An icFoundation web site may also be provided to allow “partners” to logon and view schemas, sample XML implementations and detailed documentation. Administrators may configure what message types each partner is authorized for by using the icFoundation group permissions screens.
[0165] icFoundation provides standard XML schemas for error messages. icFoundation also provides a rich event based notification system. Each error may be managed through the icFoundation web interface. icFoundation provides Account Management and Report delivery message types, schemas and implementation samples.
[0166] Each source sending a BizTalk message may have an associated Login account in icFoundation. These users may be members of specific sites and user groups within icFoundation. Out of the box, icFoundation may include several “standard” messages which may be sent through BTS. The group permissions for new user groups may be given permission to these messages. Main Menus and Sub Menus may be created within icFoundation to support additional message types.
[0167] IcFoundation supports management of permissions through a web interface. Each partner may be given permissions to send/receive BizTalk messages. Typically this is done using the BizTalk Management Desk and creating a channel for each message type for each partner. With many message types or partners this becomes challenging in the standard BizTalk Management Desk. icFoundation provides a web interface for mapping which transactions may be sent/received by individual usage groups. User groups may be set up by function such as “order placement”, “user management”, and the like. Partners may be added to usage groups to determine which message types they may process. Partners may logon to an icFoundation message site to view which message types they are authorized for. From this site they may view the detailed schemas for the message types and how to implement them.
[0168] Each message as it is passed through BizTalk messaging services or BizTalk Orchestration may include an icFoundation authentication routine to authenticate that the system accepts messages from this user. BTS may also utilize the icFoundation “Check Permission” routines to identify if the authenticated user may send the specific message type such as “change password request”, “place order”, “submit product update”, “add new user”, and the like. Permissions to each of these message types may be managed by the standard icFoundation security defined in the “Message Security Administration”.
[0169] Message Security allows multiple remote locations (partners) to send messages to the same BizTalk channel. In a typical stand-alone install of BizTalk without icFoundation, administrators would have to create a channel for each message type for each partner. With many partners or channels, this becomes a difficult task. The icFoundation web administration screens and AICs allow multiple message types from multiple partners to be sent through a single BizTalk channel. This also allows for enrollment and automated addition of partners without adding channels using the BizTalk Management Desk.
[0170] Message Security determines which partners may process each message/transaction type. Standard user authentication XML elements have been defined to allow partners to add icFoundation authentication to each XML message. icFoundation AICs have been developed to process the authentication elements and determine if the user has permission to process the transaction. The AICs may be utilized from Orchestration or any custom AIC.
[0171] The Message Schema Administration is a screen within icFoundation, which allows administrators to configure a name, description, sample XML file, XML attribute/element field description file and schema file for each message. This data may be stored in the icFoundation database and used by the “Authorized Message Schema Viewing” ASP pages to dynamically build a “documentation” page to display to the end user the format of each message they may send.
[0172] icFoundation provides a web interface to display authorized XML schemas and all supporting documentation. The current version of BTS contains no medium to store schema documentation. Schemas are viewed in raw form with the BizTalk mapping tools. An icFoundation “Site” is used to display only authorized schemas for message types the partner is authorized to transact with the organization. This interface is similar to the BizTalk.org web site where schemas for various message types are stored and details on how to implement them may be viewed. These schemas are used by developers to send messages to the organization.
[0173] The standard icFoundation installation includes several functions, which are BizTalk enabled. These functions include user management and report retrieval. The standard functions include schemas, AICs and HTTP ASP page BTS channel drop points. These standard messages would allow customers to synchronize user management with any external system including NT, mainframe, UNIX or others.
[0174] icFoundation provides a foundation and set of standards for error messaging, auditing and warning notifications. icFoundation and its AICs which may be optimized for BizTalk include standards for XML based error messaging. This standard allows unified distribution of errors in message acknowledgements and logging to external systems. Multiple errors may be combined into a single XML stream.
[0175] Standard icFoundation report retrieval message types allow delivery of data in preformatted reports or raw format. Standard icFoundation reports and any reports added to icFoundation may be retrieved by a partner through an XML message. The XML message and report combination may be used as a sophisticated query and data retrieval system where the data is returned in formatted text, comma separated values, Word, Excel, PDF and other common formats. This allows a medium of data transfer between external platforms including UNIX and mainframes. Schemas for each report retrieval transaction are included.
