Вы находитесь на странице: 1из 32


Buyers Guide
A Business Primer and Buyers Checklist
for Portal, Content, and Collaboration


Table of Contents
Executive Summary 1
Business Primer: Enterprise Portals, Content and Collaboration - Trends, Opportunities, and Solutions 3
Portals, Content, Collaboration  3
Trends: Increasing Business Value While Reducing Costs and Risks 4
Development & Product Simplification 4
Unification of Presentation Strategies 4
Unification of Content, Portals , and the Application Platform 4
Unification of Departmental and Enterprise-wide Software 4
Unification of Developer Strategies and Technologies 4
Opportunities & Growth: The Future of Web Content and Application Delivery 5
New Capabilities and Development 5
New Cost Savings  6
New Expectations 6
Solutions: Top Reasons Enterprises are Choosing Liferay Portal 7
Key Business Benefits  7
Product Differentiators 7
Global Liferay Ecosystem of Developers, Users, and Partners 7
Industry Acclaim 8
Open Source Leadership 8
Case Studies 8
Buying Checklist for Evaluating Portals, Content and Collaboration Solutions 9
Buyer Evaluation Criteria 9
Buyers Checklist10
Liferay Resource Guide24
Product Resources24
Product Details24
Product Download24
Community Content24
Liferay Events and Webinars24
Services Resources24
CE vs. EE24
Pricing Options & Indemnification24
Liferay Professional Services25
Liferay Partner Network25
Competitive Review26
Industry References and Glossary26


Executive Summary
Enterprises are increasingly evaluating their corporate infrastructures

community-centric nature of the open source ethos has also

to see how they may benefit from open source. This has been

fostered a unique merit-based environment in which only the

driven by a combination of tangible business needs for competition

most motivated and talented developers thrive and receive

in todays web-centric business environment and the recognized

recognition for their contributions.

limitations of proprietary technologies in being able to meet

these needs. While several key infrastructure pieces are still


supported by expensive and often operationally heavy platforms,

In the past, the term open source was widely associated with

open source use has become popular for components residing

simply being lower cost while enterprise software was understood

within the presentation layer, notably surrounding portals, content,

to be scalable, reliable, and available with mission critical support

and collaboration functionality.

and an established partner ecosystem. The reality is, however,

Notably, when evaluating such solutions that directly impact

organization productivity and processes, several topics have
been top of mind: social collaboration and networking (and how
it impacts the traditional EAI use case), rich interfaces, RESTful

that todays open source leaders are contending with and

out-performing commercial competitors in mission critical,
high-scalability use cases. Open source has become a relevant
and strategic part of platform planning.

and Web architectures, and the empowerment of end users, are

To fulfill a growing demand for simpler and more fiscally-viable

just a few. Enterprises have also been ever more cognizant of the

options for the masses, open source development has accelerated

need to balance total costs against time to productivity while

at an impressive rate, not only matching the features of expensive

ensuring extremely high reliability.

proprietary products, but oftentimes offering them in a

Once simply viewed as free software, open source products are

now enjoying accelerated adoption within the enterprise thanks
to four key factors: the maturity of open source products today;
the innovation offered by community- and collaboration-driven
development methodologies; the wide availability of services
and support for open source products that are comparable to,
if not better than, those available for their proprietary competitors;
and the promised reductions in the total True Cost of Ownership.

Historically, proprietary products have succeeded by innovating
faster and marketing better than their competition. However,
with market consolidation, the growth of industry giants that
dominated specific markets, and recent slowdown of the global
economy, proprietary software vendors are now building their
product roadmaps against an ever-shrinking pool of competitors,
thus resulting in declining innovation.
Conversely, open source products develop in a highly competitive

lighter-weight and more flexible form.

Support and services

With this rapid innovation, influential technical and business
ecosystems have grown up around the most successful and
in-demand open source products. Typically, these open source
products are headed by a core team (the original creators and
other stakeholders) that take the lead on product strategy and
coordinate the aggregation and refinement of contributions
from the community. With oversight on product roadmap,
feature requests, and market need, these same leaders are able
to respond to demand by building highly capable support and
services units, often pulling from the large pool of proven talent
from the community itself. Thanks to the global nature of open
source development, these support and services teams start-up
on a global scale, providing rapid and expert responses from the
products developers rather than from call center employees with
little depth of knowledge on a product.

ecosystem in which only the best products win; those that foster

True Cost

the fastest learning curves and deliver the most improved

More than ever, proprietary product vendors are employing the

productivity with the most innovative and compelling features,

concept of product chaining in their development, whereby

gain popularity and adoption. Others do not. The public and

one product necessitates the use of another product from the


same company. These vendor lock-in strategies have perpetuated

the dominance of a few key players, which, consequently, kept
complex and expensive pricing an uncontested norm.
However, as open source vendors matured and rose in importance
within the enterprise, they began to innovate software business
and pricing models as well. The enterprise software market has
been impacted by offers of flexible pricing options such as
annual subscriptions, lower cap-ex pricing, and unlimited use
pricing. As a whole, open source players offer reductions in
initial licensing costs, lower support fees and training costs, and
greater ease of development thanks to the use of open standards
and newer technologies.

This document provides decision makers a list of tools for
evaluating future purchases for their infrastructure.
i.Business Primer -- an overview of the major issues
affecting the portal, content and collaboration market.
ii.Buyers Checklist -- a worksheet for evaluating each
infrastructure layer.
iii.Liferay Evaluation Guide
iv.Industry References and Glossary


Business Primer: Enterprise Portals, Content and

Collaboration - Trends, Opportunities, and Solutions
Enterprises are increasingly turning to portal, content and
collaboration products to enhance their infrastructures with
new, organizationally-pervasive services. This combination of
functionality, when executed well, can provide far-reaching
impact on an organization and its processes.

Portals have grown to satisfy multiple demands within an enterprise

Collaboration continues to see new innovations in services and
methodologies. Most are variances on how information can be
contributed, found, shared, and re-purposed. A now familiar
branch of web-based collaboration is social networking, which,
when implemented in line with enterprise and organizational
policies, creates a new paradigm for collaborative services.

such as business integration, user personalization, role-based content

Subsequently, todays enterprise software products must allow

delivery, content management, mobility, and collaboration. However,

an organization to define its own social network (with end

in doing so, many portal implementations run the risk of becoming

user defined groups and roles within) that can be constrained

overly complex and expensive as they require additional integration

or augmented by formal organizational policy (e.g., adding a

with other applications to offer the extent of functionality needed.

company business unit to a social group or disallowing end users

To mitigate costs and complexity, newer portal players must offer

with specific roles to share data outside their organizational level).

more out-of-the-box capabilities in highly-demanded functional

The addition of collaborative capabilities to portals allows a new

areas such as content management and collaboration. With fewer

dynamic for web development. For example: an employee can see a

costs and less time needed for integration and custom feature

new posting from the Engineering department about a new product

development, users can focus their energy on more strategic

launch. The employee could then quickly add new content for

efforts like business logic and solution design.

customers using the built-in content management system (CMS),


check the schedule for the project in the forums section, add a new
discussion about marketing activities for the launch and set up tasks

In recent years, content management strategies have trended

or events in the group calendars. Allowing a user to accomplish all

towards the decentralization of content repositories. While

these activities within the same system defines a new standard for

there is understood need for a single, centrally controlled system,

web site development where formal content and end user driven

todays multi-departmental and multi-regional enterprise also

content and activities are combined.

requires the flexibility of allowing different business units to

1) create and manage their own content; and 2) define approval
processes within their team or organization.
New software must provide innovative means of meeting this
for agility with features such as delegated content management
and authorization, while still allowing all end users to access
decentralized, group-created content from a single interface.


Trends: Increasing Business Value While

Reducing Costs and Risks

and employees.company.com. Additionally, multiple portals can be

Enterprise software must be reliable, must simplify and streamline

a common set of data, content, application services, identity

development processes, and must curb start-up and long-term

services, and portlets.

costs while providing innovative new features to end users.

Unification of Content, Portals , and the Application Platform

While a winning combination of this criteria is rare, all should

be reviewed when evaluating portal, content and collaboration
technologies that can significantly affect overall organization
productivity and the achievement of business goals.

deployed across a portal fabric in which each portal can leverage

In the past, portal software was used for only a portion of the web
experience (e.g., an employee portal or dashboard) alongside a
number of other disparate products performing other functions.
Application platforms were used to build individual applications

Development & Product Simplification

(e.g., using an application server to build a trouble ticket automation

Development tools and methods are affecting web application

application integrating to an existing system). The simplification

delivery. Understandably, the market favors simpler tools and

of software has led to a new strategy to unify infrastructures and

methodologies conducive to rich user experience and provide


ease of extensibility and integration with other technologies.

