OIAr Archive 2013 - User contributions [en]

PAT.Identity+Permission Management

2013-02-26T10:30:16Z

Daniel Jumelet:

{{Maturity|3}}
{{Pageheaderbox4PatternType
|PATname=Identity & Permission Management
|summary=Provides consistent deployment and management of identity stores and/or permission registers
|version=0.4
|owner=J.A.H. Schoonderbeek
|sector=Infrastructure Sector Operations
}}
This facility handles the tasks associated with maintaining more than one [[BT.Identity Store|identity store]] and/or more than one [[BT.Permission Register|permission register]] within the organization. It can collect accounts from source systems, and provision them to target stores/registers. Ideally, there is only ONE Identity & Permission Management facility in the organization, connected to all Identity Stores and all Permission Registers. The facility is dependent on a metadirectory (aggegating all identities in a single Identity Store), a virtual directory (offering an aggregated view on all Identity Stores combined), or a comprehensive and complete information model for all identities and associated attributes in the organization.

===Identity management===
This facility has the following identity-related tasks:
* To create new identities in Identity Stores when the circumstances call for it (either an eligible new identity presents itself, or an existing identity becomes eligible), including all identity attributes for that Identity Store;
* To create groups that are linked to certain roles that are assigned to identities;
* To assign roles to identities (commonly by setting an attribute that denotes the group membership of an identity that relates this identity to this role);
* To apply the effect of a change of business rules to the attributes of identity accounts in the Identity Stores this changes has impact on;
* If an identity attribute changes in an identity store that is deemed authoritative for that particular attribute, then update this attribute in all serviced Identity Stores where that same identity appears AND that attribute is present;
* As soon as an identity's eligibility for an account in a particular Identity Store ends, disable or remove the identity from that identity store;
* To resolve conflicting information in different Identity Stores when it is discovered;
* To delete an identity in all secondary Identity Stores when an identity is removed from a authoritative Identity Store.

===Permission management===
This facility has the following permission-related tasks:
* If an identity becomes eligible for use of certain resources, create permissions in the Permission Register(s) associated with these resources;
* If an identity loses eligibility for use of certain resources, remove:
** the group membership of an identity in the appropriate Identity Store, that links an Identity with a role that has permissions regarded these resources;
** permissions present in the Permission Register(s) associated with these resources and directly linked with this identity;
* To resolve conflicts between specific permissions assigned to an identity in a Permission Register (or not) and the permissions actually granted to it (or not).

===Details===
The facility allows for the following:
* It monitors at least all Identity Stores that have one or more authoritative attributes. Monitoring can be performed actively or passively. Actively means the facility periodically polls the Identity Stores to see if there are relevant changes; passively means the facility waits for a signal from the Identity Store itself that a change has occurred.
Note that the depiction of an identity store and permission register in the drawing below is only indicative: the Identity & Permission Management pattern looks after identity stores and permission registers, but in itself isn't one of either.
{{PAgraphic
|graphic=PAT.Identity+Permission Management.png
|source=Pattern Identity + Permission Management.vsd
|size=500px
|title=Identity & Permission Management pattern
}}
{{Pattern Type Composition}}
{{Pattern Type Composition Row
|facility=BT.Process Engine
|choice=must
|reason=This is the engine that processes new or changed identities and/or permissions. It is commonly rule-based, and can source authoritative identity attributes and permissions from multiple identity stores and permission registers. Furthermore, it hands off new or changed identity (attributes) and/or permissions to the Deployment facility for replication over a multitude of identity stores and permission registers.
}}
{{Pattern Type Composition Row
|facility=BT.Control Interface
|choice=may
|reason=A "self-help" interface can be provided to the users that have one or more identities in the organisation's IT infrastructure, in order to change/reset their passwords, update identity attributes directly in the system et cetera. Note that the nature of this interface is such, that most ''anyone'' can access it. Checks for the actual identity of a user of this interface should take sufficient precautions against unauthorized use, to prevent security breaches.
}}
{{Pattern Type Composition Row
|facility=BT.Deployment
|choice=must
|reason=This facility can push the new or changed identity (attributes) and/or permissions to other identity stores and permission registers.
}}
{{Pattern Type Composition Row
|facility=BT.Configuration Retrieval
|choice=must
|reason=The Process Engine needs a means to interrogate all Identity Stores and Permission Registers that receive data and/or supply (authoritative) data. Hence this facility serves to model this means. Interrogation can occur on external triggers (a change in a monitored Store/Register), on schedule, or on another internal trigger.
}}
{{Pattern Type Composition Row
|facility=BT.Structured Data Store
|choice=must
|reason=The Process Engine needs a means to coordinate its action, remember the state of the identities/permissions it has distributed over the organization; the Structured Data Store provides this means. Ideally this is a metadirectory combining the authoritative data of all appointed identity stores and permission registers (although it's most likely unwanted to have any facility call upon this metadirectory). If not a metadirectory, then still some sort of scorecard needs to be kept to prevent the facility from unnecessarily provision accounts, or missing out on updated accounts.
}}
{{Table Ending}}
{{Pattern Type Neighbors}}
{{Pattern_Type_Adjacent_PAT_Row
|pattern=PAT.Facilities Monitoring
|choice=must
|reason=The facility is managed by means of this Security Management & Auditing pattern, plus it delivers information to this pattern on existing identities and effective permissions, on changes thereof, and audit information on the company officials and processes that make these changes.
}}
{{Pattern_Type_Adjacent_PAT_Row
|pattern=PAT.Authentication+Authorization
|choice=must
|reason=Multiple instances of this pattern serve both as sources of permission and/or identity information, and as targets for them. Note that the Identity & Permission Management pattern reads from, and/or writes to, the Identity Store and Permission Register BBTs within each A&A pattern.
}}
{{Table Ending}}
{{PATfooter}}

PAT.Identity+Permission Management

2013-02-26T10:17:28Z

Daniel Jumelet:

{{Maturity|3}}
{{Pageheaderbox4PatternType
|PATname=Identity & Permission Management
|summary=Provides consistent deployment and management of identity stores and/or permission registers
|version=0.4
|owner=J.A.H. Schoonderbeek
|sector=Infrastructure Sector Operations
}}
This facility handles the tasks associated with maintaining more than one [[BT.Identity Store|identity store]] and/or more than one [[BT.Permission Register|permission register]] within the organization. It can collect accounts from source systems, and provision them to target stores/registers. Ideally, there is only ONE Identity & Permission Management facility in the organization, connected to all Identity Stores and all Permission Registers. The facility is dependent on a metadirectory (aggegating all identities in a single Identity Store), a virtual directory (offering an aggregated view on all Identity Stores combined), or a comprehensive and complete information model for all identities and associated attributes in the organization.

===Identity management===
This facility has the following identity-related tasks:
* To create new identities in Identity Stores when the circumstances call for it (either an eligible new identity presents itself, or an existing identity becomes eligible), including all identity attributes for that Identity Store;
* If an identity attribute changes in an identity store that is deemed authoritative for that particular attribute, then update this attribute in all serviced Identity Stores where that same identity appears AND that attribute is present;
* As soon as an identity's eligibility for an account in a particular Identity Store ends, disable or remove the identity from that identity store;
* To resolve conflicting information in different Identity Stores when it is discovered;
* To delete an identity in all secondary Identity Stores when an identity is removed from a authoritative Identity Store.

===Permission management===
This facility has the following permission-related tasks:
* If an identity becomes eligible for use of certain resources, create permissions in the Permission Register(s) associated with these resources;
* If an identity loses eligibility for use of certain resources, remove:
** the group membership of an identity in the appropriate Identity Store, that links an Identity with a role that has permissions regarded these resources;
** permissions present in the Permission Register(s) associated with these resources and directly linked with this identity;
* To resolve conflicts between specific permissions assigned to an identity in a Permission Register (or not) and the permissions actually granted to it (or not).

