nup04102010
DESCRIPTION
Overview of Dutch eGovernment developments.TRANSCRIPT
NUP - Wout Hofman - UTwente
Struggling with eGovernment
Nationaal Uitvoering Programma
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente2
Objectives
… to illustrate IT development in a complex, federated environment
… to show how minimal agreements have been realized
… to identify missing parts
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente3
Federation implies agreement on minimal…
• Interoperability:• Semantic interoperability
• shared semantics for an application area like government• choreography between two organizations• dynamic chain configuration based on service composition and internal
processes• Technical interoperability
• syntax and envelope• transport protocols
• Security and trust• at three levels:
• transport level (SSL/TLS)• end-to-end security• application level security
• identity and identity management• delegation of authority• data privacy
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente4
Agenda
1. The challenge
2. Brief history – the basis for a common architecture
3. Stakeholders – governance issues
4. Government architecture: principles, standards and operation
5. NUP Components for local governments
6. Digikoppeling – interoperability for government
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente5
IT Governance in a dynamical changing political and technical environment is the challenge!
• Federation of autonomous organizations based on their responsibilities defined by laws and regulations (Thorbecke’s house - 1848)
• democracy (first and second chamber, government, municipality elections, etc.)• government organization with responsibilities of civil servants (departments, agencies,
provinces, municipalities, waterboards)
• Thorbecke’s house implies a dilemma:• policy makers have to deal with changes imposed by democracy, which is not
stable for IT development taking years.• IT requires continuity: institutionalization with a strategy and governance
• The challenge is “to remain organized in an ever changing environment”• keywords: change, flexible, agile, adaptable• there is not yet an agreed vision of IT• rapid changes imposed by laws need to be implemented rapidly. Is IT able to adapt
rapidly?
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente6
…to innovate government in an every changing environment…..
governmentoperation and
structure
technical innovation
national politics
cultural changes
These forces have a relation with each other.
• individualization• globalization• IT as utility
• efficient, agile (small) government with lower administrative burden
• nationalization and privatization• changing laws and regulations
global challenges
• safety and security• cyber warfare• environment
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente7
Technical innovation implies that IT is becoming the 5th utility (‘cloud computing’)• Architecture as an instrument based on new paradigms
• Service oriented architecture• Event Driven Architecture• Rule based process configuration• Cloud Computing: SaaS, PaaS, IaaS
• Future Internet:• vital infrastructure• broadband• Internet of things (IPv6)• privacy, security• semantic interoperability
• Everything is ‘data’ – shift from processes to data:• ‘unstructured’ content (multimedia) versus structured data• new search algorithms, new visualization paradigms
• Smart devices
• Social computing• co-creation (e.g. in crisis management)
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente8
How did the government address these issues (history)
• 2001 Min. BZK - ‘Andere overheid’ resulting in Stichting ICTU (ICT Uitvoeringsorganisatie)• OSOS – open source and open standards• Advies Overheid – open, transparant, no wrong door• SBG – Reference data• EGEM – eGov for municipalities• RYX (to DWR)• PKIOverheid – security infrastructure• others
• 2003 establishment of eGovernment principles (‘Andere Overheid’)• 2005 initiatives of government organizations
• Manifest Group (large agencies and municipalities)• GovUnited and Dimpact (eGov functionality for municipalities)
• 2006 rapid increase of initiatives and change of naming, e.g.• PIP – Personal Internet Portal (mygov)• eProv – eGov for provinces• Overheid Antwoord – KCC, Advies Overheid, Antwoord voor
Bedrijven• RENOIR (includes architecture)• NOIV and BFS (was OSOS)• EGEM over to VNG (2010: KING)• SGGV – companies• GMV – delegation of rights (politic issues with DigiD)• etc.
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente9
History - continued
• 2006 raising GBO, now Logius – maintenance generic eGov components• DigiD• OTP• etc.
• 2008 establishing NUP (formerly National Urgency Program)• set of components for decentral governments• control: Min BZK DG DRI, coordination with VNG (and KING)• execution: ICTU/Renoir
• 2009 Digital Workspace Central Government (DWR – ‘anyplace’, ‘anytime’)controlled by DG OBR of Min BZKgoverned by the Central Government CIO (Hillenaar)• Technical infrastructure• Common workspace for civil servants of the central government
• 2010 Evaluation of NUP (Doctors van Leeuwen)
• 2011 NUP should be completed and implementedend of BZK DG DRIfuture of ICTU?function of Logius?continuity?
