8.3 Use Case Scenario

The business scenarios are based on the existing e-Treasury system of an international Bank. The Investment Banking unit has deployed a Java-based Liquidity Engine for online consumer FX services. It is also private labeling the online FX services for some foreign banks that do not have the infrastructure to support local FX services in some countries .

The Request for FX Spot Rate Quote is chosen to be the demo here because it is relatively simple for instructional purposes. In order for the demo to be generic enough to illustrate the objectives of achieving Single Sign-on and providing FX Spot Rate Quotes via a remote Web Service, we have decided not to include all of the detailed business rules. We also do not include all the necessary exception-handling rules in order to make the demo easier to understand and to modify it for your learning experience.

8.3.1 Business Requirements

Single Sign-on

The demo system should allow users to log in once to access multiple partner services. In other words, users enter login id and password at the front page (for example, user id "goodguy"), and they can access a number of partner Web sites with a list of URLs defined in a profile without hard-coding the URL into the program codes. This should support the use of the SAML protocol as an Open Standard security protocol for Single Sign-on.

The demo system should validate the user credential against the user access list of the Application Server. It should also demonstrate cases where a user id (for example, user id "otherguy") can log in but does not have enough access rights to invoke all partner services.

Request for Quote

The demo system should allow users to enter the Sell and Buy Currency codes to request an indicative FX Spot Rate Quote. This should be an online request for a quote, where the demo system should retrieve the Spot Rate from a local or remote FX Quote Server (aka Market Data Engine or Liquidity Engine).

If the user enters a currency code that is not available in the currency code list or any invalid currency code, then the demo system should simply return a "Do not know" message in the response page.

System Security

Because the demo system is for instructional purposes, we choose not to use HTTPS with SSL for simplicity. However, HTTPS with SSL can be easily turned on by reconfiguring the Web Container's server.xml file (in this demo, this is Apache Tomcat's server.xml ).

The demo system should demonstrate the use of WS-Security, which VeriSign's TSIK provides. This enables the XML message contents to be encrypted using a local sample key store.

Service-Level Requirements

The demo system is designed to be a prototype for instructional purposes. It should support a transaction throughput of at least five Request for FX Quote per minute. The response time requirement for the quote should be less than 15 seconds. As this is a demo system, it does not require 24 X 7 X 365 or 99.999-percent availability. The target service availability for the demo system is 99.0 percent, assuming the development Application Server is running all the time.

8.3.2 Use Cases

Use Case Diagram

Clients need to enter a public or private financial portal that provides a variety of financial services, FX trading, and information services. They need to provide a single user id and password and be able to log in once for all the subscription-based services provided by the financial portal.

In this Use Case scenario (see Figure 8-1), we primarily focus on having a Single Sign-on and Request for FX Quote capability. The Client selects the FX Spot Rate Quote Service to request an indicative spot rate by specifying the Sell and Buy Currency. It will be using 3-letter ISO currency codes. Upon submitting the request, the remote FX Spot Rate Quote Service Provider will return an indicative rate.

Figure 8-1. Use Cases for FX Spot Rate Quote Service

graphics/08fig01.gif

Actors

FX Client

Corporate users who need to get an indicative Spot Rate Quote for a specific Foreign Currency pair of the current day.

FX Service Broker

Investment Banks, financial institutions, or FX Portals who provide a broker service to provide an indicative FX Spot Rate Quote Service to an FX Client, where a remote FX Service Provider operates the actual FX quote service.

FX Service Provider

FX Service Providers are financial institutions who provide either a delayed FX quote or a real-time FX quote to an FX Client. They may be another Investment Bank or financial institution, and can be the Service Broker themselves .

Single Sign-on Use Case

Use Case Name

MyFX-UC-01

Description

Client enters a user id and password in order to access FX Spot Rate Quote and multiple partner Web sites, based on prior trading partner agreements, without having to log in once for each Web site. There may be different access rights for each partner Web site, and thus the Client may not be able to access all partner Web sites without sufficient access rights granted.