===Details===
The facility allows for the following:
* It monitors at least all Identity Stores that have one or more authoritative attributes. Monitoring can be performed actively or passively. Actively means the facility periodically polls the Identity Stores to see if there are relevant changes; passively means the facility waits for a signal from the Identity Store itself that a change has occurred.
Note that the depiction of an identity store and permission register in the drawing below is only indicative: the Identity & Permission Management pattern looks after identity stores and permission registers, but in itself isn't one of either.
{{PAgraphic
|graphic=PAT.Identity+Permission Management.png
|source=Pattern Identity + Permission Management.vsd
|size=500px
|title=Identity & Permission Management pattern
}}
{{Pattern Type Composition}}
{{Pattern Type Composition Row
|facility=BT.Process Engine
|choice=must
|reason=This is the engine that processes new or changed identities and/or permissions. It is commonly rule-based, and can source authoritative identity attributes and permissions from multiple identity stores and permission registers. Furthermore, it hands off new or changed identity (attributes) and/or permissions to the Deployment facility for replication over a multitude of identity stores and permission registers.
}}
{{Pattern Type Composition Row
|facility=BT.Control Interface
|choice=may
|reason=A "self-help" interface can be provided to the users that have one or more identities in the organisation's IT infrastructure, in order to change/reset their passwords, update identity attributes directly in the system et cetera. Note that the nature of this interface is such, that most ''anyone'' can access it. Checks for the actual identity of a user of this interface should take sufficient precautions against unauthorized use, to prevent security breaches.
}}
{{Pattern Type Composition Row
|facility=BT.Deployment
|choice=must
|reason=This facility can push the new or changed identity (attributes) and/or permissions to other identity stores and permission registers.
}}
{{Pattern Type Composition Row
|facility=BT.Configuration Retrieval
|choice=must
|reason=The Process Engine needs a means to interrogate all Identity Stores and Permission Registers that receive data and/or supply (authoritative) data. Hence this facility serves to model this means. Interrogation can occur on external triggers (a change in a monitored Store/Register), on schedule, or on another internal trigger.
}}
{{Pattern Type Composition Row
|facility=BT.Structured Data Store
|choice=must
|reason=The Process Engine needs a means to coordinate its action, remember the state of the identities/permissions it has distributed over the organization; the Structured Data Store provides this means. Ideally this is a metadirectory combining the authoritative data of all appointed identity stores and permission registers (although it's most likely unwanted to have any facility call upon this metadirectory). If not a metadirectory, then still some sort of scorecard needs to be kept to prevent the facility from unnecessarily provision accounts, or missing out on updated accounts.
}}
{{Table Ending}}
{{Pattern Type Neighbors}}
{{Pattern_Type_Adjacent_PAT_Row
|pattern=PAT.Facilities Monitoring
|choice=must
|reason=The facility is managed by means of this Security Management & Auditing pattern, plus it delivers information to this pattern on existing identities and effective permissions, on changes thereof, and audit information on the company officials and processes that make these changes.
}}
{{Pattern_Type_Adjacent_PAT_Row
|pattern=PAT.Authentication+Authorization
|choice=must
|reason=Multiple instances of this pattern serve both as sources of permission and/or identity information, and as targets for them. Note that the Identity & Permission Management pattern reads from, and/or writes to, the Identity Store and Permission Register BBTs within each A&A pattern.
}}
{{Table Ending}}
{{PATfooter}}

PAT.Identity+Permission Management

2013-02-26T10:16:26Z

Daniel Jumelet:

{{Maturity|3}}
{{Pageheaderbox4PatternType
|PATname=Identity & Permission Management
|summary=Provides consistent deployment and management of identity stores and/or permission registers
|version=0.4
|owner=J.A.H. Schoonderbeek
|sector=Infrastructure Sector Operations
}}
This facility handles the tasks associated with maintaining more than one [[BT.Identity Store|identity store]] and/or more than one [[BT.Permission Register|permission register]] within the organization. It can collect accounts from source systems, and provision them to target stores/registers. Ideally, there is only ONE Identity & Permission Management facility in the organization, connected to all Identity Stores and all Permission Registers. The facility is dependent on a metadirectory (aggegating all identities in a single Identity Store), a virtual directory (offering an aggregated view on all Identity Stores combined), or a comprehensive and complete information model for all identities and associated attributes in the organization.

===Identity management===
This facility has the following identity-related tasks:
* To create new identities in Identity Stores when the circumstances call for it (either an eligible new identity presents itself, or an existing identity becomes eligible), including all identity attributes for that Identity Store;
* If an identity attribute changes in an identity store that is deemed authoritative for that particular attribute, then update this attribute in all serviced Identity Stores where that same identity appears AND that attribute is present;
* As soon as an identity's eligibility for an account in a particular Identity Store ends, disable or remove the identity from that identity store;
* To resolve conflicting information in different Identity Stores when it is discovered.
* To delete an identity in all secondary Identity Stores when an identity is removed from a authoritative Identity Store

===Permission management===
This facility has the following permission-related tasks:
* If an identity becomes eligible for use of certain resources, create permissions in the Permission Register(s) associated with these resources;
* If an identity loses eligibility for use of certain resources, remove
** the group membership of an identity in the appropriate Identity Store, that links an Identity with a role that has permissions regarded these resources
** permissions present in the Permission Register(s) associated with these resources and directly linked with this identity;
* To resolve conflicts between specific permissions assigned to an identity in a Permission Register (or not) and the permissions actually granted to it (or not).

===Details===
The facility allows for the following:
* It monitors at least all Identity Stores that have one or more authoritative attributes. Monitoring can be performed actively or passively. Actively means the facility periodically polls the Identity Stores to see if there are relevant changes; passively means the facility waits for a signal from the Identity Store itself that a change has occurred.
Note that the depiction of an identity store and permission register in the drawing below is only indicative: the Identity & Permission Management pattern looks after identity stores and permission registers, but in itself isn't one of either.
{{PAgraphic
|graphic=PAT.Identity+Permission Management.png
|source=Pattern Identity + Permission Management.vsd
|size=500px
|title=Identity & Permission Management pattern
}}
{{Pattern Type Composition}}
{{Pattern Type Composition Row
|facility=BT.Process Engine
|choice=must
|reason=This is the engine that processes new or changed identities and/or permissions. It is commonly rule-based, and can source authoritative identity attributes and permissions from multiple identity stores and permission registers. Furthermore, it hands off new or changed identity (attributes) and/or permissions to the Deployment facility for replication over a multitude of identity stores and permission registers.
}}
{{Pattern Type Composition Row
|facility=BT.Control Interface
|choice=may
|reason=A "self-help" interface can be provided to the users that have one or more identities in the organisation's IT infrastructure, in order to change/reset their passwords, update identity attributes directly in the system et cetera. Note that the nature of this interface is such, that most ''anyone'' can access it. Checks for the actual identity of a user of this interface should take sufficient precautions against unauthorized use, to prevent security breaches.
}}
{{Pattern Type Composition Row
|facility=BT.Deployment
|choice=must
|reason=This facility can push the new or changed identity (attributes) and/or permissions to other identity stores and permission registers.
}}
{{Pattern Type Composition Row
|facility=BT.Configuration Retrieval
|choice=must
|reason=The Process Engine needs a means to interrogate all Identity Stores and Permission Registers that receive data and/or supply (authoritative) data. Hence this facility serves to model this means. Interrogation can occur on external triggers (a change in a monitored Store/Register), on schedule, or on another internal trigger.
}}
{{Pattern Type Composition Row
|facility=BT.Structured Data Store
|choice=must
|reason=The Process Engine needs a means to coordinate its action, remember the state of the identities/permissions it has distributed over the organization; the Structured Data Store provides this means. Ideally this is a metadirectory combining the authoritative data of all appointed identity stores and permission registers (although it's most likely unwanted to have any facility call upon this metadirectory). If not a metadirectory, then still some sort of scorecard needs to be kept to prevent the facility from unnecessarily provision accounts, or missing out on updated accounts.
}}
{{Table Ending}}
{{Pattern Type Neighbors}}
{{Pattern_Type_Adjacent_PAT_Row
|pattern=PAT.Facilities Monitoring
|choice=must
|reason=The facility is managed by means of this Security Management & Auditing pattern, plus it delivers information to this pattern on existing identities and effective permissions, on changes thereof, and audit information on the company officials and processes that make these changes.
}}
{{Pattern_Type_Adjacent_PAT_Row
|pattern=PAT.Authentication+Authorization
|choice=must
|reason=Multiple instances of this pattern serve both as sources of permission and/or identity information, and as targets for them. Note that the Identity & Permission Management pattern reads from, and/or writes to, the Identity Store and Permission Register BBTs within each A&A pattern.
}}
{{Table Ending}}
{{PATfooter}}

PAT.Identity+Permission Management

2013-02-26T10:09:59Z

Daniel Jumelet:

{{Maturity|3}}
{{Pageheaderbox4PatternType
|PATname=Identity & Permission Management
|summary=Provides consistent deployment and management of identity stores and/or permission registers
|version=0.4
|owner=J.A.H. Schoonderbeek
|sector=Infrastructure Sector Operations
}}
This facility handles the tasks associated with maintaining more than one [[BT.Identity Store|identity store]] and/or more than one [[BT.Permission Register|permission register]] within the organization. It can collect accounts from source systems, and provision them to target stores/registers. Ideally, there is only ONE Identity & Permission Management facility in the organization, connected to all Identity Stores and all Permission Registers. The facility is dependent on a metadirectory (aggegating all identities in a single Identity Store), a virtual directory (offering an aggregated view on all Identity Stores combined), or a comprehensive and complete information model for all identities and associated attributes in the organization.