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente10
Overview of current ICTU programs and projects in the context of NUP
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente11
Stakeholder initiatives by central government• Min BZK is responsible for
• eGovernment implementation by local organizations (DG DRI - NUP) and central government (DG OBR))
• responsible for the GBA (persons)• Min EZ is responsible for
• central register of companies (NHR)• decreasing administrative burden for companies• location policy related to EU Service Directive
• Min VROM is responsible for several initiatives supported by new laws• a large number of registers (BAG - buildings, addresses, parcels (Cadastre))• a new permit structure (‘omgevingsvergunning’, Wabo)• a new way of registering zoning plans (new Wro)
• Min LNV intends to improve its services to primary companies• registration in NHR• delegation of rights• new service provision• increase food safety (VWA, with VROM).
• Min Fin is trying to reduce the administrative burden for companies• Single Window, AEO, permits, etc. in cooperation with VWA• tax payments, electronic invoicing, business reporting (XBRL)
• Min VWS tries to govern changes in health care• improve self assisted living (Wmo, Regelhulp)
• Min V&W: is initiating actions via RWS• improve mobility (cargo and persons)• improve modal split (cargo)
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente12
Stakeholders at agency level are faced by rapid changes due to policy decisions
• Agencies coordinate in the Manifest Group to meet these challenges
• Basically investigating cost reduction for IT development• to apply basic, stable registers for all types of laws• to re-use each others register data• to automatically relate law and IT support of that law• to apply AI type of technology for user interaction with these IT systems (e.g.
INDIGO)• to become interoperable they have to agree on semantics
• Belastingdienst for instance is looking at• automation of all types of tax declaration (‘vooringevuld’)• reduce the administrative burden and improve location policy by new
technology (Single Window, SGGV, DigiPoort)
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente13
Local governments are organized in different ways
• Municipalities (VNG/KING)• point of contact for citizens and companies (cie. Jorritsma)• rapid increase of required functionality with less budget, support for
implementing required changes (various laws like Wabo, Wmo, nWro, etc.)• Customer Contact Centers (KCC, ’14’)• shared services for small municipalities• combining forces for developing SaaS solutions (GovUnited) or mid office
software (Dimpact)• improve interoperability (StUF – Standaard Uitwisseling Formaat)
• Provinces (IPO)• committed to use NUP• political pressure to reduce the number of provinces• contact with citizens/companies only for the larger once (environmental
affairs)• ‘Waterschappen’ (Waterschapshuis)
• under pressure for merging with provinces• centralized technology development for all Waterschappen
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente14
Important developments at EU level
• European Interoperability Framework• general principles for interoperability between government organizations• DG Enterprise and Industry - IDABC Unit, in collaboration with DG Internal
Market and Services
• EU Service Directive• one point of contact for companies within a Member State to another Member
State• active by the end of 2009• implemented as a portal (www.bedrijvenloket.nl)
• EU funded programs:• STORK – identity management (https://www.eid-stork.eu/)• PEPPOL – electronic procurement (http://peppol.eu/)• SPOCS – Single Point of Contact (www.eu-spocs.eu)
• … and several other initiatives, e.g. in global trade (Single Window)
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente15
A reminder
governmentoperation and
structure
technical innovation
national politics
cultural changes global challenges
5th utility• architecture• future internet• data orientation• smart devices• social computing
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente16
Architecture was the first to consider with the objective to coordinate projects and IT changes - NORA
• 2006 – NORA version 1:• 213 pages describe the architecture• identification of components:
• multi channeling for public services• single point of entry – www.overheid.nl, personal internet page• identification numbers – BSN - PKI and eNIK (electronic identity card)• eforms
• 2007 – NORA version 2:• 283 pages• changes:
• embedding in governance structure• actualization of components• improve explanations
• 2009 – NORA version 3:• shift from individual government architecture with SOA to interoperability• ten basic principles that closely reflect NUP, supported by derived principles (2010)
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente17
NORA was applied further at various governmental levels.