Unification of Departmental and Enterprise-Wide Software

The simplicity of a software product ensures lower costs, higher

Enterprise-wide projects and departmental projects are often

reliability, and increasing ability to meet growth strategies. Instead

supported by different sets of software. For example, many

of complex, monolithic systems, enterprises seek products that

companies use an IBM, Oracle, or BEA portal for enterprise-wide

are ideally both light-weight and feature-rich. Historically, the

implementations and use SharePoint at the departmental level.

term light-weight was used synonymously with simplicity to

Likewise, they will leverage major content repositories for

describe products that have a smaller installation size and are

enterprise-wide content while leveraging open source repositories

faster to download and easier to install, but with fewer capabilities.

for the departmental requirements.

However, with the open source markets use of newer and faster
development tools, frameworks and components, todays enterprises
have access to products that allows them to quickly evolve with
business needs while remaining light-weight, with built-in
expansion mechanisms, like micro-kernel architecture and plugins.
Unification of Presentation Strategies
There is continual growth of new applications and services within
an enterprise. A truly effective portal infrastructure should allow
new features and services to be continually added into the existing
infrastructure. It must provide authentication, authorization and
role-based content delivery (RBCD). RBCD defines that each person
accessing the portal sees and has access to only the content that
they are authorized to view. It is what permits an enterprise to
offer one unified view without compromising content security
or user experience. It also improves user productivity, reduces
software maintenance costs across applications, and increases
the reuse of code, content, and policies.
A unified presentation layer using portals also allows for the
creation of micro-sites whereby a single portal instance can host
www.company.com as well as my.company.com, partner.company.com,

Quite significantly, recent trends show corporations looking to

service both enterprise-wide solutions and departmental solutions
with one product to allow for code and feature reuse and to share
the costs of unlimited licensing across a larger pool of users.
Unification of Developer Strategies and Technologies
Developer technology changes have also fractured enterprise software.
For many years, Microsoft and Java technologies have contended
for favor. Now, developers are faced with an ever-growing list of
technologies and development languages to choose from: Java
developers can choose between Spring and EJB, between SOAP
and REST, between Java and PHP/RUBY, between DOJO Toolkit
and Microsoft Web Wizard, and maybe even between Eclipse
and Dreamweaver. IT teams make these choices when planning
their application infrastructure, but with the understanding
that choosing one technology may exclude it from innovations
available in others.
However, because portals aggregate content at the presentation
layer, they allow multiple technologies to be used in the application
layer, thereby giving an enterprise access to the benefits of each.


Products like Liferay Portal also allow the various web technologies
in different programming languages to be aggregated by a single
presentation layer to the end user. Rather than force a development
team to choose some technologies over others, unification via a
portal interface opens up new possibilities for development.

Opportunities & Growth: The Future of Web

Content and Application Delivery
New Capabilities and Development
Todays enterprise must consider the extensibility and long-term
viability of the IT investments being made. Not only should a
solution address present-day business pain points, it should also
evolve with the needs of the enterprise to equip it for future growth.
This may include custom development, scaling to accommodate
growing user bases, or the addition of new functionality.
Market demands for this type of exceptional business agility
and flexibility have pushed product development teams to take
a more modular approach to software design. Notably, the
open source players have been able to embrace and lead this
approach, leveraging their use of open standards and an ease

1. Static (everyone will see the same data, e.g., a calendar of

events on www.cnn.com),
2. Personalized (each individual will see data unique to
themselves, e.g., a personal calendar),
3. Role-based (a group will all see the same data, e.g., a
workgroup calendar)
4. Socially aware (similar to role-based while allowing the end
user to define the group and roles within that group)
As more static, personalized, role-based and socially aware
applications are added to the portal, the productivity of the end
users grows exponentially. In the future, end users will gain even
more power and productivity through the ability to customize or
define new applications for their network.
Workgroups, Teams, and Organizations
Applications address different data, business logic, and levels
of authorization and personalization. Classic applications are
built with a static business logic connected to data available to
anonymous users (i.e., a web page or website like amazon.com)
or authenticated users (i.e., amazon.com once logged-in).

of customization that is distinctively fostered by open source

New applications can now be specialized given a users roles

development methodologies. More notably, portal products,

(i.e., the ability to grant additional features or access to managers

faced with the challenge of aggregating existing content and,

or administrators) and can extend such rights to an entire enterprise

now, dealing with future needs, must offer an array of options

and all its different users. Users can be granted access to applications,

conducive to growth.

features, and content within applications based on their role

Productivity and User Empowerment

Roles and Authorizations
Portals such as Liferay allow users to build applications that are
role-aware. Infrastructures leveraging these aspects have seen
great improvement of end user productivity. The growing trend is
to allow end users greater control in building and sharing content
and applications. Where content was once only available after
being created by web designers those with special permissions,
end users can now create content on their own with blogs, wiki or

(customer, partner, employee, manager, administrator)

Additionally, these applications can be defined within the
context of a users social network: A social network is a set of
groups defined by an end user. The user can define a group and
then define applications available to this group. The user can also
integrate its network with a formal identity policy. For example,
others users may or may not make changes or invite others to
this work group unless they have been given a formal role as a
community leader.

other self-publishing methods. They can find, download or upload

Application Development

documents or other content. Individuals can even build forms

As the power of end users grow, developers must build

based applications and define who can access or view results.

applications with them in mind. Hence, portals that can support

Portals provide a great platform for enabling both role-based

the addition of applications have become a platform of choice

content delivery (you have access to apps/content based on your

for enabling future end user capabilities. Portals also provide a

role within the system) and social networking. Applications can be:

set of services that can be used to build these new capabilities


and portlets. For example, presence can be pulled into portlets

New Expectations

to allow them to know the online status of users; and the RSS

With the maturity of lighter weight enterprise portals, infrastructures

functionality is one that can be embedded in portlets like blogs.

A good portal that can leverage open source technologies,
like Liferay, allow for an added degree of flexibility during the
application development process, supporting various tools and
programming languages such as PHP, Ruby, and OpenSSO.
Open source software in general has also been responsible for
significant advancements to the development process through
technologies like Spring, AJAX, Ruby, Groovy, PHP, and REST;
tools like Eclipse and Netbeans; and new innovative tools based
on social activity and human workflow (e.g., allowing end users to
define a form and an approval process for each form submitted,
such as with an expense reporting tool).
Liferays Alloy UI is a great example of a new open source product
built on others. It is a UI framework that combines the best of CSS,
HTML and JavaScript. While open source players are able to move

are trending toward a single web presentation standard that:

supports both enterprise-wide and departmental applications
supports both web and java development
supports and simplifies both SOAP and REST for integration
with external processes, while combining user services at the
presentation layer across multiple deployments (e.g., a single
page from a SOAP or RESTful web service; search across
multiple content stores; the leveraging of portlets, gadgets,
and widgets across multiple portal instances)
easily integrates with proprietary software, legacy systems,
and content stores
connects to multiple content stores (internal and external alike)
with cross-repository search mechanisms
integrates new mashups with leading web social services
(e.g., Google, Twitter, Salesforce.com)

quickly and innovate quickly, larger heavyweight portal players are not

includes basic web content management and collaboration services

supporting their products in the same way and have fallen behind.

includes social networking and workflow capabilities

New Cost Savings

Flexible Pricing Options
The growth of open source has noticeably changed the competitive
landscape. Flexible pricing options available from many open source
vendors are improving initial project and annual recurring costs.
Subscription pricing, CAPEX Perpetual, Unlimited, and other pricing
models have reduced annual costs as well as the costs required to
add new open source projects into an existing budget.
Open Source Investment and Community Participation
Open Source vendors promise cost savings, but also increased
input from those that invest in their products. Leveraging
applications built from open source allows companies to take
part in the products communities. Enterprises should look
to influence roadmaps/feature decisions as well as standards
support, integrations, migration toolkits, and partnering
strategies. Training, documentation, forums, wiki content and
other ancillary information is also available for enterprises to
use as well as contribute.

A single effective standard allows an enterprise to support

departmental deployments alongside centralized services. It
reduces costs and expands the reuse of third party products
and customized solutions across the enterprise.
The standard leveraged must also include several key features
that accelerate the benefits of any content, portlets, widgets,
gadgets, or applications developed. These include:
web content management
role-based content delivery
integration with existing identity management systems
social networking and enterprise-wide collaboration
user-driven communities and content
With these new portal capabilities, enterprises are then able to
effectively power external websites, leveraging web and enterprise
content alongside portlets, gadgets and widgets built from SOAP/
REST services. Portals will also be used to build presentation layer
architectures or Portal Fabrics where business and presentation
layer logic are separated, and where end users are granted greater
capabilities to build new content, define the networks in which
they operate, and build new applications.
Combined, these capabilities will allow a wide level of use across an
enterprise while adding new capabilities to end users to increase
their productivity while greatly reducing complexity and costs.


Solutions: Top reasons Enterprises

are choosing Liferay Portal

additional cost. Developer tools are included as well as well as

Key Business Benefits

community of over 11,500 developers.

