national government portal (ngp) · • from multiple websites, siloed e-services and no standard...
TRANSCRIPT
![Page 1: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/1.jpg)
• From multiple websites, siloed e-Services and no standard government identity
• To a one-stop gateway to government data, services, information
NATIONAL GOVERNMENT PORTAL (NGP)
![Page 2: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/2.jpg)
• A Java web application, running on a standard Java container / application server • Vertical and horizontal enterprise portal
LIFERAY DXP
![Page 3: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/3.jpg)
• CentOS, Ubuntu, RHEL, etc. • Cloud & virtualized environments
FEATURESDeployment Compatibility
• JBoss, Tomcat, Wildfly, etc. • MariaDB, MySQL, PostgreSQL, etc.
Performance & Scalability
• Clustering at any combination of tiers (presentation, service, business logic, database)
Security
• Email verification • Granular permissioning
• Encryption such as DES, SHA, RSA • Pluggable authentication
• Advanced caching (Ehcache) • Elasticsearch platform support • Performance monitoring
• LDAP authentication • Session management
![Page 4: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/4.jpg)
FEATURESDeveloper Languages and UI Frameworks
• Groovy • GWT • JQuery
• Java • JSF • Alloy UI
• Bootstrap • Meta.js • ReactJS
• AngularJS • Senna.js • Lodash
• Vaadin • Ruby • Scala
• Others
Web Services
• SOAP • JSON • REST
Theme Developer Languages
• Freemarker • Velocity
Other Standards / Technologies
• JSR-286 • JSF to JSF
2.2
• AJAX • JSR-168
• Spring 3.0 • CMIS
1.0/1.1
• Hibernate • OSGI Core
6.0
• SAML 2.0 • OAuth 1.1
• iCalendar & Microformat
![Page 5: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/5.jpg)
FEATURESContent Repository
• Multiple Repository Support • Customizable Doc Types • Metadata per doc type • MS Office integration
• CMIS Support • CI/CO • Content previews • Content versioning
• Workflows per doc type • Mobile/desktop file
synchronization • Google docs integration
Site Publishing
• Dynamic and static site templates • Drag and drop site maps • Sitemap protocol support • Friendly page URLs
• Staging & Scheduling • Multiple site variations • Faceted search • User-customizable pages
• Mobile previews • Mobile responsive theme • Mobile device recognition • Mobile SDK • Native mobile app support • Push notifications
Mobile
![Page 6: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/6.jpg)
• Asset • Cache • Data handlers • File storage • Geolocation • Message bus • Scheduler • Scripting • Workflow
FEATURESOther Back-end APIs
• Audience Targeting • Segmentation Rules • Session Attributes • Wikis, Blogs, Message Boards • Calendar • Alerts & Announcements
Others
![Page 7: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/7.jpg)
FEATURES
Product Architecture
![Page 8: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/8.jpg)
• Authentication (AuthN) and Authorization (AuthZ) • Supports the use of an Identity Provider (IdP), Single Sign On (SSO), LDAP,
OpenId, Open Authorization (OAuth), Shibboleth, Authentication through Facebook and Google, etc.
IDENTITY MANAGEMENT
Figure 1. Internal authentication
Figure 2. LDAP authentication
Figure 3. SSO as authenticator and LDAP as storage of user data
![Page 9: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/9.jpg)
• Authentication Mechanisms for SSO • Cookies • Tokens • Agents
IDENTITY MANAGEMENT
Figure 3. SSO as authenticator and LDAP as storage of user data
![Page 10: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/10.jpg)
• Authentication (AuthN) and Authorization (AuthZ) • Supports the use of an Identity Provider (IdP), Single Sign On (SSO), LDAP,
OpenId, Open Authorization (OAuth), SAML, Shibboleth, Authentication through Facebook and Google, etc.
IDENTITY MANAGEMENT
Figure 4. OpenID Figure 5. Service provider initiated SSO
![Page 11: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/11.jpg)
• Authentication (AuthN) and Authorization (AuthZ) • Supports the use of an Identity Provider (IdP), Single Sign On (SSO), LDAP,
OpenId, Open Authorization (OAuth), SAML, Shibboleth, Authentication through Facebook and Google, etc.