[0176] Standard icFoundation account management message types allow user synchronization with external systems. User accounts may be managed through a series of standard icFoundation message types. These XML messages may be used to add users, modify users, delete users, add and remove group membership permissions, reset passwords and disable/enable accounts. Schemas for each user management transaction are included. This feature is key in synchronizing user account information between external platforms including UNIX and mainframes.
[0177] Sources sending messages to an icFoundation/BTS integrated site may run reports pertaining to only their account. Presently, BizTalk does not segregate report data by channel and only allow certain individuals to view specific data. icFoundation thus extends the BizTalk database with transaction volume reporting and secures data between partners. The current version of BizTalk includes a sample web interface for administrators to view transaction statistics for all channels and partners. There is no interface for individual partners to logon and view only their data in a secure manner. The icFoundation web interface allows each partner to view statistics and transaction history information for only their transactions. These reports are used for capacity planning, transaction throughput analysis, billing, and determining success/fail of transactions.
[0178] FIG. 9 is an example of a display screen for authorized message viewing. Sources sending messages to an icFoundation/BTS integrated site may view all of their authorized messages which they may send. These sources login to icFoundation and may browse to each message type they are authorized for and also view the XML schema, samples and element definitions for each message. From this location, they may also view BTS message transmission statistics and history by reading the BizTalk tracking tables. The BizTalk Reports main menu represents a section where sources may view the schema for each report they are sending including parameters.
[0179] FIG. 10 is a block diagram of the icFoundation/Biztalk Site architecture. User groups can manage multiple Biztalk icFoundation sites via web, wireless and IVR. The icFoundation sites utilize components and an XML communications layer to interact with the Biztalk engine. The Biztalk engine is mapped to various backend systems to translate data from the icFoundation sites to the backend. The boxes on the far left depict different user groups that can access the icFoundation via web, wireless and IVR. The boxes on the top right display example icFoundation sites used to manage a Biztalk implementation. The boxes on the bottom right depict the modules of the Biztalk engine used to map and translate data to various backend systems.
[0180] FIG. 11 is a block diagram illustrating an example of a icFoundation/BizTalk Implementation providing Universal Access to Centralized Business Rules. Web, wireless, IVR, and Legacy applications 1110 may be developed using icFoundation application sites 1180 for the user interface or external servers or third party sites 1120. These applications may take advantage of the common business logic offered by icFoundation. The data requested or retrieved using the icFoundation user interface 1180 may be created as an XML 1130 message and passed to BTS 1140 where it may get transformed into a format 1150 which may be recognized by backend or legacy system 1160 or server to server third party systems 1170. BTS 1140 in FIG. 11 may be enhanced by the integration of icFoundation Components 1148.
[0181] Additional web, wireless or external processes 1120 may utilize the same XML interface 1130 to transact with BTS 1140 using the same business rules. Transactions sent by these external applications 1120 may include the standard icFoundation authentication XML elements. The first step in any BTS orchestration 1144 or AICs 1149 is to process the authentication elements and determine if the application (partner) has permission to send the message.
[0182] BTS 1140 may be utilized to receive XML messages 1130, translate any data and interact with backend systems 1160 through XML documents 1150 or directly through APIs 1146. Trading partners may logon to icFoundation sites to view transaction statistics and view the schema definitions 1142 for each message type they may be authorized for.
[0183] FIG. 12 is a block diagram illustrating an example of icFoundation/BizTalk Implementation enabling a Legacy system 1210. icFoundation embedded BizTalk 1240 may be used to enable a legacy system 1210 through icFoundation Application sites 1280, icFoundation Message Management Sites for BizTalk 1290, or External Servers or Third Party Sites 1220. icFoundation may be used in several pieces of the implementation including providing an infrastructure for web, wireless and IVR applications 1210.
[0184] This infrastructure may include user management, security, auditing, reporting, presentation, billing and event notifications. icFoundation provides a prebuilt web site to manage BizTalk schemas and detailed meta on how to implement them. icFoundation provides a prebuilt web site 1280, 1290 to manage which partners may send and receive each message type 1230. These components may include standard schemas 1243, and AICs 1249.
