Friday, July 22, 2011

Panther Applications in Croatia

Brief History
When the Prolifics application development toolset came to the Croatian market in 1990, independent software vendor company Pardus (then 4-MATE) chose it to develop a back office application for a large retailer. The character-mode JAM5 application was running on an Intel-based UNIX system, with 60+ concurrent users, the largest in the region at that time.

Based on the successful experience with the Prolifics toolset, Pardus developed another large integrated information system for retail banks. The platform was again character mode JAM5 on UNIX, with custom mechanisms for distributed database support. The system has since migrated to the recent version of Panther and is still in use today.

Pardus continued to use JAM and Panther for its own development, and started to distribute it to other Independent Software Venders (ISV) and end user organizations with their own IT staff. Programs for JAM and Panther training, consulting, project management, and end-user development team mentoring were created. This contributed to the rapid success of the tool in the Croatian market.

As a result, Panther is now used by the two largest banks in the country. One of them still uses the originally Pardus-developed software for its core data processing, supported by 70+ in-house Panther developers and a team of Pardus consultants. Other users, apart from ISV houses, include departments like the Croatian postal services, customs, health insurance, several ministries and Zagreb municipal administrations.

An Example: Forensic DNA Database
Pardus uses and encourages other fellow-developers to use Panther for a wide variety of applications. One interesting example is the Pardus-developed eQMS::DNA application, a DNA “fingerprint” database, now in use in Central Forensic Laboratories in two countries.

When the opportunity to develop such an application arrived, Pardus again chose Panther because of its excellent rapid prototyping abilities, flexibility of its scripting language and the versatility of its database transaction generator. Native XML import and export capabilities were an advantage.

The resulting eQMS::DNA application is a system primarily used for maintenance and efficient searching of database of human genotypes for forensic purposes (such as identification of biological traces like blood, hair, skin etc), but also has the capability to be used in fields such as livestock lineage tracking.

DNA fingerprinting relies on the fact that certain points in human (or other) genome (loci) change relatively quickly (display polymorphism) from generation to generation – fast enough to form a combination unique for an individual, but slowly enough to be stable within single individual's cells. The type of polymorphisms and number of loci used for constructing genotypes in eQMS::DNA is configurable, but typical installation will employ a standard set of 13 to 18 STR (short tandem repeat) loci.

The system maintains data on individual donors with optional end-user configurable personal and demographic data, multiple samples containing genetic material taken from the donor, and genotypes obtained from the samples, possibly using multiple techniques and identification kits. Both processed genotypes and optional additional data such as peak quality, confidence parameters and raw electroferograms can be kept. The system also keeps profiles of unidentified traces.

Manual entry of data to Panther screens, from plate gel electrophoresis is possible, but the typical data source results from automated capillary electrophoresis sequencers. Communication with systems such as Interpol DNA Gateway is also supported.

The searches can be performed interactively or in full automatic mode. All searches, including those using partial profiles and relaxed criteria are typically done in less than a second. The system also supports mixed-stain searches with provisions for common contaminant identification (such as genotypes of laboratory or other forensic personnel).

Interpol maintains a list of available DNA profiling systems (probably the most well known being FBI CODIS). eQMS::DNA is the only application from a commercial software developer.

Figure 1:Screen shot of eQMS::DNA profiling application


New Developments
Pardus has assisted many clients in modernizing their legacy character-mode JAM and Panther applications.

For example, a Complex Card Management application for a leading Croatian bank was recently ported from JAM5 character-mode to Panther5 GUI. Initial functionality was complete within a month, with an additional month spent adding capabilities made possible by the new version of the Panther tool.

Pardus mentored several of their customers as they transitioned from character-mode to GUI to the Web environment, and from 2-tier to multi-tier architecture. One example includes developing a Java wrapper to call mainframe-based Web services from within a 2-tier GUI and Web Panther application. Another customer, a public health institution, uses the similar Pardus-provided tool to provide their clients with controlled access to their LIMS software (also developed by Pardus) that contains data on analysis of food and water samples.

Despite the market focus shifting away from dedicated application development toolsets, Panther stays a viable product in the Croatian market, thanks to the high penetration and the level of experience and expertise available to its customers.

For more info see http://dna.pardus.hr/ and http://lims.pardus.hr/.

Dragi Raos is a co-founder of Pardus d.o.o a software development and IT consulting company from Zagreb, Croatia. Pardus is a distributor of Panther and JAM in Croatia. Dragi has three decades of experience in technical and scientific computing, design and development of complex financial applications and training and coaching of development teams, he has served as team leader or technical consultant with clients ranging from International Atomic Energy Agency to large regional banks to public health institutions. Dragi's technical expertise includes database management systems, middleware, CASE tools and a wide range of development environments, including 20 years of experience with Panther and all versions of JAM.

Wednesday, July 13, 2011

Learn About Security: Open Authorization in Federated Applications using IBM Security Tools

IBM Tivoli Federated Identity Manager (TFIM) simplifies application integration by providing single sign on between disparate web applications, so the users do not have to share their passwords or re-enter them. TFIM uses various protocols to achieve federation, which include SAML, WS-Federation, and OpenID. Our Security LoB has been invited by IBM to participate in a beta program to implement the popular authorization protocol, OAuth. OAuth, which stands for Open Authorization, is a protocol that allows users to approve applications to act on their behalf. OAuth makes it possible to exchange critical information across distinct organizations based upon a service level agreement that states one application as an OAuth client and the other as an OAuth provider. One major benefit of the OAuth protocol is its emphasis on authorization, when compared to its alternatives. This is giving rise to a hybrid model in which our customers can combine protocols like SAML or OpenID for authentication and OAuth for authorization. OAuth, besides making the token exchange mechanism transparent to the user, provides mechanisms to define the scope which the Client could access regarding the user’s data on the Provider.