Smart investment

Ready for Mission Critical Applications

Users get the most flexible and dynamic technology at the

lowest TCO and highest ROI. While other portals make you pay
for additional features, Liferay Portal comes with over 60 out of
the box portlets, over 20 themes, and a number of developer

access to a public repository of plugins contributed to by a global

Highly scalable, supporting more than 5,000 concurrent

transactions (3.3K simultaneous users) per server
Real-world performance of millions of page views and over
1.3 million users

tools to work with. We provide you with as many resources as

Clusterable configuration for high availability

possible to accomplish whatever it is that you need to do

Implements top ten OWASP-recommended security practices

(web publishing, collaboration, social networking, administration, etc.)

Options for Terracotta, Oracle RAC, and other scalability solutions

at no additional cost.

Deployable to the Cloud and available as SaaS

Moreover, as Liferay Portal is the only enterprise portal leader on

Global Liferay Ecosystem of Developers,

the market with no software or hardware agenda, you are not

Users, and Partners

bound to using a particular IT stack and invest in only what you

need for the life of your portal project.
Easy adoption

Business Community
In its 11th year of development, Liferay Portal has become the
defacto standard for open source portals in the enterprise. The

The product is light-weight and can be installed quickly in any IT

company offers enterprise subscription and support, public and

environment. An award-winning user interface, familiar desktop

private training, and consulting and implementation services with

conveniences and easy navigation makes Liferay Portal extremely

offices in the United States, Brazil, China, Germany, Hungary, India,

simple to use and adopt by all users in your organization.

Malaysia, and Spain. Liferay, Inc. also boasts a thriving business

Agility for the future

network of certified partners and resellers in six continents.

Liferay Portal evolves with your organization. If you require new

Developer Community

functionality, tools can be added with just a few clicks. For example,

Participants in the community include the Liferay staff and board

an intranet built on Liferay Portal can evolve into an extranet that

of governance, volunteer committers and contributors, and other

reaches outside partners. An organization powering a website

partners and users. The board of governance establishes and

with Liferay Portal can easily add social features to capitalize on

enforces community rules while coordinating and implementing

the power of its online community.

decisions that affect the entire community. Committers are

Product Differentiators

allowed to directly contribute code into Liferay Portal source

Flexible and Agile Platform

code while contributors code passes through a review and

approval process before it is added to the product. Partners are

Liferay Portal is a light-weight SOA platform with support

able to work with Liferay community for the development of

for web services, industry standards (JSR-286, JSF-314, etc),

ancillary products available to Liferay customers such as services,

multiple programming languages (Java, Ruby, PHP, Python), and

integrations and plugins.

a hierarchical system of communities and organizations. Liferay

also has its own Social API that provides the essential elements
and framework for enabling real-time communication and social
networking within an enterprise.
Services, Portlets, and Tools

Over 24,000 community members

11,400 active forum participants
Largest single portal knowledge base with over 120,000
forum posts
An estimated 250,000 implementations around the world

Liferay Portal ships with over 60 portlets for content management,

collaboration, social networking, administration and more, at no


Industry Acclaim
Liferay Portal has been the recipient of many awards and industry
recognition, including:
Inclusion in Gartners Magic Quadrants for Portal
and Social Software
InfoWorlds Best of Open Source Software (BOSSIE)
Award for Best Portal
Memberships in multiple committees for major industry
standards such as JSR-286, JSF-314, OASIS WSRP, and CMIS

Cisco Systems chose Liferay Portal to create The Cisco

Developer Community Portal, an online, collaborative
environment in which developers can easily locate resources
for their solutions, assist each other in developing solutions,
and reach out to Cisco resources for assistance. This portal
uses Liferays built-in tools, including wikis, blogs, message
boards, and social networking capabilities like activity tracking
and network building.
Please email pr@liferay.com for more information about our users.

Open Source Leadership

Not only do Liferays technologies comply with all major industry
standards, the company helps to define new ones: Liferay Portal
is compliant with all key industry standards (JSR-286, JSF-314,
JSR-170, WSRP and JBI) and participated as a member of the
Portlet 2.0 specification committee. It is also a founding
member of Open Source For America (OSFA), a collaborative
effort to raise awareness in the U.S. Federal Government about
the benefits of open source software.
Case studies
Liferay Portal is an active part of operations in organizations
across all industries, worldwide. Among an estimated 250,000
deployments of Liferay are marquee clients and users, including:
Allianz Australia used Liferay Portal to create its My Allianz
portal to deliver online self-service for customers. It provides a
consolidated view of each users Allianz products and enables
them to transact new business, view existing policies and make
payments online.
Sesame Workshop used Liferay to power an interactive website
(www.sesamestreet.org) with extensive rich-media content
stores, as well as for an employee portal and dashboard.
This Emmy Award-winning website is interactive, with
hundreds of flash-based games and activities; nearly 3,000
classic and current Sesame Street videos; and age (role)
sensitive applications like PlaySAFE, which prevents young
children from navigating away to other sites on their own.
World Vision is using Liferay Portal to power KnowledgeBase,
a collaboration platform that has revolutionized the way
its international team of relief and humanitarian workers
correspond and communicate.


Buying Checklist for Evaluating Portals, Content and

Collaboration Solutions
Several criteria must be reviewed during a thorough product

End User Capabilities: Solutions that are difficult to use are not

evaluation process. Specifically, an organizations must understand

highly successful. Conversely, the solutions that are intuitive and

its corporate strategy for costs, risk, control, end user capability

meet basic needs of the enterprise in which they are deployed

and allowable heterogeneity. This section provides a brief overview

enjoy adoption. This is especially true for solutions reaching a

of each and includes a sample buyers checklist for the evaluation

diverse audience of users such as portals and collaboration tools.

of available platforms.

Heterogeneity: The need to strike a balance between central and

Buyer Evaluation Criteria

departmental systems has brought forth new enterprise architectures

Costs: Portal, content, and collaboration solutions are available in

a wide range of prices. Established stack players such as IBM,
Oracle, and Microsoft have highly expensive platforms and complex
maintenance and support pricing structures, but often compete
with a wide network of partners. However, open source platforms
offer a much wider network of specialists thanks to use of open
standards and development methodologies. A focus on simplicity

that leverage multiple systems. Corporations with large, expensive,

and well established systems are now augmenting these systems
with lower cost, open source alternatives at the departmental level.
However, even with expanding infrastructures, companies can still
reduce maintenance and support costs if they can successfully
facilitate the review and enforcement of organizational needs for
product and content management at a high level.

and integration has also increased their use within enterprises

focusing on cost reduction.
Risk: Organizations need to understand their acceptable risk levels
for long-term cost sustainability (increased costs over time),
integration capabilities (ability to integrate with same vendor and
other vendors products using acceptable standards), product
chaining risk (one product requiring the use of other products from
the same company), as well as end user adoption and satisfaction.
Control: Companies often need to strike a balance between
centralized and distributed control to streamline decision-making
and maintain a level of team responsiveness. Highly complex
systems, more acceptable to centralized IT (allowing 1 tool for
everything) are often too expensive, too complex, and inflexible
for departmental use. New trends in open source, allowing highly
scalable, lighter weight solutions are often more capable at
serving both needs.


Buyers Checklist
The following checklist can be used to evaluate various platforms for portal, content and collaboration use cases. The table can be used
to develop a set of requirements by understanding how each level is found critical to a specific enterprise use case. Not all features
within the table are required for all implementations.
Portal, Content and Collaboration Platform Evaluation





Site Design

Site Design: The system shall provide a platform which simplifies the development of web
content and sites especially when aggregating content from multiple sources.
Navigation: The system shall provide a framework to simplify the development of an
entire web site of web page content (e.g., tab vs menu navigation, site map, login).
Anonymous vs Authenticated users: The system shall allow the easy development
of web content that can be defined for anonymous and authenticated users (e.g.,
www.company.com is general information, while myaccount.company.com will give
personalized content to the end user.)
Printing: Support for printer-friendly versions of pages.
Mobility: The system should allow views from multiple client types including
thin, rich, thick clients.
Account Management: They system shall include out of the box the ability for end users
to self register a new account, to manage attributes associated with their account (e.g.,
picture, phone, email address), and the ability to reset a lost password.
Multiple language support: The system shall allow developers, administrators and content
owners the ability to support multiple languages within the same site. Users shall have the
ability to select their preferred language and the system shall have ability to auto-detect
users preferred language.
Cloud Deployments: The system should support the deployment within a cloud
infrastructure including deployment, maintenance, monitoring.
Separation of Presentation Design Components

Page Construction: The system should simplify the development of web pages leveraging
themes, access rules, and web components.
Web Components: The system shall support multiple methods for development of web
components (e.g., portlet, widget, gadgets, and multiple CMS).
Site Construction: They system will support the development of an entire site based on
individual web pages, allowing linking between pages via simplified URLs.
Web Component Development: The system should support multiple user types, (e.g., Task
Workers, Practitioners, Experts, Developers). The system should include support for web
component development that can be reused easily by lower skilled users, including the
use of Wizards that allow users to easily configure prebuilt web components.
Themes: The system should allow the development of multiple themes where a single theme
can be used across all pages created or where different themes can be used for different
pages (themes include the look and feel of site, header, footer, colors, fonts, styles, etc.)
(A)Synchronous Page Updates: Pages must support synchronous and asynchronous
updates and content updates.
Drag and Drop: Pages can be developed that support drag and drop of portlets, widgets,
gadgets as well as other design elements.
Role Based Content Delivery

Role Based Content Delivery: The system should allow administrators the ability to define
web content and assign it to a specific set of users, roles, groups, or organizations. Users
shall have ability to be assigned to multiple roles.