[0185] icFoundation provides all the components to allow delivery of reports through an XML message 1230. icFoundation provides specialized AICs 1247 which may integrate with BizTalk Orchestration 1244 and AIC development 1249. These components 1246 provide authentication 1248 and security 1249 to messaging. Messages may be XML mapped 1250 to Server to Server Third Party systems 1270 and/or Backend or Legacy systems 1260.
[0186] FIG. 13 is an example of the icFoundation embedded BizTalk application as applied to a Bankcard Site. A Bankcard site is a site where banks, merchants and credit card issuers access financial account information including account profile, statements and transactions. Banking, merchant, customer service and card holder user groups can interact with multiple Biztalk icFoundation sites via web, wireless and IVR. The icFoundation sites utilize components and an XML communications layer to interact with the Biztalk engine. The Biztalk engine is mapped to various backend bankcard systems to translate financial data from the icFoundation sites to the backend. The boxes on the far left depict different user groups that can access the icFoundation via web, wireless and IVR. These groups include merchants, customer service, banks and card holders. The boxes on the top right display example icFoundation sites used to interact with the Biztalk enabled web sites. The boxes on the center and bottom right depict the modules of the Biztalk engine used to map and translate data to various backend bankcard systems.
[0187] XML enabling of a Legacy system provides an XML gateway and standard set of messages to communicate. These messages may be sent from any platform including Windows, UNIX, mainframe and others. In addition, the icFoundation embedded BizTalk system provides User Account Management and Synchronization between systems. Management of a BizTalk implementation is possible with a large number of partners or message types. The icFoundation system also provides message security for a BizTalk implementation which may require many one-time transactions by many users. icFoundation provides a site where partners may logon and view implementation details about their authorized transaction types. icFoundation also provides a site where partners may logon and view transaction statistics.
[0188] BizTalk may be loaded on the icFoundation web server or database server. In order to submit documents via HTTP, the BizTalk Server may need to be running IIS with a special ASP page to receive incoming documents. The icFoundation site may contain an ASP page called icFoundation/BizTalk/ReceiveRequest.asp. This page may accept an XML document as input and submit it to BizTalk. The return value from this page may indicate whether or not the document was successfully submitted. If an acknowledgement is received, it may be sent back at a later time.
[0189] BizTalk may be configured using a single channel for each inbound document type. User logon information provided in the icFoundation Login Tag may be used to identify the requester. The logon information provided may include a method for returning the acknowledgement message either through BTS, E-Mail or HTTP. To implement the processing of the request, icFoundation may support both BizTalk AICs and BizTalk Orchestration.
[0190] icFoundation may define a set of standard schemas for requesting icFoundation functions via XML. These may include retrieving reports, setting user information and passwords, and the like. Each XML schema may define one type of request and have a specific acknowledgement message.
[0191] Configuring a new request may require several steps. First, the administrator may create menus and submenus to represent the request. All BizTalk request menus may refer to the URL: icFoundation/BizTalk/ShowDesc.asp ?BizTalkSchema_TD=<%BizTalkSchem a_ID%>. This URL may comprise a generic ASP page which may generate a page describing the BizTalk interchange.
[0192] The administrator may then assign permissions to these menus to those login groups which may be allowed to submit each type of request via BizTalk. The menus may only appear to these users allowing them to retrieve descriptions and copies of the XML schemas. Next, the request may be registered as a BizTalk schema in the BizTalkSchema table. A new administration screen may be provided for this feature. FIG. 14 is a BizTalkSchema table which may be added to the icFoundation database which may contain all of the interface information necessary for handling XML requests.
[0193] The ReqRootTag and AckRootTag may be used to derive the name of the schema file in WebDAV. The path to the schema within WebDAV is “<WebDAV%>/PCI/<%RootTag%>.xml”. The ReqRootTag field may also be used to identify incoming requests. These fields should preferably not include the “.xml” extension. The DescriptionFile name is found in /BizTalk/Descriptions/<%DescriptionFile%>. This field should generally include the file name extension.
[0194] icFoundation may define a standard authentication tag called <Login>which may be present in all requests. The following is an example of a login script: 1 <icFReportReq RequestID=“XXXYYY001”> <Login> <RequestID>MyReqID001</RequestID> <UserName>Administrator</UserName> <Password>1234</Password> <SiteURL>http://192.168.100.22</SiteURL> <Language>English</Language> <ChannelName>Receive Report Req</ChannelName> <AckTransportMethod>BTS</AckTransportMethod> <AckTransportAddress>Send Report Ack</AckTransportAddress> <Login> . . . </icFReportReq>.