===Identity management===
This facility has the following identity-related tasks:
* To create new identities in Identity Stores when the circumstances call for it (either an eligible new identity presents itself, or an existing identity becomes eligible), including all identity attributes for that Identity Store;
* If an identity attribute changes in an identity store that is deemed authoritative for that particular attribute, then update this attribute in all serviced Identity Stores where that same identity appears AND that attribute is present;
* As soon as an identity's eligibility for an account in a particular Identity Store ends, disable or remove the identity from that identity store;
* To resolve conflicting information in different Identity Stores when it is discovered.

===Permission management===
This facility has the following permission-related tasks:
* If an identity becomes eligible for access to certain resources, create permissions in the Permission Register(s) associated with these resources;
* If an identity loses eligibility for access to certain resources, remove the permissions present in the Permission Register(s) associated with these resources;
* To resolve conflicts between specific permissions assigned to an identity in a Permission Register (or not) and the permissions actually granted to it (or not).

===Details===
The facility allows for the following:
* It monitors at least all Identity Stores that have one or more authoritative attributes. Monitoring can be performed actively or passively. Actively means the facility periodically polls the Identity Stores to see if there are relevant changes; passively means the facility waits for a signal from the Identity Store itself that a change has occurred.
Note that the depiction of an identity store and permission register in the drawing below is only indicative: the Identity & Permission Management pattern looks after identity stores and permission registers, but in itself isn't one of either.
{{PAgraphic
|graphic=PAT.Identity+Permission Management.png
|source=Pattern Identity + Permission Management.vsd
|size=500px
|title=Identity & Permission Management pattern
}}
{{Pattern Type Composition}}
{{Pattern Type Composition Row
|facility=BT.Process Engine
|choice=must
|reason=This is the engine that processes new or changed identities and/or permissions. It is probably rule-based, and can source authoritative identity attributes and permissions from multiple identity stores and permission registers. Furthermore, it hands off new or changed identity (attributes) and/or permissions to the Deployment facility for replication over a multitude of identity stores and permission registers.
}}
{{Pattern Type Composition Row
|facility=BT.Control Interface
|choice=may
|reason=A "self-help" interface can be provided to the users that have one or more identities in the organisation's IT infrastructure, in order to change/reset their passwords, update identity attributes directly in the system et cetera. Note that the nature of this interface is such, that most ''anyone'' can access it. Checks for the actual identity of a user of this interface should take sufficient precautions against unauthorized use, to prevent security breaches.
}}
{{Pattern Type Composition Row
|facility=BT.Deployment
|choice=must
|reason=This facility can push the new or changed identity (attributes) and/or permissions to other identity stores and permission registers.
}}
{{Pattern Type Composition Row
|facility=BT.Configuration Retrieval
|choice=must
|reason=The Process Engine needs a means to interrogate all Identity Stores and Permission Registers that receive data and/or supply (authoritative) data. Hence this facility serves to model this means. Interrogation can occur on external triggers (a change in a monitored Store/Register), on schedule, or on another internal trigger.
}}
{{Pattern Type Composition Row
|facility=BT.Structured Data Store
|choice=must
|reason=The Process Engine needs a means to coordinate its action, remember the state of the identities/permissions it has distributed over the organization; the Structured Data Store provides this means. Ideally this is a metadirectory combining the authoritative data of all appointed identity stores and permission registers (although it's most likely unwanted to have any facility call upon this metadirectory). If not a metadirectory, then still some sort of scorecard needs to be kept to prevent the facility from unnecessarily provision accounts, or missing out on updated accounts.
}}
{{Table Ending}}
{{Pattern Type Neighbors}}
{{Pattern_Type_Adjacent_PAT_Row
|pattern=PAT.Facilities Monitoring
|choice=must
|reason=The facility is managed by means of this Security Management & Auditing pattern, plus it delivers information to this pattern on existing identities and effective permissions, on changes thereof, and audit information on the company officials and processes that make these changes.
}}
{{Pattern_Type_Adjacent_PAT_Row
|pattern=PAT.Authentication+Authorization
|choice=must
|reason=Multiple instances of this pattern serve both as sources of permission and/or identity information, and as targets for them. Note that the Identity & Permission Management pattern reads from, and/or writes to, the Identity Store and Permission Register BBTs within each A&A pattern.
}}
{{Table Ending}}
{{PATfooter}}

BV.User Input.Touch Screen

2012-11-11T23:22:21Z

Daniel Jumelet: start

{{Maturity|1}}
{{Pageheaderbox4BBV
|name=User Input.Touch Screen
|implementsBBT=BT.User Input
|environment=ENV.Not Specified
|version=0.1
|owner=S.A.D. Jumelet
}}
{{Table Ending}}
{{Description Area
|description=Enables input of control information and data from an end-user.
|annotate=yes
}}
{{Purpose section
|text=This variant is used to accommodate User Workspaces where the screen (a variant of User Output) provides the User Input functionality at the same time.
}}
{{Section
|header=Characteristics & indications of usage
|text=* Provides a control function to a user by means of (finger) touch based directions.
* Provides a virtual keyboard, through which a user can enter data
}}

{{BBV Elements prescription}}
{{Elements Prescription Table}}
{{Table Ending}}
{{BBV Quality Description
|adaptability=NS
|scalability=NS
|manageability=NS
|accountability=NS
|availability=NS
|integrity=NS
}}
{{BBV Text Footer}}

BT.Content Handling

2012-11-11T23:22:21Z

Daniel Jumelet:

{{Maturity|0}}
{{Pageheaderbox4BBT
|name=Content Handling
|WorkingArea=Server (SE)
|version=0.1
|owner=S.A.D. Jumelet
}}
This facility makes it possible to:
* present content in a structured way, according to (pre)defined rules
* preserve and manipulate content in a structured way, according to attributes that are applied to this content.

Thus, it provides the intelligence to search, show, order, correlate, link, back-up, restore, archive and delete/destroy content in an automated fashion.

Attribute types, that are commonly used to control the preservation and manipulation of content are:
* data content classification (according to a predefined classification scheme or information model)
* privacy classification
* data retention policy
* ...
{{FunctionIcon
|image=Icon BBT File Engine.png
}}
{{BBT Text Footer}}

PAV.Authentication+Authorization.Internal users

2012-11-11T23:22:21Z

Daniel Jumelet: start

{{Maturity|1}}
{{Pageheaderbox4PAV
|PAVname=Authentication+Authorization.Internal users
|patterntype=PAT.Authentication+Authorization
|version=0.1
|owner=S.A.D. Jumelet
}}
{{Description Area
|description=-
|annotate=yes
}}
{{Purpose section
|text=-
}}
{{Section
|header=Characteristics & indications of usage
|text=-
}}

{{PAgraphic
|graphic=No graphic yet.png
|size=200px
}}
{{Pattern Variant Composition}}
{{Table Ending}}
{{Pattern Variant Neighbors}}
{{Table Ending}}
{{PAV Elements prescription}}
{{Elements Prescription Table}}
{{Table Ending}}
{{PAV Quality Description
|adaptability=NS
|scalability=NS
|manageability=NS
|accountability=NS
|availability=NS
|integrity=NS
}}

PAT.Authentication+Authorization

2012-11-11T23:22:21Z

Daniel Jumelet:

{{Maturity|3}}
{{Pageheaderbox4PatternType
|PATname=Authentication & Authorization
|summary=Secures usage of facilities and applications by validating identities and permissions
|version=0.1
|owner=J.A.H. Schoonderbeek
|sector=Infrastructure Sector Core
}}

In fact Authentication and Authorization are functions that are carried out by human beings. Authentication is done when someone wants to make sure - to a certain extend - that a claim about a subject is true. A special form of authentication is identification, which is a check of the identity of a subject. Authorizations is the process of granting rights to a subject to use a certain resource.