Personalization: The system should support attribute based personalization where the
users display is determined according to administrator defined rules according to attributes
set for the user based on activities or profile attributes (e.g., content displayed within an
advertising Portlet is based on past selections by this user), as well as individual
personalization based on actions the user has set themselves to customize their display
(e.g., arranging desktop, adding/deleting web components, setting web component attributes).
User Definable Attributes: Developers shall be able to build applications (portlets/widgets
/gadgets) which can operate on a set of user defined attributes. Users shall be able to add
these applications to their pages and then set the attributes which are saved for future
sessions. (e.g., a weather Portlet that is configured to show weather for zip code 51521).
Selectable Content: Administrators, site designers and developers shall be able to define
new content that can be added to a selectable catalog of content available to end users.
End users, once authenticated, shall be able to select various content and add it to the
personalized view of their page.
Web CMS: The system should include a built in web CMS allowing WYSIWYG creation,
editing, approval, publishing of content.
Presentation Layer Integration

Single Sign On: Once a user is logged into the system, the system should provide a view
to all integrated content and applications and provide single sign on (or integrate with
3rd party Single Sign On applications) to linked content. (e.g., a click on an item in a
dashboard Portlet will handle SSO to external web application).
Default vs Personalized Web Content: Administrators and site designers can define
content that will be the default view for all users. Users who login can then personalize
their web pages by arranging content, selecting new content, deleting content, changing
themes, and setting attributes for individuals applications (portlets / widgets / gadgets).
The system shall allow users to easily update their account, personalization, communities
and personalizations.
User and Group Interaction

Public, Group and Private Information: Users should be able to access, create and interact
with information shared publically, with a specific group or help private to the user.
Delegated Administration: The system shall allow administrators to be assigned to various
organizations, roles, groups - and shall allow end users to self-delegate authority to their
account or specific applications (ability to approve workflow tasks).
Subscriptions and Alerts: Developers shall have the ability to define alerts and allow
individuals the ability to subscribe to alerts to various applications. (e.g., users can
subscribe to a document sharing Portlet to receive alerts whenever a document is
updated.) They system shall additionally include and support the development of RSS
feeds for various applications, (e.g., a newsfeed Portlet having a subscribeable RSS feed).
Mico Sites: The system shall support the development of multiple web sites from a
single system, www.companyA.com and www.companyB.com are hosted within the same
system as different micro sites. Each micro site should have its own defined themes,
content, applications, users, and roles.
Communities: The system should additionally allow end users the ability to create
community pages and to add members and content.
BookMarkable URL: URLs shall be simple, descriptive and shall be bookmarkeable by browsers.
Friendly URL alias: The system should support the development of human readable
friendly URLs for web pages and easily support the development of multiple aliases
per web page, e.g., http://www.company.com/products and http://www.company.com/
solutions pointing to same page.
Collaborative Services: The system should additionally include a set of basic collaboration
services for web content, document sharing, blogs, wiki, chat, polls, messaging and
calendaring (or integration to external chat server).



Social Network: They system should allow the end user the ability to create a social
network of other users, allowing users to find, connect, and collaborate with their chosen
group of individuals.
Social Collaboration: The system should additionally allow individuals the ability to
leverage collaborative services specific to their social network such as tags, forums, wikis,
blogs, reservations, ranking, shared bookmarks, presence, chat, internal messaging.
Social Object Control: Users should have fine grained control over social objects
contained within the system.
Portal Total
Collaboration Services: (Blogs/Forum/Wiki/Calendar/Polls/Messaging/Chat)


Collaborative Services: The system shall provide several applications with the system
which can be configured for use by users depending on the site design. These services
include the ability for end users to define and share content, messages, polls, and events.
Collaboration Admin: System shall allow administrators the ability to configure and
control which social media features and functionalities are accessible to individuals users.
Blog: System shall provide blog post capabilities and features for end users. Users shall be
able to draft, publish and edit blog postings for their account.
Blog WYSIWYG: Users shall be able to create/edit blog posts using a rich text editor.
Blog Storage: Users shall be able to leverage content stored within the CMS and DMS
including pictures, text and media into their blog posts.
Blog Archive: System should support the ability to store and retrieve historical content
associated with a blog.
Blog Edit: Users shall have the ability to edit the content of a blog after it has been
published to the web.
Blog Template: System shall support the use of templates for layout/ theming of blogs.
Blog syndication: System should allow blog content to be accessed via a common
syndication method (e.g., XML/RSS).
Blog subscription: System should allow end users the ability to manage the subscribers
who have elected to subscribe to his/her blog.
Blog Comment: System shall allow individuals to post a comment to a blog post.
Blog Comment View: System shall allow users to select comments to be available or not
for their postings.
Blog Ratings: System shall allow users to select whether ratings are to be available or not for
their postings.
Blog Comments/Ratings View: System shall allow users to monitor and remove
comments and ratings made by others.
Blog Pingback: System shall allow user to link to a blog post via deep
links, trackbacks, pingbacks.
Blog Appropriate Flag: System shall allow users to flag or report a blog post/comment
that may be viewed as inappropriate, illegal, or deemed in violation of communications
Forum: System shall provide ability for a user to instantiate a new instance of a discussion
thread. System should provide ability for a user to author a new thread on a discussion forum.
Forum: Users shall have ability to preview a discussion forum thread prior to it being
posted. Users shall have ability to commit changes, updates and publish a thread for all
discussion forum members to see.
Forum History: System shall store historical content associated with a discussion forum.
Forum Moderation: System should allow forum moderators to manage postings,
comments, and threaded discussions. System should allow discussion forum moderators
to manage individual forum postings.



Forum Search: Users shall have ability to search content within a central content
repository/content library that can be used in a discussion forum.
Forum Reply: Users shall have ability to author a reply to an existing discussion or forum
thread or blog comment.
Forum Rate: Users shall have the ability to rate content in a discussion forum thread
Forum Inappropriate Flag: Users shall have the ability to flag or report a discussion forum
thread/content that may be viewed as inappropriate, illegal, or deemed in violation of
communications policies.
Calendar: System shall provide basic calendar and integration to external calendar to
allow individual and group calendars.
Group Calendars: Support for multiple group calendars - view only and editable by
group members.
Polls: The system shall have the ability to include polls and surveys on the site in general
or an individual sub-site.
Polls User Creation: Polls should be easy to define by end users or site designers.
Poll Results: Users should be able to view the cumulative results for a poll after voting.
Chat: The system should include a chat portlet for inter-system messaging with other
users of the system while online.
Chat External System: The system should include the ability to integrate to external
instant messaging system. Interface allows user to view and chat with individuals online.
Wiki: The system shall include a method for allowing users to publish content online via a
wiki with all basic functions of a wiki built within a site page.
Collaboration Systems Total


Search Feature: The system shall provide a search capability for end users to find any
content and application data within the system.
Search Engine: The system shall support an included search engine providing search to end
users for all content within the system or provide full integration to 3rd party search system.
Simple and Advanced Search: Users shall have ability to perform simple and advanced
searches for content and data. Simple searches include Boolean and natural language.
Advanced searches include added criteria such as document type, author, date ranges, etc.
Restricted Search: Users shall only be able to see search results for content they are
authorized to access or to subscribe to access.
Saved Search: Users shall have the ability to save previous web queries.
Search Result Categories: System shall categorize search results across multiple content
types, e.g., content, blogs, forums, document management system (meta tags as well as
document content).
Contextual Search: System should provide support for contextualized search based on
information related to where the user has navigated to and where the search was performed
Search Taxonomy: Administrators should have ability to create (manually or
programmatically) or import an existing taxonomy
Search Taxonomy Hierarchical: The System should provide administrators the ability to
create hierarchical taxonomies.
Search Taxonomy Relevancy: The System should provide administrators the ability to
manage & optimize the ranking and relevancy scores that determine search results for
Search Security: System should enforce security options on content when providing search
results. Users should not see search results for content they are not authorized to view.



