Building Enterprise 2.0 Applications

by Nam Doan-Huy, YiHong Xu, Narshimha Rao Kondapaka, and Melody Wood

Getting the right information to the right people at the right time

Part of the Oracle Fusion Middleware Patterns series.

Published August 2009

download-icon13-1Oracle Fusion Middleware


In today's hyper-competitive global economy, agility in response to change is more important than ever. Information and the interaction around it have become key assets of most enterprises, and making good decisions in continuously shrinking cycle times is a defining operational characteristic of a successful company. This market imperative to access the right information and deliver it to the right people at the right time has led to an increased interest in building social enterprise capabilities-and the social Web is central to that quest.

As businesses adopt these social collaboration tools within the enterprise to foster collaboration and increase the productivity of their employees, they also find that those tools are invaluable for achieving operational excellence. Enterprise 2.0 can play a vital role allowing customers access to the organization's systems and processes. This level of ongoing collaboration with customers reduces the number of times customers have to contact customer support, resulting in cost savings for the company and increased customer satisfaction.

How do you go about building an Enterprise 2.0 application? It's important to understand that it's not just building a Web 2.0 application. According to management consultants McKinsey and Company, Web 2.0 projects often are seen as grassroots experiments, and leaders sometimes believe the technologies will be adopted without management intervention-a "build it and they will come" philosophy. Enterprise 2.0 applications, in contrast, serve business objectives and have support from internal (IT, business) and external (customers, partners) stakeholders. An Enterprise 2.0 technology strategy should combine the different aspects of Web 2.0 capabilities into a secure and comprehensive platform where business conversations and tasks are executed in the context of business goals. It should promote and enable rich user experiences and expose enterprise content in the most secure fashion. An Enterprise 2.0 application combines the capabilities of content management, security, search and Web 2.0. It gathers information from ERP applications, CRM systems and other backend enterprise applications and delivers this information in a form that is context-based, secure, and easy to find.

In this article we will examine the key building blocks of Enterprise 2.0 architectures and then outline important integration considerations for building an Enterprise 2.0 application. We will also illustrate how Wind River leveraged Oracle's Enterprise 2.0 platform to revamp its online customer support portal.

Building Blocks Of Enterprise 2.0

Enterprise 2.0 is an integrative business strategy that combines multiple disciplines, technologies, and experiences. The fundamental capabilities of any rich Enterprise 2.0 require the combination of content management, a Web 2.0 framework, security, and integration with enterprise applications.

Figure 1: Enterprise 2.0 Building Blocks

Content Management — Organizations inadvertently deal with structured and unstructured data. Structured data can include documents, files, and videos, and is generated primarily from within the company. Unstructured data is generated mostly from customer interactions and could include blog postings, Wiki entries, and chat scripts. The Content Management platform provides a single and consistent infrastructure for managing, publishing, and delivering the data in a uniform fashion.

Web 2.0 Framework — While the Content Management platform addresses how content is created and managed, the Web 2.0 framework provides the collaborative platform to enable rich interaction through the ability to expose enterprise data in a highly collaborative manner. Due to the social nature of Web 2.0 platforms, it's important that this collaborative presentation layer is not only user-friendly and easy to navigate, but that this single presentation layer is multi-channel accessible (by PCs, mobile devices, PDA, and other devices). Most importantly, the Web 2.0 framework enables conversational participation with users and systems through services like instant messaging, voice interaction, wikis, blogs, communities, tagging, user ratings, and personalization.

Security — Enterprise 2.0 systems should be built with business in mind, with security as the highest priority. Exposing and personalizing content poses very specific security challenges, especially given the highly accessible and highly interactive nature of Enterprise 2.0 solutions. Who can publish and edit content? What happens to content over time? What user role-based restrictions should be placed on content?? Enterprise 2.0 should be safe, secure, auditable, and controllable. The Security layer provides authentication, authorization, personalized delivery of content based on user roles and identities, a complete audit trail over the lifecycle of the content, and content publishing/monitoring controls.