When it comes down to the use of automated systems and data, a process is needed to check if someone is entitled to this use. This means that records are made of authorizations (permissions), that need to be validated if someone is issuing rights (Permission Validation). To identify a digital user as a real world person or system, the digital identity (a digital representation of the real world identity) claim is validated by means of comparing one or more credentials that are provided during the validation with credentials that were stored earlier when the digital identity was created and administered (e.g. password hashes, biometric hashes, tokens, certificates). Thus, the Identity Validation function is an automated rematch of the real identity with the digital identity of a user. The Permission Validation function is an automated check whether a user has the right permissions to use a certain resource or data

===Further notices===
* It is a good practice to limit digital identities to Natural Persons and Physical Systems. In that case, the validation of this type of digital identities (and it's logging) does have meaning in a legal context.
* Identity Validation can also be used in conjunction with logging, which makes the process of Auditing possible in a way that does have meaning in a legal context, if digital identities are limited to Natural Persons and Physical Systems.

{{PAgraphic
|graphic=PAT.Authentication+Authorization.png
|source=Pattern Types.vsd
|size=500px
|title=Authentication & Authorization Pattern
|kind=Type
}}
{{Pattern Type Composition}}
{{Pattern Type Composition Row
|facility=BT.Identity Validation
|choice=must
|reason=This facility delivers the functionality of validating a digital identity.
}}
{{Pattern Type Composition Row
|facility=BT.Identity Store
|choice=must
|reason=This facility is required because it offers the Identity Validation the data it needs to perform the validation.
}}
{{Pattern Type Composition Row
|facility=BT.Permission Validation
|choice=may
|reason=If authorization is needed, then this facility will provide it. Note that it requires access to a Permission Register, but most likely also to an Identity Store, since many permissions are granted based on identity attributes like user ID, group membership or (for example) Job Title.
}}
{{Pattern Type Composition Row
|facility=BT.Permission Register
|choice=may
|reason=This facility provides Permission Validation with the ability to retrieve the current valid (set of) permissions. Note that the permissions themselves likely have a relation with a (particular) Identity Store, since many permissions are granted based on identity attributes like user ID, group membership or (for example) Job Title.
}}
{{Pattern Type Composition Row
|facility=BT.Control Interface
|choice=may
|reason=The purpose of this facility within the Pattern is to focus the attention on the security aspects of an available means to read and/or alter the content of either the Identity Store or the Permission Register.
}}
{{Table Ending}}
{{Pattern Type Neighbors}}
{{Pattern_Type_Adjacent_PAT_Row
|pattern=PAT.Identity+Permission_Management
|choice=may
|reason=To maintain the information in the Identity Store and Permission Register (if present), the Identity & Permission Management Pattern is required. It provisions accounts, ensures information is kept correct and current, and makes auditing possible, both on granted permissions and on changes in identity and/or permission information itself.
}}
{{Table Ending}}
{{PATfooter}}

EL.SAPRouter

2012-11-11T23:22:21Z

Daniel Jumelet: start

{{Maturity|1}}
{{Pageheaderbox4Element
|name=SAP Router
|version=0.1
|owner=S.A.D. Jumelet
|elementtype=Element type software
}}
{{Description Area
|description=Software to implement the SAP specific Session Endpoint facility
|annotate=yes
}}

{{Elementfooter}}

Template:WhereToStartBox

2012-11-11T23:22:21Z

Daniel Jumelet:

<noinclude>
[[Category:Templates]]
This template is meant to show a medium sized box containing all entry points into the knowledge system. It is used a.o. on the front page.

It looks like this:
----
</noinclude>{|class="wikitable" border="1" cellpadding="4" cellspacing="0" style="width:95%; margin: 1em 1em 1em 0; background: #f9f9f9; border: 1px #aaa solid; border-collapse: collapse; font-size: 95%; clear: center; "
!style="background:#{{BGColour01}}; color:#{{FGColour03}};"|Where to start?
|-
|Depending on what you want to know or what you are looking for, several approaches exist to explore the contents of the OIAm Repository. These common entry points exist:

* You want to have a quick overview of the infrastructure landscape? Start discovering it:
** By checking [[:Category:Working Area|Working Area]] and [[:Category:Environment|Environment]] descriptions to get an idea of the context of the landscape.
** To see what kind of infrastructure solutions are present, check out [[:Category:Pattern Type|Pattern Type]]s for universal solution specimens or [[:Category:Pattern Variant|Pattern Variant]]s for specific solution recipes that are used to shape designs of infrastructure solutions in the particular landscape that is contained by this repository.

* You want to know what (universal) kinds of infrastructure functions exist? Check out the [[Building Block Type Overview|Building Block Types]] in this repository.

* You want to know what particular instances of kinds of infrastructure function are contained by this knowledge base? Visit the section with [[Building Block Variant|Building Block Variant]]s. Building Block Variants can be regarded as recipes or molds that can be used to guide and shape the designs of single infrastructure functions, so if you are a (project) architect, designer or engineer, this information might be of special interest to you.

* You want to know what (universal) kinds of infrastructure solutions exist? Check out the [[Pattern Type|Pattern Type]]s.

* You want to know what particular instances of kinds of infrastructure solutions are contained by this knowledge base? Check out [[Pattern Variant|Pattern Variant]]s. Pattern Variants can be regarded as recipes or molds that can be used to guide and shape the designs of infrastructure solutions, so if you are a solution architect, designer or engineer, this information might be of special interest to you.

* You want to know more about the way this repository deals with Quality aspects? Check what Quality Attributes are defined, how they are elaborated, what classes and/or permutations exist, what pre-defined values are assigned, or what design guidelines are attached to certain Quality Attributes. Visit [[Quality Attribute Overview|Quality Attribute]] definitions in this knowledge system to learn more.
|}

Category:Element type protocol

2012-11-11T23:22:21Z

Daniel Jumelet: start

[[Category:Element type standard]]
Architectural [[Element]]s of type "Element type protocol" are contained in this class. "Element type protocol" in this respect means that the architect prescribes protocols to be used to realize (parts of) an infrastructure facility. Examples are:

* SNMPv3
* OSPFv4
* IPv6
* X.509

File:Daniel Jumelet.jpg

2012-11-11T23:22:21Z

Daniel Jumelet: start

Pass-photo Daniël Jumelet

Template:Elements Prescription Table

2012-11-11T23:22:21Z

Daniel Jumelet:

<noinclude>
[[Category:Templates]]
This table holds the header of a single table, the rows of which come from a different template ([[Template:Element Prescription Row]])

To use the template, cut and paste the following code:
<pre><nowiki>{{Elements Prescription Table}}</nowiki></pre>
It looks like this (without rows or table ending)
----
</noinclude>
{| class="table" style="text-align:center" border="1" cellspacing="0" cellpadding="5"
|- style="background:#{{BGColour03}}; color:#{{FGColour03}};"
|'''Element'''
|'''Type'''
|'''Prescribed'''
|'''Rationale'''<noinclude>
|}</noinclude>

File:Interpolis logo.jpg

2012-11-11T23:22:21Z

Daniel Jumelet: start

Logo Interpolis

File:ArchiSurance logo.png

2012-11-11T23:22:21Z

Daniel Jumelet: start

Logo ArchiSurance

Solutions

2012-11-11T23:22:21Z

Daniel Jumelet:

==Introduction==
A Solution is a predefined set of infrastructure facilities, services and processes, that is delivered to the end-user/customer of IT.

A Solution is constructed using the following components from the repository:
* One or more infrastructure [[Pattern]]s
* One or more Operational [[Processes]]
* One or more [[Service Level Agreements]]

Solutions can be worked out in [[:Category:Product_Blueprint|Product Blueprints]], especially when Solutions are requested frequently in a standard fashion.