Search Reports: System should have ability to generate reports and analytics on the use
and results from search activity.
External Search Optimization: All content and application data shall be available to
external search engines.
SEO Methodology: System shall allow and administrator documentation shall detail
Search Engine Optimization guidelines for browser titles, meta descriptions, keywords,
content, and images.
Search Total
Content management system (cms)


Content Creation and Management: The system shall allow the easy development, editing,
auditing and deletion of content within the system from a central location by users with
assigned roles (e.g. content contributors, content owners and content approvers).
3rd Party CMS: Support for publishing content from existing WCM within pages, (e.g..,
portlet/widget/gadget content, theme elements).
Site Design: System should allow individuals to segregate the management of all aspects
within the system, sites, pages, and page components.
Content Templates: Shall provide the development and easy use of templates for sites,
pages, components to simplify the development of new content.
eForms: Should allow easy authoring of online forms by content owners (e.g., contact us
form or survey form for collecting data). Data from the forms can be stored in a simple
table for later reporting or access by other applications.
Role Based Content Editing: Creation, editing, approval, publishing of content must support
role based permissioning. Administrators should be able to define multiple role types.
Multiple Simultaneous Roles: Shall allow a specific user to hold multiple roles
and content permissions.
In Page Editing: System shall provide CMS editing 100% within a browser interface for
contributors/users without requiring client software, ActiveX controls, or applets.
WYSIWYG Editing: Shall include a WYSIWYG text editor for content. Text editor must
have the ability for content contributors to add images, and internal and external links to
both content and images, apply styles and other standard formatting functionalities.
Definable Field Requirements: Shall provide ability to require that a content element must
conform to some controls (input required, must be a number).
Edit Preview: Shall allow content editors to preview how their content will appear in
production without publishing it.
Staging: Shall support a staging environment where content of entire pages can be
viewed in the same way as presented to the visitor
CMS Workflow: System shall provide workflow for the following activities: Content
Creation, Editing, Approval, Publishing.
Administrator Defined Workflows: Administrators shall have ability to define workflow roles
and standard workflows for use by content creators. (specific steps, transitions, actors).
Rule Based Workflow: The system should provide rule-based workflow which is the ability
to apply other situational criteria such as time of day
Conditional Workflow: The system should support the ability to do conditional workflows.
Multi-step Workflow: The system shall have the ability to have multiple steps in a workflow.
Meta Data: System shall allow user-defined metadata for content creation.
Automatic Metadata: System should automatically generate metadata or suggestions for
Creator, Editor, Owner/publisher, Dates (create/update/published), Version, etc.
Meta Data Restrictions: System should allow administrators to restrict metadata selection
depending on user roles.



Delegated Administration Work Reassignment: Shall allow administrators or content

owners to delegate or reassign work from one user to another.
Delegated Administration Workflow Override: System shall allow administrators and subadministrators the ability to publish content with override of the regular workflow
Task Email Alerts: System should be able to notify authors of task status via e-mail or
others methods such as task work chart, SMS, etc.
Content Editing Trail Audit: System should allow administrators the ability to review an
audit trail of content as it moves through the content management workflow.
Content Timeout Alerts: Should allow definition and setting of timed notifications to
content owners to review if content is still relevant, required and accurate.
Automatic Archive Setting: Should allow scheduling to automatically remove/archive content
Content Reuse: Shall allow reuse of content in multiple areas of the site without storage
duplication. For example, if a set of pages from a particular department were classified as
news information, those pages could appear in a site wide news area as well.
Automatic Publish Date: Support for automatic publishing based on a content owner
scheduled date.
Content Rollback: Shall support content rollback.
Push to Edge Services: Should allow content to be pushed to a remote edge server for
local caching or buffering.
Real Time Publishing: Publish in real-time without affecting the availability of the WCM.
CMS Total
Document Management System (dms)


Document Repository: Shall provide support for a document repository supporting

multiple content types.
Checkin and Checkout: The system shall support the ability to check in and out documents.
Bulk Load: System should allow bulk upload and download of document to/from the
document repository.
Role Based Doc Management: System shall restrict access to view, edit, create documents
based on user role, org, group, community.
Document Administration: System shall allow content owners and administrators to
create, manage, remove a document from the document repository.
Document Change Workflow: System will support document workflows for publishing,
editing and deleting documents.
Document Meta Data: Users shall have the ability to define metadata related to a
document in the repository.
Document Delegated Admin: Users and admins shall have the ability to delegate access
to view, edit, create documents in the repository to another user.
Document Alerts: System will allow users to subscribe to alerts based on activity related
to a document (i.e. posting, editing, viewing).
Document Timeline Alerts: System will provide the ability to generate events based on
the amount of time that a document has been in the document repository
(i.e. <30 days, >90 days).
Document Meta Revision History: Document should show revision history and provide
access to past versions.
Document Audit Trail: System shall provide the ability to maintain an audit trail of activity
related to documents in the repository (i.e. who, what, when).
Document History Reports: Administrators will be able to generate internal reports
showing activity of the document repository.
DMS Total



Identity management (idm)


User Identity Management: The system shall provide a web based user interface for user
account creation, management, suspension, deletion.
Access Modes: The system shall support both anonymous and authenticated access.
Self Registration: System shall allow users to self register. Self registration should leverage
methods such as CAPCHA to reduce fraudulent accounts.
Password Reset: The system must provide a mechanism for setting initial passwords and
resetting forgotten passwords.
IdM Administration User Mirroring: The system should provide the ability for an
administrator to impersonate an individual in order to diagnose problems.
Org/Role/Community Identity Management: System shall allow the creation,
management, suspension and deletion of organizations, roles, communities and the
membership of users within each.
Bulk Identity Management Updates: They system shall support bulk updates to user, org,
role, community data including bulk moves of individuals from one organization to other.
3rd Party Identity Management: The system shall support integration and real-time
authentication against an existing identity management system or enterprise directory
(AD/LDAP), including automatic synchronization to external identity mgmt systems.
Identity Support: System should support NTLM, CAS (Central Authentication Service) ,
JAAS (Java Authorization and Authentication Service).
PKI and Digital Certificates: System should be able to support Public Key Infrastructure
(PKI), digital certificates or signatures.
SAML: System should be able to support Security Assertions Markup Language (SAML).
Existing Authentication: System should support the use of an existing external user
repository, e.g., LDAP Directory Service, ActiveDirectory.
Role Based Access: The system shall restrict access to system data and functionality
based on a users role.
Minimal Access Controls: The system shall provide the user with only the minimum
necessary authority to access content and applications dependent of login level.
Multi-Factor Authentication: The system should have support for multi-factor authentications.
Multi-Level Access Control: The system should support the use of multiple levels of
security. A user should be required to submit credentials at the maximum requirement
according to a given page view. If a user who is currently authenticated at a lower level
(e.g., LDAP username/password) originally accesses a page with content requiring higher
levels of access, the system will not present the content, but will present a window for
higher credentials (e.g., Radius) and then present the page.
Authentication Passing: The system shall be capable of passing user credentials and
profile information to other applications.
Single Sign On: The system shall support Single Sign On functionality.
3rd Party Single Sign On: System shall support the integration of popular Single Sign-on
Servers like LDAP, NTLM, OpenID, OpenSSO, Josso.
Federated IdM: The system should support FIM (Federated Identity Management) allowing users to leverage multiple identity authorities.
Authentication Encryption: The system must encrypt all authentication credentials when
transmitting over insecure links.
Authentication Storage: The system must not embed usernames and passwords in plain
text within executables, scripts or stored procedures.
IdM Total





System Security: The system shall systems to implement strong security polices and
provide systems for monitoring internal and external violations.
Encrypted DB Password Passing: Username and password information shall be encrypted
when passed from portal to the databases.
SSL Support: The system should provide selective or optional SSL (SSL can be applied to
specific pages, not all or none).
Cookie Expiration: If cookies are required for authentication, then the system should be
configurable to delete the cookies after a session has ended.
Cookie Data: The system must not place sensitive information in cookies
Security Assessment: A vulnerability assessment as well as security best practices toolkit
should be available.
Secure Remote Administration: The system should provide secure support for remote
administration, management, and monitoring.
Naming Convention: Applications should avoid using Universal Naming Convention (UNC)
paths to access network resource
Source Code Security Practices: The system must assure that source code does not reveal
sensitive information through hidden form fields or excessive use of comments. User
visible source, like HTML, should be free of comments or commented code that might
reveal internal workings of the server side code and security mechanisms.
In transit Security: The system must ensure that safeguards are in place that prevent
malicious or inadvertent changes to data in-transit or off-line (man in the middle, replay,
offline reporting DB, etc.)
URL Security: The system shall not place user credentials or session ID information in URLs
Application Environment Data: The system must not embed or hard-code any application
or environment information in unencrypted format
Fully Qualified Path Filenames: The system must use only fully qualified absolute path
and filenames
POST Method: The system must use the POST method when HTML forms are submitted
with sensitive information
Audit: (Point of Access): Each item in the audit log must minimally contain the associated
point of physical access
Audit: (Simultaneous Login): Simultaneous login using the same user IDs must be tracked.
Audit: (Sensitive Information Access): Successful access to Sensitive security resources
must be tracked.
External Data: Any externalization of data (e.g. backups and data transports) will be encrypted.
HIPAA: (Data Access Notification): The system must be able to notify the user when
personally identifiable information and/or protected health information (as defined by
HIPAA) is accessed.
HIPAA: (Encryption): The system must be able to support encryption as required by HIPAA
Secure Communication: The system must use encryption (e.g. SSL/TLS) in all
communication channels (web, database, backups) and also for the transmission of files
and electronic reports to/from clients and other services.
Encrypted Data Objects: The system should allow administrators and developers to
specify attributes that must be encrypted before they are stored or transmitted.
Page Cache: The system must not cache Web pages containing sensitive information
New User Security Setup: The system should provide the ability to initiate procedures and
workflow tasks associated with security procedures when a new user is created or updated.
Audit: (Security Activity): The system should allow audit trails and reports of creation or
changes to access controls and data access.



