580 likes | 753 Views
CBSS. The Crossroads Bank for Social Security succeeding on interoperability within the social sector R4eGOV e-ID USER GROUP MEETING 26 April 2007. Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040 Brussels Belgium
E N D
CBSS The Crossroads Bank for Social Securitysucceeding on interoperabilitywithin the social sectorR4eGOV e-ID USER GROUP MEETING26 April 2007 Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg 375 B-1040 Brussels Belgium E-mail: Frank.Robben@ksz.fgov.be Website: http://www.law.kuleuven.ac.be/icri/frobben Crossroads Bank for Social Security
Actors in the Belgian social sector • about 2,000 public and private institutions at several levels (federal, regional, local) dealing with • collection of social security contributions • delivery of social security benefits • child benefits • unemployment benefits • benefits in case of incapacity for work • re-imbursement of health care costs • holiday pay • old age pensions • guaranteed minimum income • delivery of supplementary social benefits • delivery of supplementary benefits based on the social security status of a person
The problem • a lack of well coordinated service delivery processes and a lack of well coordinated information management lead to • a huge avoidable administrative burden and related costs for • the citizens • their employers • the actors in the social sector • service delivery that doesn't meet the expectations of the citizens and their employers • suboptimal effectiveness of the social protection • higher possibilities of fraud • suboptimal support of the social policy
The solution • a network between all 2,000 social sector actors with a secure connection to the internet, the federal MAN, regional extranets, extranets between local authorities, and the Belgian interbanking network • a unique identification key • for every citizen, electronically readable from an electronic social security card and an electronic identity card • for every company • 190 electronic services for mutual information exchange amongst actors in the social sector, defined after process optimization • nearly all direct or indirect (via citizens or companies) paper-based information exchange between actors in the social sector has been abolished • in 2006 511 million electronic messages were exchanged amongst actors in the social sector, which saved as many paper exchanges
The solution • 40 electronic services for employers, either based on the electronic exchange of structured messages between applications or via an integrated portal site • 50 social security declaration forms have been abolished • in the remaining 30 declaration forms the number of headings has on average been reduced to a third of the previous number • declarations are limited to 3 events • immediate declaration of recruitment and discharge (only electronically) • quarterly declaration of salary and working times (only electronically) • occurrence of a social risk (electronically or on paper) • in 2006 17.9 million electronic declarations were made by all 220,000 employers, 98 % of which from application to application • according to a study of the Belgian Planning Bureau, rationalization of the information exchange processes between the employers and the social sector implies an annual saving of administrative costs of more than 1.7 billion € a year for the companies
The solution • electronic services for citizens • maximal automatic granting of services based on electronic information exchange between actors in the social sector • 4 electronic services via an integrated portal • 2 services to apply for social benefits • 2 services for consultation of social benefits • about 30 new electronic services are foreseen • an integrated portal site containing • electronic transactions for citizens and employers • information about the entire social security system • harmonized instructions and information model relating to all electronic transactions • a personal page for each citizen and each company • an integrated multimodal contact centre supported by a customer relationship management tool
CBSS as a service integrator • board of directors consists of representatives of the several actors in the social sector and of government representatives • mission • definition of the vision on eGovernment in the social sector • definition of common principles (see annex) related to • information modeling • unique collection and re-use of information • management of information • electronic exchange of information • protection of information • policy support • coordination of business process re-engineering
CBSS as a service integrator • mission • definition, implementation and management of an interoperability framework • technical: secure messaging of several types of information: structured data, documents, images, metadata, … • semantic: harmonization of concepts and coordination of the necessary adaptation of the law • business logic and orchestration support • management of a reference directory for • preventive control on the legitimacy of the information exchange • organization of the routing of information • automatic communication of changes of information
Reference directory • directory of available services/information • which information/services are available at any actor depending on the capacity in which a person/company is registered at every actor • directory of authorisation policies • list of users and applications • definition of authentication means and rules • definition of authorization policies • which kind of information/service can be accessed, in what situation and for what period of time depending on in which capacity the person/company is registered with the actor that accesses the information/service • directory of data subjects • which persons/companies have personal files in which actors for which periods of time, and in which capacity they are registered • subscription table • which users/applications want to automatically receive what services in what situations for which persons/companies in which capacity
CBSS as a service integrator • mission • stimulation of service oriented applications • modular • can be integrated • re-usable • loosely coupled • technology neutral • based on open standards