==ArchiSurance implementation==
In this repository, the following Solutions have been defined:
{{#ask: [[Category:Solution]]
|?Owner=Owner
|default = ''No Solutions present in this repository (yet)''
}}

Category:Solution

2012-11-11T23:22:21Z

Daniel Jumelet: start

A Solution is a predefined set of infrastructure facilities, services and processes, that is delivered to the end-user/customer of IT.

A Solution is constructed using the following components from the repository:
* One or more infrastructure [[Pattern]]s
* One or more [[Services]]
* One or more [[Processes]]

Solutions can be worked out in [[:Category:Product_Blueprint|Product Blueprints]], especially when Solutions are requested frequently in a standard fashion.

Processes

2012-11-11T23:22:21Z

Daniel Jumelet: start

==Introduction==
During the continuous life cycle of the development, maintenance and demolition of facilities in an IT-landscape, many processes are followed to guide the activities that are carried out. ITIL v3 describes the most common processes that are used to support the IT lifecycle.

==ArchiSurance implementation==
ITIL v3 is used for the definition of processes in this repository. The following processes are defined:

{{#ask: [[Category:Process]]
|?Owner=Owner
|default = ''No Services present in this repository (yet)''
}}

Category:Process

2012-11-11T23:22:21Z

Daniel Jumelet: start

During the continuous life cycle of the development, maintenance and demolition of facilities in an IT-landscape, many processes are followed to guide the activities that are carried out. Amongst those processes are:
* Configuration Management
* Incident Management
* Availability Management
* Capacity Management
* Business Continuity Management
* etcetera

ITIL v3 describes the most common processes that are used to support the IT lifecycle.

Services

2012-11-11T23:22:21Z

Daniel Jumelet: start

==Introduction==
A Service is an activity that is carried out by IT-support personnel. ITIL v3, a large collection of Service Management best practises, offers the most common and widely used description of Services.

==ArchiSurance implementation==
ITIL v3 is used for the definition of services in this repository. The following Services are defined:

{{#ask: [[Category:Service]]
|?Owner=Owner
|default = ''No Services present in this repository (yet)''
}}

Category:Service

2012-11-11T23:22:21Z

Daniel Jumelet:

__NOFACTBOX__
A Service is an activity that is carried out by IT-support personnel. Amongst those activities are:
* monitoring
* asset registration
* standard maintenance
* back-up handling
* troubleshooting
* repair
* etcetera

A very common best practice that describes those services is ITIL v3. Most of the services defined by ITIL are part of this repository

File:Drivenbybizzdesign88x31.png

2012-11-11T23:22:21Z

Daniel Jumelet: start

Main contribution logo

Availability High

2012-11-11T23:22:21Z

Daniel Jumelet:

{{Maturity|3}}
{{Pageheaderbox
|pagetype=
|pagename=Availability level High
|doctype=QAdefinition
|version=0.2
|owner=J.A.H. Schoonderbeek
}}

Availability [[Availability::High]] has ordinal number [[Availability ordinal::30]]. It's one-sentence description is: 
"[[Availability description::the operation of a facility/solution is unaffected by incidents and disasters]]"

Availability Medium

2012-11-11T23:22:21Z

Daniel Jumelet:

{{Maturity|3}}
{{Pageheaderbox
|pagetype=
|pagename=Availability level Medium
|doctype=QAdefinition
|version=0.2
|owner=J.A.H. Schoonderbeek
}}

Availability [[Availability::Medium]] has ordinal number [[Availability ordinal::20]]. It's one-sentence description is: 
"[[Availability description::the operation of a facility/solution is unaffected by incidents]]"

Availability Best-Effort

2012-11-11T23:22:21Z

Daniel Jumelet:

{{Maturity|3}}
{{Pageheaderbox
|pagetype=
|pagename=Availability level Best-Effort
|doctype=QAdefinition
|version=0.2
|owner=J.A.H. Schoonderbeek
}}

Availability [[Availability::Best-Effort]] has ordinal number [[Availability ordinal::10]]. It's one-sentence description is: 
"[[Availability description::the operation of a facility/solution is not safe-guarded against incidents and disasters]]"

File:PAT.Data Management.jpg

2012-11-11T23:22:21Z

Daniel Jumelet: start

Graphical overview of the Data Management Pattern Type

File:PAT.Application Hosting.jpg

2012-11-11T23:22:21Z

Daniel Jumelet: start

Organization Context Analysis Questionnaire

2012-11-11T23:22:21Z

Daniel Jumelet:

This questionnaire is part of the OIAm methodology and was used to create the ArchiSurance profile. But of course it can be a convenient tool do describe your organization or your clients organization as well!

== Questionnaire - Organization Context Analysis ==

You can use this Questionnaire to create a back-ground picture of the organization/division that you define infrastructure architectural artefacts for. You are free to select those questions of the list that suit your target. The ArchiSurance description in this demo wiki is based on this questionnaire.

'''Organization – Global Profile'''
<ol start="1">
<li>What is the organization’s field of work.</li>
<li>What is the market position of the organization.</li>
<li>What services and/or products are delivered by the organisation and how are they delivered.</li>
<li>How many orderers/customers does the organization have.</li>
<li>Does cooperation with other organization take place and if so which (kind).</li>
<li>How many employees does the organization have.</li>
<li>Which divisions or businessunits does the organization have and what is their size measured by personnel numbers (both own and hired workers).</li>
<li>How many offices/sites does the organization have of what kind they are.</li>
<li>What are the personnel numbers per office/site.</li>
<li>What is the geographical distance between offices/sites.</li>
</ol>
'''Organization - Targets'''
<ol start="11">
<li>What is the mission of the organization.</li>
<li>What are the most important challenges of the organization (e.g. achieving more efficiency, better customer intimacy, etcetera)</li>
<li>The upcoming three years, which tree targets are the most important.</li>
</ol>
'''Organization - Processes'''
<ol start="14">
<li>What are the core processes of the organization and what are the service windows of these processes.</li>
<li>What are the most important support processes (e.g. HRM, business administration, logistics) and what are the service windows.</li>
<li>Which processes will be revised the upcoming three years.</li>
</ol>
'''Organization – IT-policy'''
<ol start="17">
<li>How is the IT-departement positioned within the organization and how/to what extend is it involved in decision making processes.</li>
<li>Does the organization have an Information Security policy and how is it being used/maintained.</li>
<li>Does the organization keep and maintain Information Lifecycle Management processes.</li>
<li>Does the organization keep and maintain Continuity Planning.</li>
<li>Does the organization support and enable SoHo/Telecottage workplaces.</li>
</ol>
'''Application Landscape – Application (cluster)'''
''NB: There is no need to describe all applications, just most important applications should be surveyed.''
<ol start="22">
<li>What is the name of the application or cluster of applications.</li>
<li>Which business processes are supported by the application, what is its target.</li>
<li>Which divisions or business units use this application.</li>
<li>Is a security classification applied to this application (cluster) and the data that is processed by it (for example a CIA-rating: Confidentiality, Integrity, Availability).</li>
<li>What time of unavailability is sustainable for (business) users.</li>
<li>Which ‘Mean Time Between Failure’ is acceptabel voor de applicatie.</li>
<li>What is the (estimated) amount of stored data that is related to this application. Does this amount increase and if so, at what rate.</li>
<li>What is the (estimated) amount of data that is being processed by the application (per hour/day/week/month).</li>
<li>Does the application exchange time-sensitive data (like voice, video, interactive data).</li>
</ol>
'''IT-Operations'''
<ol start="31">
<li>Does the organization make use of ITIL or a comparable methodology to guide and structure operational processes.</li>
<li>Does the organization use and maintain a Configuration Management Database (CMDB), is it up-to-date en what level of detail is being used.</li>
<li>What is the structure of the operations organization from a competence point of view (support teams, number of members per team, skill levels).</li>
<li>How is first, second and (if existent) third level support being structured.</li>
<li>What is the performance of operations as perceived by end-users.</li>
<li>Where are operational activities being carried out (centralized/on site/remote).</li>
<li>Are (formal) Service Level Agreements (SLA's) in place with an internal operations organization (if existent) and if so, which ones.</li>
<li>Are SLA’s in place with 3rd partys, like Service Providers, external hosting providers and outsourcing companies.</li>
<li>Is Service Level Management being executed.</li>
<li>Are Disaster Recovery Plans in place and being maintained.</li>
<li>Is being made use of operational tools, like HP Openview or IBM Tivoli Suite and if so, which.</li>
<li>Are Information Security policies and procedures actively being held and maintained.</li>
<li>Is a Security Officer or Security Office present in the organization.</li>