• Central Government – MARIJ (resulting in departmental architectures like DIVA – DoD)
• Provinces - PETRA
• Municipalities – GEMMA
• Waterboards - WILMA
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente18
NORA - overview
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente19
10-NORA principles (political correct):
1. Apply generic components and standards2. Re-use of data already known by governments3. Assure data privacy4. Transparency (data, process, and lead times)5. Improve public service delivery by re-use of customer data6. Demand driven service delivery7. Inclusion supported by multi channeling8. Pro-active service delivery9. Define Quality of Service10.High precision and recall of public services
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente20
Core is the definition of ‘Public Service’ (NORA 3.0)
A public service relates to the execution of a public task
• Any type: • services offered to citizens and companies (permit, funding,
passport, etc.)• policy services (organizing election, defining laws, etc.)
• All services supplied by government:• municipalities, provinces, departments, etc.• agencies, health care, educational services
• All types of end-users:• citizens and companies• other governmental organizations
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente21
IT components are ….
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente22
.. and an architectural blueprint for a government organization
mid office
back office
front office Digi-
kop-peling
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente23
Another picture shows more detail (municipalities)
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente24
Why a mid office? Difference with ESBs?
• Basically issue:• back office systems are ‘closed’ systems supporting civil servants• back office systems are not constantly available (no 24x7)• data is copied to mid office
• Mid office functionality:• business processes support, workflow aligned with business processes in
back offices• service orchestration• adapters to back office systems• various data storage functionality:
• document management• geodata• product management• temporary data storage• case management (‘zaaksysteem’)
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente25
… so we have SOA, but now we have to consider new IT innovations …
• Can government make use of cloud computing or are shared service centers the optimal solution? Governance of cloud computing differs from shared service center governance
• Can government operate as a platform to citizens and companies (GaaP)?
• How to deal with social computing for e-participation?
• Can we use social computing in crisis management?
• What can open linked data contribute to political/strategic objectives?
• Is it possible to compare geographical approaches with administrative data?
• What is the impact on governance by all innovations? What is the vision for the future?
• These are addressed by:• policy makers within departments• solution providers to increase the attractiveness of their solution• government organizations that want to increase their attractiveness to citizens,
companies, tourists, etc.• universities and research institutes, research projects, etc.
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente26
A vision depends on politics. A vision will give a focus for action.
TIME
GOAL
Actions driven by strategyWhere are
we now?Silo’s
Mission: Why are we here?
Mission: Why are we here?
Values: What are our enduring principles and
beliefs?
Values: What are our enduring principles and
beliefs?
Vision: Where do we want to be in
2020?
Vision: Where do we want to be in
2020?
Strategy: How do we get there?
Strategy: How do we get there?
Citizen society
eGovernment
AndereOverheid
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente27
What is influencing a citizens society?
CitizensSociety
from government togovernance
Future Internet: to a data society
Social Computing: self controlling networks of citizens and companies
Economy: lessen administrative
burden, economize
Single Issue politics: democracy by social computing networks
A free democracy for allis the basis(inclusion)
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente27
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente28
NORA does not consider such a vision, an IT strategy and governance to achieve these changes.
• Strategic principles – guiding principles for realizing a vision
• Tactic standards define required actions for reaching these principles
• Operational solutions – all projects and programs to fulfill the tactical standards
Currently:1. Most discussion focuses on operational solutions. 2. Everyone agrees on strategic principles3. The issue is development of an agreed vision of the future
changes, based on for instance political decisions.
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente29
Strategic principles need to be formulated at policy level
1. .. to increase the quality of service2. .. to reduce the administrative burden3. .. to operate transparent4. .. to improve participation in democracy and governance5. .. to include all persons (elderly, disabled, etc.)6. .. to improve efficiency7. .. to reduce internal costs
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente30
These principles can be transformed in various tactical standards implemented by operational solutions, e.g.
• single identification• DigiD, Delegation of rights,
• data re-usability by government organizations• basic registers (GBA, BAG, NHR)• Single Window for goods flows• requires identification and authentication
• DigiD for persons• Delegation of rights• Identification for companies (not yet solved)
• transparency of operation• open (linked) data – public available data (free or against reasonable costs; local initiatives)• sharing public services (SC)• service levels – transparency of process, including deadlines (no action)
• no wrong door - access• Single Point of Contact for foreign companies• overheid.nl for persons• mijnoverheid for services and their status• DigiPoort for messaging with companies• examples of service composition, e.g. NewtoHolland, onderwijsenbijverdienen
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente31
Federation requires interoperability, security and trust, but yet we always define new systems and solutions.
• Examples:• departments: DWR• social security: DKD, Regelhulp• health care: LSP (Landelijk Schakel Punt)• permits: OmgevingsLoket• public transport: NDW, OVW• disclosure of common data (basisregisters): GOB• etc.