Global Timeout: An individuals logout or timeout (automatic logout after administrator

defined time period of inactivity) will force logout from all other systems.
Real time: (Session and Activity Monitoring): The system should allow configuration of
tools to allow real time monitoring of session or activity for individuals.
Browser/System Cache Deletion: Previous session logins should be hide able for future
logins from same system/browser.
Database Change Security: The system must ensure that no database changes are made
through unapproved mechanisms (no ad hoc SQL updates) that might circumvent business,
audit, or access control rules (unauthorized users, users in the wrong database, etc.).
Deployment Security: All parameters supporting the deployment process should be
passed either as command line options or retrieved from a secured data source.
Auth Failure Notifications: Specific authentication failure information should be
unavailable to end users.
Security Total


Existing Infrastructure Integration: The system shall provide easy integration with existing
infrastructure (DB, Application Container, Scalability, Security Infrastructure, IdM, etc.).
Existing Services: The system shall provide easy integration with existing applications
through multiple mechanisms, iframe, screen scrape, API, SOAP, REST, etc.
System APIs: System should provide availability of APIs and Web Service interfaces in all
major modules (authoring, templates, workflow, repository, publishing).
Service Oriented Architectural Guidelines: The application must support a Service
Oriented Architecture (SOA) employing rigorously partitioned presentation, business
process, business logic, system integration, data access, and data storage layers.
SOAP: Web service interfaces should support the SOAP 1.2 or later standard protocol.
Security: Web service interfaces should be secured according to the OASIS WSS 1.1 or
later standard.
REST: The system shall support the integration with REST services and should provide
RESTful interfaces to Portlet or system features.
Sharepoint Integration: The system should support access to information available in
distributed Sharepoint sites. This should include access to tasks, bookmarks, and doc
Google Docs Integration: The system should integrate with Google Docs such that it has
the ability to open and store documents from Google Docs repository. They system will
handle Single Sign On to Google for users and will allow check-in/check-out of documents
within the Google Repository.
Email/Calendar: A connector to email and calendaring systems should be available,
including Notes, Exchange, Google, iCal/IMAP.
Content Managementt Systems: System should provide integrations with leading
third-party Content Management Systems and should support integration to content
repositories using JCR (Java Content Repository, JSR-170) and CMIS.
Instant Messaging Services: The system should support standard integration to leading
instant messaging services from AOL, Google, Yahoo, MSM, Lotus Sametime and Jabber.
Search: The system should support integration with multiple external search engines. The
integration should allow all content within the system to be indexed by the third party engine
and allow the users to enter search queries within the web pages included in the system.
Data Access Layer: The Data Access layer must use open standards, such as JDBC and ODBC.



Complex Datatypes: The system should support a Data Access layer to retrieve and store
complex data objects and/or complex behavior such as date-relational updates and
optimistic locking.
System Function Documentation: Complete documentation of the system interfaces and
methods shall be available.
Integration Total
Architecture and Scalability


Production Architecture: Basic installation for development and QA testing shall be

easily accomplished.
System Installation Documentation: The system must include documented installation
procedures that include all necessary system and application settings.
Architectural Distribution: System should support the physical distribution of various
modules to simplify scalability and failover.
Clustering: Installation for clustered, mission critical support shall be easily accomplished.
Geographical Distribution: The system must be designed to support geographically
diverse deployment to multiple sites.
Availability and Failover: Support for cache replication and failover.
Cluster Failover: System shall allow fail over of process and session data.
Database Failure: The system must attempt to reconnect to the database cluster without
user interaction whenever a broken or corrupt connection is detected.
Human Readable URL: System should support generate human readable URLs to
published contents.
Database Replacement: The system should provide flexibility in the data layer to
exchange database engines with minimal impact to the application.
Database Documentation: The system should include table and data layout
documentation, including data descriptions for all fields in tables and interface files.
Internationalization: The system should support all requirements for accessibility and
internationalization including support for double-byte languages.
Customization: Customization changes must not required database schema changes.
Database Connection Pooling: The system should support the use of database
connection pooling.
Concurrent Localizations: Shall support multiple concurrent localizations.
Access, Administration Debug Logs: Multiple levels of logs shall be available for access
trail, administration and debug.
Installation Backout: The system should provide the ability to back out a failed deployment.
Upgrade in place: The system must support migration of data and upgrade of software in place.
Rolling Upgrades: The system should support rolling upgrades, allowing upgrade of
components one at a time, e.g., updates of Identity Mgmt Layer, then Portal Instance 1,
then Portal Instance 2.
Automatic Deployment: The system must support the ability to automatically deploy
without direct intervention from development or testing staff. It should not be necessary
to manually create, copy, or edit directories or files.
Automatic Upgrade in Place: The system should be able to support automated upgrade
in place migration paths from one version to another. Minor and Revision upgrades
should fully support automated upgrade in place features. Major revisions should support
sequential upgrade in place features, but do not specifically need to support automated
upgrades that skip major versions.
Network Address Update: The system must be architected to permit changes to network
addresses without impacting the interface configuration.



Multi-threading: The system should take advantage of multi-threading/multi-processing

where appropriate.
Abnormal Load: The system shall be able to gracefully handle abnormal load conditions,
including accepting and completing all use demands, and then return to normal operation.
System Downtime: Minimum maintenance downtime requirements.
Backup and Restore: The system must provide the ability to execute backup
and recovery procedures.
Partial Backup and Restore: The system should support both full and partial backup
and restore of system applications, application data, themes, user database, and system
configuration data.
Unavailable Backend Services: The system should be able to operate normally if
integrated systems are unavailable (e.g., if a calendar server is down and page is accessed
with calendar portlet).
Version Dependency: Content, Portlet, widget, gadget data should not be system version
dependent. All system upgrades should support existing application data.
Business Logic: The system should not encode business logic in the database.
Client Support: The system should support a broad range of client browsers and user
Architecture and Scalability Total


System Administration Interface: The system shall provide a browser-based interface

to configure and manage system aspects (e.g., start/stop instances, cluster creation,
configure/view log files, URL aliases, user/group administration and system
management services).
Administration CLI: The system shall additionally provide a command line interface for
most administration functions.
Local and Remote Administration: The system should provide the ability to manage the
system from both local or remote access.
System Monitoring: The system shall allow system monitoring per instance and for the
entire system.
3rd Party Monitoring: They system should provide a base set functionality and shall
provide full integration to third party monitoring tools.
System Health: The system should support the continuous measurement of system and
application health including resource consumption and application access.
Log, Audit: Every item in the audit log must contain the date and time of the event,
the name of resource accessed, the success/failure of event, and the user ID of the user
performing the event.
Log, Access and Activity: Activity logs should be configurable and complete for audit,
performance and security requirements.
Log, Activity Duration: All activities must be traceable for the duration of the request or
activity and should be associated with the user who is performing the activity.
Log Configuration Change: All changes to identity elements including the addition of
users, disabling or deleting of users, assignments to and out of roles must be tracked.
Log, Access Failures: Invalid or unsuccessful user authentication attempts and
unsuccessful data or transaction attempts must be tracked.
Log, Security: Audit logs shall be logically and physically secured to prevent inappropriate
and unauthorized access.
Log, Passwords: Passwords must not be captured in audit logs.



Log, Reports: The system must provide a mechanism to retrieve and report information
on logged events.
Log, Max, Average Transaction Times: The system should support the tracking of
max concurrent transactions and concurrent users, average/max transaction time,
transactions per second.
System Reports: The system should allow custom reports to be developed for various user
defined roles (e.g., user account administrator).
Click Stream Analysis: The system should support click stream analysis of individual behavior
within the system and the ability to provide this behavior data to third party applications.
User Administration: Administrators and users should be able to add,delete,change and
suspend users and organizations, group, role, community membership.
Page Definition and Layout: Administrators should have the ability to define pages
including content, layout, attributes, access requirements and meta data.
Theme Administration: Administrators should be able to define themes per page,
community site.
Template Management: Administrators should be able to create, manage and edit
templates and their deployment.
Portlet Intercommunication: Administrators should be able to configure portlet-to-portlet
interactions. This can include context awareness, content sharing, or event handling.
Version: The system should allow administrators to validate the version and patch levels installed.
Administration Total


Development Platform Developer Toolkit: The system shall include a complete developer
toolkit for all aspects of development including documentation and training for leveraging
capabilities associated within the system.
Tooling Support: The system shall include support, documentation, training and any
necessary developer kits supporting popular open source development tools such as
Netbeans and Eclipse.
Content, Application, Page, Authorization, Rules and Theme Separation: System shall
allow modular development of an application as a set of Themes, Pages, Page Behaviors
(authorization and interoperability rules within a page), Content and Web Components.
The system shall allow easy additions of new Web Components and updates to themes,
pages and behaviors.
Developer Support: The system shall provide features to support development including
tracing, debugging and error tracing.
Development Lifecycle: The system shall allow content, themes and applications to be
developed separately and quality tested within one deployment to be easily migrated to a
production deployment.
Accessibility and Internationalization Support: The system shall support all methods to
support the development of themes, content and applications that support all accessibility
standards and internationalization.
Web Component Intercommunication: Web Components should be able to
intercommunicate when placed on the same page (e.g., clicks within a catalog portlet
display results in a larger portlet). Simple methods should be available to wire multiple
components together.
Theme Development: System should support standard web development methods for
building rich themes which can be used across multiple web pages.
Multiple Skill Level Development: The system shall provide multiple methods for developing
content, behaviors and applications, such as developer tooling (Java, .Net, PHP, Ruby, Ajax,
Html) vs Web Based Rapid Application Development or Command Line Interface.