Integration — Enterprise 2.0 brings information from ERP applications, CRM systems, and other backend enterprise apps together and presents it to the end user in a secure and contextual fashion. Users collaborate on information that is either coming out of or going into an enterprise application. This requires integration between enterprise applications orchestrating data and business flow, merging this data with the content management layer and presenting it to the end user in a Web 2.0 front end.

Enterprise 2.0 Integration

With many technology tiers comprised of several different products, it is important that these layers interact without any friction. Building Enterprise 2.0 frameworks in accordance to industry standards helps to ensure interoperability with minimal code changes required. A standards-compliant platform also ensures flexible design architecture, allowing companies to scale their Enterprise 2.0 environments and easily fold in new features on an as-needed basis. Let's examine key integration considerations while building an Enterprise 2.0 application.

Figure 2: Enterprise 2.0 integration between the Web 2.0, Content Management, SOA, and Security layers

Integrating content management with the Web 2.0 layer
What's the best way to surface content from the content management layer in a rich UI? Is it possible to develop a flexible Enterprise 2.0 architecture that is agnostic of the portal or underlying content management framework? Fortunately, standards can play a significant role in reducing the pain of integration. Content management systems supporting the JCR or JSR-170 standards provide architectural flexibility. JSR-170 compliant content management systems can be accessed through a standardized API that can be used for connecting to any content repository. This removes the dependency of the Web 2.0 layer on the underlying content management platform. The Web 2.0 layer in turn can connect to several different content repositories without relying on hard-coded integrations.

Similarly, JSR 168 (and its successor, JSR 286) and WSRP can provide interoperability between different portal vendors. With JSR 168 and WSRP, portlets are transformed into independent business objects that can be shared across different Enterprise 2.0 applications, thus promoting reuse.

Enabling authentication for the content management and Web 2.0 layers
Both the Web 2.0 and content management layers need to control access based on user profiles. Hence, configuration of the Web 2.0 and content management layers requires the use of Single Sign-On for authentication andan LDAP provider as the identity store. To go beyond the limitations of J2EE security and to enable applications to authenticate users and enforce authorization, the most important standard is the Java Authentication and Authorization Service (JAAS), a standard security Application Programming Interface (API) that was added to the Java language through the Java Community Process.

Integrating the Web 2.0 layer with Enterprise applications using SOA SOA plays an instrumental role in orchestrating business processes using BPEL (Business Process Execution Language). BPEL automates Web services-based integration between different backend applications and humans. Integration between the Web 2.0 and SOA layers is bidirectional. Users from the Web 2.0 layer can kick-off or advance key business processes by calling BPEL processes directly. SOA, in turn, can deliver contextual enterprise data to the Web 2.0 layer.

Having outlined the basic architectural principles to augment an ECM solution with Web 2.0 capabilities, let us now examine the real-life application of these design principles in Wind River Systems's online customer support website.

Wind River's Enterprise 2.0 Approach To Online Customer Support

Wind River, the leader in the Device Software Optimization (DSO) market, wanted to fundamentally simplify information exchange and collaboration across its network of more than 30,000 employees and customers who used their Online Support system (OLS).

The company's original OLS was designed to support employees, customers, and partners on a unified development and delivery platform. The initial OLS goal was to provide a platform where customers and partners could get self-service access to personalized support data, log service requests, and find information on product defects and patches. That same platform was to allow employees (from Support, Product Management, Technical Publications, Engineering, and other departments) to contribute to the content collaboratively, and to also allow that content to be shared with customers. Unfortunately, that OLS system failed to meet those needs. It lacked the functionality as well as the infrastructure to display content that was targeted towards specific users.

