ViewDS Directory Server


		About \| History \| Management \| Governance	login	links	privacy

ViewDS provides a range of customer focused capabilities including Organization Charting, User Self Service, ePresence Social Networking front end and White Pages as user friendly authoritative sources of identity information. It also provides Integration with Lotus Same Time (with Microsoft OCS integration underway). ViewDS has a unique configurable User Interface and is the only technology to incorporate LDAP, X500 and native XML compliance on a single platform. ViewDS is also the world's first commercial directory to offer Component Matching and support of XED as well as supporting search and matching of Chinese language, and other non-Latin characters.

ViewDS builds on these world firsts with the evolution of "directory" to "discovery." This, with a single point of administration eliminates unnecessary duplication and when coupled with high speed search and matching of data elements makes for an extremely powerful and versatile tool.

As examples ViewDS can be deployed across any of the following industry scenarios:

Directory Services Providers

ViewDS provides a key technology platform capability for any Directory Service Providers (and US Based PSAPS - Public Safety Answering Point) keen on embracing the On-Line market.

ViewDS provides the Directory Service Provider with a high speed search capability from the Web, Mobile Phone and PDA with 24x7 reliability. It’s robust and efficient “telco” heritage and scalability provides the environment Service Providers require.

ViewDS thus provides an Integrated Directory service platform from phone books through to white/yellow pages, directory assistance support to Call Centre operators with internet and mobile phone access.

Telecommunications Carriers

With its scalability to millions of entries and sub second response times, ViewDS is an ideal platform for a variety of applications within a telecommunications carrier. Its highly usable integrated search facilities coupled with it 24x7 availability, centralized management of distributed service and adherence to standards provide applications such as:
• internal and customer directories,
• call centers,
• casual Internet Web users,
• delivery of white and yellow pages,
• SOAP enabled applications,
• enquiries using WAP enabled Mobile phones.

Internet Service Providers (ISPs)

With increasing competition, ISPs need to provide low cost basic subscriber services for millions of subscribers. At the same time, they need to differentiate services with added value capabilities. Directories are becoming established as a central component in the provision of these subscriber centric services.

ViewDS also provides a key and efficient method for providing storage of account information with subsequent high speed authentication services. The deployment of ViewDS:

* Provides a User Self service capability for customers
* Allows the segregation of services using Role and Attribute based access control
* Provides applications that enables the migration of users from free to paid services
* Ensures services and service access is totally secure
* Aggressively controls costs while expanding both the number of users and the number of services

ViewDS is a fast, efficient and scalable way to store, manage, search and retrieve data on lots of moderately complex objects. Its ability to store XML schema and retrieve XML data using component matching as well as its ability to efficiently replicate information across multiple servers provides the mechanism to hold information on customer accounts.

In addition, ViewDS Smart Connector provides the capability to synchronize information between merging ISPs should that be required.

Mobile Network Operators

ViewDS can be deployed by a Mobile Carrier in its core network to create a single repository for subscriber information and service profiles. ViewDS is one of the industry's most scalable, reliable and comprehensive directory servers which provides the operator with the core infrastructure needed for current and next generation service requirements.

Mobile carriers are moving to simplify the core network by the introduction of a single independent directory with the performance to deliver real-time access to subscriber information. With telecommunications legacy infrastructure becoming a commodity, providers need to increase competitive advantage in the market by delivering an open, scalable environment that places them fully in control of subscriber data.

ViewDS provides real-time access to subscriber data which with the introduction of multiple access points, advanced devices and next generation IP environments, is becoming extremely important. ViewDS supports the very latest in Internet Protocols (IPv6) and provides for comprehensive support of industry standards such as XED, LDAPv3 and X.500. Its 24x7 capability fully supports the service continuity requirements of the Mobile operator.

Identity Trust Service Brokers

An emerging trend in the US has seen the growth of independent organizations set up to provide Trusted Identity Broker Services in a world where organizations are spending more time and resources trying to find, access and share critical information. In addition to the cost and productivity impact, cross organizational information and application sharing can introduce a significant level of complexity and risk to operations. Federated Identity Management offers an answer to the surrounding cross organizational information sharing, but it can be costly and complex to deploy.

Industry experts estimate that the annual administrative cost associated with ID Management can average A$150 per user per ID. Add to this the cost and complexity associated with :

* Connecting end points (i.e. registration with different hardware & software configurations)
* Support for different authentication schemes (SAML, XACML, 1 and 2 factor authentication etc)
* Protocol Translation
* Audit & Reporting
* Trust Agreements and rules and policy enforcement

The result has been a growth of ASP Based vendors offering managed and hosted services for Federated Identity Management. ViewDS provides a core component for the delivery of fast and cost effective solution to Federated Identity Management for cross organization linkage with the capability centralize and automate the process of exposing, accepting and monitoring digital identities across security domains.

Public Key Infrastructure (PKI) and Trusted Third Party deployments

Directory Services and Identity Management solutions provide the foundation of digital certificate identity verification services. These are offered by Trusted Third Parties (TTPs) for a range of PKI and Time Stamping services on behalf of industry associations, corporate organizations, government and citizens.

