<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.2769" name=GENERATOR>
<STYLE>@font-face {
font-family: Tahoma;
}
@font-face {
font-family: Verdana;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.EmailStyle17 {
COLOR: windowtext; FONT-FAMILY: Arial
}
SPAN.EmailStyle18 {
COLOR: navy; FONT-FAMILY: Arial
}
DIV.Section1 {
page: Section1
}
</STYLE>
</HEAD>
<BODY lang=EN-US vLink=purple link=blue>
<DIV><SPAN class=322262815-15112005><FONT face=Arial color=#0000ff size=2>The
WacaHandler was updated two weeks ago by Philip Manual working on the DslFspli
application to include a selector for each of the environments, Demo,
Integration PreProduction and Production, based on hostname. So depending
on the host the JhsSso is deployed on it will select the appropriate waca data
base instance. The Constants class in EntComp contains the db urls and if
these are not correct we will adjust them when so advised. I do note that
it would be helpful to have the WacaHandler log which url it is using at the
time the selection is made..</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Williford, April
<BR><B>Sent:</B> Tuesday, November 15, 2005 10:24 AM<BR><B>To:</B>
Kirkpatrick, Ivan<BR><B>Cc:</B> DBA; jhs-leads@lists.dep.state.fl.us; Java
Team; Keyt, Bob; Gorton, Donna; Davis, Dixie; Clay, Linc<BR><B>Subject:</B>
RE: [Jhs-leads] RE: Update of the SSO,in regards to the SRF
application-<BR><BR></FONT></DIV>
<DIV><SPAN class=928461615-15112005><FONT face=Verdana color=#0000ff
size=2>Ivan,</FONT></SPAN></DIV>
<DIV><SPAN class=928461615-15112005><FONT face=Verdana color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=928461615-15112005><FONT face=Verdana color=#0000ff
size=2>Is SSO still hitting oradev for authentication? Will it be hitting
orabeta/prod in the future based</FONT></SPAN></DIV>
<DIV><SPAN class=928461615-15112005><FONT face=Verdana color=#0000ff size=2>on
which server it's on? </FONT></SPAN></DIV>
<DIV><SPAN class=928461615-15112005><FONT face=Verdana color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=928461615-15112005><FONT face=Verdana color=#0000ff
size=2>Thanks,</FONT></SPAN></DIV>
<DIV><SPAN class=928461615-15112005><FONT face=Verdana color=#0000ff
size=2>April</FONT></SPAN></DIV>
<DIV><SPAN class=928461615-15112005><FONT face=Verdana color=#0000ff
size=2></FONT></SPAN> </DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B>
jhs-leads-bounces@lists.dep.state.fl.us
[mailto:jhs-leads-bounces@lists.dep.state.fl.us]<B>On Behalf Of
</B>Kirkpatrick, Ivan<BR><B>Sent:</B> Monday, November 14, 2005 10:22
AM<BR><B>To:</B> Keyt, Bob<BR><B>Cc:</B> DBA; UNIX;
jhs-leads@lists.dep.state.fl.us; Zimmerman, Jeffrey; Java Team;
jhs-pms@lists.dep.state.fl.us<BR><B>Subject:</B> [Jhs-leads] RE: Update of
the SSO,in regards to the SRF application-<BR><BR></FONT></DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff size=2>I
can see that some clarifications are in order.</FONT></SPAN></DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff
size=2>The current SSO available within the JHS is an implementation of the
<A href="https://clearinghouse.ja-sig.org/wiki/display/CAS/Home">Centralized
Authentication Server (CAS)</A> from Yale University. I have been
updating the JhsSso project at <A
href="http://epic52.dep.state.fl.us/jhs-sso/">http://epic52.dep.state.fl.us/jhs-sso/</A> and
will include this and your questions as part of the information on the
project web site.</FONT></SPAN></DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff
size=2>The JhsSso ticket is never saved to the hard drive of any computer in
so far as I know. The ticket is specific to the user's browser session
only. If the browser is closed the ticket is removed from the user
session information. Later versions of the MS windows OS's incorporate
kerberos authentication with MS Active Directory (AD) at login
time. This information, a ticket, is loaded into Internet Explorer
when it is started up.</FONT></SPAN></DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff
size=2>The CAS only supports authentication. Authorization is an
application specific consideration. We can authenticate now against
the Waca user tables in the databases and working with Brandon has led
me to believe that we can authenticate against the MS AD user store via the
kerberos ticket in the IE Browser eventually. This is different though
than is currently implemented in that using the MS AD involves getting the
user's ticket from the Operating System once the user has logged on to the
local network. In this respect it is considerably different than web
enabled SSO. Obviously MS likes to keep one tied to the OS and not
simply a browser session. This is part of the reason for the disparity
in authentication techniques.</FONT></SPAN></DIV>
<DIV><SPAN class=439204313-14112005></SPAN> </DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff
size=2>The authorization element of Single Sign On presents another
aspect of this effort. From an Enterprise point of view, we would like
to offer a single unified approach for all applications to utilize in
determining any user's accessibility to and roles within any Jhs hosted
applications. Rather than have each application write code to define