The OLS infrastructure was based on various PHP/Perl-based CGI applications that delivered content from a variety of systems, including Oracle E-Business Suite and file-based and database systems. All support content (including support manuals, tech tips, FAQs, and how-to guides) was not centrally managed. The publishing process was completely manual and required a high level of coordination between Engineering, Product Management, and OLS staff. The lack of a centralized repository and the inability to dynamically update the documents created a maintenance nightmare for Wind River's support organization. Maintaining data integrity and minimizing the time to get new information to the customer was a major issue.

Another major complaint from customers was that they found it very difficult to find OLS content that was relevant to the products that they had purchased from Wind River. In order to address this issue, Wind River's vision was to personalize OLS content for each of its customers by showing them OLS content that was relevant to the products that they had purchased.

However, there was no infrastructure in place to link product and support content with the products that each customer had purchased from Wind River. This made it difficult to associate a customer's product install base with the content that the customer was seeing. This lack of centralized content and integration with enterprise systems had an adverse impact on customer experience. Customers were on their own to search or navigate Wind River's original OLS website in order to locate support data they might need. OLS also didn't provide the collaborative infrastructure that would allow customers and Wind River support staff to interact in real-time to quickly resolve customer issues.

Wind River took an Enterprise 2.0 approach to solve this challenge. It decided to centralize support content in a content repository and utilize a Web 2.0 interface to deliver targeted content from the content repository as well as other enterprise systems. How was this accomplished? Let's review the architecture.

Figure 3: Wind River Enterprise 2.0 Architecture for Online Customer Support


Content Management

To centrally manage Wind River's product-related documents, patches, demos, digital assets, image files and business process needs, we chose Oracle Universal Content Management (UCM). UCM helps us manage 3,000 to 5,000 physical files and about 78,000 digital files on the Online Support Portal.

Figure 4: Oracle UCM layer centralizes content management and streamlines content publishing


In addition to laying the foundation for a centralized customer delivery platform, UCM also streamlines the content publishing process. UCM effectively moves the ownership of publishing OLS content (manuals, patches, demos, etc.) away from various IT and Online Support administrators and directly to the content authors (Product Management, Engineering, Technical Publications, etc.) by creating an internal approval and publishing framework. This, in turn, reduces content processing inefficiencies and improves overall data integrity during the content contribution process.

Web 2.0

The OLS front end was implemented using Oracle WebCenter. WebCenter has unique capabilities to build Enterprise 2.0 collaborative and social applications that seamlessly combine search, publishing, and knowledge management. WebCenter is based on technologies such as J2EE, Java Server Faces (JSF), and the Oracle Application Development Framework (ADF). A combination of ADF components and Portlets were used to build front end user interfaces. The decision to build these components as ADF components or Portlets was based on the following guidelines.

Portlet — A portlet should be used if the component's functionality is based on only one system and it does not heavily interact with other components. An example of this type of component is the "Proactive Alerts Subscription Form." This form takes input data from the user and stores it in the Alerts Database. It does not interact with any other system and runs within itself. This type of component is an ideal candidate for a portlet. Also, if the component requires user-based customization, it should be built as a portlet.

ADF Component — An ADF component should be used if the component interacts with other components on the page and its data can be driven from other components. While Portlets are capable of intercommunication, ADF is the ideal choice if the interacting components are based on the same system.

Figure 5: OLS Home Page built using Oracle WebCenter


Our OLS front end, built using WebCenter, makes it possible for customers to personalize their online support experience by subscribing to email and content alerts in order to get the information they want.

Additionally, by planning to add further Web 2.0 features such as discussion threads and chat capabilities to the site, Wind River aims to create a community of users that can provide each other with tips, best practices, and ideas for innovation in order to maximize their investment in Wind River technology.

Although we had the option using JCR-based integration with Oracle Universal Content Management, we chose to integrate WebCenter with the UCM layer using Content Integration Suite (CIS). In addition to leveraging standard APIs, CIS offers caching and clustering features to boost performance. With CIS,a file system containing content can be mounted locally to the machine running WebCenter server, making it local to WebCenter. This provides an additional performance boost, as a Portal request does not need to go over the wire to search and fetch content. This is where the push-based content integration approach, which is extremely critical for features like RSS Feeds, comes into play.