The deployment of ViewDS provides TTPs with the ability to support rapidly growing user populations while containing costs in the provision of secure authentication services.

ViewDS is designed to provide a 24x7 Provide 99.99% availability of service to conform with Service Level Agreements which are typically required of TTPs. ViewDS also has a number of unique features designed to support deployments of PKI. ViewDS’s support for Password Encryption, Strong Authentication using X.509 PKI certificates. More importantly its Component Matching capability and the implementation of the RFC 4523 PKI Matching Rules ensure rapid processing and retrieval of information such as Certificate Status.

X.509 certificates can be stored by most directories. However, few directories support any matching rules for the PKI attribute syntaxes. ViewDS supports the following matching rules from X.509:

• certificateExactMatch
• certificateMatch
• certificatePairExactMatch
• certificatePairMatch
• certificateListExactMatch
• certificateListMatch
• algorithmIdentifierMatch
• attributeCertificateExactMatch
• attributeCertificateMatch

RFC 4523 defines the LDAP representation for most of the PKI matching rules. As an example, an LDAP filter to search for the entry containing a user certificate with the serial number 12345 would look like this:

(userCertificate:certificateMatch:={ serialNumber 12345 })

ViewDS also supports the component matching rules (RFC 3687), which provide additional matching capabilities beyond those specified by the matching rules in X.509.

ViewDS has index support for each of these matching rules so that the entries of interest can be quickly found regardless of the total number of entries in the directory.

Thus the ViewDS directory deployed as the certificate and CRL repository provides PKI applications with a fast, reliable and efficient environment.

Trade Community Directory Services in support of National Single Window Projects

In most countries, the current supply chains system support is fragmented, with each system maintaining its own repository of contact details. Electronically available information about an organisation is largely only available in the Electronic White Pages and this is generally limited to only a telephone number and an address. Some organisations have a web site, generally found by searching in Google. This is unsatisfactory for the support of a trading community where context-specific searching mechanisms are required.

As greater use of electronic means of trading occurs, the concept of the Business Directory becomes more important. It provides a single location where supply chain participants can search on a service capability. For instance, for an exporter wants to "find all companies that deal with export cargo to Papua New Guinea with services leaving on a Saturday that can accept electronic bookings" the directory should be able to provide details of organisations that satisfy this search criteria.

The directory should store: identify information about the service offered, contact details, operating hours and languages spoken. It is equally important to know the electronic standards that trading partners support (such as ebXML, UN/CEFACT etc) and provide the ability to automatically download enough information and code to allow electronic trading to begin. Indeed the ability to locate an organisation, download their trading information and their digital certificate (for encrypting and digitally signing the trading documents) cannot happen without access to a directory service.

As a result of a range of initiatives sponsored by the United Nations under the National Single Window concept it is generally accepted initiative that they should establish, as a key piece of infrastructure, an XML based directory service fully supporting both ebXML, for electronic transactions, XACML for Authorization Entitlements Management and LDAP access for search facilities together with sophisticated search based on component-matching and support for the storage and retrieval of PKI based X.509 Digital certificate services in support of single point lodgement.

Free listings, containing a base set of company information, would be generally offered to all trade community members and participants should also be able to pay for enhanced directory listings advertising their areas of expertise and providing support for more targeted Advanced Searching and when combined with the XACML v3 based Entitlements Management service providing mediated access to other Single Window available services.

Thus as a cornerstone of the the Single Window platform the directory service would support:
• LDAP federated access to authentication credentials for all applications in the supply chain community
• Electronic trading information for other value-added applications to properly format documents for the recipient
• A PKI enabled Attribute Authority store supporting extensive PKI certificate matching rules and certificate retrieval
• Fine grained Authorization and entitlements Management

Access to a single authoritative directory of services from a single location would assist all organisations to set up, implement and carry out electronic trading and general trading with organisations involved in the Single Window supply chain community.

The directory/authentication services are thus a necessary component of the Single Window infrastructure.

The directory is one component of the infrastructure that can command partial cost recovery. Most supply chain participants would willingly pay for a directory listing that will encourage electronic communications within their trading community. Furthermore, the directory can offer an advertising component for organisations wishing to promote their expertise in specific areas.

ViewDS v7.2 fully supports all of the above capability requirements on a single integrated platform.

Defence Messaging

The CCEB standard military messaging standard, ACP (Allied Communications Protocol) 123 or the European STANAG 4406 standard protocols are increasingly being used to deliver military messaging between defence forces.

To support military messaging, there is requirement to provide Directory Services in accordance with the CCEB ACP 133 standard and NATO STANAG 4406. In addition with the emergence of joint coalition task forces to conduct operations, there is a need to deploy common Messaging and Directories gateways to link nations. This has led to the establishment of another CCEB protocol, ACP 145. ViewDS is fully compliant with the CCEB ACP 133 Edition C standard and the CCEB ACP 145 standard.

