Mikkel Schnack Sales Director

1
Websydian 6.0

• Mikkel Schnack Sales Director
• Websydian A/S
• Denmark

2
Session Abstract

• This session will provide
• Overview of Websydian concepts and background
• Introduction to Websydian v6.0
• Introduction to the Websydian off-the-shelf web
  site Websydian Express v2.0
• The main features and benefits of Websydian
  Express will be explained and demonstrated live
  on the Internet

3
Websydian A/S

• Founded in 1985
• Headquarters in Copenhagen, Denmark
• 100 dedicated to model-based development
  working smarter not harder
• Using AllFusion 2E since 1989
• Using AllFusion Plex since 1994
• More than 200 customers in 35 countries worldwide
• First version of Websydian was released 1998
• First version of Websydian Express was released
  2005

4
Websydian A/S

• CA and Websydian A/S are strategic partners in
  delivering complete solutions since 2000. The
  goal is to handle the challenges of quick and
  reliable development of robust and secure Web,
  Wireless and Web Service Applications.
• Websydian target the Java, Windows and IBM System
  i (the former AS400) platforms

5
Agenda

• Why Websydian?
• Companies e-business requirements
• Websydian Product Suite Overview
• Websydian v 6.0
• Websydian Express v2.0 demo

6
Why Websydian?

• According to Gartner
• more than 80 of all e-business projects run

• Over budget

• Over time

• Off track

7
Why Websydian?

• Why?

Because there is too little time to reflect on
what you actually need in order to make a secure,
user friendly, transactional e-business site.

And
The business needs change over time!
8
Why Websydian?
The requirements you see Business processes
9
Why Websydian?
The requirements you see Business processes

• What you also need
• SOX complience
• Documentation
• Internet security
• Knowledge about internet technology
• ....

10
Why Websydian?
Time for reflection

• Tools and products, which allows you to focus on
  development of business processes

• Using existing business logic and developer skills

Reduced development time
11
Websydian Philosophy
Your focus
Websydian focus
12
How does Websydian provide this?

• Model-based development which facilitate
• Focus on the business transactions
• Business rules enforcement
• Documentation
• SOX
• High productivity
• Easy and fast maintenance and up-date of
  applications
• Websydian handles the underlying internet
  technology which
• Means that only one developer skill-set is
  needed.
• Provides a complete security model.

13
e-business requirements
14
The security challenge - Back office
15
The security challenge Back office gt e-business
16
The companies requirements

• When bringing interactive business processes in
  front of customer/partners companies require
• e-business that integrates with existing systems
• Strong coherent security
• Sufficient performance
• Ability to keep up with new technologies and
  quickly satisfy new business requirements
• Smooth e-business development process
• Driven by customer demands

17
Customer requirements

• In relation to e-business your customers want
• Secure and easy access to real time information
• Visibility into the business processes
• Control over the processes
• Customer definitions of value are based on
• Security
• Speed
• Customer process fit
• Convenience

18
Websydian Overview
19
Websydian Product Suite Overview

20
Websydian Product Suite Overview

• Websydian provides similar development
  functionalities/patterns for e-business
  development as Plex provides for green
  screen/Client-Server development!
• hiding the underlying e-business technologies!

21
Websydian v6.0

• Release in June-July/December
• Main features
• Supports Plex 6.0 calling C server functions
• Completing the Web-Services part of Websydian
  TransacXML (Dec.)
• Support for WSDL/Schema import
• Full support for RPC based web services
• Websydian Express 2.0 roles and custom fields

22
Websydian, Plex 6.0 and .Net
Phase 1 (Websydian v 6.0)

• Websydian supports Plex 6.0
• Adjusting C code to Visual Studio 2005 compiler
• Allows calls to C database server functions in
  Plex 6.0
• Phase 2
• Websydian for C (generation of C client code)
• Websydian/Websydian Express deployes in .NET
  environment
• Beyond phase 2
• Integration with ASP.NET
• Websydian Express for C