a User Object and collect applications and roles for each in various
databases we would prefer it be done one time in one set of User components
for all applications within the Jhs.</FONT></SPAN></DIV>
<DIV><SPAN class=439204313-14112005></SPAN> </DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff size=2>I
have discussed this architecture with Dannny and Brandon and we all
basically agree on an approach. I have been working on implementing
this in a manner that is useful to all applications. Unfortunately
demands on my time preclude any rapid prototyping. It is quite easy
though for others to contribute to this effort. The architecture
is in place and the code is being implemented. The current status of
these components</FONT> <FONT face=Arial color=#0000ff size=2>is found
online at <A
href="http://epic52.dep.state.fl.us/ent-comp/">http://epic52.dep.state.fl.us/ent-comp/</A> The
specific files involved are User, UserImpl, UserFactory, AbstractEntUser,
UserTest, Application, Role and a handful of others. None of these are
particularly difficult to write and are intended to facilitate cooperative
and iterative development.</FONT></SPAN></DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff
size=2>Regarding the remainder of your questions, Standard
functionality provided by CAS requires the Client side of the CAS to perform
a validation of the ticket returned by the CAS server. This works fine
on the Pre-Production server but for reasons that are still being
investigated it does not seem to work on the Integration machine. The
server side code works fine on all machines. So it seems we have some
additional troubleshooting to perform.</FONT></SPAN></DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff
size=2>The architecture described above is specifically designed to allow
for any user to have controlled access to multiple applications and multiple
roles within any one or all of the applications. Our intent is to have
this collection of applications and roles available to the Jhs applications
regardless of where the information is stored, be it on the MS AD or Waca or
any other place. Adding in additional information stores is fairly
simple although not trivial. So far Waca seems to suit most
applications and I have yet to be advised of formal requirements in addition
to these. My suggestion is that if any application requires additional
functionality it is most easily accommodated within the current architecture
with some guidance.</FONT></SPAN></DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff
size=2>The JhsSso is deployed on the Pre-Production machines and undergoing
testing as part of the DslFspli and other applications. We expect to
have the current version deployed to Production in concert with the
production deployments of the applications that require it.
</FONT></SPAN></DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff
size=2></FONT></SPAN><SPAN class=439204313-14112005><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff
size=2>All documentation and project information is available on the Jhs web
site or from links found there. I have tried to collect and organize
it appropriately. The main web site is <A
href="http://epic52.dep.state.fl.us/jhs-sso/">http://epic52.dep.state.fl.us/jhs-sso/</A> and
the example Jhs client application is at <A
href="http://epic52.dep.state.fl.us/sso-exp/">http://epic52.dep.state.fl.us/sso-exp/</A>
The authentication portion of the Sso as previously noted is part of the
EntComp at <A
href="http://epic52.dep.state.fl.us/ent-comp/">http://epic52.dep.state.fl.us/ent-comp/</A>.</FONT></SPAN></DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=439204313-14112005><FONT face=Arial color=#0000ff size=2>I
will add the above information to the web sites noted as soon as I
can.</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Keyt, Bob
<BR><B>Sent:</B> Monday, November 14, 2005 8:39 AM<BR><B>To:</B>
Kirkpatrick, Ivan<BR><B>Cc:</B> Zimmerman, Jeffrey<BR><B>Subject:</B> FW:
Update of the SSO, in regards to the SRF application-<BR><BR></FONT></DIV>
<DIV class=Section1>
<P class=MsoNormal><B><FONT face=Arial color=navy size=2><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Ivan</SPAN></FONT></B><FONT
face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">,
</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">I need your
confirmation and clarifications to be completely comfortable with our
approach. </SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">1. Is the SSO
summary below correct? Please provide corrections and clarifications as
appropriate. I would understand better if you would insert (SSO) or (SRF)
behind the words “it” and “application” in the Summary. Right now, it
looks like the SSO will only verify the user identifier/password and save
a “ticket” for the hard drive. Is remaining security functionality, such
as checking the ticket, left to the (SRF) application?
</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">2. Will the SSO
support multiple concurrent applications roles? Specifically, can an
individual have multiple roles for one application enabled by one sign-on?
</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">3. What is the
SSO project timeline (design, development, UAT, implementation)?