There is also the need to provide support for a combination of signing and encryption on a desktop to desktop basis. This means that at network gateways between units and networks, there is a need to deploy a High Assurance Guard such as Clearswift EAL4 Deep Secure product. ViewDS is fully tested and deployed with the Clearswift Deep Secure EAL4 High Assurance Messaging Guard which requires 2 x ACP 133 Edition C compliant Directory servers. In this deployment, as well as directory message addressing information, the Directory stores information such as Security policies and Anti virus index files and uses Strong authentication together with component matching to access digital certificates for authentication and encryption. ViewDS can also be used for the support of Tactical Military Message environments.

Defence white and yellow pages and as repository for defence role based access control

A Regional Department of Defence had a challenge. How to keep track of its people and how to use its central identity management infrastructure as a basis for online services. Historically, internal divisions had 'gone their own way', and developed a wide variety of corporate directories.

These were constantly in need of update, were not integrated, and offered very poor performance, which discouraged their use. Headquarters took steps to overcome the problem by acquiring a single, easy to maintain corporate directory, capable of integrating with a diverse collection of legacy and new systems, able to be accessed via the Web as well as from Microsoft desktop platforms and mobile devices and offering significant performance improvement in a cost-effective manner.

ViewDS was selected due to its high level of compliance to the ISO OSI Directory Standard. It offers both DAP and LDAP interfaces as well as full support for the new IETF XML enabled Directory standard. It also offers SOAP, LDIF, ELDIF and a variety of other standards. ViewDS was easily interfaced to the Defence Department's wide variety of disparate legacy systems, which included email, a proprietary HR system, other more standard HR systems and a telephone database as well as a variety of systems on both the Defence Secret and Restricted networks . Existing legacy systems remain and are dynamically linked to ViewDS, allowing for either periodic update or live linkage. Changes made in ViewDS are reflected in the legacy systems, or visa versa depending upon the specified relationship.

The new Identity Management infrastructure Directory is accessed through a specially configured ViewDS Web Directory User Agent (DUA), offering simple but powerful search capabilities, including phonetic and intelligent sub-string matching. Users can search for a particular person, or browse through the entire directory. The system administrator, using either a Web based or Windows DUA, performs administration. This allows full maintenance of all data records, the ability to move entire branches by a simple drag and drop operation, system backup and report generation (including production of a paper based directory when required). An SNMP interface links ViewDS to the Department's on-line systems monitor, providing real-time systems performance monitoring.

The Regional Defence organization with its requirements for mission critical performance has multiple ViewDS licences and requires 24x7x365 operation with 99.99% availability.

Defence Tactical Deployment

Defence CONOPS (Concept of Operations) deployments as part of the ORBAT (Order of Battle) Defence Task Groups will typically have one or more Tactical Headquarters (HQs.) Each of these installations will have sophisticated computing and communications infrastructures.

In most cases a number of tactical directories will be used to support messaging and other communications infrastructures in each of these HQs. As Defence organizations rely more on NCW (Network Centric Warfare) environments, this requirement becomes critical and normally Tactical HQs will be at least duplicated with one HQ echelon always on the move in null mission control situations whilst the other is up and running operationally.

This infrastructure for a tactical HQ will typically be put together over a few days before an operation. In these cases , setting up the directory, and tearing it down must be achievable, straightforward and fast, as well as easily repeatable to support multiple sets of infrastructure, and partial or total destruction of this infrastructure. The key for this situation is ViewDS’s support of X.500 DISP where each Directory can receive just the minimal amount of information it needs to function. ViewDS is also very easy to use and provides a variety of functions designed to make it ideal in the Tactical deployment scenario.

ViewDS also has the ability to manage Directory servers remotely using secure remote authentication.

In addition, ViewDS supports Organization Charting and Alternate Hierarchies and Movement of Government changes. These three capabilities allow operational staff to move military, naval or air units between operational formations and display them in alternate hierarchies to normal ORBATS.

ViewDS’s support of acronym and synonym matching provides the mechanism for Defence Nomenclature such as US, NATO terms such as BDE=Brigade or ARV – Armored Recovery Vehicle to be fully supported as part of its searching and matching capability.

Defence JC3IEDM XML Knowledge Repository

The application of military force in the early 21st century is demanding. It covers a wide spectrum of threats and deployment scenarios that range from conventional general war through to limited operations, crisis response operations, asymmetric conflict, and terrorism. Unilateral capability is important to nations but most planning is made on the assumption of alliance and coalition operations in scenarios that are difficult to predict and which often arise at short notice. Thus the nature and composition of a force structure to meet military requirements will be specific to requirement and based upon a general and flexible military capability.

To achieve this, an assured capability for interoperability of information is essential. The successful execution of fast moving operations needs an accelerated decision-action cycle, increased tempo of operations, and the ability to conduct operations within combined joint formations. Commanders require timely and accurate information. Also, supporting command and control (C2) systems need to pass information within and across national and language boundaries. Moreover, tactical C2 information must be provided to the operational and strategic levels of command including other governmental departments. Additionally, forces must interact with non-governmental organizations, including international aid organizations. The Multilateral Interoperability Program (MIP) aims to deliver an assured capability for interoperability of information to support joint / combined operations. The aim of MIP is to achieve international interoperability of Command and Control Information Systems (C2IS) at all levels from corps to battalion, or lowest appropriate level, in order to support multinational (including NATO), combined and joint operations and the advancement of digitization in the international arena. The means to achieve this is known as the MIP solution. The current version incorporates additional development and the data from the NATO Corporate Reference Model. As a result, the scope increased and the name was changed to Joint C3 (Command, Control, and Consultation) Information Exchange Data Model (JC3IEDM).