• Only technical components in NUP:• DigiD, DigiD Machtigingen, eHerkenning voor Bedrijven• Digikoppeling (structure for standards)• Digimelding (application)• Gemeenschappelijke ontsluiting Basisregisters (application)
• Semantics is yet to be addressed• many large projects fail (e.g. UWV-Belastingdienst)• huge development costs, different solutions that are not interoperable• several examples of inconsistency and incompleteness can be found at
https://catalogus.stelselcatalogus.nl/StelselCatalogus/WAStelselcatalogus/home?init=true
• Security and trust are driven by politics (e.g. DigiD Machtigingen), without risk assessment
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente32
Agenda
1. The challenge
2. Brief history – the basis for a common architecture
3. Stakeholders – governance issues
4. Government architecture: principles, standards and operation
5. NUP Components for local governments
6. Digikoppeling – interoperability for government
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente33
Agenda for interoperability in an open (federated) environment.
• Security and privacy
• Interoperability• technical standards (envelope: DigiKoppeling, data
structuring: StUF)• semantics and choreography (StUF? SC?)
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente34
Overview of NUPaccess,
inclusion &transparency
data re-usesemantics?
certificate
unique identification
technicalstandards
(Digipoort not mentioned)
stimulation
new solutions and systems
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente35
Access, inclusion, and transparancy
• Webrichtlijnen: accessibility of web pages to all
• Samenwerkende Catalogi: sharing references to public services
• Antwoord voor Bedrijven: disclosure of all relevant government content to companies
• MijnOverheid.nl: personal internet page
• Antwoord©:• disclosure of all relevant government
content to citizens• data transparency (metadata of web
pages, based on Dublin Core)
individual
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente36
Basisregisters
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente37
Identification and authentication - DigiD
• Three security levels:• basic: user name password• medium: user name, password, transaction code (via SMS)• high: identity card with PKI certificate
• Embedded in government portals
• Returns BSN
• Software solution: A-Select, open source software developed by Alfa&Ariss (Enschede)
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente38
A-Select infrastructure
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente39
Public Key Infrastructure for the Dutch government (PKIoverheid) - objective
• identification and authentication of customer of a service (person) or service itself
• non-repudiation (active attack)• privacy, integrity and confidentiality (passive and active attack)
• asymmetrical algorithms: private and public key• certificate: user data and public key encrypted by CSP
(Certification Service Provider)• several CSP’s with a top level Policy Authority
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente40
Delegation of authority – DigiD Machtigingen
• Creation of a central store with authorizations
• Only for Natural Persons (1)• Basic functionality like:
• create• activate• delete• retrieve• change• …
• Important issue: delegation is to support those that do not use public services over Internet
NP NP
RP RP
authorizing entity
authorizedentity
1
2
3
4
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente41
Identification and authentication for companies – eHerkenning bedrijven
NHR company
delegatedemployee
delegationregister
authenticationserver
certificationauthority
identificationserver
serviceprovider
eHerkenning infrastructureWho
requires to execute a
service with a security
level?
person identification
validatedelegation
governmentmarket
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente42
eHerkenning voor Bedrijven considers certificates for delegation of authority.
applicable to 2, 3, and 4
standards: SAML, XACML
NP NP
RP RP
authorizing entity
authorizedentity
1
2
3
4
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente43
With respect to service provision by government, a person acts
• to meet his own goals (DigiD)• to meet the goals of another person based on delegation of
authority• as an employee for a company with certain rights attached to his
role
Role: rights applicable to more than one individual
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente44
Conceptually, we distinguish 4 components
1. Mandate (MA):• authorization: delegation of authority• features: authorizing entity, authorized entity, service• variations: one time use, period, more than one service• readable for everyone, can be a physical document
2. Proof of Mandate (PMA) – statement of delegation:• proof that delegation of authority is given by authorizing to authorized entity• tamper proof• certification authorities provide the Proof• refers to the certificate used for identification (DigiD, smart card, bank card, etc.)• contains the Mandate (MA)• chain of mandates possible
3. Identity (ID):• identifying data for a person (BSN or KvK-nr) or object (e.g. computer)
4. Certificate (CERT):• official proof of identity (e.g. DigiD for citizens)• provided by trusted organization
• Role: a mandate for particular services
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente45
Proof of Mandate (PMA) - technically
• Based on PKI:• Mandate (MA) with reference to certification means for identity• enciphered by the public key of a service provider (Pk SP)
• enciphered by the secret key of the certification authority providing the Proof of Mandate (Sk CA)
• Public key of service provider can be a generic key for all public services to support service of more than one government organization
PMA=Sk CA{Pk SP{MA}}
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente46
Application – two scenario’s:
• Interactive, web access to public services
• Exchange of business documents (permit requests, tax declarations, etc.)
