We are pleased to announce the latest release of our workflow engine, Maestro. In this release, we have not only addressed a few minor bugs but also introduced several significant enhancements. These enhancements empower you to automate complex business processes that extend beyond your Drupal environment, opening up a world of possibilities.

As Maestro continues to gain traction worldwide, we are fortunate to collaborate with some of the organizations using Maestro to automate their business processes. Together, we are driving substantial improvements in workflow efficiency while further refining Maestro's capabilities.

While documentation of these enhancements is available, this blog post aims to offer deeper insights into Maestro's evolving direction and how these enhancements can directly benefit your organization.

Anonymous Actors

Many of our clients predominantly utilize Maestro within their internal ecosystems. In this context, the user base comprises well-defined individuals who can effectively carry out assigned tasks. However, when businesses need to interact with external entities, they often face a significant challenge common to internal applications: granting specific access to external parties.

Expanding upon our demo site, Maestro Insurance, let's delve into a scenario that illustrates the functionality of the demo workflow. The current implementation operates as follows:

• An external individual, unaffiliated with our organization, requests an insurance quote through our website.
• Maestro is deployed to orchestrate the proper handling of this insurance quote request within the fictional Maestro Insurance company.
• Maestro generates a user profile within the Drupal database based on the email address of the anonymous requester. This profile facilitates task assignment to the initiating user. 
• An Auto or Homeowners insurance agent and an underwriter are assigned to review the quote request. If additional information is needed, the workflow assigns a task to the previously anonymous user, who now possesses a registered account in the Drupal system.
• The approval process may continue iteratively until the underwriter grants approval, and the system delivers a final quote to the formerly anonymous user.

The demo serves as a purpose-built illustration of how Maestro manages a common scenario: the routing and approval of documents. However, from an architectural standpoint, some organizations prefer not to clutter their internal Drupal user database with accounts from external sources. This is where the concept of "anonymous actors" becomes particularly relevant.

Anonymous Assignments

Using the Zero-User Notification Hook, Maestro developers are now able to create notifications for tasks which have notifications assigned to Drupal roles with "zero users" associated to them (hence, the term "zero user").  The Maestro engine now can detect that a task's notification is assigned to zero Drupal users and provides the facility for developers to use the Maestro API to create customized notifications to anonymous-to-Drupal but known-to-you actors.

Take the Maestro Insurance example where we create a Drupal user profile within the Drupal database for a completely random and anonymous user. We have no foreknowledge that this person will interact with Maestro Insurance and nor could we possibly anticipate their email address to pre-create an account.  This user has no need to be maintained within our Drupal database as this user will never have any capabilities to do anything within the internal-facing portions of the application.  We could convert the process to simply trap the email address in the initiating Webform (as is currently implemented) and then for every loop-back task assignment to the anonymous user, we would use the Zero-User notification hook to inform the person that they have a task to complete!  The Maestro engine is now capable of creating and completing tasks that are not assigned to any actor.

This brings us to the next enhancement required by the Zero-User notification mechanism.

Tokenized URLs

Maestro creates a unique Task Identifier which identifies a specific task in the Maestro Queue. The Task ID (known as the Queue ID in Maestro) is a numeric value which is used in the URL for all of the human interactive tasks.  Maestro does protect against malicious use of Task IDs by checking if you're able to execute the task in question. Maestro is moving away from the Task ID in the URL to a token instead.  This is where the Maestro Site-wide Token mechanism comes in.  In general, using an obfuscated and hard to guess identifier in URLs is the best format to use.  Since we're now allowing anonymous assignments, we need a way to protect against malicious users trying to guess URLs.  By tokenizing the task identifier in the URL, this makes it nearly impossible to guess and allows Maestro developers to send out a task assignment notification to a non-Drupal user.  You are only able to use the Zero-User notification hook mechanisms when you have a Maestro Site-wide Token enabled.

This means our URLs go from looking like this:

http://yoursite/node/add/approval_form?maestro=1&queueid=145

to something like this:

http://yoursite/node/add/approval_form?maestro=1&maestro-sitewide-token=TDd5maoWsQNA9U19AyvKErd-6sCHrykyjK97wHZus3Q

The example immediately above shows how we've set our site-wide token to "maestro-sitewide-token" which Maestro now automatically uses to create URLs to human executable tasks.  The caveat is that tokens will be generated only for new tasks that are spawned after this release of Maestro has been installed.  Maestro still recognizes both the site-wide token and the Task ID in the URLs giving time to transition towards tokens.