The extent of requirements agreed by the MIP nations is to define only the information that is to be exchanged rather than all of the information that would normally be required by a national system. Consequently, JC3IEDM is first and foremost an information exchange data model. The model can also serve as a coherent basis for other information exchange mechanisms, such as message formats, currently lacking a unified information structure. The MIP information exchange data model enables command and control system interoperability based on shared information exchange standards and protocols developed through an international process that has built operational and technical consensus in using XML technology in applications and services has created an opportunity for MIP partners to collaboratively produce and share capability to implement XML- based data exchange solutions. The JC3IEDM and its business rules define the MIP shared vocabulary, grammar and business rules for information exchange and define the required baseline semantics for implementing XML-based data exchange and processing.

Any given version of the MIP IEDM can be transformed to define XML Namespaces, in turn suitable for building reference XSDs that can support XML-based consultation, command and control (C3) information sharing within the MIP community. Hence, ViewDS can completely support the JC3IEDM model and also leverage its full capability to search (using component matching) and control access using both Attribute based and Role Based access control to any of the underlying data. It can also fully support the Object model and fully integrate it to a Policy based Access control model (as required in the NATO C3 Technical Architecture NATO Network Enabled Architecture strategic recommendations. Nations need to be supported by role-based, information access, mechanisms that can be dynamically configured to reflect changing policy governing the sharing of and access to information

Proxy Directory Guard

ViewDS can be used as a Proxy X.525 Directory server when deployed in the Directory Guard scenario. In this scenario two ViewDS licences are deployed with the Clearswift EAL 4 evaluated Directory Bastion Guard solution. The Clearswift Directory Bastion role is to provide assured network separation supporting only the DISP ITU-T Rec. X.525 protocol between explicitly identified Directory servers deployed in a Red Black network configuration where data is required to be synchronized between directory servers on two otherwise disjointed networks.. That is two networks operating at different classification levels or similar levels, but where classified network separation is required. ViewDS is deployed on both sides of the Directory Bastion and supports strong authentication for all server to server operations. Because DISP is the standard protocol to synchronize directory data between ViewDS servers, a Directory Bastion can be inserted between two ViewDS servers without requiring anything other than normal shadowing agreement configuration on the ViewDS servers. Apart from network level addressing, the Directory Bastion is entirely transparent to the ViewDS servers.

Hub Coalition Border Directory

One of the requirements of Defence Forces worldwide is the support of coalition operations and inter-coalition communications. A fundamental requirement of Network Centric Warfare (NCW) between Coalition Partner for Peace nations is the deployment of an ACP 145 Coalition Gateway and a Coalition Border Directory.

This Directory needs to hold key addressing information and security policies to allow communications between Allied Forces. ViewDs has been fully tested and deployed in this scenario as Australia’s Border directory and in communication with Border Directories used by a number of other countries including the United Kingdom. With its support for X.525 Directory synchronization protocol, ViewDS has also been deployed in the Allied Border Directory scenario and has been used by a CCEB country in a number of JWID and CWID programs. ViewDS has undergone extensive testing with the Nexor Military Messaging system and the ISODE Directory Servers in this Border role.

Government White Pages eBusiness Yellow Pages

There is increasing pressure on governments and their agencies to provide online services, usually referred to as eGovernment services, which allow citizens to interact more easily and efficiently with the Government.

By deploying Identity Management solutions, governments will:
• Provide for the introduction of secure eGovernment services
• Provide authentication services for all citizens
• Aggressively push eGovernment services for rapid adoption
• Ensure that citizens can interact securely online with the Government departments

An on line discovery service solution such as ViewDS provides a guide to key people, organizations, functions undertaken and services delivered by the Government. Both Federal and State Governments deploy such solutions and they provide the fundamental basis for eGovernment service access.

For an example of ViewDS in action, see the ACT Government Directory online. It can be found at: http://www.directory.act.gov.au. eB2Bcom also currently provides the full 24x7x365 Australian Government On Line discovery infrastructure solution. This encompasses an On-Line Web based access service to the public at (www.directory.gov.au) and an internal Identity Management infrastructure available to all Federal Government employees.

ViewDS also handles changes to government organization (known as CHOPLOC or Movement of Government Changes) with the ability to move groups of staff, organizations or units easily between divisions and departments.

Web based Identity Infrastructure update facilities are provided to some 90 Departments and organizations allowing them to control and update and provision new users, departments and organizations.

ViewDS also provides for full phonetic approximate matching which is considerably superior to soundex. It can also perform various other types of approximate matching such as synonym matching, the recognition of spelling mistakes, The recognition of abbreviations (e.g. IBM would match International Business Machines,) and perform prefix matching (e.g. Fred would match Frederick.)

Governments require a solution that is fully X.500 and LDAPv3 compliant in order to ensure compatibility with other International Government organizations, with compliance to the new XML enabled Directory standard(www.xmled.info) becoming more prevalent. They also require sub second response times under extreme load.

