IBM Security Global Forum

 View Only

Case Study: The Score Prophet App Built with IBM Security Verify & IBM Cloud – Just-In-Time for the FIFA World Cup 2022

By Stephen Swann posted Thu October 20, 2022 10:35 AM

  

Executive Summary

In June 2022, Madigan Solutions doubled in size following a recruitment campaign targeting young talent enthusiastic about Information Technology but who had not necessarily studied the topic at university. The directors of Madigan Solutions went about finding talent with diverse backgrounds and skill sets with a view that targeted training could reap excellent results. The hired trainees, with an average age of just 23, had little or no work experience never mind any computing background. The training was going to be broad, intensive, and tough.

“Within four weeks, we had covered virtualization, the Linux operating system, JavaScript, SQL and non-SQL databases, directory servers, containerization, GIT, and of course, IBM Security technology” explained Stephen Swann, Director of Strategy & Vision.

Training in labs is all fine and well but it is no substitute for real-world experience in delivering solutions for customers and working within the constraints of project deadlines and ever-changing customer requirements. But how do you introduce trainees to a real-world experience without having to deal with external customers? And how do you select a technology platform upon which the build of applications can be accelerated?

 

The Score Prophet

Stephen Swann explained: “At the beginning of August 2022, and after six weeks of training, we decided to run a project to build a cloud-native web application that could showcase IBM Cloud technology, but specifically integrate the application into IBM Security Verify. The idea was that the trainees would learn about project lifecycles, IBM Cloud technology, and understand the benefits of IBM Security Verify in the context of a real-world application.”

The FIFA World Cup 2022’s official start date is November 21st, 2022, and the team decided it might be interesting to develop a game that allowed people to predict the results of the matches and rank the participants on the quality of their guesses. That was the cue to gather requirements, design the game, and crucially, work out how on earth one goes about developing such a thing.

“It was amazing to watch the team in action. Not only did they think about the solution itself, but they were really focused on using modern technology to develop their skills and even wanted to understand how they could go about marketing such a solution at the end of the process. This wasn’t just a training exercise for them. They wanted it to be a success in its own right!”

The team immediately split itself into front-end UI/UX developers and back-end API and database delivery teams. They gathered their requirements, thought about the screens and experience required to deliver a quality solution, then mapped the various API endpoints required to support that experience.

Once the screens were mocked up and the API endpoints defined, it was time to select a means of delivering the technical solution. Node.JS using the Express framework with a MongoDB database was selected from a shortlist of technologies that simplified the next decision to be taken – which components on the IBM Cloud could best serve our needs?

 

IBM Cloud

Building the solution on the IBM Cloud was a natural fit for an IBM Business Partner. A cloud-native delivery pattern was important to the team (and their stakeholders).  The team was focused on delivering a solution rather than delivering procedures for patching operating systems.

IBM Code Engine was selected as the container orchestration tool for both the front-end application and API backed. IBM Toolchains were created for automating the CI/CD processes. IBM Key Protect was used to store keys and secrets. IBM Functions was selected for the execution of periodic batch processes. Conceptually, their first architecture diagram looked like this:



“The great thing about the World Cup was it had a fixed deadline. No amount of asking for an extension to our project timelines was going to result in FIFA shifting their match schedules” joked Swann.

The team got into “build mode” and with a target to deliver a minimum viable product within four weeks, the results were impressive:

  • A MongoDB instance in a highly available configuration was brought online.
  • An API backend application was built using Node.JS and Express, containerized and deployed to IBM Code Engine.
  • A front-end application was built with some beautiful imagery using ­­Node.JS and the bootstrap framework. It was containerized and deployed to IBM Code Engine.
  • Integration with third-party API endpoints to automate the updating of match scores in real time was provided by Node.JS code snippets deployed to IBM Code Functions.
  • And of course, the application was integrated with IBM Security Verify to provide authentication services and integration to other identity providers such as Facebook and LinkedIn.

 

IBM Security Verify

Hooking the platform up to IBM Security Verify was critical. Delegating authentication decisions to a third-party by using OpenID Connect (OIDC) would remove a whole world of pain from the development team.

Thankfully, the SDK for the Verify platform provided by IBM just worked.

The SDK wasn’t the only feature of the integration that proved to be a success, though. Configuring IBM Security Verify to delegate authentication to trusted social identity providers (such as LinkedIn and Facebook) was a point-and-click affair. The setup of an application definition for OIDC integration was similarly simplistic. And enabling context-based and adaptive authentication was a breeze.

Madison Shaw, one of the trainees who looked after the integration with IBM Security Verify said: “OIDC, OAuth, access tokens and refresh tokens were all new concepts to me when I started. I can’t believe how easy it was to implement a means of authenticating users and get the bare minimum user information passed to The Score Prophet platform to establish who was playing the game.”

Theming the IBM Security Verify user experience was the responsibility of Billy Quigley. He also found the process of customizing the UI/UX for the various use cases that required IBM Security Verify interaction easy to get to grips with: “The APIs for templating and theming was very intuitive. We had the theme we wanted to be designed, built, and applied within minutes.”

 

Summary

In summary, a team of trainees with no previous technical background other than six weeks of in-house training built and delivered a fully-fledged web application hosted on the IBM Cloud and protected by IBM Security Verify within just a month.

The targets may have been challenging, but determination and focus have resulted in something that wasn’t just fun to build, but will be fun to play, and will be re-used for other sporting competitions in the coming months and years.

“Obviously the team deserves a lot of credit for what they have achieved. But getting there was made so much easier by taking a cloud-native approach using IBM Cloud technologies,” said Swann. “And the lessons learned? Invaluable.”

And of course, visually, it renders beautifully on both desktop and mobile devices.


Learn More

To learn more about the game or to participate and demonstrate your predictive skills, visit www.thescoreprophet.com.

 

IBM Solution Components Used

IBM Security Verify
IBM Cloud – Code Engine
IBM Cloud – Functions
IBM Cloud – Container Registry
IBM Cloud – Toolchains
IBM Cloud – Key Protect
IBM Cloud – Compose for MongoDB
IBM Cloud – Object Storage

 

About Madigan Solutions

Madigan Solutions UK Limited is a leading provider of IBM Security Verify solutions. Whether your needs are access management, identity management & governance, or privileged access control & monitoring, Madigan Solutions can help you satisfy those needs.


#Spotlight
#Spotlight
#Spotlight
#Featured-area-1
#Featured-area-1-home
#Spotlight
0 comments
2015 views

Permalink