Help:ArchiSurance Use Case

2012-11-11T23:22:21Z

Daniel Jumelet:

[[Category:Help]]
__NOTOC__
==ArchiSurance use case==
How is this infrastructure architecture repository filled, used and maintained? And what role does it play regarding infrasructure development processes? Who are involved in either or both the preparation/maintenance of the wiki and the utilization of it? This simple use case description tries to give brief but consise answers to these questions.
===Actors===
{|
|EA:
|Enterprise Architect
|-
|Dept. head:
|Department head
|-
|DA:
|Domain Architect
|-
|PA:
|Project Architect
|-
|Designer:
|Lead engineer/designer of project team
|-
|Svc Mgr:
|Service Manager
|-
|Ops:
|Operations
|}
===Wiki preparation===
* '''step (a)''' The architecture repository is filled with default content: default [[:Category:Working Area|Working Area]]s, default [[:Category:Building Block Type|Building Block Type]]s, default [[:Category:Quality Attribute|Quality Attribute]]s
* '''step (b)''' EA inputs architecture Principles
* '''step (c)''' Dept. head inputs [[:Category:Environment|Environment]]s under Working Area that corresponds to his department (e.g. Agency AMSterdam inputs all Environments under [[Client Realm (CR)|Client Realm]]
* '''step (d)''' DA creates quality attribute classes and their properties, custom Building Block Types, (universal) [[:Category:Building Block Variant|Building Block Variant]] descriptions and [[:Category:Element|Element]]s.
 
The diagram below shows a graphic representation of the use case of the architecture wiki. Depicted are two processes: the preparation of the repository, and using the repository to realise an infrastructure facility under architecture.
[[Image:UML_Use_Case.png|center|400px|UML diagram]]
===Use case: realizing a new infrastructure facility===
* '''step (1)''' The customer appoints a PA to realise (a.o.) an infrastructure facility. The customer provides the PA with needs, requirements and a business case.
* '''step (2)''' The PA<ref name="DA"> probably working together with a DA</ref> consults relevant architecture principles, [[:Category:Environment|Environment]] descriptions (Quality Requirements of usage context) and already available feasible solutions, in the form of ([[:Category:Pattern Type|Pattern Type]]s or) [[:Category:Building Block Type|Building Block Type]]s. With this information, the PA<ref name="DA" /> creates one or more achitecture studies, containing high-level drafts of feasible solutions. These drafts, based on the selected Pattern Types and Building Block Types in the repository, depict possible 'to-be' solutions.
* '''step (3)''' Based on the architecture studies, the PA researches available and eligible [[:Category:Pattern Variant|Pattern Variant]]s and [[:Category:Building Block Variant|Building Block Variant]]s. Based on this information, PA<ref name="DA" /> determines the impact of the new solution on the 'as-is' situation.
* '''step (4)''' if necessary, the PA<ref name="DA" /> creates new Building Block Variants/Pattern Variants, describing the target architecture of (new) facilities.
* '''step (5)''' The Designer consults the selected and/or created Building Block Variant/Pattern Variants, and creates an infrastructure facility design in accordance with the BBV's/PV's.
* '''step (6)''' if convenient, the Designer creates [[:Category:Building Block Blueprint|Building Block Blueprint]]s and/or [[:Category:Product Blueprint|Product Blueprint]]s. And if necessary, he puts extra indications for use in the [[:Category:Building Block Variant|Building Block Variant]]s/[[:Category:Pattern Variant|Pattern Variant]]s, and/or he updates or adds [[:Category:Element|Element]]s.
* '''step (7)''' The Service Manager reads the properties of the new infrastructure facility from its Blueprints, its Building Block Variants/Pattern Variants and its quality attributes. Based on this, she creates an OP (Operational Product)
* '''step (8)''' Operations needs to perform maintenance, and checks the Blueprints for characteristics/indications for usage
 
<references/>

Property:Allows value

2012-11-11T23:22:21Z

Daniel Jumelet:

A pre-defined value for a Property that is used to:
* define a semantic ''attribute'';
* limit entry options.

Client Realm

2012-11-11T23:22:21Z

Daniel Jumelet: start

#REDIRECT [[Client Realm (CR)]]

SE.BV.Centralized Monitoring.SAP

2012-11-11T23:22:21Z

Daniel Jumelet:

{{Maturity|2}}
{{Pageheaderbox4BBV
|name=SAP Central Monitoring
|variantofBBT=SE.BT.Centralized Monitoring
|environment=SE.ENV.Data Centre.Back-end
|version=0.2
|owner=S.A.D. Jumelet
}}
{{Table Ending}}
{{Description Area
|description=Central monitoring for SAP Applications.

|annotate=yes
}}
{{Purpose section
|text=Provide the central event monitoring services of server, database and SAP applications, SAP Solution Manager.
}}
{{Section
|header=Characteristics & indications of usage
|text=* Design conform ArchiSurance standards (both EA and SAP)
* Use to monitor events from servers on which SAP applications are deployed, databases used by SAP applications and SAP Applications
* Monitoring is based on the RZ20 transaction of each monitored SAP Application
* Is mandatory by SAP License
}}

{{BBV Elements prescription}}
{{Elements Prescription Table}}
{{Element Prescription Row
|element=EL.NetWeaver kernel
|prescription=must
|reason=The monitoring system is integrated with the SAP Application Server
}}
{{Table Ending}}
{{BBV Quality Description
|adaptability=HSC
|scalability=out
|manageability=Medium
|accountability=PP
|availability=Medium
|integrity=Low
}}
{{BBV Text Footer}}

SE.BV.Centralized Logging.SAP

2012-11-11T23:22:21Z

Daniel Jumelet:

{{Maturity|2}}
{{Pageheaderbox4BBV
|name=SAP Central Logging
|variantofBBT=SE.BT.Centralized Logging
|environment=SE.ENV.Data Centre.Back-end
|version=0.2
|owner=S.A.D. Jumelet
}}
{{Table Ending}}
{{Description Area
|description=Central logging for SAP Applications.
|annotate=yes
}}
{{Purpose section
|text=Provide the central logging services of server, database and SAP applications, SAP Solution Manager.
}}
{{Section
|header=Characteristics & indications of usage
|text=* Design conform ArchiSurance standards (both EA and SAP)
* Use to log events from servers on which SAP applications are deployed, databases used by SAP applications and SAP Applications
* Is mandatory by SAP License
}}

{{BBV Elements prescription}}
{{Elements Prescription Table}}
{{Element Prescription Row
|element=EL.NetWeaver kernel
|prescription=must
|reason=The logging system is integrated with the SAP Application Server
}}
{{Table Ending}}
{{BBV Quality Description
|adaptability=HSC
|scalability=out
|manageability=Medium
|accountability=PP
|availability=Medium
|integrity=Low
}}
{{BBV Text Footer}}

PAT.Webfarm Data

2012-11-11T23:22:21Z

Daniel Jumelet: start

#REDIRECT [[PAT.Data Management]]

Template:Quality Attribute Description

2012-11-11T23:22:21Z

Daniel Jumelet:

<noinclude>
[[Category:Templates]]
This template can display QA values and rationales. The named parameters for the QA value are mandatory - use "0 - NS" if you do not want to specify them. The reason can be empty. To use the template, cut and paste the following code (remove the space between the first two curly brackets):
{ {Quality Attribute Choice
|adaptability=0 - NS
|scalability=0 - NS
|manageability=0 - NS
|accountability=0 - NS
|availability=0 - NS
|integrity=0 - NS
}}
An impression of the result of using this template can be seen below:
----
</noinclude>

{| class="table" style="text-align:center" border="1" cellspacing="0" cellpadding="5"
!style="background:#{{BGColour03}}; color:#{{FGColour03}}" width=140|[[:Category:Quality Attribute Group|QA Group]]
!style="background:#{{BGColour03}}; color:#{{FGColour03}}" width=140|[[:Category:Quality Attribute|Quality Attribute]]
!style="background:#{{BGColour03}}; color:#{{FGColour03}}" width=70|Value
|-
|rowspan="2" valign="center"|[[Flexibility]]
|[[:Property:Adaptability|Adaptability]]
|[[Adaptability::{{{adaptability}}}]]
|-
|[[:Property:Scalability|Scalability]]
|[[Scalability::{{{scalability}}}]]
|-
|rowspan="2" valign="center"|[[Maintainability]]
|[[:Property:Manageability|Manageability]]
|[[Manageability::{{{manageability}}}]]
|-
|[[:Property:Accountability|Accountability]]
|[[Accountability::{{{accountability}}}]]
|-
|rowspan="2" valign="center"|[[Reliability]]
|[[:Property:Availability|Availability]]
|[[Availability::{{{availability}}}]]
|-
|[[:Property:Integrity|Integrity]]
|[[Integrity::{{{integrity}}}]]
|-
|}

Template:Designbasedon

2012-11-11T23:22:21Z

Daniel Jumelet:

<noinclude>
[[Category:Templates]]
This query should be on every Pattern Variant page, but can also be used elsewhere. It produces a table of all blueprints that are based on the page you supply.