Applications deployed within Government include service database/directories, community services, XML applications for electronic business marketplaces, telephone applications, supporting enterprise wide authentication services and any customer facing application such as Provisioning or User Self Service.

Meta Search Engine for AGLS and Green Pages

Green Pages are typically used within an Agency or Organization to provide querying, browsing and viewing of standardized information about document-like items. The availability of items is controlled with some being made publicly available while others will have limited distribution. The metadata information available identifies the substance and summarized content of the document and provides details on the location of the document with directions as to how to obtain it. In general this capability is offered across an Intranet or more practically through a publicly accessible Internet service such as an e-Government service portal. In Australia this Metadata on Government publications, so called Green Pages, is generally structured so to conform to the Australian Government Locator Service standards.

A Green Pages directory replaces assorted lists and databases in agencies and incomplete information held centrally. This coupled with a high speed search engine, user friendly access to Document content using Component matching with the full support for XML Document content as available in ViewDS provides an extremely versatile environment.

ViewDS can be deployed to draw together all the Government’s metadata records providing access to the information from a central government website. It can be linked to metadata published on individual department websites. Users can then access a list of datasets by attributes such as the location of an area of interest, geographic extent and data theme. They can then preview the dataset selected, examine the metadata for relevance and view the contact details for the provider of the data. Access to the information is controlled by access rights which will determine whether the user can have direct access to the document itself by using a URI (Universal Resource Indicator)

Whilst one of the key drivers behind the development of the “Green Pages” directory is to facilitate the commercial and public use of Public Service Information for economic and social purposes, it is important to note that a whole-of-government PSI directory can also be a very powerful tool for internal use within the public sector.

eHealth Service Provider Directories

A directory of health services and providers referred to as a Health Service Providers Directory (HSPD) has been identified as critical core infrastructure by Health Departments. The need for a comprehensive, trusted HSPD is driven firstly by the requirement of Departments (and potentially the general population) to identify and contact relevant service providers quickly and efficiently, particularly in times of emergency. It is also an underpinning requirement for any eHealth initiative such as electronic referrals and discharges and when coupled with a national Patient Directory provides the total identity infrastructure required for the “holy grail” of the health industry, the Electronic Health Record.

A HSPD provides, or is the framework for, many Health initiatives. These capabilities include:
• a web access point for consumers that will list all health services and providers with authenticated access by authorized staff to restricted data
• controlled interface to, or synchronization with, data of other Departments, States, and National projects, such as Health Connect and the National NEHTA initiatives.
• a core enabler for Electronic Referrals/Discharges
• storage of digital certificate keys for PKI based systems such as secure email or two factor authentication
• Storage of trusted data of health professionals and other parties for broadcast systems such as epidemics
• the basis for Electronic Health Record systems where the interests and concerns of local health stakeholders can be reconciled with national standards and requirements
• the location for a common provider list being used across solutions to ensure consistent provider identification in referrals.

The benefits of a successful HSPD are:
• improved efficiencies in the search and selection of health service provider information
• improvement in the quality of health service provider data
• improvement in the public’s perception of efficiency in health service organizations
• improvement in access to health service provider information
• rationalization of the sources of health service provider information
• reduction in the requirement for health service provider information searches
• elimination of the need to perform multiple searches for health service provider information

The technology used must meet the specific service needs of the proposed users. This includes:
• high speed access
• integration with web services and the ability to store XML data and more importantly to be able to search on its content
• high quality approximate matching, phonetic searching
• component matching (for more complex searches)
• hierarchical schemas to match departmental and hospital structures
• facility for “machinery-of-government” changes
• strong authentication and support for protection of data content to support State Privacy requirements

Inadequate “vanilla” database or LDAP technology in general does not provide for these fundamental requirements (for example the ability for simple “machinery-of-government changes” to cope with the frequent re-organizations of departments, regions and hospitals whereas ViewDS has all of these capabilities as standard features.

eHealth - Hospital & Health Centre Directory Service

Within many hospitals and Health centres there is generally a major frustration involved in finding accurate and up to date information about staff, contractors, suppliers, and hospital appointments. Like many similar organisations, hospitals are frustrated by their multiplicity of data repositories for employees and contractors, and the consequent lack of a single trusted authoritative source of staff information. This lack of co-ordinated directory services is seen as a major impediment to implementing other Identity Management Systems, particularly for security and provisioning.

ViewDS for Hospitals known as HEARTS (Hospital Employee And Resource Tracking & Searching) provides a hospital with a centralised publishing point for staff, contractor, and visiting identity information and single point of update for all Allied Health contact information. It is the product of, and focal point for the integration, consolidation and automation of Identity Management systems, processes and procedures. HEARTS meets the requirements of multiple stakeholder groups supporting them in the functions they perform.

