E-Pass Redesign Overview Presentation for E-Pass Implementation Team February 12, 2003 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 1
Agenda • Why re-design? • Key improvements • Project timeline • Feature walkthrough • Usability test results • Help Needed – Testing, Rollout 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 2
Why re-design? • Reduce training and operating costs – Make application easier to use and understand – Make processing of requests and token processing more efficient – Reduce helpdesk calls • Address problems with current application • Improve overall application reliability, maintainability and flexibility for change 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 3
Reduce training and operating costs • Baseline for customer satisfaction established with September 2002 customer satisfaction survey • Improved ease-of-use - confirmed with usability testing • Request processing more efficient with tasks and alerts, intelligent sponsor identification, pre-defined mailing addresses, ability to transfer approvals, direct access via e-mail and more… • Added self-service operations to reduce reliance on customer support and sponsor • Added capability to identify and track key operational metrics • Guided troubleshooting of key problems • Online context-sensitive page and field help 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 4
Address current problems • Multiple menus • Confusion about when to replace a token • Most frequent operations not close-to-hand • Difficult to select individuals in sponsor’s branch of tree • Bad e-mail addresses • Poor security question compliance 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 5
Improve reliability, maintainability, flexibility • Detailed design documentation • Use of general-purpose models for roles and rights • Software architecture utilizing modern 3-tier, object- oriented model (J2EE) • Hardware architecture provides load balancing and fail-over of key components for reliability • Web Services interface for connecting to any future identity management initiatives 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 6
Key improvements • Orientation change – focus on user vs. function System gives ready access to functions that are applicable at any given stage to the user selected • Personalized start page – view tasks and alerts specific to you and sponsored users • Customer self-service functions - reduce helpdesk and sponsor calls • Security question changes - improve compliance/security • E-mail address verification • Direct access to waiting tasks from e-mail • Improved search capability • Comprehensive and flexible security model • Ability to issue limited-term E-Passes 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 7
Project timeline Prototype & Business Key Use Cases & High-Level Design Usability Iteration 1 Iteration 2 Launch Requirements Business Processes Completed RFP Testing Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun Jul Oct 01 Aug 03 User Acceptance Stakeholder Implementation Detailed Workshops Vendor Design Selected Implementation planning from now through early July launch… 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 8
Home page 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 9
Alerts & waiting tasks • Alert sponsor of all activity related to directly sponsored users: – Lost, stolen, broken tokens; temporary passwords set • Waiting tasks include: – For self: • Updating profile • Renewing an expiring token • Updating security questions – Sponsor approvals for: • New E-Pass (permanent or limited-term) • Replacement tokens • User transfers • Revalidating user 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 10
Start page 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 11
User- vs. function-centric • Existing system – Select function, then user, then determine if function is still valid for user Function valid/ Select Function Identify User not valid? • New system – Select user, system displays functions available for that user based on privileges, then select function desired Select Valid Identify User Function 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 12
Select user 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 13
Manage user 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 14
Customer self-service • Requires a minimum of two security questions to be answered • Allow end-user to self-report or handle common token problems – Report lost or stolen token • Allows user to automatically place request for replacement token with sponsor – Resync Token – Reset PIN – Receive and Activate Token • Sponsor and user notified by e-mail; self-service not available if e-mail addresses haven’t been verified 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 15
Customer self-service • User identity is validated with correct answers to two security questions • Security questions are pre-defined; user can select up to 6 out of 20 or more possible and supplies answers • Three self-service operations available: – Report Lost or Stolen Token – Reset PIN – Resync Token • Operations cause sponsor and user to be notified by e-mail • Self-service is not available if user is sponsor-dependent 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 16
Security questions • Questions no longer open-ended (industry-standard) • Questions selectable from a list of 20 or more • At least 6 questions are available to be used at any given time • “Used” questions cannot be re-used in any 30 day period • User has 30 days grace period to select and answer at least two security questions after E-Pass issued • E-Pass disabled if security questions not answered 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 17
Token self-activation • Applies to new or replacement tokens • User receives e-mail notification, clicks on included URL • Browser launches special activation page - user is prompted for the token serial number of the token now in their possession • If the supplied token serial number matches the token sent, the token is automatically activated • If the token received was a replacement token, the old token is deactivated 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 18
E-Mail verification • Significant problem with invalid e-mail addresses in current system • Re-design requires e-mail addresses to be “verified” for new users and any time e-mail address is changed in a profile • User will receive e-mail with a unique URL/code. Clicking on URL within e-mail will automatically “verify” e-mail address • Sponsors will receive e-mail in cases where user has no e-mail account 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 19
E-mail address verification User Registers: System Creates Unique User Clicks on URL System Matches Enters Basic Code & Sends E-Mail to In E-Mail Containing Code to Profile & Profile Information Registered E-Mail Address Unique Code Marks E-Mail Verified 1 Profile • E-Mail: pahazen@phena.com 3 Profile 2 Profile • E-Mail: pahazen@phena.com • E-Mail: pahazen@phena.com • Unique Code: xj47syw8fas • Unique Code: xj47syw8fas • E-Mail Verified • E-Mail Unverified 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 20
Direct access to waiting tasks from e-mail • Notification e-mails that include a waiting task will include a URL for direct processing of the task • User clicks on e-mail URL • After authentication, user can immediately approve/reject request! 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 21
New security model Three elements • Delegated authority model • Privileges – roles and rights • Company trust relationships Eliminates hard-coded business rules! • Alliance vs. non-alliance dependencies • Level 0, 1, 2, 3, 3, 3, …, 4 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 22
Profiles, tokens, activity log Optional Tokens User Profile up4353 up4353 Name Company Primary Token SBU Site Site Location st0193 Street Address City State Country Additional Token E-Mail Phone In the redesign, the E-Pass user profile and tokens are separate. 1. User Registered 2. Temp Pswd Set This allows E-Pass usernames to 3. User & Token Activated be assigned without tokens or for User Activity Log 4. Token Expiry Notice Sent multiple tokens to be assigned to an 5. New Token Received individual when special 6. Transfer Initiated circumstances warrant it (e.g. extra 7. Transfer Accepted token needed for system testing) 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 23
Sponsor dependence When: • Sponsor explicitly wants to manage the user, or • User has a limited-term E-Pass, or • User has a blank or invalid e-mail address, or • User has been assigned an E-Pass but no token Effects are: • User is not permitted to edit his/her security questions • User is not eligible for self-service or customer support • All e-mail alerts are re-directed to the sponsor User is dependent on sponsor! 12-Feb-2003 (c) 2003, Phena Partners LLC & DuPont 24
Recommend
More recommend