[0195] The purpose of the tag is to deliver the information necessary for BizTalk and icFoundation to perform the requested action.
[0196] With regard to message security, the first thing to note is the user name and password may be shown in the XML document in an unencrypted form. This may be necessary to identify and authorize the user. Therefore, these messages should generally be passed over untrusted networks in encrypted form. This may be done using SSL via HTTP, other encryption systems inherent in the transport mechanism used or using BizTalk's encryption functionality. The same concerns may exist for the Acknowledgement documents since these may frequently contain proprietary information as well.
[0197] With regard to user identification, the information received in the Login Tag may be used to perform a login sequence through icFoundation components. These components may verify the user's password, account status and site assignment. If this process fails, the system may attempt to send the requester a negative acknowledgement.
[0198] Once the user is identified by icFoundation, the root tag of the request document may be used to look up the SubMenu_ID associated with the request messages. Another icFoundation component may be called to verify the user identified is authorized to submit the specific type of BizTalk request. If this process fails, the system may attempt to send the requester a negative acknowledgement.
[0199] In some cases, additional authorization checks may be necessary depending on the type of request being made. This final step is specific to the type of request being made and the context of the request as defined by the parameters in the message. For example, BizTalk receives a report generation request. The following steps may occur in order to authorize the request:
[0200] 1. The user may be identified by icFoundation.
[0201] 2. The user may be allowed to request reports.
[0202] 3. The user's profile may be checked to verify they are allowed to view the report requested.
[0203] At this point, the request may be honored and fulfilled. If this process fails, the system may attempt to send the requester a negative acknowledgement.
[0204] FIG. 15 is a block diagram illustrating Message Authentication/Security. Biztalk messages in XML, EDI or other formats get transported to the Biztalk server via FTP, MSMQ, File, HTTP or HTTPS. These messages get channeled through the MSXML parser to translate the message from the source format to a destination format. The translated data gets sent through a reconfigured Biztalk port which is made up of an Application Integration Component (AIC) or a Biztalk Orchestration. The port goes through a icFoundation process of reading the authorization elements from the source message, authenticating user account and checking to see if the user has permission to process the particular message type. If the message is authenticated the individual business logic is processed. Message failure and success results are returned to the source through reconfigured Biztalk channels.
[0205] The following is a description of Standard icFoundation AIC COM Interfaces. All user related XML COM interfaces may be located in MTXFNLoginXML.DLL. Each interface may have several properties. If these properties are blank, the object may read the properties from the registry. These properties include Options (list of flags to set auditing, db type, and the like) and Connect (database connection string). Each object may include a Language and SiteURL argument as the first two arguments and have strResult and strErrorMsg as the last two arguments: 2 HKEY_LOCAL_MACHINE\Software\icFoundation\AIC Options String /A0. HKEY_LOCAL_MACHINE\Software\icFoundation\AIC Connect String DSN=icf3_3;UID=MTX_Component;PWD=1234;Database=icf3_3;APP=AIC;
[0206] Each component may contain the standard icFoundation Role based security checks and error routines. A new strOption may be available in icFoundation: 3 /ERXML = Turn on basic XML based error messaging. The strErrormsg may contain a string containing an XML formatted error message and the strResult may be the string message of the error. The basic error XML may only contain the datetime, number, message and severity of the error /EEXML = Turn on extended XML based error messaging. The XML may contain all of the error XML
[0207] The strErrorMsg argument XML may take the following format: 4 <Errors> <Error> <DateTime>6/12/2000 1:22:22 pm<DateTime> <Number>12345</Number> <Message>Error occurred authenticating user account. </Message> <Severity>Error</Severity> <TechMessage>Error occurred in code</TechMessage> <Cause>Error in clsAuthUser.Authenticate user. </Cause> <Audit>TRUE</Audit> <Log>TRUE</Log> <NTLog>FALSE</NTLog> <SupportType>Error Support Type</SupportType> <CompileError>13</CompileError> <CompileErrorDesc>Type Mismatch</CompileErrorDesc> <CompileErrorLine>233</CompileErrorLine> <Version>3.2.34</Version> <ProgID>MTXFNLoginAIC.AuthenticatUser</ProgID> </Error> </Errors>
[0208] The icFoundation/BizTalk Authorization Translator will now be described. This function takes a single string argument containing XML with the authentication elements and attributes and translates them to out parameters of the function call. In the functioncall, the Function TranslateAuth(strXML, Byref strLanguage, Byref strSiteURL, Byref strUserName, Byref strpassword, Byref strResult, Byref strErrorMsg, ByRef strRootTag) may be taken as long.
