interoperability frameworks arvo ott - coe.int · february 2011 interoperability frameworks arvo...
TRANSCRIPT
February 2011 www.ega.ee
Interoperability Frameworks
Arvo OtteGovernance Academy
Estonia
E- Gov Center:
-strategy
-budget
-regulation
-training
Shared,
services infrastructure,
portal,
interoperability
architecture,
eID, payment
gateway etc.
VISION
Ministries
Service Points
More and better services, More locations, 24/7,smaller Government, lower costs
Governmental Registries
• Many registries, all very different, managed and developed by different organizations and financed separately
• Very many users, most of them are very small organizations without security knowledge and with a very small IT budget
• Very high security requirements. Registries contain personal data that is in some cases used to make high value decisions and in some cases needed in real time
Interoperability Framework
• Organizational interoperability
• Legal framework
• Technical architecture
• Semantic interoperability
Interoperability Framework – set of
principles, agreements, commitments
February 2011 www.ega.ee
Political ContextCooperating partners with compatible visions, aligned priorites and focused objectives
Semantic interoperability --- Semantic AlignmentPrecise meaning is preserved and understood by all parties
Organisational interoperability --- Process AlignmentDifferent organisations achieve a agreed and mutually beneficial goal
Legal interoperability --- Legislative AligmentAligned legislation so that echanged data is accorded proper legal weight
Technical interoperability --- Interaction ja TransportPlanning of technical isuses involved in linking computer systems and services
Nature of document Name of Document Nature of regulation
Policy and strategy
documents
Interoperability
Framework
Infopolitical agreement,
strong recommendation
Laws and sub-acts Databases acts,
Personal Data
Protection Act, Digital
Signature Act etc.
Compulsory
Framework descriptions Architecture
descriptions
Strong recommendation
Interoperability Related
Standards
Documents, digital
signature, security,
message transfer etc.
Advise and
recommendation
Regulations1. ORGANIZATIONAL
coordination
– Responsible institution for general coordination/management of the
integrated register system (preparation and implementation of strategy
and basic concepts of interoperability framework)
– Availability to set-up official (and unofficial) work groups. Different advisory
and management boards regulated by government. Official procedure is
needed to engage different stakeholders into the coordination process.
Implementation
– registration of databases and services, management of data exchange
process
– offering some shared services
– cooperation with different stakeholders of the project
– supervision of the implementation
– helpdescFeb 2011 www.ega.ee
Regulations
2. DATABASES and INFORMATION SYSTEMS
• Process of creation, integration and termination of state databases. Who is
responsible, what legal act is needed to describe the functions of databases
(statute, approved by Government?). Who is responsible on data
processing. Role of basic data. Auditing of databases.
• Principles – ask once, use multiple; personal data protection etc.
• Components of the integrated system. Database of databases –
responsibility of institutions to give metadata about their databases.
Repository of XML descriptions of services. In future database of
ontologyies
• Finance models
• Data services are the priority... not data collection. Customers orientation –
not collect data if the services does not need it
• Ownership of the data
• Authorization and audentication
Feb 2011 www.ega.ee
Regulations2. DATABASES and INFORMATION SYSTEMS
Feb 2011 www.ega.ee
Regulation about supporting systems of the framework:
•System of unified classifications (Estonian: sub act of the
Public Information Act “Clastification system”)
•Address system (Estonian: sub act of the Public Information
Act “Address system”)
•Geodetic system (Estonian: sub act of the Public Information
Act “Geodetic System”)
•System of data security measures of databases (Estonian:
sub act of the Public Information Act “System of Security
Measures of Information Systems”)
•Environment of sharing data - data exchange system
between registers (Estonian: sub act of the Public Information
Act “Management system of State Information System”)
IOF Questions (1):
• Question 1. IOF is in-line with European Interoperability Framework
European ISA program (http://ec.europa.eu/isa/ )?
• Question 2. There is govermental portal as single contact point for
citizens and businesses.
• Question 3. Websites comply with WAI quality criteria.
• Question 4. Public administrations will agree on an appropriate,
common security and privacy policy and concrete requirement.