It can also contain and publish other locally managed data for which there is no other source. This could include:
• Non payroll staff - consultants, contractors, volunteers, research students, etc.
• Functions and Roles - Duty Nurse, emergency reception, on-call reception, etc.
• Resources (e.g. Meeting rooms) locations, booking details and contact
• Committee groups - linkages of resources into groups
• External contacts – information relating to external stakeholders such as GPs, Health clinics and other Hospitals.
• Customised reporting such as Cost centre reporting and Employee reporting
• Organisation charts
• Delegation Management & Appointments Management
• Skills database including User self service and competencies
• Emergency and first aid
• Location management (Floors, Buildings, cubicles, network nodes linked to building plan layouts)
• PKI certificates
• External facing Health Portal, including self-service

Users are not always precise in searching a directory: names can be mis-heard, transcribed incorrectly or shortened. Furthermore there is a wide range of names from different languages. HEARTS supports a range of approximate matching strategies to better support searches by human users with an eHealth setting. These include:
• phonetic matching - e.g. "pane" will match "payne", “wong” will also find “wang”
• typing correction - compensates for missing and transposed characters e.g. “fisotheraphy” will match “physiotherapy”
• stem matching - e.g. "optics" will match "optical"
• synonym matching - e.g. "Bob" will match "Robert", "road" will match "street", “Cancer” will match “oncology”
• Abbreviation matching - e.g. "NSW" will match "New South Wales"
• word matching, including word synonyms, word phonetic matching and typing correction
• fuzzy logic used to rank and return the best results and specialized indexes for rapid evaluation of approximate matches on large databases

Access controls protect privacy and sensitive information from inappropriate disclosure and provide a delegated administration model allowing differing levels of update to be made by a number of identified ‘Stakeholder’ groups. So Both Role Based and Attribute Based Access controls are supported with fine grained Access control based upon a combination of factors such as Time of Day also possible. For instance the cost centre managers are responsible for the accuracy and maintenance of information specific to their staff within their cost centre.

HEARTS can leverage existing corporate systems and processes to produce an up to date view of contact information. The regular automated synchronisation of staff and organisational information provides provisioning and de-provisioning of staff and automated maintenance of the core Directory information. Corporate applications receive a ‘copy’ of HEARTS information through automated synchronisation.

Examples are Windows Active Directory, Switchboard Interface, Finance, Payroll and Contract Management, Call Accounting System, Administration Systems and HMO systems.

Departmental phone listings and report are generated from the Staff Directory providing real time information which can be presented on the screen and printed on demand.

Entries in a directory are arranged in a hierarchy called the directory information tree (DIT). The directory is most useful when the DIT mirrors a real-world hierarchy e.g. the organizational structure of a company or government which can be easily produced by just selecting the Campus, department or Unit required. These reports are generated automatically from the current information stored in HEARTS.

eHealth - Master Patient Index

Within the Healthcare sector, one of the critical elements in delivering quality healthcare is the eHealth Master Patient Index or eHMPI. The eHealth Master Patient Index (eHMPI) cross references patient identifiers across multiple information systems to uniquely identify each patient, perform global patient searches and matching, and consolidate duplicate patient records, allowing applications to create complete views of patient information There are several advantages to implementing an eHMPI system.

Some of the key advantages are:
• Consolidation of patient demographic information will enable more informed clinical decision making.
• Seamless integration with existing departmental systems to integrate files and IT systems that will provide a comprehensive outlook of your information.
• Flexible data models and real-time capabilities will facilitate improved record keeping and minimize overall costs.

eHMPI solutions can help by providing the following benefits:
• Improve patient care and safety.
• Increase provider satisfaction.
• Improve compliance capabilities with eHealth regulations such as the US HIPAA and other regulations to protect patient privacy.

ViewDS Uses Advanced Matching Logic to help accurately identify patients and avoid duplicate records.

The aim of the ViewDS as an eHMPI is to provide ability to link acute and ambulatory data to provide an electronic medical record with both demographic and encounter data from across the care continuum. The aim is that no matter where an individual receives care, the eHMPI can save registration and admissions personnel time at check-in by giving them access to that person’s most current patient index data. As patients move between care sites without having to repeat their admissions data, they perceive the enterprise as a single organization that recognizes them as individuals and understands their healthcare needs.

When a new record is added to an eHMPI, unique, system-wide identification number—called the Person Number—is generated for that individual. A key component and important first step in creating longitudinal patient records, the Person Number links external identifiers demographic data, and encounter data records into a single data set.

Today, a Person Number is frequently used to link a patient’s records from interfaced clinical systems, such as radiology, pharmacy, and laboratory. When the Australian National Patient Identifier (ANPI) comes into play, ViewDS implemented as an eHMPI can be adapted to link to that identifier as well.

The Person Number benefits both users and information systems managers, because current registration methods don’t have to be replaced or a single medical record number format enforced across diverse information systems. Users can still locate patient information with the medical record numbers or other permanent identifiers used on the organization’s legacy systems.

Most important of all, ViewDS as an eHMPI makes it possible for clinicians to identify and view in a single glance an entire medical record from multiple encounters across the care continuum when linked to a CCOW (Clinical Context Object work group) context management solution such as Sentillion Vergence. Besides saving clinicians both time and effort in locating records, ViewDS allows for easy access to available data and the ability to share it with other colleagues and facilities, which can help improve patient care and delivery.