There are a number of different types of OLS users, and the security infrastructure needed to support these different types is identified below:

  1. Public — Public users should only be able to view and download product manuals.
  2. Portal User — Users who registered with OLS with no Wind River license (i.e. they do not own any Wind River products) should only be able to update and and add licenses to their profiles. They do not have access to OLS content.
  3. Basic — Users who registered with a valid license that has no active Wind River product support. These users own Wind River products but have either allowed their product support to lapse or did not purchase product support. These users can access OLS but are restricted to viewing only basic content such as Tech Tips, Application Notes, and Manuals.
  4. Maintenance — Users who registered with a valid license that has active product support. These users own Wind River products and also have an active support service contract with Wind River. These users should be able to view all content in OLS except content restricted to Premium users.
  5. Premium — Maintenance users attached to a Premium Support account should be able to view all OLS content as well as premium content specific to their Premium Support account.
  6. Employee — Employees should be able to view all OLS content, including premium content. Employees should also be able to view content that is inaccessible to customers, for example, unpublished defects and all service requests logged by customers (customers should only be able to see their own service requests).

Based on the above requirements the following security model was designed for WebCenter and UCM.

WebCenter Security Model

OID Groups Register Update Profile Main Page My Products Product Search Manuals App Notes Downloads Tech tips Defects
Public X         X        
Portal User X X       X        
Basic X X X X X X X      
Maintenance X X X X X X X X X X
Premium X X X X X X X X X X
Employee X X X X X X X X X X

UCM Security Model

UCM Account Manual Download Techtip App Notes Notification Quick Links
Guest X          
Basic X     X X X
Maintenance X X X X X X
Premium_x X X X X X X
Employee X X X X X X

"Premium_x" in the UCM security model represents a UCM account. While Premium_x users are part of the Maintenance group, they may also have content that requires additional filtering. UCM accounts are used for this purpose. For example, downloads are accessible by all users in the OID Maintenance group. However, access to a particular downloadable document that is specific to the Premium Support account of "CompanyX" must be accessible only by those users in the Maintenance group who are also part of the OID group "Premium_CompanyX". In order to accomplish this, the document in question is attached to the account "Premium_CompanyX"

Additionally, metadata fields can also be used for security purposes. For example, Wind River uses a metadata field labeled "Internal." If the value for this field is set to "true," then the content is accessible only to employees. WebCenter, in establishing that contract with UCM, modifies the query if an employee is logged in, and passes the additional metadata field "internal = true" in the query.

Both WebCenter and the UCM layer leverage Oracle SSO/OID for authentication and authorization.UCM has an Identity Management plug-in that can be configured to retrieve user information from any LDAP based directory. UCM also has configuration files to map LDAP group names to UCM Security Groups as well as UCM accounts.

For OLS, the UCM native authentication scheme was used instead of using SSO for UCM. This is because UCM is not open to public users or all employees - only certain employees and content contributors can login and modify content. However UCM still authenticates against OID.

WebCenter is also configured to retrieve user information (roles, etc.) from OID. However, SSO is configured to allow users to log in through SSO instead of the native authentication scheme. This is done by configuring SSO on the application server and identifying the application as SSO enabled. The page level security is then enabled using J2EE security through web.xml.

The following steps occur when a user logs into OLS (see Figure 6)