Government will implement IT baseline security system. For
example: The production and development of baseline security
system is recommended to base on the IT Baseline Protection
Manual (IT-Grundschutz Handbuch) issued by Germany’s BSI
(Bundesamt für Sicherheit in der Informationstechnik ).
www.ega.ee
IOF Questions (2):
• Question 5. The national supervision agency is established with
following main roles:
– personal data protection - inviolability of private life;
– public information - complying with requests for information and publication of
information on the Internet and elsewhere
• Question 6. Public administrations are designing information
systems and technical architectures that are linguistically neutral in
order to cater for multilingualism when establishing an International
Public Service.
• Question 7. Public administration have a long-term preservation
(sustainability) policy.
www.ega.ee
IOF Questions (3):
• Question 8. Public administrations will favour openness regarding
public information.
• Question 9. Public administrations are encouraged to reuse and
share solutions and to collaborate on the development of common
solutions.
• Question 10. Public administration should not impose any specific
technological solution on citizens, businesses and other
administrations
• Question 11. Public administration will develop a component based
service model, allowing the establishment of Public Services by
reusing, as much as possible, existing service components
www.ega.ee
IOF Questions (4):
• Question 12. Public administrations will make their authentic
sources of information available to others while implementing the
appropriate access and control mechanism to ensure security and
privacy as foreseen in the relevant legislation.
• Question 13. Public administrations will develop the necessary
interfaces to authentic sources and align them, at semantic and
technical level.
• Question 14. Public sector will develop the common service
infrastructure.
• Question 15. Public administrations will obtain political support for
their interoperability efforts.
www.ega.ee
IOF Questions (5):
• Question 16. Public administrations will carefully consider all
relevant legislation linked to the information exchange, including
data protection legislation.
• Question 17. Government will elaborate legislation (laws and other
government acts) in area of registers, infrastructure services,
register of registers, register of certificate service providers, security
baselines.
• Question 18. Model of coordination? Government is using the
European Method of Open Coordination (OMC, see
http://en.wikipedia.org/wiki/Open_Method_of_Coordination) as the
governance model for organisational interoperability.
• Question 19. Public administrations will document their business
processes and agree on how these processes will interact to
contribute to the delivery of a Public Service.
www.ega.ee
IOF Questions (6):
• Question 20. Public administrations will systematically define
Service level agreements (SLA) for the part of the Public Service
they provide and/or consume.
• Question 21. Public administrations will support the establishment
of both sector-specific and cross-sectoral communities aimed at
facilitating semantic interoperability and will encourage the sharing
of results produced by such communities through national and
international platforms.
• Question 22. Public administrations will agree on the standards and
specifications to be used to ensure technical interoperability.
• Question 23. Public administrations will, as much as possible, base
interoperability agreements on existing formalised specifications, or
in case such specifications do not exist, collaborate with
communities working in the same areas.
www.ega.ee
IOF Questions (7):
• Question 24. Other things being equal, public administrations
should prefer open specification.
• Question 25. Public administrations will actively participate in the
standardisation activities that are relevant to their needs.
• Question 26 ?? Example: National GovNet will operate as a public
network. Principles of GovNet:
– Every state and local government agency has the right, though
not obligation, to use GovNet.
– The use of the backbone network is recommended to finance
centrally from the state budget and the use free of charge for
subscribed clients. The client has to pay only for access to the
backbone network.
– End-users will be responsible on security of their local network.
www.ega.ee
IOF Questions (8):
• Question 27. Government will elaborate personal secure
environment using ID card for citizens accessed. Personal area can
contain following subareas:
– E-service area allows people to survey the data which the
government has collected about them.
– Notification services (breaks in electricity or water deliveries,
expiration of a period of validity, etc.);
– Application which enable citizen to fill different forms and forward
them to the relevant institutions. The institutions process the
forms and report the results to the citizens.
– The secure document area allows users to sign documents and
forward them.
www.ega.ee
IOF Questions (9):
• Question 28. Use of the PKI infrastructure is free for citizens – they
don’t pay for certificates and for presentation and validation of a
digital signature.
• Question 29 ?? Government will develop the primary open source
software applications for ID cardholders:
– Client software for signing and signature checking
– Portal for signing and signature checking
– Program library for signing and signature checking for using
inside of other software products (for example from document
management systems).
www.ega.ee
IOF Questions (10):
• Question 30. Government is elaborating the middleware and
corresponding organisation for integration of information systems
(registers). Middleware solution will contain interoperable
infrastructure services:
– audit trail and log;
– service registry and metadata management;
– access control;
– data certification;
– data transport;
– data translation;
– workflow management.
www.ega.ee