One of the key capabilities delivered by ViewDS is its advanced matching capabilities. This advanced matching capability is designed to provide an intelligently method of comparing a multitude of identity attributes using a combination of heuristic matching and component matching to:-
• Anticipate possible mistakes and variations in data entry
• Match records even when their individual attributes are not exactly the same
• Help overcome the inconsistencies created by variations in registration practices across multiple systems.

When a unique identifier, such as an enterprise identification number or a facility ID/medical record combination, is not available for a record search, ViewDS uses a set of heuristic matching algorithms and indexes to examine and compare many different attribute fields within the identity record in order to identify the correct match.

As part of ViewDS Administration a reporting module capability is also available to help manage the user review of possible matches and determine whether records should be merged.

Whenever the summary of an encounter (any inpatient or outpatient visit with an admit date and billing number) is added to ViewDS as an eMPI, it becomes part of the individual’s long-term history. Each encounter is uniquely identified, so users always have access to the data, regardless of the facility or department in which the care was given. Additionally, this capability can be used as a record locator service to facilitate queries of disparate clinical systems to assemble a complete view of the clinical data captured for a patient.

The ViewDS as an eHMPI can either operate on its own or as part of a complete electronic medical record solution.

ViewDS fully supports either HL7v3 XML or openEHR XML.

Corporate Identity Server

A Directory is becoming an increasingly critical resource for the provision of electronic services. The ability to easily locate the information held within information systems greatly enhances the efficiency of enterprises and individuals within that organization particularly administrators who are faced with a myriad of different proprietary information bases such as email address lists, EDI trading information and human resources data.

Directory services that unify the mass of disparate directory information within an enterprise enable users to simply and quickly locate information they require. There is a particular challenge to integrate traditional e-mail systems with the latest group-ware products so that companies can communicate efficiently, regardless of the mechanisms used by individual groups. This requires a corporate directory which publishes e-mail addresses, functional information, and other attributes of the employees. Access to the directory must then be enabled by a variety of different means such as the Web, LDAP Client, Email address book, LDAP Active-X, Java applications, WAP and SMS enabled GSM and GPRS mobile data services.

The effective management of information is increasingly extending outside the enterprise to include customers, suppliers and other stakeholders. This requires an increased emphasis on security. The proliferation of independent access and security administration systems for networks, platforms and applications has impeded the implementation of unified enterprise wide security policies. It has created a massive security administration workload. It has also created a considerable threat to the integrity of enterprise IT infrastructure, and to the sensitive business information that IT is chartered to protect. This need is driving rapid growth in the use of directory services (such as ViewDS) as a repository for all identity information to provide a robust and scalable infrastructure to underpin access to the enterprises information. This allows the enterprise to derive competitive advantage through better access to global customer information and corporate personnel information.

Corporate Telecommunications Directory

ViewDS has been deployed into a number of organizations as a basis for their White Pages telecommunications directory service. ViewDS also provides a range of searching tools which vastly simplifies and streamlines end user access to Directory content. These include approximate matching on a search request, including phonetic matching and spelling correction, truncation matching, abbreviations, keyword matching, synonyms, and combinations of these.

ViewDS has also been integrated into existing PABX phone environments with a number of existing customers using the PABX Address book server to either do a real time LDAP search on the directory and display its results to the phone user, or via a nightly update process, synchronize its internal records with the directory content.

The directory can be fully integrated with the PABX workstation.

As an example a large NSW Government Agency has deployed ViewDS integrated with MSAC consoles from T-Metrics. These consoles integrate with the phone system and allow automatic call establishment. Phone numbers from the directory are made available to the device via the ViewDS WebDUA. Its templating capability is used to add XML-like tags around the phone numbers. This results in active links in the browser which, when clicked, is picked up by the toolbar and used by the console device to dial the selected number.

XML Document and Information Store

ViewDS provides support for XED, allowing it to offer a variety of XML services that other LDAP Directories cannot provide. With ViewDS, you have the ability to store, query and retrieve XML documents using standard LDAP operations. Since the XML content is intelligently understood, advanced searching capabilities are supported by ViewDS.
The example below indicates how ViewDS can be used in conjunction with the third party technologies, BMC Identity Management Suite and the IBM Lotus XDFL Forms. In this case the BMC Identity Management suite is providing a web interface into the ViewDS directory. IBM Lotusforms are being stored within the directory in their native XDFL format. ViewDS is being used to intelligently process the data within the IBM form to respond to search operations.
ViewDS with BMC Identity Management Suite and IBM Lotus XDFL Forms
Searches based on text fields within XML documents can be completed via a web interface. The web interface (BMC) will simply send ViewDS an LDAP search operation. ViewDS will target the appropriate section of the IBM form and apply search there.

Search operations are not only limited to text fields. In this example, the web interface is asking if a specific ‘checkbox’ within the form has been ticked. Using normal LDAP operations, ViewDS is able to identify the checkbox in question and respond authoritatively.

