250 likes | 413 Views
Government Transformation Initiative – eGovernment Procurement for Good Governance. Session 5 – Standards in e-Government Procurement Eduardo Talero May 27, 2009. Agenda. Context for eGP BM Standards Decisions The general case for standards The specific cae of Standards and eGP
E N D
Government Transformation Initiative – eGovernment Procurement for Good Governance • Session 5 – Standards in e-Government Procurement • Eduardo Talero • May 27, 2009
eduardo@talero.name Agenda • Context for eGP BM Standards Decisions • The general case for standards • The specific cae of Standards and eGP • Standards to consider for different phases of eGP • Reality check on standards adoption • Recommendations to consider.
eduardo@talero.name Reminder: Functional Scope of eGP system Budgeting Bid/Proposal Preparation Financial management Indent management Catalog management Contract management Order management Asset management Invoicing Processing Center Public Sector systems Private Sector systems ` eGP System III IV System integration/ Collaboration E-Catalog Purchasing E-Reverse Auction II E-Tendering Buyer/Seller Support I Publication / Disclosure
WHY STANDARDS? May 27, 2009 eduardo@talero.name
eduardo@talero.name Standards help to… Prevent failures
eduardo@talero.name Standards help to… Increase efficiency of complex operations
eduardo@talero.name Standards help to… Introduce order and predictabi-lity in electronic exchanges
eduardo@talero.name Standards help to… Reduce risk
eduardo@talero.name Standards help to… Increasetrust
How standards can help eGP • Enhance B2G/G2G connectivity and interoperability • Generate trust in electronic experience • Enhance competition and inclusion • Enhance efficiency and flexibility of public procurement function • Enhance cooperation and transparency • Facilitate evolution and innovation • Increase return, reliability of investments • Avoid vendor lock-in May 27, 2009 eduardo@talero.name
eduardo@talero.name SOME STANDARDS FOR eGP System Specification/Construction Architecture (SOA,WOA ) eGP System Quality (CMM) Workflow (BPMN, UMM, BPSS) DevelopmentMethodology (UML, RUP) Networking (TCP/IP) May 27, 2009
eduardo@talero.name E-GP System: KEY STANDARDS FOR DISCLOSURE FACILITIES Identification (UN-SPSC, GPC, CPV, eCl@ss) eGP System` Model legislation (UNCITRAL, EC Directives 2004/17/EC and 2004/18/EC) Laws/Regulations Business opportunities Formatting (ODF, PDF, OOXML) Bidding documents Contract awards May 27, 2009
eduardo@talero.name SOME STANDARDS FOR e- GP SUPPORT FACILITIES Identification (UN-SPSC, GPC, CPV, eCl@ss) e-GP System - User Support Facilities Communication (Imap) Supplier registration & alerts Reference prices ePayments (SET, IFX..) Research support Electronic payments Registration (DUNS) Supplier Registry May 27, 2009
eduardo@talero.name SOME STANDARDS FOR eGP DATA CENTER Site security (RFC 2196) IT Service Management (ISO/IEC 20000) Network security (ISO/IEC 18028-1 ) eGP Data Processing Center Computer security ISO/IEC 15408 Directory Service (LDAP, DSML) Reliability (HTTP-R) May 27, 2009
eduardo@talero.name SOME STANDARDS FOR eGP TRANSACTION SYSTEMS Information security management (ISO/IEC 27001) ` eGP System System integration/ Collaboration Facilities Information Security Controls (ISO 17999) E-Catalog Purchasing Reliability (HTTP-R) E-Reverse Auctions Information Security Testing (OSSTMM) E-Tendering May 27, 2009
eduardo@talero.name KEY STANDARDS FOR e- REVERSE AUCTIONS E-Reverse Auction Facilities Communication (Imap) May 27, 2009
e-Tendering Facilities eduardo@talero.name Bid Vault DOCUMENT STORE PROCESSING TIMETABLE KEY STANDARDS FOR eGP PHASE IIa - eTENDERING SYSTEM QUESTIONS & ANSWERS Authentication (X509, XML DSig, XKMS) S U P P L I E R S B U Y E R S Supplier Profiles SUPPLIER ROSTER Q & A Traceability (ISO 13335) Bid Documents Decrypted Bids Encrypted Bids Encrypted Receipts Encryption (SSL, XML Encryp) May 27, 2009
eduardo@talero.name SUPPLIER 1 SUPPLIER 2 Electronic Catalog Electronic Catalog SOME STANDARDS FOR eGP PHASE IIb - e-CATALOG PURCHASING SYSTEM Messaging (SOAP) Publication (UDDI) e-Catalog Purchasing Facilities Documentation (UBL, C-CATALOG) Reliability (HTTP-R, WS-R) Interoperability(WSDL, BPEL) Secure Access (SAML, XACML) May 27, 2009
eduardo@talero.name EGP SYSTEM: STANDARDS FOR SYSTEM INTEGRATION/ COLLABORATION FACILITIES (PHASES III AND IV) Interoperability/Collaboration (ebXML, WS-I Profiles, WSCI, BPEL) Web Services (WS*) Interpretation (DSDL, Relax NG) Registration of Services (UDDI) Provisioning (SPML) Private Sector Systems Public Sector Systems EGP System Web Security (WS Security, SAML, XACML)
eduardo@talero.name Adoption of Open Standards is… • Mandated already by many governments (India, UK, Canada, EU, Phil, Brazil…) and recommended by most. • Embraced in varying degrees by large vendors (IBM, HP, Oracle…) • However, from 2006 MDB survey of eGP systems in 14 leading countries…
eduardo@talero.name Use of Open Standards by 14 leading eGP governments * • No one says to allow ODF documents. • Only 6 use UNSPSC. • Only 4 use XML, and only one uses ebXML for interoperable electronic business • Only 4 use SOAP, 3 use UDDI, only 1 uses WSDL and none use BPEL, WS-Security, WSCI (so much for SOAs). • However, most use digital certificates and asymmetrical encription for authentication. *Argentina, Australia (State of New South Wales), Brazil, Chile, Finland, Hong Kong, India (Indian Railways), Italy, Mexico, Norway, Romania, Singapore, South Korea, The Philippines
eduardo@talero.name Recommendations to Consider • Adopt and open standards policy for all eGP related work. Refer to them by name (“or substantially equivalent”) in SRSs and SLAs. • Investigate and if possible adopt ebXML family of standards (ISO 15000) for all eGP-related work. • Adopt SOA and Web services as the architectural standards for eGP. • Adopt a business process modeling standard (BPMN or UMM) and use to document functional requirements of eGP system, even if procuring a COTS solution. It will serve well in acceptance testing and in avoiding vendor lock-in.
eduardo@talero.name Recommendations to Consider (2) • Reserve Digital signatures and PKI for strong authentication and signing of legally-enforceable documents. For other purposes, experiment first with simpler methods (encryption, two-factor authentication). • Assign a person to watch and recommend standards. This may be done centrally for whole government. • Open door to OSS products as they often implement and promote open standards. • Strongly consider adopting international classification/description standards (UN SPSC, CPV, GTIN or similar) instead of a home-grown alternative.
THANK YOUQuestions? etalero@worldbank.org May 27, 2009 eduardo@talero.name
Extra slides May 27, 2009 eduardo@talero.name