File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Login/customer account topic questions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Login/customer account topic questions" Watch "Login/customer account topic questions" New topic
Author

Login/customer account topic questions

Jiri Slefr
Greenhorn

Joined: Jun 08, 2007
Posts: 2
Hi all,

I am little bit confused by the login/customer account thing...

I understand, that the real customer has to be logged into the system in order to process some actions, but what about the FBN travel agent ? There is nothing written about the agent - does the agent have his own login (used just for security reasons) ? Another thing is if the customer books the flight with help of the FBN travel agent - should the agent be prompted for the login of the customer he is booking for ? What if there is no customer account ? Should it be created by the agent for the customer (not realy sure, that typing password by another person is a good thing) ?

Do I understand it well, that a part of the customer account is a list of his credit cards (he can choose from during the "pay for itinerary" usecase) ?

And the last one: if the customer uses the Award travel, should the system let know to the frequent flyer mileage system in order to decrease the mileage account of the customer ? There is no word about it.

Thanks a lot !
Jiri
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6662
    
    5

You have to assume some things about the agent and then document them. How is the user going to contact the agent to do things for him ? Will the agent be allowed to login in place of the user ? If so how ? Make assumptions here to make your design simple. We dont want to add complexity or extra classes to fulfill unsaid requirements. We can make assumptions about how the process should be carried out.

Do I understand it well, that a part of the customer account is a list of his credit cards (he can choose from during the "pay for itinerary" usecase) ?


This is detailed in a use case. Yes he has a list of cards.

decrease the mileage account of the customer ?


You have to make an assumption about this. Do you want to do it in your design or do you want FBN do handle this dirty work ? Both options have their pros and cons.


SCJP 6 articles - SCJP 5/6 mock exams - More SCJP Mocks
Mahesh Kumaraguru
Ranch Hand

Joined: Jun 01, 2005
Posts: 95
Originally posted by John Meyers:
... How is the user going to contact the agent to do things for him ? ...


Am I permitted to assume its outside scope of assignment - phone / fax / email / ticket sales terminal...

Originally posted by John Meyers:
Will the agent be allowed to login in place of the user ? If so how ?


Can I assume that when customer is booking thru an agent, the agent just needs to enter the customer id / select from a dropdown list, the agent does not need the customer's password ie agent does not login as customer - agent book ticket(s) on behalf of customer.

Originally posted by John Meyers:
... want FBN do handle this dirty work ? ...


Is there any statement in the assignment saying FBN cannot be changed ?


Regards,<br />K. Mahesh<br /> <br />SCJP 1.2 Aug-2001 : 79%
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6662
    
    5

Am I permitted to assume its outside scope of assignment - phone / fax / email / ticket sales terminal...


Yep

Can I assume that when customer is booking thru an agent, the agent just needs to enter the customer id / select from a dropdown list, the agent does not need the customer's password ie agent does not login as customer - agent book ticket(s) on behalf of customer.


Yep

Is there any statement in the assignment saying FBN cannot be changed ?


The assignment says about that in its documentation. You first need to figure out what FBN is made of ( you could also make some subtle assumptions here) and then figure out if any part of the FBN can be changed. If it can be you better justify it in your documentation
Mahesh Kumaraguru
Ranch Hand

Joined: Jun 01, 2005
Posts: 95
Originally posted by John Meyers:


The assignment says about that in its documentation. You first need to figure out what FBN is made of ( you could also make some subtle assumptions here) and then figure out if any part of the FBN can be changed. If it can be you better justify it in your documentation


As a legacy integrator / architect, I would prefer to assume that legacy cannot be changed. In my experience, architect should assume that legacy systems and vendor products cannot be changed unless some major show-stopper kind of bug can be found and "proved" which I do not expect in this FBN assignment.
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6662
    
    5

Originally posted by Mahesh Kumaraguru:


As a legacy integrator / architect, I would prefer to assume that legacy cannot be changed. In my experience, architect should assume that legacy systems and vendor products cannot be changed unless some major show-stopper kind of bug can be found and "proved" which I do not expect in this FBN assignment.


By 'changed' I meant changed by you. You need to justify how you are going to integrate with the existing things and you need to figure out if you can replace it or integrate with it etc etc. The assignment documentation has some clues about that. Good luck
ravi janap
Ranch Hand

Joined: Nov 04, 2000
Posts: 389
Hi

Both Web Customer and FBN Travel Agent have to be logged into the system to make a reservation. The FBN Travel Agent has no knowledge of Customer's login and has his own login that gives him secured access to the system. The Customer login is not created by the Travel Agent and is created by the Customer himself. The customer account has a list of credit cards for the system to charge the customer when a reservation is made. When the customer chooses award travel then the frequent flyer miles is credited or debited to customer's frequent flyer mileage account.

Thanks

-- Ravi


SCJP, SCJD, SCWCD, SCBCD, SCEA
Jiri Slefr
Greenhorn

Joined: Jun 08, 2007
Posts: 2
At first thanks for all your responses.