[0209] The following return values may be generated:
[0210] 8 Error occurred in the code. StrResult contains the end user description for the error. StrErrorMsg contains the technical details and properties of the error.
[0211] <0 Fail. StrResult contains the reason for failure. StrErrorMsg contains the technical details and properties of the error such as the error number and severity.
[0212] −1 Failed to translate XML.
[0213] −100 Failed security check. User is not in MTS Security Role.
[0214] >0 (1) Success.
[0215] The function may be implemented as a function of TranslateAuth (strXML, strLanguage, strSiteURL, strUserName, strPassword, [strResult], [strErrorMsg]). FIG. 16 is a table of the function arguments.
[0216] The following is a description of the user authentication process. This function takes a username and password and uses these arguments to authenticate if a user may access the site and is active, enabled, not expired and is a member of at least one user group.
[0217] The function call for user authentication may take the form of:
[0218] Function AuthenticateLogin(strLanguage, strSiteURL, strUserName, strpassword, Byref lngLanguage_ID, Byref Project_ID, Byref lngLogin_ID, Byref strFullName, Byref strEmail, Optional Byref strResult, Optional Byref strErrorMsg) as long.
[0219] Return values for this function call may comprise:
[0220] 0 Error occurred in the code. strResult contains the end user description for the error. StrErrorMsg contains the technical details and properties of the error.
[0221] <0 Fail. StrResult contains the reason for failure. StrErrorMsg contains the technical details and properties of the error such as the error number and severity.
[0222] −1 User Account is expired or inactive.
[0223] −2 User Account is not found.
[0224] −3 No Site Permissions have been setup for the user.
[0225] −4 Failed to insert record into LoginLog table.
[0226] −5 User is already logged on.
[0227] −6 SHA-1 Encryption of password for comparison failed.
[0228] −7 User is not a member of any user group or no permissions have been configured for any group(s) the user is a member of.
[0229] −100 Failed security check. User is not in MTS Security Role.
[0230] >0 (1) Success.
[0231] The function implementation for user authentication may comprise:
[0232] AuthenticateLogin(strLanguage, strSiteURL, strUserName, strpassword, lngLogin_ID, Project_ID, lngLanguage_ID, strFullName, strEmail, [strResult], [strErrorMsg]).
[0233] FIG. 17 is a table of the function arguments for user authentication.
[0234] The following is a description of the process of checking navigation permissions. This function verifies if the user sending the message has been authenticated during the AuthenticateUser routine and may perform a specific function. This XML Root Tag of the message determines the message type and is mapped to the FNBizTalkSchema.RootTag field, which is associated to a Project_ID, MainID and SubID.
[0235] The function call for checking navigation permission may comprise:
[0236] Function CheckPermission(lngLanguage ID, lngproject_ID, lngLogin_ID, strRootTag, Optional Byref strResult, Optional Byref strErrorMsg) as long.
[0237] Return values for this function may comprise:
[0238] 0 Error occurred in the code. strResult contains the end user description for the error. StrErrorMsg contains the technical details and properties of the error.
[0239] <0 Fail. StrResult contains the reason for failure. StrErrorMsg contains the technical details and properties of the error such as the error number and severity.
[0240] −1 RootTag is not found in FNBizTalkSchema table.
[0241] −2 User does NOT have permission to this resource.
[0242] −100 Failed security check. User is not in MTS Security Role.
[0243] >0 Success. User has permission.
[0244] The Function Implementation.
[0245] Checkpermission(lngLanguage_ID, lngProject_ID, lngLogin_ID, strRootTag, [strResult], [strErrorMsg]).
[0246] FIG. 18 is a table illustrating the function arguments for checking navigation permission.
[0247] The following is a description of the process for checking Report Permissions. This function verifies if the user sending the message has been authenticated during the AuthenticateUser routine and may run a specific report. This XML Root Tag of the message determines the message type and is mapped to the FNBizTalkSchema.RootTag field, which is associated to a Project_ID, MainID and SubID. The actual report is taken from the Report element ReportName attribute. This string value and the associated Project_ID are looked up in the Creport table to determine the Creport_ID and CreportType_ID. These values are used to determine if the user has permissions to the report.