Here is a fictitious example. Imagine PFAP as a financial application dashboard developed by Prolifics that provides a user with a consolidated view of his account balances across multiple banks. First, PFAP would have to be in an agreement as an OAuth client across all of the banks, from which account information would be obtained on behalf of the user. Once an agreement is set up with each Provider, PFAP would be registered as an OAuth client to those particular banks (Providers) and so would be provided with a client ID and a shared secret for each one. This information (Client ID, Shared Secret) would help the Provider determine, if the application (Client) requesting data on behalf of user, is one of its trusted OAuth clients. Assuming an agreement between Prolifics and a leading financial firm, PFAP is one of the OAuth clients that has access to the Firm's customer data, upon approval. The first time a user logs into the PFAP application, he will be asked to add his account number to PFAP. Once the user selects “Add Account” button, the user would be redirected to the Firm's website, where he would be asked to put in his credentials. At this step a token would be requested by PFAP from the Firm in the background, which gets authorized upon user logging into the Firm's website. This action grants access to PFAP to act on the user’s behalf.

From the user’s perspective, once logged in the Firm would display a “Consent to Authorize” page where the user would needs to permit access to PFAP to act on his behalf and retrieve information within a certain scope, which in this case would be user’s account balance. Once the user agrees to permit PFAP to act on his behalf and retrieve balance information, a verifier code is sent to PFAP in the background. PFAP would then request an access token from the Firm's application sending the verifier code, Client ID, Shared Secret and few other parameters to request an Access token. The Firm would verify the Client ID and Shared Secret to determine if PFAP is one of its OAuth clients and then would verify the Verifier Code to generate an Access token. Once PFAP receives the Access token, it enables PFAP to get the user’s data on his behalf though within a permitted scope, which in this case would be the account balance. So next time the user logs in, since PFAP would already have an Access token, the user would be able to see his balance information without having to login to the Firm's website. Now, implementation of hybrid models is being thought upon, where a combination of OAuth with protocols like SAML or OpenID would help us achieve SSO at the same time. For instance, once logged into PFAP, an implementation of hybrid model would enable the user to perform other operations in the Firm's website like balance transfers, by launching a new link to the Firm without the need to login again (SSO).

Tuesday, July 12, 2011

BPM Best Practices for the Financial Industry

In our current economic environment, the financial industry is challenged today by two very significant needs to improve efficiency and enhance service. I spoke about these business needs last year at an event hosted by Prolifics and IBM, and they couldn’t be more significant today. To satisfy these requirements, organizations are tasked with driving down costs by consolidating duplicated and siloed systems into well-defined, reusable services and managing customer service levels with greater flexibility.

This industry has a collection of 'habits,' or best practices, that have a powerful effect on business performance in these critical areas. Over time, we have captured the best practices that have proven to be successful with process management programs within the financial industry. At this seminar, we reviewed 11 specific practices that help financial services organizations experience success with projects/delivery, team competency and leveraging Business Process Management (BPM) across the enterprise.

I’d like to share some of these ‘habits’ with you now:

Make BPM about Productivity and Visibility
  • Metrics, KPIs and SLAs should be part of the DEFINE phase
  • Don’t scope out metrics
  • Remember: visibility is critical to improvement

Never “One and Done”
  • Iterative Approach: continuous process improvement
  • Additional phases or versions will always happen: The value in BPM is that you can get your first version out there quickly, but the real opportunity here is really in version 2, 3 and 4 where you are bringing entirely new levels of capability and sophistication of efficiency of effectiveness to your organization

Don’t Skip Process Analysis
  • Processes are done by many different parties! Process analysis helps you understand: What does the end-to-end look like? What data is needed at different points? What is the velocity that we need in this process? How quickly do we need turnaround time?
  • Process analysis sets apart traditional applications development from building process applications
  
Build a Complete Team
  • Have the right mix of resources on the team with a broad set of skill sets
  • Java (.NET) developers aren’t all you need

Establish the Owners
  • A requirement for succeeding with BPM is that processes must be business-owned. You need people from the business to engage and determine what the process priorities are.
  • They key benefit to this iterative approach is that you can make tradeoffs and changes to adapt to changing business conditions and requirements. A level of business engagement will ensure that the right decisions are being made.

In addition, financial institutions face a highly demanding environment requiring exceeding agility. The seminar focused on how customers can reap the benefits of the business rule approach to operational decision making in the areas of payments, credit and lending, risk management and customer care for financial institutions. With business rules, key decisions in your financial processes can be changed in minutes to days rather than months - bringing new levels of efficiency to day-to-day operations.

To read more about these 11 Habits for highly successful BPM programs and the benefits of a business rules management system, please take a look at this presentation. For any questions about these topics or Prolifics’ solutions for the financial industry, please email solutions@prolifics.com.

Don Rivera is a Client Executive with Prolifics managing the NY & NJ Metro territory. Don is a certified IBM WebSphere Solution Sales Professional working with SMB and Enterprise accounts to determine how to leverage IBM software technology to meet their critical business objectives. He brings over 16 years of experience working in the information technology industry in various system engineering, sales and business development roles with companies such as Computer Sciences Corporation, Level 3 Communications and BBN Technologies.