IDENTITY MANAGEMENT
Figure 6. Typical OAuth configuration flow
Figure 7. Third-party Solutions
![Page 12: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/12.jpg)
• Authentication Pipeline • Sign-in portlet or sign-in screen • Log in via email (default), screen name, or user ID
IDENTITY MANAGEMENT
Figure 8. NGP’s Sign-in portlet
![Page 13: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/13.jpg)
• Authorization • LDAP Groups • OOB Role-Based Authorization
Control (RBAC)
• Liferay can be extended with extra Authenticator or AutoLogin classes
IDENTITY MANAGEMENT
Figure 9. Authentication management is deferred to the SSO server and assignment of user groups and roles to the LDAP server
![Page 14: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/14.jpg)
IDENTITY MANAGEMENT
Figure 10. Login flow
![Page 15: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/15.jpg)
• Transport Security • Supports HTTPS • All responses contain secure headers and cookie flags
• Encryption • Uses the PBKDF2WithHmacSHA1/160/128000 encryption algorithm by default • Length of hashes and number of rounds can be increased to increase cryptographic
strength • Users may choose alternative encryption algorithm as needed • Supports data encryption at rest
• Web Service Security Layers • IP permission based on a whitelist • Service access policy on service classes and method
APPLICATION-LEVEL SECURITY
![Page 16: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/16.jpg)
• Web Service Security Layers • Token-based authentication if a web service invocation request comes from a browser • User permission checks
• Password Policy • Password strength, frequency of password expiration, user lockout, etc. • Different policies can be applied to different sets of users
• Single Sign On (SSO) • Identity management
• Entitlement Management • Fine-grained Role-Based Access Control (flexible roles and permissions)
• Entitlement Management • Historical view of what users are doing in applications through log files
APPLICATION-LEVEL SECURITY
![Page 17: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/17.jpg)
• Secure Development Process • Developed according to secure coding best practices and guidelines such as the
OWASP Top 10 and the CWE/SANS Top 25 • Security code reviews • White and black box security scans • Penetration tests • Monitoring of third-party libraries included in Liferay products (e.g. Apache Struts 2) • Verified by Veracode
• Portal Scanning • Weekly web application scanning
• Fix Packs
APPLICATION-LEVEL SECURITY
![Page 18: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/18.jpg)
• Clustered and highly available • Server-level • Application-level
• Components addressed in a cluster • Load balancer • Centralized database • Caching • Search (Elasticsearch) • Document Library
ARCHITECTURE
Figure 11. High-level diagram of a typical set-up
![Page 19: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/19.jpg)
CLOUD LOCATION 1
Dev Environment
CLOUD LOCATION 2
Staging Env Production Env
CLOUD LOCATION 3
HA Environment
EDGE PLATFORM
ORIGIN SERVER
Figure 12. Infrastructure Reference Architecture
• Local / Origin • WAF, Load Balancer, ADC,
IDPS
• Edge • WAF • SiteShield • Network List • API Security • Certificates • DNS (optional) • Log Delivery • Alerts
ARCHITECTURE
![Page 20: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/20.jpg)
Authentication (SSO, PKI)
Figure 13. NGP Internal Components
ARCHITECTURE
GCP Middleware Agency Systems
Document Repository Workflows Indexing
and SearchData
AnalyticsData
Storage
Pluggable Architectures
Public Websites
Frontline Services Open Data Native Portal
Applications
National Government Portal
Registered User User Personalization Role-based Content Delivery (Dashboard) Transaction History Account Management
Government Content Management Doc Repository Workflow Access Control G2G Self-Service Performance Statistics Ticketing Audit Trails Data Analytics Web Forms
Unregistered User Web Content Log in Discussions Feed Back Maps Localization Support Faceted Search Accessibility Knowledgebase
![Page 21: NATIONAL GOVERNMENT PORTAL (NGP) · • From multiple websites, siloed e-Services and no standard government identity • To a one-stop gateway to government data, services, information](https://reader036.vdocuments.us/reader036/viewer/2022062508/60450d0f28858850fa0c6f04/html5/thumbnails/21.jpg)
INTEGRATION
PHASE 1 - URL LINKING
National Government Portal E-Services catalog (www.gov.ph)
Tradenet (tradenet.gov.ph
PHASE 2 - WEB PROXY & SSO / WEB SERVICES / FULL PORTLET INTEGRATION
2-A Web Proxy & SSO
2-B Web Services
2-C Full Portlet Integration