Now I know, that my hands are really free when making the solution.
The only unclear process for me is the Agent/customer cooperation. I am thinking about an agent as a person on the phone, which is able to create itinerary/modify itinerary/realize a payment for me as a customer. I know, that in order to have the application secure enough, it is necessary to have the agent logged into the system (which can be done using NTLM, LDAP etc.), but this login differs from the login of the real customer, because the customer's login offers to the customer list HIS OWN existing data and use data from HIS OWN profile (eg. credit card list, name etc...). For me this all means:
1. Agent has to identify the customer somehow (eg. username=email and password - mandatory in order to have at least some security), which has a precondition in customer account existence
2. If the customer does not have an account, it is necessary to create one in order to allow to the customer the future possibility to list and change it's own data and handle customer's mileage account
3. When the agent creates an account for the customer (without password specification), the system will generate a password and all information will be send to the customer by email. As soon as the account is created, the agent works in context of the customer

I expect this should solve the problem completely.
Tyler Lebowski
Greenhorn

Joined: May 10, 2007
Posts: 24
What if the Travel Agent is really a robot or a telephony system? What happens if the phone system shuts down?

Remember, when developing your architecture which will no doubt be implemented by FlyByNight, that there will be many, many developers and employees who consistently perform in a "Less Than Expected" capacity working on maintaining your solution. Now, with that said, keep the KISS principle in mind (Keep It Simple Stupid!).

These are things technology architects worry about all the time...that and drinking beer.
Mahesh Kumaraguru
Ranch Hand

Joined: Jun 01, 2005
Posts: 95
Originally posted by Tyler Lebowski:
What if the Travel Agent is really a robot or a telephony system?


If Travel agent is a Robot / Telephony system, then "it" does not need a Swing GUI - A fast rich client. I am assuming my travel agent is a person, starts the phone conversation as "Welcome to Fly By Night. How can I help you today?" and needs a Swing gui with lots of nice features to help him / her get "more" work done with "less" effort.

Originally posted by Tyler Lebowski:
What happens if the phone system shuts down?


If any system shuts down prod support @ FBN will be paged and 24x7 support staff would take over and get it up asap. As Architect, I have obtained service level aggreement from production support regarding escalation procedures and my developers would provide documentation on how support should be carried out.
[ June 19, 2007: Message edited by: Mahesh Kumaraguru ]
Mahesh Kumaraguru
Ranch Hand

Joined: Jun 01, 2005
Posts: 95
Originally posted by Ravindra Janapreddy:
Both Web Customer and FBN Travel Agent have to be logged into the system to make a reservation.


Yes.

The FBN Travel Agent has no knowledge of Customer's login and has his own login that gives him secured access to the system.


Yes, additionally note my assumptions :- The Agent knows the customer id, NOT the password. The customer identifies himself to the agent using customer id.

The Customer login is not created by the Travel Agent and is created by the Customer himself.


In which case I assume that the customer has already created his / her account and populated email, credit card(s) info etc. in the profile and has customer id before calling an FBN Agent to make a reservation.

The customer account has a list of credit cards for the system to charge the customer when a reservation is made. When the customer chooses award travel then the frequent flyer miles is credited or debited to customer's frequent flyer mileage account.

Thanks

-- Ravi


Yes. For credit cards, the customer just gives the agent only last 4 digits of credit card or just card type - visa / master card / amex / diners / ..... to uniquely identify the credit card within the customer record.

Originally posted by Jiri Slefr:
The only unclear process for me is the Agent/customer cooperation. I am thinking about an agent as a person on the phone, which is able to create itinerary/modify itinerary/realize a payment for me as a customer. I know, that in order to have the application secure enough, it is necessary to have the agent logged into the system (which can be done using NTLM, LDAP etc.), but this login differs from the login of the real customer, because the customer's login offers to the customer list HIS OWN existing data and use data from HIS OWN profile (eg. credit card list, name etc...).


Agent is person - Accepted. Agent is logged in using his / her agent id and its password. Customer gives the agent only his / her customer id and the agent is able to retrieve customer data from FBN using the supplied id.

1. Agent has to identify the customer somehow (eg. username=email and password - mandatory in order to have at least some security)


Now a situation has come where two passwords are required

1. Customer internet password used by customer when logging in thru wwweb
2. Customer Telephone PIN which is used when customer phone calls Travel Agent to get a ticket booked since you want mandatory in order to have at least some security)

As architect I assume that Customer ID number is just a number and not an email address. This design choice is based on an assumption that customer may loose access to his email password, hence using a customer id, they may be permitted to change their email address. FBN tracks Frequent Flier miles only using the customer ID.

... which has a precondition in customer account existence
2. If the customer does not have an account, it is necessary to create one in order to allow to the customer the future possibility to list and change it's own data and handle customer's mileage account
3. When the agent creates an account for the customer (without password specification), the system will generate a password and all information will be send to the customer by email. As soon as the account is created, the agent works in context of the customer

I expect this should solve the problem completely.


If Agent creates customer account (without password) and a system generated password / new account activation url is emailed to user. In first booking by FBN agent for new customer, customer has to provide credit card number on phone to make the reservation or be online to add credit card numbers to his / her profile and just give distinguishing identification of credit card to FBN agent. If customer is in front of web PC, then customer can create his / her own account before calling FBN agent.
[ June 16, 2007: Message edited by: Mahesh Kumaraguru ]
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Login/customer account topic questions