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente47
First scenario – interactive web access to services
1. An individual represents another individual:• offer Proof of Mandate (PMA)• in case the PMA contains and identity, a certificate (CERT) for authentication needs to
be provided; the PMA contains the type of certification that needs to be provided• example: if BSN is given, DigiD is the certificate• a PMA or CERT can be provide before actually activating the service or is provided to
validate for execution of the service
2. An individual acts for its own purposes• DigiD is currently the certificate, no PMA required
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente48
Variations for message exchange:1. Exchange of business data in
an envelope (current situation
2. Secure connection
3. A company (RP) is authorized to operate on behalf of an individual (NP)
4. There is a legal footing to authenticate the identity of an employee (em) acting on behalf of a company
5. There is a legal footprint to authenticate the identity of an employee that is authorized to execute a service delegated by a person to his employer.
envelope(business data)
https(envelope(business data))
envelope(business data, PMANP,RP)
envelope(business data,PMARP,em,CERTem)
envelop(business data, PMANP,rP,PMARP,em,CERTem)
RP Service Provider
https(envelope(business data(, PMA*(,CERT))))
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente49
A basic question would be: how do we use this mechanism?
Delegation is already arranged in many application areas:• Goods flows via ports/airports:
• permits• authorized traders, known traders, etc.• risk analysis
• Administration for SME and ZZP:• tax declarations
• Risk analysis is required to establish the mechanism to be used.• Agreement on concepts and structure like ‘Proof of Mandate’
‘Certificate’ are required.
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente50
Data privacy can be governed by agreements
• Besluit Voorschrift informatiebeveiliging rijksoverheid (VIR2007)• different access levels, e.g. access only when proof of Mandate can
be provided (limited access), highly secure, etc.• VIR – Bijzondere informatie (VIRBI)• NIR – Normenkader Informatiebeveiliging Rijksweb
• Access levels by means of roles (mandates) can be given to content
• Disclosure of content only to those that can provide the proof that they have the mandate
• Internal content: mandate linked to user name/password (what we normally call RBAC)
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente51
Digikoppeling – the technical issue of interoperability
NORA
identification and
authentication
Digikoppelingarchitecture
envelopestandards
complianceservice
ServiceRegistry
Gateway
ebMS WUS ebMS WUS
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente52
There are some organizational and technical issues.
• WUS – synchronous data exchange• ebMS – asynchronous messaging
• WUS is widely accepted, used and supported by software.• WUS is not really applied by government applications:
• most are asynchronous• asynchronous use other standards (e.g. EDI, XBRL, XML Schema over
http(s), etc.)• ebMS:
• only applied by the department of legal affairs, but• they are also going to apply WSDL (WUS?)• worldwide limited number of implementations (most EDI)• limited number of software providers support ebMS (e.g. Axway, Oracle)
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente53
Digikoppeling and other open standards like StUF
DigiKoppeling
Data dictionair and definitions (RSGB)Flows and message structures (StUF)
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente54
Basically, Digikoppeling specifies the envelope and its elements.
envelope application data
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente55
StUF framework of semantics of application data.
This won’t work, consider education that has other standards for instance for accessibility of educational material, sharing student data, etc.