  1. When a user navigates to an OLS portal page, the J2EE security configuration of OLS checks to see if the page is secured. This is done by examining the path of the page against the security constraint defined on the different paths of the application.
  2. If the page is secured then the request is forwarded to the OID login module. If the page is not secured then the request is forwarded to the page and no authentication is required.
  3. The OID login module validates the user session. If the user is already authenticated the login module forwards the request to the target page. Otherwise, the login module forwards the request to the SSO login page for authentication.
  4. The user enters his/her credentials into the SSO login page, and they are validated against OID. Once the credentials have been validated the user is forwarded to the login module.
  5. The login module populates the user's OID profile from its cache. If the user is logging in for the first time the profile is populated into cache from OID.
  6. The user is then directed back to the original secured page that the user was trying to access. At this point the J2EE security validates if the user's role is allowed access to the page.
  7. If the user has access to the page (by virtue of being in the correct OID group) the request is forwarded to the page. Otherwise, an "Access Denied" page is displayed.
  8. The target page utilizes UCM CIS queries to retrieve UCM data required by the target page. The user context (username) is also passed to CIS.
  9. UCM loads the user profile from cache or OID based on the user context. Using the user's roles, security group, and account mappings, UCM filters the content retrieved by the CIS queries, and only returns documents that the user is allowed to view.
  10. WebCenter renders the page based on the data returned by the CIS queries. Since the data returned by the CIS queries are user-context sensitive, each page will be rendered differently for the different groups of users.
  11. Portlets are rendered based on access control. WebCenter also provides the ability to hide or show any WebCenter components based on the user role. The J2EE user profile has a list of all the roles assigned to the user. All of the WebCenter components have a property called "rendered." This property can be dynamically set to true or false based on any condition. The WebCenter component/portlet is rendered only if this property is set to true. Therefore, based on the list of roles, an evaluation can easily be performed to allow certain users to view certain components.
Figure 6: OLS Login - UCM - Portal-IDM Integration

Based on the scenario above, the queries for employees are also modified. If the user who is currently logged in is assigned the "Employee" role, all of the CIS queries are modified to add (xInternal <matches> `TRUE`) to get all the additional content items that should be visible to employees.


Wind River's vision was to enable customers to easily find support content that is relevant to them by matching the products each customer has purchased against content in UCM, and only displaying the matching content. This required OLS to integrate with Oracle E-Business Suite (EBS). It is this critical integration that provides OLS with the means by which it personalizes the content shown to each customer.

All Wind River customer information is stored in EBS, including each customer's product install base, license entitlement, and support contracts. Integrating with EBS enables OLS to match a customer's licensing and product install base, with relevant support content from UCM. In this way, OLS shows the customer support content that is relevant to what they have purchased, without the customer having to search or navigate OLS to find it.

We used a combination of Oracle SOA Suite, TopLink, and database integration to deliver EBS information to UCM and WebCenter. The key to this integration was to map all content items in UCM to the product hierarchy in EBS. This allows us to query EBS to find what products a customer owns, and then use that information to map those products to content items in UCM which are relevant to the customer.

UCM schema functionality is used to expose the product hierarchy in a Tree View. A custom metadata field was also created on every content item type to hold the unique product identifiers which map each content item to a particular product. The tree view can then be associated with the metadata field to allow users to easily pick a product to which the content item will be attached. This enables OLS to map all UCM content items to products in EBS eg a VxWorks manual will be attached to the VxWorks product, and so on. The image below illustrates the process.

Figure 7: E-Business Suite to UCM Product Mapping

WebCenter integrates with EBS using TopLink to display personalized information via the My Licenses and My Products portlets . The My Licenses and My Products portlets play a key role in personalizing the content and navigation for each of Wind River's customers. The My Licenses portlet shows the customer all of the licenses associated with his/her OLS account. Clicking on a license number in My Licenses launches the My Products view, which provides the customer with a list of all of the products and versions licensed under that license number; all of this information comes from the integration with EBS (see Figure 8).

Further, next to each product and version, the customer will find links to all OLS content that is relevant to that particular product and version. For example in Figure 8, for the bottom product shown in the My Products view, by clicking on the "Manuals" link, the customer is able to easily find all of the manuals that have been mapped to the product "Compiler/Diab", version "4.4". The resulting Manuals view is shown in Figure 9.

Figure 8: My Products view
Figure 9: Manuals view

WebCenter generates the Manuals view with the content originating from UCM. WebCenter first makes a CIS call to UCM Consumption with the selected product and version as parameters of the CIS query. UCM then returns to WebCenter all content items of content type "Manual" which match the product and version provided. The data is then rendered by WebCenter in the Manuals view. The below diagram illustrates the process flow.