Portlet, Gadget, Widget Support: System should provide support for development of
themes, pages and web components with multiple application languages and frameworks.
Mashup Development: System should support and provide tools to develop Mashups.
HTML, CSS and AJAX Support: The system should simplify the development of content
and applications which leverage HTML, CSS and AJAX.
Java Support: The system shall support the development of themes, web components,
interactions and behaviors using Java EE components (JSP, Servlet, EJB).
.Net Support: The system should allow development with or integration to Microsoft
.NET 3.0 technologies, including Windows Communication Foundation and Windows
Workflow Foundation.
PHP/Ruby/Groovy Support: The system should be able to support the development of
web components with PHP/Ruby/Groovy and other rich application development styles.
Multiple Content Type Support: System shall support the use of text, images, dynamic
content, audio, video within web components, themes and pages.
Integration Support: System shall support SOAP and RESTful integrations with external
systems. The system shall additionally support WebDAV and ATOM Protocols.
Interface - Application Separation: The system shall include and allow development of
service interfaces which permit the introduction of new interface protocols with little or no
impact to the application environment.
Business Rules Application Development: They system should include, or integrate with
a 3rd party, Business Rules Engine which can define the behavior of web components or
page behavior. Rules must be editable from online configuration tool without the need to
modify application source code.
SMS Support: Developers should be able to develop applications and behaviors that
support SMS inbound or outbound messages.
Device Detection: Device detection should support the development and access to
content and applications from multiple device (mobile) types, browsers and languages.
Mobile Development: Users should be able to manage their mobile preferences for
content and layout template.
Development Total


Support Options: Multiple support levels should be available, from access to code, access
to patches, web support, telephone support, highest level of mission critical support.
Telephone Support: Telephone support should be available with definable support levels
of agreement (SLA) with defined response and resolution times.
Web Based Support: Support options should include access to open, close, edit trouble
tickets via a web interface or email. Individuals should be able to define issues and receive
email support and advice. Web based support should include a guaranteed response time.
Multiple Customer Contacts: The support options should allow multiple individuals from the
customer to contact support for technical support and to be able to open trouble tickets.
Emergency Support: Customers should additionally be able to have a guaranteed
response time for emergency situations.
Patch Updates: Support should include hot patches, regular patch updates and
consolidated patches for each supported version.
Future Feature Input: Customers should have input to the prioritization of features in
future versions and have ability to sponsor feature development.
Customer Portal: Customers should have access to a centralized customer portal that allows
access to downloads, patches/service packs, product and technical documentation, training
schedules, customer reference documentation as well as alerts and product bulletins.



Diagnostic Tools: The system shall provide documented diagnostic tools, methods and
procedures to isolate trouble and simplify support.
Support Authentication Level: System recover process must not require support
personnel a greater level of operating system or database access than is standard.
Support Total



Community Size: The product should have a large and growing developer community.
Partner Network: The product should be supported by a Certified SI partner network.
ISV Network: The product should have a growing ISV network delivering applications for
the product line.
Reference Texts: The community should be supported by multiple third party reference texts.
Documentation: The product should have extensive documentation and training materials
available produced by the product eco-system.
Community Collaboration: Community members should have access to multiple methods
for collaborating and sharing ideas and information, (e.g., user groups, user conferences,
forums, wikis, social networking site groups / forums).
Eco-System Total
Company and Product Pricing

Flexible Pricing: The company should provide flexible pricing and licensing options such
as license plus annual maintenance and upgrade fee, annual subscriptions and Unlimited/
Enterprise Wide Licensing Agreement pricing.
Product Costs: The system is available at highly resonable prices. This includes all modules
required for enterprise wide use and reliability.
Installation Costs: The system can be installed, configured and integrated into existing
infrastructure at highly resonable prices.
Flexible Billing: The company should provide simple and flexible billing programs (e.g.,
annual, semi-semi-annual, quarterly billing, VISA and Purchase Order payments).
Integration Availability: The company should actively encourage, discover and promote
to customers, information on integrations and ancillary applications developed to work
with the system.
Product Alerts: The company should provide an infrastructure to ensure customers
receive ongoing access to product alerts for patch updates, security alerts, and general
administrative alerts.
Professional Services: Professional services as well as recommended and certified partners.
Price Protection Programs: Customers should also be presented with price protection
programs in order to protect from renewal license increases (e.g., multi-year contract, max
annual fees, etc.)
Strong Revenues: The company should have strong revenues supporting a mature
organization that includes engineering, support, training and documentation, services,
business development, marketing/sales.
Company Total

Grand Totals



Liferay Resource Guide

Liferay offers a number of resources to simplify evaluation and

Liferay Events and Webinars

use of its products. These resources are designed to quicken the

Annual Liferay Symposium events are hosted around the world,

pace of learning at varying degrees of depth to support users of

all skill levels.

where developers, business leaders and partners meet the

products core engineering and business leaders to discuss new

Product Resources

innovation and the markets demand.

Product Details

Additionally, regular live webcasts are presented on both

Evaluators of Liferay Portal should review our website for

technical and business topics.

concise descriptions of features, benefits, case studies, and

Please see our calendar of past and future events:

technical specifications:



Services Resources

Evaluators may also wish to review the list of included portlets.

CE vs. EE

Please contact sales@liferay.com for more information.

Product Download

Customers evaluating Liferay Portal should review the differences

between Liferay Portal CE and Liferay Portal EE in terms of

Liferay Portal Community Edition is available for free download here:

additional features, incident resolution support, and available


services. A comparison table is available here:

Please contact sales for a trial of Liferay Portal Enterprise Edition.


Liferay offers two repositories of software plugins. Community
Plugins are contributed by our worldwide open source community.
Official Plugins are files and add-ons (themes, layouts, portlets,

Pricing Options & Indemnification

Those choosing to implement Liferay Portal EE should review
their options for Service Level Agreements (SLAs) and the
available indemnification options.

etc.) to our core Liferay technology contributed, tested, and

Three levels of service (Basic, Gold, and Platinum) include varying

approved by the Liferay core development team.

access and privileges for software updates, professional services,


incident resolution support, training discounts, End of Service Life


(EOSL) policy, and indemnification.

Lifecasts are video tutorials that can be viewed online or

downloaded for later study:
Product documentation, whitepapers, and reference papers are
available online and in print:
Community Content

Three pricing options are currently available: Annual Subscriptions,

License + Updates and Support, and Unlimited Subscription.
Basic customers are only eligible for annual subscriptions
(per server pricing) while License+Updates and Support has
a one-time fee per server plus an lower annual fee per server.
The unlimited subscription allows unlimited use by the customer
based on an annual fee. Please email sales@liferay.com for more
the latest pricing information.

Liferay boasts a large and vibrant open source community that

actively add to a store of product development knowledge on
http://www.liferay.org via Liferays official blogs, forums, wikis, and
issue tracker. Users and evaluators of Liferay can leverage these
resources to evaluate and support Liferay installations and also
participate in the activity to impact future product development.



Liferay Professional Services

Liferay Partner Network

Liferays professional services team provides a range of services to

Liferays Partner Network consists of Service, Technology and

EE customers, including enterprise support, training, and consulting.

Solution Partners. See: http://www.liferay.com/partners for a

Enterprise Support is available in Basic, Gold and Platinum

levels. See pricing sheet for details on SLAs.
Public Training courses available around the world include:

complete list.
Liferay Service Partners (US and International) provide a full
offering of professional services and support for Liferay Portal.

Liferay Developer Training

You can rely on certified Liferay Service Partners in your area

Portal Administrator Training

to provide the Liferay expertise you need.