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente56
How to use Digikoppeling
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente57
Digikoppeling – WUS (WSDL, UDDI, SOAP) based on WS-I Basic Profile 1.1Profile names Transport characteristics
Digikoppeling 2.0 WUS Point to point
(TLS/SSL)
Signed Encrypted Attachments
Best effort 2W-be - - Optional
End-to-end security
Best effort signed
2W-be-S - Optional
Best effort unsigned
2W-be-SE Optional
Best effort:• synchronous messaging• no particular QoS (e.g. receipt acknowledgements, duplicate detectionEnd-to-end security, based on WS-Security• best effort• identification of service consumer and message encryption
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente58
WUS standards
Standards Based on
HTTP 1.1 (RFC2616 WS-I BP 1.1
SOAP 1.1 WS-I BP 1.1
WSDL 1.1 WS-I BP 1.1
XML 1.0 (second edition) WS-I BP 1.1
XML schema (structures and data types WS-I BP 1.1
TLS 1.0 (RFC2246) WS-I BP 1.1
HTTP over TLS (RFC2818) WS-I BP 1.1
Internet X.509 PKI and CRL profile (RFC3280) PKI Overheid 1.1
SSL 3.0 WS-I Basic Security Profile 1.0
WS-Security 1.0 WS-I Basic Security Profile 1.0
WS-Addressing metadata WS-I BP 1.2
SOAP 1.1 binding for MTOM 1.0 WS-I BP 1.2
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente59
Examples of envelope elements
• wsa:To intended receiver (destination) andreply endpoint (intended receiver to
reply)• wsa:Action semantics of message (message type)• wsa:MessageID unique id. of message• wsa:RelatesTo message is relates to other with mess.
id.• wsa:ReplyTo
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente60
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente61
toepassingtoepassing
ebMS is een end-to-end messaging protocol tussen één of meer toepassingen van twee organisaties.
messagingstack
(MessageHandler)
messagingstack
(MessageHandler)
gateway
transport transport
messaging protocol
application applicationbusiness transactions(BPSS or otherwise)
organisation A organisation B
control data for internal routing
interface interface
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente62
Functionality of ebMS; each of these components adds elements to the envelope.
SOAP processing
Header processing
Header parsing
Message Packaging
SecurityServices
Reliable Messaging Service
ErrorHandling
Transport Interface
Message Service Interface
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente63
There is some specific functionality that is not in WUS or related standards
+version+mustUnderstand+CPAid+ConversationID+Service+Action+SequenceNumber+Description
MessageHeader
+PartyID+PartyReference
Party
+MessageID+Timestamp+RefToMessageID+TimeToLive
MessageData
+deliverySemantics+messageOrderSemantics#deliveryReceiptRequested
QualityOfService
1
1
1
1-To1..*
1
-From1..*
1
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente64
ebMS also has a number of profiles in Digikoppeling. It is applied for asynchronous messaging.
Profile names Transport Characteristics
OSB 1.0 & OSB 1.1 CPA creation
TLS/SSL reliable Signed Encrypted Att.
Best effort osb-be n.a. - - Optional
Reliable Messaging osb-rm - - Optional
Best effort – Signed osb-be-s n.a. - Optional
Reliable – Signed osb-rm-s - Optional
Best effort – Encrypted
osb-be-e n.a. Optional
Reliable - Encrypted osb-rm-e Optional
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente65
Finally
• History
• Architecture - NORA
• NUP and two of its components:• identification and authentication• Digikoppeling
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente66
Wout HofmanPh.D., M.Sc.
TNO Information and Communication Technology
Brasserplein 2P.O. Box 50502600 GB DelftThe Netherlands
T +31 15 285 71 29M +31 6 224 998 90F +31 15 285 73 49
[email protected]://www.linkedin.com/in/whofman
Wout HofmanPh.D., M.Sc.
TNO Information and Communication Technology
Brasserplein 2P.O. Box 50502600 GB DelftThe Netherlands
T +31 15 285 71 29M +31 6 224 998 90F +31 15 285 73 49
[email protected]://www.linkedin.com/in/whofman
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente67
Extra – defining semantics
• Starting point: independent of technical solutions (Digikoppeling, StUF, etc.)
• Important aspects:• mediation: dialogue between customer and service provider with the object to reach a
goal• execution: choreography of interactions in which the goal is reached• based on government service delivery processes
• Solutions:• government as Abstract State Machine• semantics based on reference data (basisregisters) and modeled as ontology• state transitions: pre- and post-conditions• dynamic chains of state transitions based on goals
• Similar approaches:• WSMO• OWL-S
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente68
Service Delivery processes
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente69
An overview of concepts applied in a case
Ik ben slecht ter been en wil graag een invalideparkeerplaats voor
mijn deur
1. Heeft u een rijbewijs
ja nee
2. Heeft u een auto
ja nee
eind
3. Heeft u een invalidekaart?
ja nee
4. Heeft u een parkeervergunning
ja nee
Aanvraag parkeervergunning
Aanvraag InvalidekaartAanvraag
invalideparkeerplaatsAanvraag
tegemoetkoming kosten
Persoon en adres bekend? (aanloggen via DigiD)
ja nee
and or
Citizens and companies
Life Events and themes
Activity chaining
Reference data
Activity A Activity B Activity C
Dynamic interaction models are based on chaining of post- and pre-conditons of activities
A state transition exposedas public service tocitizens and companies
pre-condition post-condition
Semantic model
User requirement expressed as real world
event
User requirement expressed as real world
event
user selection
Formulating real world events in natural language
Persons, buildings, addresses, income, etc.