Actors

FX Client

 

FX Service Broker

Assumptions

Client has an asymmetric key store (X.509v3 certificate) installed in local directory.

Main Flow of Events

1.

 

Client invokes the Single Sign-on screen. The Single Sign-on process will generate a one-time session key and forward the user to a login page.

   

2.

 

Client enters user id and password.

   

3.

 

The Single Sign-on process will authenticate the user credentials against the Access Control List (in this demo, this will check the user id in the Web Container's Access Control List tomcat-users .xml under Tomcat version 4.x).

   

4.

 

The Single Sign-on process will check for authorization (in this demo, it will check for the user access rights for different partner URLs in user_attributes.xml maintained by Netegrity's jSAML sample program) and forward the user to main menu page.

Alternative Flows

 

4.

 

The Single Sign-on process cannot find the user id or sufficient access rights. It displays an error page to the user.

   

5.

 

A login screen will be redisplayed for the Client to re-log in.

Special Requirements

 

There should be regular backups of the Client key store.

The Application Server running the Single Sign-on process should be available online 24 hours every day to provide Single Sign-on.

Precondition

The Client key store must be stored in a local directory before Single Sign-on screen is invoked.

Post-condition

Upon successful login, the demo system will forward the Client to the Request for FX Quote Use Case.

Constraints

For simpler environment set-up , HTTPS with SSL is not used.

Risks/Issues

Without HTTPS, there is a security risk for eavesdropping of the data sent between the Client and the Application Server. Because this is a demo, the risk is manageable.

Request for Quote Use Case

Use Case Name

 

MyFX-UC-02

Description

 

Client selects FX Spot Rate Quote Service to request an indicative spot rate by specifying the Sell and Buy Currency. It will use 3-letter ISO currency codes. The quote service will forward the request to a remote FX Quote Service Provider.

Actors

 

FX Client

FX Service Broker

FX Service Provider

Assumptions

Client has done the sign-on with appropriate security verification.

Main Flow of Events

1.

 

Client enters Sell and Buy Currency codes to request an indicative FX Spot Rate for today.

   

2.

 

Control Servlet looks up the remote FX Quote Service URL from the Service Registry.

   

3.

 

Control Servlet invokes the FX Price engine to fetch the latest FX Spot Rate based on the given cross currency pair and returns the rate from the remote FX Quote Service.

   

4.

 

Control Servlet invokes the request for the Buy Currency name from the back-end Reference Data via the Profile Servlet.

   

5.

 

If there is a Spot Rate available, then the Control Servlet displays the FX Spot Rate Quote on the screen.

Alternative Flows

 

6.

 

If there is no Spot Rate available, then the Control Servlet will not display the rate on the screen.

   

7.

 

If the currency code is invalid, then the Control Servlet will display a "Do Not Know" message in the currency description, and there will not be any rate displayed on the screen.

Special Requirements

 

Active Internet connectivity (with appropriate firewall setting to allow access to the Internet) is available.

SOAP RPC Router (SOAP Server) is running with the Application Server.

FX Spot Rate Quote Web Service is deployed to the Web Container (which is a run-time Web Services engine. In this demo, this refers to JWSDP Tomcat Web Server).

Precondition

Single Sign-on process is complete.

Post-condition

Inquiry completed.

Constraints

If the remote FX Quote Service is unavailable, there is no error message captured. Thus, the quote result will be blank.

Risks/Issues

Insufficient exception handling for invalid currency code or having the remote FX Quote Service out of service will not indicate the error conditions in the demo. It is not easy to troubleshoot from the existing log files.

The debugging design and existing debugging log files are not sufficient for troubleshooting.



J2EE Platform Web Services
J2EE Platform Web Services
ISBN: 0131014021
EAN: 2147483647
Year: 2002
Pages: 127
Authors: Ray Lai

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net