[0248] The function call for checking report permissions may comprise:
[0249] Function CheckReportPermission(lngLanguage_ID, lngProject_ID, lngLogin_ID, ndReport, Optional Byref strResult, Optional Byref strErrorMsg) as long.
[0250] The following is a list of return values for the function call for checking report permissions:
[0251] 0 Error occurred in the code. strResult contains the end user description for the error. StrErrorMsg contains the technical details and properties of the error.
[0252] <0 Fail. StrResult contains the reason for failure. StrErrorMsg contains the technical details and properties of the error such as the error number and severity.
[0253] −1 RootTag is not found in FNBizTalkSchema table.
[0254] −2 User does NOT have permission to this resource.
[0255] −3 Report Name is not found in Creport table.
[0256] −4 Report Number is not found in Creport table.
[0257] −100 Failed security check. User is not in MTS Security Role.
[0258] >0 Success. User has permission.
[0259] The function implementation for checking report permission may be as follows:
[0260] CheckReportPermission (lngLanguage_ID, lngProject_ID, lngLogin_ID, strRootTag, strReportName, [lngReportNumber], [strResult], [strErrorMsg]).
[0261] FIG. 19 is a table illustrating the function arguments for checking report permission.
[0262] While the preferred embodiment and various alternative embodiments of the invention have been disclosed and described in detail herein, it may be apparent to those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope thereof.
Claims
1. A Web-based Electronic Commerce system comprising:
- a platform between corporate systems and e-commerce channels with common presentation and navigation, environment management, common standards, error management, auditing, and enhanced security features;
- at least one default Site is be loaded into the system, wherein multiple sites is be added as needed (i.e., Intranet, Extranet, and various Internet sites) through the Multiple Sites sub-menu option;
- wherein the properties of the default Site is be modified to reflect the preferred Site Name, Site URL, and the like
- wherein each Site's colors, frame-set style, fonts, name and description is be configured using the Site Style Wizard;
- wherein the Site Style Wizard icon is be located on the Results Tab of the Manage Sites sub menu option.
2. The system of claim 1, wherein a default System Setup record is be added when system is installed;
- wherein the global properties of the system is be configured after the installation of system;
- wherein the global properties include default retry intervals for IVR settings, fax, email transmissions, and file directories.
3. The system of claim 2, wherein after determining the functionality of each application created or being deployed with system, User Groups is be created in order to access the different areas of functionality.
4. The system of claim 3, wherein if the application deployed with system generates reports, User Groups is be assigned to have access to each report.
5. The system of claim 4, wherein navigation and report permissions is be assigned to each group to determine the menus presented to the user when they log on.
6. The system of claim 5, wherein each user's account information, including email address (when the user account is activated, the user is automatically be notified of his new password and PIN by email) is be gathered and each user mapped to their appropriate office and user groups,
- wherein each user is be a member of multiple groups and a user is inherit the sum of all of the group's permissions.
7. The system of claim 6, wherein the ability to add, delete, and update Users depends on the permissions set by the Administrator and the Manage Groups Sub-menu option uses the standard system procedures for searching, updating, viewing, adding, and deleting.
8. The system of claim 7, wherein a user with the appropriate permissions is permitted to create an Office Type and office Accounts, wherein an Office Type category is be created before an Office is be added and after creating an office, User accounts is be assigned to that office.
9. The system of claim 8, wherein Users is be readily assigned to various groups through an Add Users to Groups Sub-menu option such that multiple Users is readily configured and assigned permissions by placing all the Users in a particular Group and configuring the Group accordingly.
10. The system of claim 9, wherein Permissions are defined for the menus and web pages a User is access when they log on to the system site and Permissions are also defined for special business processes, such as the ability to approve an order and edit all User accounts, wherein Permissions is be set to allow users readonly or full access to data presented on forms and Administrative permissions allow support people to use the same User interface and forms as a regular User.
11. The system of claim 10, wherein Permissions is be applied to one or more of three areas: Navigation, Reports, and IVR such that Groups which are assigned permissions in the Navigation and Reports tabs is be directly related to the appearance of the Main Menu and Sub Menus and Permissions assigned in the IVR tab give the Group access to assigned IVR functions.