It takes a single named parameter:
* ''model'' should be a page name, so that the query produces all pages that declare themselves designed based on that page. If there is no page present, specify ''default'' as model, as is suggested by the syntax below:

To use the template, cut and paste the following code (remove the space between the first two curly brackets):
{ {Designbasedon
|model=default
}}

An impression of the result of using this template can be seen below:
----
</noinclude>
[[Image:Doc inspect.png|left|24px|Semantic query]]
{{#ask: [[Design based on::{{{model}}}]]
| mainlabel=Blueprint(s)
| default = ''No Blueprints found (yet)''
| format=table
|
|
|
|
|
|
|
}}
[[Usestemplate::Designbasedon| ]]

Category:Pattern

2012-11-11T23:22:21Z

Daniel Jumelet:

A Pattern is a set of Building Blocks that form an infrastructure solution.

__NOFACTBOX__

Property:Constructed with

2012-11-11T23:22:21Z

Daniel Jumelet: start

#REDIRECT [[Property:Is constructed with]]

Property:Manageability

2012-11-11T23:22:21Z

Daniel Jumelet:

{{Maturity|3}}
{{Pageheaderbox
|pagetype=
|pagename=Manageability
|doctype=Quality Attribute
|version=0.2
|owner=J.A.H. Schoonderbeek
}}
__SHOWFACTBOX__
A solution’s manageability, denoted as a single [[Has type::string]], determines how difficult or easy it will be to keep a system operational. Standardized safeguards (monitoring and alerting) can help to enhance manageability, whilst consideration must be given to the additional expertise needed by system administrators, as well as the standardization and complexity of managed service interfaces and tools.

Defined values for Manageability:
{| class="table" style="text-align:center" border="1" cellspacing="0" cellpadding="5"
!style="background:#{{BGColour03}};"|ordinal
!style="background:#{{BGColour03}};"|value
!style="background:#{{BGColour03}};"|meaning
|-
|{{QAlevelordinal|qa=Manageability|level=NS}}
|[[allows value::NS]]
|[[Quality Attribute NS|{{QAleveldescription|qa=Manageability|level=NS}}]]
|-
|{{QAlevelordinal|qa=Manageability|level=Best-Effort}}
|[[allows value::Best-Effort]]
|[[Manageability Best-Effort|{{QAleveldescription|qa=Manageability|level=Best-Effort}}]]
|-
|{{QAlevelordinal|qa=Manageability|level=Medium}}
|[[allows value::Medium]]
|[[Manageability Medium|{{QAleveldescription|qa=Manageability|level=Medium}}]]
|-
|{{QAlevelordinal|qa=Manageability|level=High}}
|[[allows value::High]]
|[[Manageability High|{{QAleveldescription|qa=Manageability|level=High}}]]
|}

The table below provides an overview of these classes and the provisions that should be made to get a facility or Product rated in a certain class. Note: the listed provisions for logging and monitoring have both an internal and an external component. An '''internal''' component or "agent" makes it possible for a facility to act as a source of data for a centralized logging or monitoring management system, the '''central''' component. When applying a provision to an infrastructure facility during the design process, not only the internal component should be taken into account, but the central component as well.

{| class="table" style="text-align:center" border="1" cellspacing="0" cellpadding="5"
!style="background:#{{BGColour03}};"|Provision
!style="background:#{{BGColour03}};"|Best-Effort
!style="background:#{{BGColour03}};"|Medium
!style="background:#{{BGColour03}};"|High
|-
|Event Logging
|√
|√
|√
|-
|Logging Normalization
||-
||-
|√
|-
|Connectivity Monitoring
|√
|√
|√
|-
|Hardware Monitoring
||-
|√
|√
|-
|Hardware Capacity Monitoring
||-
||-
|√
|-
|Operating Systems Monitoring
||-
|√
|√
|-
|(Application) Service Monitoring
||-
|√
|√
|-
|(Product) Chain Monitoring
||-
||-
|√
|-
|In-band Management Access
|√
|√
|√
|-
|Out-of-band Management Access
||-
|√
|√
|-
|Remote Power Cycle
||-
|√
|√
|-
|}

Property:Integrity

2012-11-11T23:22:21Z

Daniel Jumelet:

{{Maturity|3}}
{{Pageheaderbox
|pagetype=
|pagename=Integritity
|doctype=Quality Attribute
|version=0.1
|owner=J.A.H. Schoonderbeek
}}
__SHOWFACTBOX__
A facility's/products Integrity, denoted as a single [[Has type::string]], determines to what degree a facility/product is armed and protected against abuse, tampering, vandalism and/or malicious input. The more countermeasures are taken, the higher the degree of integrity is that can be guaranteed. However, applying many provisions to safeguard integrity often has an important drawback: The ease of use (the 'utility-value') of a facility/product will be reduced severely. Therefore, selecting a facility/product with a certain Integrity rating should be in line with the risks that are expected/applicable.

The following classes of Integrity are defined:
{| class="table" style="text-align:center" border="1" cellspacing="0" cellpadding="5"
!style="background:#{{BGColour03}};"|ordinal
!style="background:#{{BGColour03}};"|value
!style="background:#{{BGColour03}};"|meaning
|-
|{{QAlevelordinal|qa=Integrity|level=NS}}
|[[allows value::NS]]
|[[Quality Attribute NS|{{QAleveldescription|qa=Integrity|level=NS}}]]
|-
|{{QAlevelordinal|qa=Integrity|level=Low}}
|[[allows value::Low]]
|[[Integrity Low|{{QAleveldescription|qa=Integrity|level=Low}}]]
|-
|{{QAlevelordinal|qa=Integrity|level=Medium}}
|[[allows value::Medium]]
|[[Integrity Medium|{{QAleveldescription|qa=Integrity|level=Medium}}]]
|-
|{{QAlevelordinal|qa=Integrity|level=High}}
|[[allows value::High]]
|[[Integrity High|{{QAleveldescription|qa=Integrity|level=High}}]]
|}

The table below provides an overview of these classes, and summarily lists (some of) the provisions that should be made to get a facility or product rated in a certain class:
{| class="table" style="text-align:center" border="1" cellspacing="0" cellpadding="5"
!style="background:#{{BGColour03}};"|Provision
!style="background:#{{BGColour03}};"|1 - Low
!style="background:#{{BGColour03}};"|2 - Medium
!style="background:#{{BGColour03}};"|3 - High
|-
|Identity Validation
|none
|1-factor
|2-factor
|-
|Permission Validation
||-
|√
|√
|-
|Logging/auditing
|√
|√
|√
|-
|Alerting
||-
||-
|√
|-
|Hardening
||-
||-
|√
|-
|Physical protection (housing and/or construction)
||-
|√
|√
|-
|Management access
|In-band
|In-band encrypted
|Out-of-band
|-
|}

Property:Adaptability

2012-11-11T23:22:21Z

Daniel Jumelet:

{{Maturity|3}}
{{Pageheaderbox
|pagetype=
|pagename=Adaptability
|doctype=Quality Attribute
|version=0.2
|owner=J.A.H. Schoonderbeek
}}
__SHOWFACTBOX__
A facility's/products adaptability, denoted as a single [[Has type::string]], determines how easy or difficult it will be to make a change to the setup of this facility/product.