</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">4. Where is SSO
project documentation located, such as the needs evaluation and detailed
specification? </SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">We really
appreciate your assistance! </SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><B><FONT face=Arial color=navy size=2><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Dan</SPAN></FONT></B><FONT
face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">,
</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Since we plan to
create a “black box” substitute for the SSO, do we have the specifications
(classes, methods, data) to seamlessly (NO or minimal code changes)
replace our “black box” with SSO when it becomes available for testing and
implementation? </SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">I must remind you
that the approved SRF-I2 project timeline requires construction testing to
be <U>complete</U> the first week of June 2006 (the rest of June is QA
reviews and Approvals) and User Beta Testing (UAT) in July 2006. That
means we need an implementable security solution by April 2006, at the
very latest! </SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<DIV>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; LAYOUT-GRID-MODE: line; COLOR: navy; FONT-FAMILY: Arial">Bob
Keyt, PMP(R) </SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; LAYOUT-GRID-MODE: line; COLOR: navy; FONT-FAMILY: Arial">Senior
Principal Consultant/Project Manager </SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; LAYOUT-GRID-MODE: line; COLOR: navy; FONT-FAMILY: Arial">Department
of Environmental Protection </SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; LAYOUT-GRID-MODE: line; COLOR: navy; FONT-FAMILY: Arial">2600
Blair Stone Rd, MS 3500 </SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; LAYOUT-GRID-MODE: line; COLOR: navy; FONT-FAMILY: Arial">Tallahassee,
Florida 32399-2400 </SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; LAYOUT-GRID-MODE: line; COLOR: navy; FONT-FAMILY: Arial">-----------------------------------------------------------
</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; LAYOUT-GRID-MODE: line; COLOR: navy; FONT-FAMILY: Arial">Work:
(850) 245-8674 (internal 5674)</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; LAYOUT-GRID-MODE: line; COLOR: navy; FONT-FAMILY: Arial">Cell:
(850) 545-4897 </SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; LAYOUT-GRID-MODE: line; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Verdana color=black size=1><SPAN
style="FONT-SIZE: 7.5pt; COLOR: black; FONT-FAMILY: Verdana">Please note:
Florida has a very broad public records law. Most written communications
to or from state officials are public records and may be made
available to the public or media upon request. This e-mail
communication, your reply, and future e-mails to my
attention may therefore be subject to public
disclosure.</SPAN></FONT></P></DIV>
<P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN
style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<DIV>
<DIV class=MsoNormal style="TEXT-ALIGN: center" align=center><FONT
face="Times New Roman" size=3><SPAN style="FONT-SIZE: 12pt">
<HR tabIndex=-1 align=center width="100%" SIZE=3>
</SPAN></FONT></DIV>
<P class=MsoNormal><B><FONT face=Tahoma size=2><SPAN
style="FONT-WEIGHT: bold; FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">From:</SPAN></FONT></B><FONT
face=Tahoma size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">
Zimmerman, Jeffrey <BR><B><SPAN style="FONT-WEIGHT: bold">Sent:</SPAN></B>
Thursday, November 10, 2005 4:02 PM<BR><B><SPAN
style="FONT-WEIGHT: bold">To:</SPAN></B> Keyt, Bob<BR><B><SPAN
style="FONT-WEIGHT: bold">Cc:</SPAN></B> Bergenroth, Brandon; Carney,
Christopher; O'Donnell, Danny; Worley, Robert; Etter, Kathleen<BR><B><SPAN
style="FONT-WEIGHT: bold">Subject:</SPAN></B> Update of the SSO, in
regards to the SRF application-</SPAN></FONT></P></DIV>
<P class=MsoNormal><FONT face="Times New Roman" size=3><SPAN
style="FONT-SIZE: 12pt"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Good afternoon,
Bob,</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Both Brandon and Danny
O’Donnell have met with Ivan independently to discuss the implementation
of the proposed SSO. It seems that there has been some progress made
in this arena and we wanted to give you a brief update as to the
information we received.</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><U><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Summary of how SSO was
explained to work:</SPAN></FONT></U></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">1) When a user opens a
browser and goes to a web application that utilizes the SSO, it looks for
a ticket on the user's hard drive. </SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">2) If the user has a
valid ticket, go to step #4.</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">3) If user does not have
a valid ticket, it is taken to the SSO screen, where they are prompted to
input a user name and password. A successful username/password
combination will then create a ticket and place it on the user's hard
drive.</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">4) The application
verifies the ticket, located on the user's hard drive. Information
is taken from the ticket and enables creation of a user object from the
enterprise component. This object will contain the application
information which will be used by the application. If the user does
not have the proper privileges (roles) for the application then user may
be denied entry to some or all of the application (and/or certain
functionality). Otherwise, the user is allowed to have access to the
application with whatever privileges and access that is granted to that
individual for their role(s) as they move through the
application.</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><U><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">The solution for how SRF will
proceed:</SPAN></FONT></U></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">The WRMITS team will create a
temporary facsimile of the proposed SSO component. This will act as
a temporary placeholder and will allow us to continue with our
development. Upon the SSO’s completion, it will be integrated into
our current framework. Since the foundational framework will be
created to handle the parameters of the proposed SSO, transition to the
enterprise wide component should not be an arduous task.</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Since this is one of our
highest risk factors, the SSO will need to be stable and in place by the
time construction is complete, in the spring to early summer of this
year. If the SSO is not in place by that time, it is safe to say
that this risk has unfortunately come to fruition and that we need to find
an alternate means of securing the SRF application.</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks,</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Dan</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P></DIV></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>