12. The system of claim 12, wherein functions are logged to the system database and utilized for usage analysis and billing and Events, Reports and User time on-line data are tracked such that a combination of all three are used to bill a customer for utilizing the system.
13. The system of claim 13, wherein an unlimited number of billing matrices is be pre-defined, wherein matrix properties include a base rate and up to ten tiers of rates, each with a maximum and minimum value and an associated rate, wherein the setup for each user account includes a Billing Group attribute comprising a user group from which an account is derive Event and report billing matrices, and wherein the setup for each user account also includes a Billing ID attribute comprising a billing matrix which is be applied to this user's time on-line usage.
14. The system of claim 14, wherein an Event is mapped to a pre-defined billing matrix for each user group to allow an administrator to setup different rate schedules for different user groups, for each event, and
- a Report is mapped to a pre-defined billing matrix for each user group such that when a report is processed, User Name, Report ID, and date/time of the report information is logged.
15. The system of claim 15, wherein Errors, warnings, and audits are termed “Events” and Custom events are added to the system to track custom occurrences, such as; change in sales volume, the check of an order status, or the download of a file, Errors, warnings, and audits and custom events is be configured to notify users when they occur.
16. The system of claim 16, wherein Multiple Support Types is be configured so users is be notified when the events occur, at varying time of the day and Users is also be billed when specific events occur by assigning a billing matrix to each event.
17. The system of claim 17, wherein Default event settings is be modified using the User Messages sub-menu option and External processes is also be triggered to run when any message occurs, wherein external process comprises one or more of a batch f ile and an executable file with command line arguments.
18. A system for e-commerce, employing a Windows Management Interface (WMI) for starting and stopping of NT Services, Coloraborative Data Objects (CDO), SMTP Service for sending of email, CRYPTO API for encryption of data using standard algorithims, ActiveX Data Objects (ADO) for database access, wherein the system is configured in a three tier environment including:
- a Presentation Tier for formatting HTML to be displayed in a browser;
- a Business Tier for performing any business logic and connecting to databases and legacy systems; and
- a Data Tier for performing data storage, queries and manipulation.
19. The system of claim 18, wherein the Presentation Tier comprises a plurality of Active Server Pages (ASP) for communicating with Business Tier COM objects for sending HTML to a web browser.
20. The system of claim 19, wherein the ASP pages comprise scripts including one or more of VBScript, JavaScript and HTML, the scripts being processed on the server through Microsoft Internet Information Server.
21. The system of claim 20, wherein the Business Tier comprises a system product including a plurality of COM objects for communicating with the Data Tier to process business rules and query data.
22. The system of claim 21, wherein the COM objects comprise compiled Visual Basic 6.0 ActiveX DLLS conforming to the Component Object Model (COM) standard and the system product comprises 23 COM objects, each COM object comprises a plurality of class files which contain several code functions and/or sub-routines to provide business-rule processing, the processes including creating sites, user groups, users, menus, and assigning permissions.
23. The system of claim 22, wherein the Data Tier comprises a plurality of database tables for storing information to configure one or more of sites, users, groups, permissions, menus, audits, logs, and statistics.
24. A method of managing a system site for e-commerce which allows for multiple sites or user interfaces to information, each of the sites configured to have their own functionality, pages, users, groups, reports, menus, logos, colors, fonts, and style, each of the sites administrated from a single site or from each site individually, said method comprising the steps of
- configuring, by an administrators, groups of users,
- managing, by the groups of users, individual pieces of each site including one or more of user accounts, manages permissions, manages site logos, colors and menus, manages the audit logs and security settings,
- wherein all sites are run from the same system database which is be used to brand identical sites with different colors and logos for different groups of users and customers.
25. The method of claim 24, wherein all sites run off of the same ASP pages and IP address assigned in IIS such that a single set of ASP pages and components may be managed to manage a plurality of different sites.
26. The method of claim 25, wherein multiple function sites are configured and managed using the system multi-site architecture.
Type: Application
Filed: Apr 27, 2001
Publication Date: Mar 21, 2002
Inventors: Paul Scheier (Denver, CO), Darrell Schaefers (Aurora, CO), Tony Schaefers (Parker, CO)
Application Number: 09842684
International Classification: G06F017/21;