On the level of a single infrastructure facility, three aspects may be subject to adaptation:
* Hardware
* Software
* Configuration

Maximum adaptability is achieved when hardware, software and the configuration all can be adapted (typically a facility that is based on a server platform). Minimal adaptability is scored when no aspect or only the configuration can be adapted (which is often the case when a facility is based on an appliance). In between, several permutations do occur.

On the product/pattern level, interoperability of the facilities that form this product/pattern is added as an aspect of adaptability. Interoperability is promoted by designing modular systems (using standard components), applying standardised protocols and tools and limiting the complexity of offered functionality.

Defined values for Adaptability:
{| class="table" style="text-align:center" border="1" cellspacing="0" cellpadding="5"
!style="background:#{{BGColour03}};"|ordinal
!style="background:#{{BGColour03}};"|value
!style="background:#{{BGColour03}};"|meaning
|-
|{{QAlevelordinal|qa=Adaptability|level=NS}}
|[[allows value::NS]]
|[[Quality Attribute NS|{{QAleveldescription|qa=Adaptability|level=NS}}]]
|-
|{{QAlevelordinal|qa=Adaptability|level=H}}
|[[allows value::H]]
|[[Adaptability H|{{QAleveldescription|qa=Adaptability|level=H}}]]
|-
|{{QAlevelordinal|qa=Adaptability|level=S}}
|[[allows value::S]]
|[[Adaptability S|{{QAleveldescription|qa=Adaptability|level=S}}]]
|-
|{{QAlevelordinal|qa=Adaptability|level=C}}
|[[allows value::C]]
|[[Adaptability C|{{QAleveldescription|qa=Adaptability|level=C}}]]
|-
|{{QAlevelordinal|qa=Adaptability|level=HS}}
|[[allows value::HS]]
|[[Adaptability HS|{{QAleveldescription|qa=Adaptability|level=HS}}]]
|-
|{{QAlevelordinal|qa=Adaptability|level=HC}}
|[[allows value::HC]]
|[[Adaptability HC|{{QAleveldescription|qa=Adaptability|level=HC}}]]
|-
|{{QAlevelordinal|qa=Adaptability|level=SC}}
|[[allows value::SC]]
|[[Adaptability SC|{{QAleveldescription|qa=Adaptability|level=SC}}]]
|-
|{{QAlevelordinal|qa=Adaptability|level=HSC}}
|[[allows value::HSC]]
|[[Adaptability HSC|{{QAleveldescription|qa=Adaptability|level=HSC}}]]
|-
|}

SE.BT.Platform Management

2012-11-11T23:22:21Z

Daniel Jumelet: start

#REDIRECT [[SE.BT.Centralized System Configuration Management]]

SE.BV.Database Management.SAP Database

2012-11-11T23:22:21Z

Daniel Jumelet: start

#REDIRECT [[MW.BV.Database Management.SAP Database]]

MW.BV.Database Management.SAP Database

2012-11-11T23:22:21Z

Daniel Jumelet:

{{Maturity|2}}
{{Pageheaderbox4BBV
|name=SAP Database Management
|variantofBBT=MW.BT.Database Management
|environment=MW.ENV.Data Centre.Back-end
|version=0.2
|owner=S.A.D. Jumelet
}}
{{Table Ending}}
{{Description Area
|description=Some SAP Database capabilities are undesirable for use in the case of ArchiSurance.
|annotate=yes
}}
{{Purpose section
|text=Provision of a logic data storage and retrieval facility for SAP applications.
}}
{{Section
|header=Characteristics & indications of usage
|text=The SAP database is a specialization of the SAP application server with either an ABAP and/or JAVA kernel. Each kernel can have its own database or share the database.
}}

{{BBV Elements prescription}}
{{Elements Prescription Table}}
{{Element Prescription Row
|element=EL.Database Prescription Oracle
|prescription=must
|reason=Any Oracle database management system that is compliant to the SAP Product Availability Matrix. (The current compliant version is Oracle 10).
}}
{{Element Prescription Row
|element=EL.Red Hat Enterprise Linux SmartHat
|prescription=must
|reason=This Linux-build is compliant to the SAP Product Availability Matrix and offers a low-cost, maintainable and stable server platform.
}}
{{Element Prescription Row
|element=EL.SNMPv2
|prescription=cannot
|reason=This version of SNMPv2 is not suitable to handle all Oracle 10 SNMP traps.
}}
{{Element Prescription Row
|element=EL.SAP Database Guideline
|prescription=must
|reason=The SAP Database Management implementation offers features which use is undesirable in the ArchiSurance situation.
}}
{{Table Ending}}
{{BBV Quality Description
|adaptability=HSC
|scalability=out
|manageability=Medium
|accountability=PP
|availability=Medium
|integrity=Low
}}
{{BBV Text Footer}}

Category:Quality Attribute

2012-11-11T23:22:21Z

Daniel Jumelet:

__NOFACTBOX__
A Quality Attribute is a property of a function that describes an aspect of the way that function behaves and what demand a function meets, other than or besides the function itself. A Quality Attribute provides the means for measuring the fitness and suitability of a function. To avoid disciplines talking at cross purposes, unequivocal agreement is needed on the quality attributes which each discipline brings into the architectural process. These must serve as the basis for the further reconciliation and harmonization of definitions within the architectural process. Infrastructure architecture will provide its own set of quality attributes, alongside the specific quality attributes of the business and information architectures. Keeping in mind the objective of building the infrastructure function as a utility, there are a number of Quality Attribute Groups, with multiple Quality Attributes each, that express the inherent quality of infrastructure solutions. Below you will find the six quality attributes (and an overview page) that have the greatest relevance to infrastructure facilities.

Quality Attribute Overview

2012-11-11T23:22:21Z

Daniel Jumelet:

{{Maturity|4}}
{{Pageheaderbox
|pagetype=QA
|pagename=Quality Attribute Overview
|doctype=Quality Attribute
|version=1.0
|owner=J.A.H. Schoonderbeek
}}

[[Category:Quality Attribute]]__NOFACTBOX__
A Quality Attribute is a property of a function that describes an aspect of the way that function behaves and what demand a function meets, other than or besides the function itself. A Quality Attribute provides the means for measuring the fitness and suitability of a function. To avoid disciplines talking at cross purposes, unequivocal agreement is needed on the quality attributes which each discipline brings into the architectural process. These must serve as the basis for the further reconciliation and harmonization of definitions within the architectural process. Infrastructure architecture will provide its own set of quality attributes, alongside the specific quality attributes of the business and information architectures. Keeping in mind the objective of building the infrastructure function as a utility, there are a number of Quality Attribute Groups, with multiple Quality Attributes each, that express the inherent quality of infrastructure solutions. The six Quality Attributes that have the greatest relevance to infrastructure facilities are: 
 
{| class="table" style="text-align:center" border="1" cellspacing="0" cellpadding="5"
!style="background:#{{BGColour03}};"|[[:Category:Quality Attribute Group|Quality Attribute Group]]
!style="background:#{{BGColour03}};"|[[:Category:Quality Attribute|Quality Attribute]]
|-
|rowspan="2" valign="center"|[[Flexibility]]
|[[:Property:Adaptability|Adaptability]]
|-
|[[:Property:Scalability|Scalability]]
|-
|rowspan="2" valign="center"|[[Maintainability]]
|[[:Property:Manageability|Manageability]]
|-
|[[:Property:Accountability|Accountability]]
|-
|rowspan="2" valign="center"|[[Reliability]]
|[[:Property:Availability |Availability]]
|-
|[[:Property:Integrity|Integrity]]
|-
|}

Zone Protection

2012-11-11T23:22:21Z

Daniel Jumelet: start

#REDIRECT [[NW.BT.Traffic Filtering]]

Distributed Storage

2012-11-11T23:22:21Z

Daniel Jumelet: start

#REDIRECT [[ST.BT.Distributed Storage]]

Decentralized Storage

2012-11-11T23:22:21Z

Daniel Jumelet: start

#REDIRECT [[ST.BT.Decentralized Storage]]

Centralized Storage

2012-11-11T23:22:21Z

Daniel Jumelet: start

#REDIRECT [[ST.BT.Centralized Storage]]