Kuali Technology

Mark Norton – Nolaria ConsultingZachary Naiman – Member Liaison, Kuali Foundation

What is Kuali Rice?Kuali: a humble kitchen wok (Malaysian origins)Rice: a food staple

Sits on the bottom of a dishNot a very tasty meal by itselfBetter with some cuisine on top

KFS (Kuali Financial System) - BeefKC (Kuali Coeus, Research Administration) - Chicken

KS (Kuali Student) - SeafoodRice is the foundation to hearty meals (aka

enterprise software products)

What is Kuali Rice?

Historic OriginsRice was originally a set of

foundation services in Kuali Financial System (KFS).

These were broken out and made generic.

After more than a year of work, the 1.0 release is being made available.

Rice is now a full Kuali project with it’s own board and community.

Rice GovernanceRice Board of Directors in chargeCommittees formed by Kuali project

leadersApplication Roadmap Committee

high-level application architecture for integration of Kuali application projects

Technical Roadmap Committeehigh-level technical architecture and

tools

Kuali Rice VisionSupport the needs of the Kuali Application

ProjectsFoundational middleware components and services

Enhanced software development frameworkLeverage middleware and development

frameworks for building custom applicationsAchieve sustainability through community

source development and adoptionIterate Rice architecture towards a Service

Oriented Architecture

Kuali Rice ObjectivesCreate standard component API’sDesign modular, re-usable componentsProvide a reference implementation

based on industry standardsEnsure intellectual property and license

compliance is maintained Promote adoption by a wide variety of

institutionsBuild a large, sustainable community of

interest

Kuali Rice Components – Version 1.0

KNSKuali Nervous SystemKENKuali Enterprise NotificationKSBKuali Service BusKEW Kuali Enterprise WorkflowKIM Kuali Identity

Management

KNS Overview

The Kuali Nervous System is a collection of kernel services that support other Rice modules and Kuali applications.

• Authentication• Authorization• Batch Management• Business Rules• Document Management• Custom Attributes• Data Dictionary

• Help Framework• Inquiries• Lookups• Notes and Attachments• Question and Dialogs• Security and Encryption• System Parameters

KNS OverviewThese services provide reusable code,

shared services, an integration layer, and a development strategy

Provides a common look and feel through screen drawing framework

Uses a document (business process) centric model with workflow as a core concept

KNS Chart Architecture

CHART_TChart

(POJO)ORMMap

Data Dictionary

Lookups and

Inquiries

MaintenanceDocuments

TransactionalDocuments

Workflow(KEW)

Transactional DocumentsThese are data-entry centric documents

or “transactions” that model the business processes

Examples include: Proposal Development, Journal Entry, Payment Reimbursement

Built on a case by case basis using the Kuali Rice tag libraries (encompass snippets of UI behavior):Notes and attachmentsWorkflow route log (audit log)

Integrated with workflow

Maintenance Documents

No GUI programming required, user interface is rendered by framework

These are used for maintaining dataAn easy way to maintain support tables in a

databaseSupports creation of new records and editing

of existing recordsExamples include:

Budget ratesProject codes

KEN OverviewA secure notification system that works

with an action list to provide a single place for all university related communicationsWorkflow items come from KEWNon-workflow items from KEN

Non-workflow example itemsNotification of an overdue library bookAnnouncing a concert event on campusSending graduation checklists for seniors

KEN Overview - ContinuedSimplifies email using subject tagsProvides a communication broker which

handles any combination of action list, email, or custom notifiersControlled by user preferences

Audit trail for all messages just as in KEW

KSB OverviewAn enterprise service bus that:

Lists all services on the bus and how they can be connected

Uses a simple Spring configuration, to export Java based services from a Rice enabled application as SOAP or Java Serialization over HTTP services

Common service locator paradigm - access services remotely or locally

Other “Rice Clients” can consume services published on the KSB

KSB SecurityBus level : option to digitally sign, WS-Security

used for SOAP servicesService level security through Acegi

Service level, method levelUser proxying through standard security models

(i.e. CAS, Kerberos)Security context passed along (user, authn token,

roles)Services can call authn/authz authority to validate

context

KEW OverviewEnterprise workflow using a content-based

routing engine.Documents created from process definitions (Document

Types) and submitted to the workflow engine for routingRouting decisions made based on the XML content of the

DocumentTraditionally used for business transactions in

the form of electronic documents that require approval from multiple parties. For example:Transfer of FundsHire/Terminate EmployeeTimesheetDrop Course

Includes services, APIs, and GUIs

KEW – Core Features

Action List (User’s Work List)Document SearchingDocument Audit Trail (Route Log)Flexible process definition (Document

Type)Splits, Joins, Parallel branches, Sub processesDynamic process generation

Rules EngineEmail Notification

KEW – Core Features, cont.

Notes and attachmentsWide array of pluggable components to

customize routing and other pieces of the system

eDoc LiteFramework for creating simple documents quickly

Plug-in ArchitecturePackaging and deployment of routing components

to the Rice Standalone Server at runtime

KIM - Overview

The Kuali Identity Management module will be included in version 1.0 of Rice

Provides identity and access management services to Rice and other applications

Includes a service layer as well as a set of maintenance screens

Supported Concepts include:Entities and PrincipalsGroupsRoles and PermissionsAuthentication

KIM - Why?As more projects began to use the Kuali

Rice framework, we identified a need for a common API for Identity and Access Management

Wanted to introduce the concept of Roles into Kuali, previously groups were used for authz

Ease the implementation overhead for implementers working with multiple Kuali projects

Results in one-time institutional customization of identity services for all Kuali projects

KIM – Design GoalsShared identity and access

management services that all Kuali projects can use

Generic enough to be used by non-Kuali projects

Provide a rich and customizable permission-based authorization system

All services available on the service bus with both SOAP and Java serialization endpoints

Provide a set of GUIs that can be used to maintain the data

KIM – Design GoalsProvide a reference implementation of

the services but allow for customization/replacement to facilitate integration with institutional services or other 3rd party IDM solutions

Allow for the core KIM services to be overridden piecemealFor example: override the Identity Service

but not the Role Service

KIM – ServicesKIM consists of the following services

which encompass it’s APIIdentityServiceGroupServicePermissionServiceRoleServiceResponsibilityServiceAuthenticationService

These are read-only, there are also “update” services which allow for write operations

KIM – Architecture diagram

KIM – Internal Usage

Many permissions exist that are used by KNS, examples:Edit DocumentLook Up RecordsUse ScreenCreate / Maintain Records

KEW uses KIM permissions as well:Administer Routing for DocumentBlanket Approve DocumentRoute Document

Even KIM uses permissions internallyAssign RoleGrant Permission

What’s Next for Kuali Rice?

Release 1.0 coming very soon!Enhanced DocumentationStandards

JPA for data persistenceEasier configuration and turnkey upgradesBetter compatibility between different Rice

versionsKOM – Kuali Organization ManagementAnd much more!

Further Information about Rice

The main Rice web sitehttp://rice.kuali.orgSign up for our public mailing listAccess to our wiki: roadmap, project plans,

documentation, etc

Thank You!

Any Questions?

Contacts:

Zach Naiman – zach@kuali.orgEric Wesfall – ewestfal@indiana.edu

Special thanks to Eric Westfall and Bill Yock for contributing slides