23
Web Services support in Websydian v 6.0
24
Web Services support in Websydian v 6.0
25
WSDL support in Websydian v 6.0
WSDL
WSDL
UDDI
Export
?
?
Import
Web Services in action
Publish
Subscribe
SOAP Over HTTP
Web Service Publisher
Web Service Subscriber
Invoke
Response
26
Websydian Express v.2.0
27
With WebsydianExpress you get

• Flexible web page structure off-the-shelf!
• A sample web site to be modified
• An empty web site ready-to-use
• Frame-based page layout
• Best practice page layouts out-of-the-box

28
Demo which can be seen live on www.Websydian.com
29
With WebsydianExpress you get

• Security
• Session control
• User management system
• Login facility
• Role system compliant with J2EE

30
Websydian Security Model
31
OWASP

• OWASP (Open Web Application Security Project)
• Non-profit organization
• Community for sharing information about web
  application security
• The OWASP Top Ten
• The 10 most critical web application security
  flaws
• How to avoid the security flaws
• httt//www.owasp.org

32
OWASP 2006 Top Ten

• Un-validated Parameters
• Broken Access Control
• Broken Account and Session Management
• Cross-Site Scripting Flaws
• Buffer Overflows
• Command Injection Flaws
• Error Handling Problems
• Insecure Storage - Insecure Use of Cryptography
• Application Denial of Service
• Insecure Configuration Management- Server
  mis-configuration

33
OWASP 2006 Top Ten and Websydian

• Un-validated Parameters
• Broken Access Control
• Broken Account and Session Management
• Cross-Site Scripting Flaws
• Buffer Overflows
• Command Injection Flaws
• Error Handling Problems
• Insecure storages- Insecure Use of Cryptography
• Application Denial of Service !
• Insecure Configuration Management- Server
  mis-configuration

34
Role based Security Model

• Roles e.g. SalesRep, Accountant, Customer
• Role-based security obtained through a
  combination of two security methods
• Security by Declaration
• Access privileges declared by role
• Programmatic security by role or user within
  methods
• If ltusergt in ltrolegt then
• If ltusergt equal to ltuser_idgt then

35
Declarative Security - Example
Declared access privileges by roles
Declarative Security
ltAdministratorgt
Invoice func
ltSales Repgt
Create Invoice
ltCustomergt
ltSales Repgt
View Invoice
ltAccountantgt

• Challenge Not all customers are allowed to
  access all invoices!
• Fine grained access control needed
• Addressed by Programmatic Security

36
Security Roles Example

• UML Use Cases
• Used in J2EE development for requirements
  gathering
• Each use case (bubble) describes a function in
  the application, which will be accessed by a user
• Actors describes the roles of the users who will
  be using a certain function
• Actors of use case diagrams maps well to J2EE
  role-based security

37
(No Transcript)
38
With Websydian Express you get

• Usability
• Web site out of the box
• Installation Service (installation wizard plus
  phone support if needed)
• Separate web based administration module
• User management
• Custom field (you can easily grow your needs!)
• A number of Self Contained Business Processes
  generic for e-business development

39
(No Transcript)
40
(No Transcript)
41
With WebsydianExpress you get

• Strong support for the configuration of the
  e-business work-flow
• Prototyping during the design phase
• supports a process-centric methodology
• Better dialogue and alignment of expectations
  between business/IT - you can develop prototypes
  during discussion
• Prototyping during production
• Business processes can be designed, developed and
  tested without being showed to the public
• Enables plug-in of new self contained processes
• Great reduction in test

42
(No Transcript)
43
Summary - Websydian Express

• Websydian Express is a professional, secure,
  interactive
• e-business solution off-the-shelf which
• Reduces complexity and development time
• Reduces time to market
• Enables Web based configuration of web site
• And eases the configuration of the e-business
  work-flow
• Through process centric e-business development
  methodology
• By enabling prototyping both during development
  and during production!

44
Summary - Websydian

• Focus on your business Websydian will take care
  of the underlying technology
• Websydian reflection, usability, security
• Websydian 6.0 Relase in June/july (and Dec.)
• Supports Plex 6.0
• Websydian Express 2.0- role system, custom fields
• Completing the Web-Services part of Websydian
  TransacXML (Dec.)
• Support for WSDL import
• Support for RPC

45
Questions ?