System Administrator Training

Complete course descriptions and calendar are available at:
Consulting services from Liferay, Inc. are offered by the
very people who design our products. Our consultants work
alongside your team to create customized solutions that
address every aspect of the application lifecycle. Several

Liferay Technology Partners provide complementary solutions

for Liferay Portal in various application spaces, including
operating systems, directory services, enterprise content
management, and more.
Liferay Solution Partners have embedded Liferay Portal into
their products and created additional features to address
particular solutions (such as learning management) or industries.

consultative offers are available:

Installation Assistance
Assistance with installation, deployment, and configuration
Migration Assistance
Assistance with migration from any portal to Liferay Portal
Assistance with migration of applications onto Liferay Portal
Custom Solutions
Creation of customized solutions to meet specific client
System Analysis and Design
Analysis of end-user needs and business requirements
Assistance with software design
Front-end Theme Design
Creation of front-end themes to reflect client branding
Code Validation
Validation service for client portal development projects
Minimization of troubleshooting
Architecture Assistance
Insurance of best practices approach to portal development
Provision of detailed plans for recommended enhancements
Performance Tuning & Scalability
Recommendation of hardware and software environment
for organization needs
Liferay Portal performance optimization
Set-up of clustered environments for maximum scalability
and fault tolerance



Competitive Review
Liferay competes well against the major software vendors as well as all lighter weight and open source platforms.
Versus Major Vendors

Versus Open Source Vendors

Liferay Strengths

Lower Total Cost of Ownership

Lighter Weight: Improved cost/reliability
Simpler Architecture
Open Source Community
Web CMS built in
Included Social Networking, Collab Services
Supports Java, PHP, AJAX, Flash, etc.

Leading Community
Broad Partner Network
Included Portal Capabilities
Industry Standards
Personalization, Content Aggregation
Richer Functionality
Included Web CMS, Collab, Social
Supports Gadget, Widget, Portlet

Alternate Strengths

Broad Platforms

Specific Features



Industry References and Glossary



Application Tiers

Presentation, business logic, data access, and data storage layers supporting the application architecture.


The process of attempting to verify the digital identity of the sender of a communication such as a
request to log in. The sender being authenticated may be a person using a computer, a computer itself
or a computer program.


Content contributors using WCM backoffice for entering content


WCM interface used by contributors for managing content

Beta Testing

A test of a computer product that is done in a real environment (outside of the vendors control),
prior to release of the product commercially. Typically, the client picked for Beta testing is running the
product on a smaller scale. Any bugs identified can be resolved prior to final release.


A name, logo, slogan and or design scheme associated with a product, service or company. Generally
it is easily recognizable.

Common Network

Central access point for entry into the system. There may be multiple physical devices/locations
supporting a Point of Presence but access must be controlled through a single network identifier that
remains consistent for the consumer. The network destination must also remain static regardless of
system administration, business continuity, or disaster recovery procedures.

Component Object Model

COM; Microsofts framework for developing and supporting program component objects.

Concurrent Users

Users executing the same process at the same time.


A relative arrangement of parts and elements which together provide a functional process. In
software, the application is written to permit modification of different elements, thresholds,
components, and so forth, by the user community.

Content type

Model of content, defining by fields to be completed by contributors, independently from how they
will be presented


See Error! Reference source not found..


Digital Asset Management, platform for managing media to be used in various places (document,
site, offline advertising)

Data Access Layer

Abstraction layer between the application and data storage leveraged to retrieve and store complex
data objects and complex object behavior.

Data Control System

A system that primarily accepts or rejects incoming files, directs approved files to the appropriate
sub-system and performs a final verification on outgoing files.

Data Log

A database record with a user stamp, time & date stamp when the record is processed.

Data Storage Layer

Provides a shared repository for persistent operational and functional data.


Action of migrating a computer application (or application version) from a development or QA

environment to a production environment. Failed Deployment back out targets the effort and
resources required to return to the original application if the installation of the new software fails.

Document Object Model


A programming interface specification being developed by the World Wide Web Consortium (W3C);
lets a programmer create and modify HTML pages and XML documents as full-fledged program objects.

Down Time Latency

The period of time that a machine, system or application is offline or not functioning, usually as the
result of a system failure or routine maintenance.

Electronic Communication

Communication of information via web services, email, or a fax.

Environmental Pre-requisites

In this RFP, refers to the hardware and software required to run the application efficiently.


Web sites deployed from WCM backoffice



Installation Procedure

Provides instructions for installing the product and performing all software and hardware
configuration necessary for starting and running the software. Includes information on the product as
well as any relevant information and procedures for supported hardware and software platforms.

Integration Testing

The phase of testing where individual software modules are combined and tested as a group. This is
typically done after unit testing has occurred. The purpose is to verify functional, performance and
reliability requirements.

Least Privileges Approach

The least privileges approach security principle requires that a user is granted the minimum
privileges needed to perform tasks associated with their job function and responsibilities.


A connection between places, persons, events or things.

Maintain Data

Implies the ability to add new records, modify existing records and delete existing records.

Multi-Lingual Interface

Allows all customer-facing components availability of presentation in multiple languages. The

language setting is defined independently by each user accessing the system and is not inherently
assumed by other users using the same application.

Performance Testing

Performance testing is performed to determine how fast some aspect of the system performs under
a particular workload. It can serve to validate and verify other quality attributes of the system, like
scalability and reliability.

Presentation Logic layer

The interaction point for incoming user requests.


Really Simple Syndication, Internet standard for defining how content should be exchanged
(essentially XML format on HTTP channel)


A desirable property of a system, network or process, which indicates its ability to either handle
growing amounts of work in a graceful manner or to be readily enlarged.

Schedule Management

See Time (Schedule) Management.

Scope Management

Primarily concerned with defining and controlling what is and is not included in the project.

Search Ability
(Across Online Help)

Ability to search the online help provided with the software for words and phrases
entered by the user.

Searchable Keyword Index

A keyword index, such as in a document or a help file, that includes a search utility or field.

Security Certificates

Information that is used by the Secure Sockets Layer (SSL) protocol to establish a secure connection.
A security certificate contains information about its ownership, issuer and valid dates, and an
encrypted fingerprint that can be used to verify the contents of the certificate. In order for an SSL
connection to be created, both sides must have a valid security certificate.

Service Level Agreement


A formal negotiated agreement that defines the relationship between 2 parties, typically a service
provider and a recipient. Included components may be:
Services to be delivered
Performance, Tracking and Reporting

Customer duties and responsibilities

Problem Management

Security and confidential info

Legal Compliance and dispute resolution

Termination of agreement

Service Oriented Architecture The underlying structure supporting communications between services. In this context, a service is
defined as a unit of work to be performed on behalf of some computing entity, such as a human user
or another program. SOA defines how two computing entities, such as programs, interact in such a
way as to enable one entity to perform a unit of work on behalf of another entity.
Single Sign On (SSO)

An access control method that authenticates a users credentials once to give the user access to
the resources of multiple software systems. SSO eliminates the need for the user to enter further
authentications when switching from one application to another.


See Service Oriented Architecture (SOA).




Single Sign On, concept for unifying identification and authentication of visitor using several secured
applications which are not designed to work together


See Single Sign On (SSO).

Stored Procedure

An operation that is stored with the database server. Typically, stored procedures are written in SQL.

Structured content

Content contributed from a content type entry form


A clients employee designated to manage user-access for all of a clients user community.

System Testing

Testing conducted on a complete integrated system to evaluate the systems compliance with specific
requirements. System testing should require no knowledge of back-end design or code logic.

Systemic Transition

Process to systematically and seamlessly move existing components, tables, parameters and other
required elements that have been updated at the initial implementation of the software package, to
any new version of the same package.


Presentation model to be used on content type in order to generate output (HTML page, PDF)

Time (Schedule) Management The processes required to accomplish timely completion of the project.
Unit Testing

Testing used to validate that the individual units of source code are working properly. A unit is the
smallest testable part of the application.

Universal Naming Convention A PC format for specifying the location of resources on a local-area network (LAN). UNC uses the
following format: \\server-name\shared-resource-pathname
Unstructured content

Any content entered into the WCM backoffice outside from content type entry form, e.g. images,
flashes, videos, documents, binary files

User Acceptance Testing or

Acceptance Testing (UAT)

Testing used to obtain confirmation by a subject matter expert (SME), preferably the owner or client
of the object under test, that the modification or addition meets mutually agreed-upon requirements.
In software development, UAT is one of the final stages of the project and often occurs before a client
accepts a new system.


Persons consuming published content on sites (Internet, Intranet)


Web Accessibility Initiative, Internet standard for designing HTML page to be accessible by people with disability

Web Component

A portion of a web page, usually a Portlet, Gadget, Widget.


Web Content Management, platform for managing content to be deployed on web site (internet,
intranet). Actually, Pollen or Broadvision 1-to-1 Content. WCM is excessively replaced by CMS
(Content Management System).

World Wide Web Consortium


The W3C is an industry consortium that seeks to promote standards for the evolution of the web and
interoperability between WWW products by producing specifications and reference software.


Extensible Markup Language; a flexible way to create common information formats and share both
the format and the data on the World Wide Web, intranets, and elsewhere.


LIFERAY, INC. is the provider of leading enterprise open source portal and collaboration
software products, used by major enterprises worldwide, including Allianz, AutoZone,
Benetton Group, Cisco Systems, Lufthansa Flight Training, The French Ministry of Defense,
and the United Nations. Liferay, Inc. offers professional services, technical support,
custom development and professional training to ensure successful deployment in the
most demanding IT environments.
2010, Liferay, Inc. All rights reserved.