Postal Authorities

Many Postal Authorities can no longer depend on their traditional business services and are seeking to diversify their business to encompass new services. By deploying ViewDS Identity Management server, Postal Authorities will be able to:

• Develop new profitable e-Postal services by diversifying from traditional services
  - Add value to existing services Electronic bill payment services
  - National email registry
  - Digital Certificate Authority services
• Offer Secure messaging services

Airlines

Airlines have a requirement to provide fast and secure access to their information and services via the web, for staff, domestic and international customers and alliance partner members. Such an environment can result in a directory containing millions of entries. ViewDS’s scalability and reliability, compliance with the ITU X.500 standard and support for both DAP and LDAP protocols makes it an ideal platform for airlines.

Education

An Australian State Education Department required a web-based electronic directory, accessible state-wide by all staff over the Department's Intranet. ViewDS Directory was selected as the core product.

A web-based blue page and white pages search capability has been interfaced to the directory. The directory is maintained and updated automatically directly from the various departmental payroll and personnel systems. The hierarchical database structure provides for work-flow routing and sub-tree based access control groups. This has allowed the directory to be leveraged for a range of other cooperative business processing application developments.

One application is a web based electronic leave system, which allows staff members to remotely logon to the Department's web portal and lodge a leave application. The leave system uses the logon authentication details to locate the person within the directory unit structure and each unit has a link to the Manager/Senior Officer of the unit. The person assigned as Manager/Senior Officer has leave approval rights for that unit or any subsidiary units. The unit may contain an organisational role entry with one or more occupants with leave approval rights for that unit only.

For units identified as schools the automatic staff maintenance procedures from HR/Payroll automatically maintain the Senior Officer/Manager attribute for movements of Principals into or out of the school.

The leave system checks the staff member's unit for links to Managers or Leave approvers; if a link exists the system reads the approver's entry for their email address and sends an email advice that a leave application form needs approval.

If there is no Manager/Senior Officer or leave approver nominated for that unit then the leave system will work up the hierarchical unit tree structure to find the next superior unit with a nominated Manager/Senior Officer to receive the email advice.

A web based on-line transfer system also uses the directory to identify the Principal/Senior Officer of a school in order to receive electronic transfer applications for teachers based at that school.

The definition of workgroups within organisational units and the linkage of staff as members of those workgroups is an important structure used by a number of cooperative systems in determining the level of systems access a user may be provided.

For instance there is an internet based facility for members of the public who have appropriate recognised qualifications to search for jobs within the Department. The job seekers can prepare and submit a job application electronically. Staff within the department who process applications have access levels determined by their membership of an appropriate directory workgroup.

For instance membership of one group would give a user access to teacher applications whereas membership of subset would allow the review school administration staff applications. Another nominated group would be required before a user could post job advertisements onto the repository.

Distinguished Name links to managers, organisational roles, group memberships etc are automatically updated if units are moved or renamed. Similarly, the system provides for these links to be automatically removed if the staff member is moved to another unit.

The directory has also been directly interfaced with telephony systems which provide switchboard functionality across the department's state office locations. This interface allows person/unit search and auto-dial capability to the switchboard operators.

The reliance on the directory solution by staff and developed applications, has made the central directory an essential enabling technology and integrated business solution.

The Department has implemented an infrastructure upgrade to redundant Directory servicing. This has been accomplished by using the Master-Shadow replication implemented within ViewDS. In the event of a system failure, the shadow directory can be enabled as a master directory providing fail-over functionality.

Banking and Finance

Customer high speed access is paramount when delivering eBanking services.

Banks today are developing an enviable but challenging e-business problem. Their new online banking systems are becoming tremendously successful resulting in a skyrocketing number of Internet banking customers.

The Banking and Finance sector use directories to support global communications and e-commerce. They form the basis of a cost-effective infrastructure for compiling, distributing, managing and securing information in a cost-effective way which is crucial to their market competitiveness.

ViewDS is a high-performance directory server. It can handle hundreds of millions of entries while maintaining performance, reliability, security and ease of use. Furthermore, by using Express Sync conversion tools, data can be imported from various external repositories into the Banking Directory server. This scalability and flexibility is essential in a deployment where the number of entries can climb into the millions.

Support of Aviation Messaging

AMHS (Air Traffic Services Message Handling Services), as specified in the ICAO ATN (Aeronautical Telecommunications Network), is the new standard for ground to ground messaging communications in the Aviation sector. The new AMHS specification requires an ATN Directory Service that is essential for the deployment of many of the services defined in AMHS. The ATN directory is based on the ITU X.500 specification, which is extended for various ATN capabilities. X.500 was originally designed by the ITU-T to support the global telecommunications systems, and so is ideal for the ATN application. Key elements of X.500 are:

• Hierarchical Naming. This allows authority to be naturally delegated to ATN participants, and to allow distributed deployment that follows the same hierarchy.
• Distributed and replicated directory provision, using multiple DSAs (Directory System Agents); this makes ViewDS the perfect platform for supporting a widely distributed system such as ATN.
• Extensible schema. This extensibility has been used effectively in the ATN directory to extend the core X.500 schema to provide ATN specific functionality. This extensibility can also be used by ATN Directory vendors and customers to add further specific functionality.
• Standardized access protocols, enabling client/server management, and easy integration into ATN applications.

ViewDS supports the new ATN Directory requirements of AMHS.

eB2B.com Pty Ltd