That which is (intended) tohappen in the real world
Event
Activity
Concepts, associations and rules representing the state of the real world as stored by government organizations
Ik ben slecht ter been en wil graag een invalideparkeerplaats voor
mijn deur
1. Heeft u een rijbewijs
ja nee
2. Heeft u een auto
ja nee
eind
3. Heeft u een invalidekaart?
ja nee
4. Heeft u een parkeervergunning
ja nee
Aanvraag parkeervergunning
Aanvraag InvalidekaartAanvraag
invalideparkeerplaatsAanvraag
tegemoetkoming kosten
Persoon en adres bekend? (aanloggen via DigiD)
ja nee
and or
Ik ben slecht ter been en wil graag een invalideparkeerplaats voor
mijn deur
1. Heeft u een rijbewijs
ja nee
2. Heeft u een auto
ja nee
eind
3. Heeft u een invalidekaart?
ja nee
4. Heeft u een parkeervergunning
ja nee
Aanvraag parkeervergunning
Aanvraag InvalidekaartAanvraag
invalideparkeerplaatsAanvraag
tegemoetkoming kosten
Persoon en adres bekend? (aanloggen via DigiD)
ja nee
and or
#person identifiaction (BSN)#A-number#SoFi-number+birth date+sexe+last name+initials+surname
Person+type+year+licence plate
Moving object
#property identification+year of building+year of demolition+property status-value for taxation
Property
#Identificatiecode openbare ruimte#Identificatie woonplaats+naam openbare ruimte+type openbare ruimte
openbare ruimte
+company identification#SOFI number#addition to SOFI number+date of rise+official name
Company
+start date+end date-function-email address-phone number
Subject::labour relation
Representation of pre-defined interaction modelsGuidance to available
services.
DynamicInteractionModel
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente70
We take an architectural approach - Archimate.
Business Process
business service
application function
application service
system software
infrastructure service
Te
chn
olo
gy
App
licat
ion
Bus
ine
ss
architectural behaviour
government/public service
Digikoppeling
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente71
A public or government service is at the center. Each group represents conceptually a system.
Government services
Business transactions
Governmentorganization
Reference data(objects, subjects)
Lawsand regulations
Documentsdescribed by
mai
nta
ins
accompanied by
describ
ed b
y
uses
results in
provided by
supports
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente72
These systems are accessible by services supported by Digikoppeling. These services are implemented in pre- and post conditions and firing rules.
Government services
Business transactions
Governmentorganization
Reference data(objects, subjects)
Lawsand regulations
Documentsdescribed by
ma
inta
ins
reference data services
document services
acco
mpa
nied
by
describe
d by
uses
business transaction
services
results in
organization structure services
provided by
law and regulation services
supp
orts
government service descr. & discovery
Enschede, maandag 4 oktober 2010NUP - Wout Hofman - UTwente73
An example – pre-condition
• Exist: instances of concepts have values that are not restricted, e.g. a person has a drivers licence or not. Only the fact that an instance for a concept exists or not needs to be expressed.
• Member: instances of a concept are member of instances of another concept, e.g. a location is in a region. Validation of this particular example might be by means of geographical coordinates of a location within those of a region.
• Set: instances of concepts have values from a discrete of a set or a subset of that set, e.g. the gender of a person has to be known as male or female.
• Range: instances of concepts are within a given range. The range is specified by its lower and upper boundaries or only an upper or a lower boundary. An example is income categorization for tax purposes. The lower and upper boundaries are of the same type as the type of the concept, e.g. if the concept is of data type ‘date and time’ with for instance a format ‘YYYYMMDDHHMM’, the lower and upper boundaries are expressed in the same type.
• Derivation: it must be possible to express instances of derived concepts, e.g. a summation of instances like the total income of a person based on income from individual jobs.
• Combinations of any of the above (‘AND’ and ‘OR’).• Each of these can be validated by a service (see before).