Question

can a website portal built using IBM BPM with user signups, email notifications, logins etc.

Answer 1

I have built a prototype portal EHELP CENTER with open LDAP integration and email and registration capabilities it is a completely functional and working possible internet facing portal application using brazos UI

Download TWX

Following is the primary BPD of the Process Application, 

If you are interested in obtaining a twx for study and reference please send me a private message.

The user interface looks like this

Comments

what about the security for such an application, because since Teamworks days there are lots of security vulnerabilities and it is designed for intranet exposure only ?

---

similar to any other web application exposed to the internet I use a WAF (Web Application Firewall) coupled with a Reverse Proxy with security filter larger enterprises can use a gateway similar to any other Java web app exposed to the internet. OWASP rulesets are available for java applications also I beleive.

---

How do you manage other features like-
1. Creating a new user without using admin console?
2. Sync passwords
3. Forgot password
4. Once user created, assigning to specified group automatically?
5. Will it affect the performance since extra users are added?
6. Can u have diff portal styles for diff type of users and can restrict end customers using everything in dashboard.

---

1. Users can be created by having a toolkit for VMM based on Java or from IID, which can update the connected ldap repository or internal user store.
2. Sync will not be needed since the creation and updates will write directly to the ldap repository.
3. Forgot password will be similar to any other web application forgot password, send in a unique token to the email address and on receiving the exact token by clicking on a link allow the update to the password.
4. group assignments can be done by ldap groups with the vmm toolkit or by updating a database if dynamic teams are being used.
5. we should size our capacity and prevent additional registrations once the limit is reached untill we can scale it further.
6. The dashboards can be customized per user/per group by using JSAPI  and setting the default dashboard and they will only see dashboards configured for them additional dashboards and service exposure links can anyway be controlled by Team definitions and exposed to groups.

---

I have not done these dashboard customizations yet but are good suggestions, also preventing overload of registrations is a good idea. Also the current version never reaches the Process Portal all UIs are Human Services interlinked to each other and to tasks in the Process.

---

hi

can you send .twx file to me

techzert4@gmail.com

---

I have provided a download link in the answer