Figure 10: WebCenter Integration with e-Business Suite for personalization

In this way, customers can go to the "My Products" view with one click (by clicking on the appropriate license number in "My Licenses"). OLS will then display all content that is relevant to the products and services the customer has purchased from Wind River. The customer does not need to search or navigate OLS to find that content. OLS shows it to them.


Wind River has achieved ROI on this project in three ways:

  1. All OLS content was previously manually maintained by the OLS team. For a major product release, it would take the OLS team weeks to manually publish to the OLS portal the manuals, Application Notes, FAQ, and all the other content associated with the product release. UCM's self-service model has enabled Wind River's content authors, such as Technical Publications and Engineering, to easily review and publish this content for the product release without assistance from the OLS or IT teams. This has made the process seamlessly self-service and significantly reduced the time it takes for content to be published to OLS.
  3. Customer satisfaction with the OLS portal, as measured by CustomerSat surveys, increased from 47% to 82% in the first month. On average, before this project, customer satisfaction with OLS hovered between 40% to 50%.
  4. The personalized navigation has resulted in a 25% to 50% reduction in the number of clicks a customer needs to find the content they are looking for, depending on the content type. More importantly, instead of customer's needing to navigate or search OLS to find content that is relevant to them, OLS now presents it to them - customers no longer need to look for it. This has significantly contributed to reducing the number of clicks a customer needs to find relevant content, as well as playing a key role in increasing customer satisfaction.

As we can see with the Wind River OLS portal, Enterprise 2.0 is about bringing enterprise data to the end users in a highly secure and collaborative interface. Web 2.0, content management, and security play an important role in driving any Enterprise 2.0 strategy. A Web 2.0 layer can provide a single user interface to access content, process, systems, and people. Centralized content management enables a consistent contribution experience across multiple sites and applications. At the same time, content integrity minimizes risk and increases user adoption. Finally, security and privacy are at the core of Enterprise 2.0. SSO, role-based access, authentication, and authorization capabilities make Enterprise 2.0 safe, secure, auditable, and controllable.

Thanks to Melody Wood, Sanjay Kwatra, Sachin Agarwal, Fahad Ansari for their valuable contribution

For additional information: WebCenter Services to integrate Web 2.0, Content, Search, Collaboration & Communication

Nam Doan-Huy Nam Doan-Huy Nam is a Senior Manager Business Applications at Wind River Systems. In this role, Nam manages the Oracle E-Business Suite Architecture and Integration team, the Web Applications team, and the DBA team, supporting a wide range of Wind River business units. Prior to joining Wind River, Nam worked in consulting as a technical lead for ERP implementations.
YiHong Xu YiHong Xu, Wind River's Web Architect, has been with Wind River for 10 years. She started her career as a quality engineer and later switched to working with web technologies in 2003. As Web Architect, Yihong is responsible for developing web strategy, including translating business requirements into use cases, identifying and evaluating tools, selecting hardware and software platforms, and ensuring coherency across IT's heterogeneous web systems. Yihong has a Masters degree in Electrical Engineering.
Narshimha Rao Kondapaka Narshimha Rao Kondapaka is a Project Manager in IT and has been with Wind River for 4 years. Rao has 11+ years of experience working with Oracle technologies and applications. He begun his career as an Oracle Applications technical developer and switched to become an expert functional Business Analyst. Rao was recently promoted to Project Manager and played a key role in implementing the Online Support portal. Rao has a Masters degree in Computer Applications.
Melody Wood Melody Wood is a member of the Fusion Middleware Platform Product Management team, where she focuses on SOA and Web 2.0 customer deployment patterns. Melody joined Oracle in 1996, originally holding various partner management roles, where her increasing technical focus on Oracle product integrations across the database and middleware product stacks eventually led to her current role.