Towards a network of service integrators Service integrator (Corve, Easi-Wal, …) RPS RPS Services repository Extranet region or commmunity Service integrator (CBSS) Services repository ASS Extranet social sector ASS Internet Municipality FPS ASS VPN, Publi-link, VERA, … FPS FEDMAN Services repository Service integrator (FEDICT) City Province FPS Services repository
Presentation Applications Business services Basic services Data Service Oriented Architecture
Multifunctional basic services logging state machine user & access mgt trans-for-mation ticke-ting routing deci-sion rules orches-tration
User and access management • identification of physical and legal persons • unique social identification number for physical persons • unique company number for companies • authentication of the identity of physical persons • electronic identity card • user id – password – token • management and verification of characteristics (e.g. a capacity, a function, a professional qualification) of persons • management and verification of mandates between a legal or physical person to whom an electronic transaction relates and the person carrying out that transaction • management and verification of authorizations
Policy Enforcement Model Action on Action application on Policy DENIED application User Enforcement Application PERMITTED ( PEP ) Action on application Decision Decision request reply Information request/ Policy Decision Policy reply retrieval (PDP) Information request/ reply Policy Policy Administration Policy Information Policy Information management ( PAP ) ( PIP ) ( PIP ) Manager Policy repository Authentic source Authentic source
Policy Enforcement Model • Policy Enforcement Point (PEP) • intercepts the request for authorisation with all available information about the user, the action being requested, the resources and the environment • passes on the request for authorisation to the Policy Decision Point (PDP) and extracts a decision regarding authorisation • grants access to the application and provides relevant credentials • Policy Decision Point (PDP) • based on the request for authorisation received, retrieves the appropriate authorisation policy from the Policy Administration Point(s) (PAP) • evaluates the policy and, if necessary, retrieves the relevant information from the Policy Information Point(s) (PIP) • takes the authorisation decision (permit/deny/not applicable) and sends it to the PEP
Policy Enforcement Model • Policy Administration Point (PAP) • environment to store and manage authorisation policies by authorised person(s) appointed by the application managers • puts authorisation policies at the disposal of the PDP • Policy Information Point (PIP) • puts information at the disposal of the PDP in order to evaluate authorisation policies (authentic sources with characteristics, mandates, etc.)
WebApp XYZ Role Mapper DB PDP Role Provider Role DB Provider PIP PIP PIP Attribute Attribute Attribute Provider Provider Beheer DB RIZIV XYZ GAB Overall architecture Non-social FPS (Fedict) Be-Health Social sector (CBSS) USER USER USER APPLICATIONS APPLICATIONS APPLICATIONS Authen - Authorisation Authen - Authorisation Authen - Authorisation tication tication tication PEP PEP PEP WebApp WebApp Role Role Role XYZ XYZ Mapper Mapper Mapper Role Role Mapper Mapper DB DB PDP Role PAP PDP Role PAP PAP Provider Role Provider ‘’Kephas’’ Role ‘’Kephas’’ ‘’Kephas’’ DB Provider DB Provider PIP PIP PIP PIP PIP PIP Attribute Attribute Attribute Attribute Attribute Attribute Provider Provider Provider Provider Provider Provider Provider Beheer DB DB Beheer Gerechts- deurwaar- ders DB DB DB DB UMAF XYZ XYZ Mandaten Mandaten XYZ GAB GAB
Use in the Belgian social sector • all end-user services are divided into categories based on the required level of security • all services can be used with the eID as a means of electronic identification and authentication of identity • some services can also be used (temporarily) on the basis of a user-id, password and, where appropriate, a citizen token or a public servant token • electronic signatures can be put with the eID • the policy enforcement model is being implemented for the authentication of characteristics and mandates and for authorisation management
Electronic SIS-card and electronic identity card • gradual replacement of the functions of the electronic social security card (SIS card) once the following conditions have been fulfilled • function of electronic identification: overall availability of the electronic identity card (eID) • function of proof of the insurability in the health care sector • secure on line access by the health care providers to the insurability information available at the sickness funds • electronic identification and authentication of the identity, characteristics and mandates of the health care providers • preservation of the SIS card or a similar solution for persons who do not possess an eID (persons not residing in Belgium, children under the age of 12, …) • availability of readers that can read both the SIS-card and the eID
Advantages • gains in efficiency • in terms of cost: services are delivered at a lower total cost due to • a unique information collection using a common information model and administrative instructions • a lesser need to re-encoding of information by stimulating electronic information exchange • a drastic reduction of the number of contacts between actors in the social sector on the one hand and citizens or companies on the other • functional task sharing concerning information management, information validation and application development • a minimal administrative burden • in terms of quantity: more services are delivered • services are available at any time, from anywhere and from several devices • services are delivered in an integrated way according to the logic of the customer
Advantages • gains in efficiency • in terms of speed: the services are delivered in less time • benefits can be allocated quicker because information is available faster • waiting and travel time is reduced • citizens and companies can directly interact with the competent actors in the social sector with real time feedback • gains in effectiveness: better social protection • in terms of quality: same services at same total cost in same time, but to a higher quality standard • in terms of type of services: new types of services, e.g. • push system: automated granting of benefits • active search of non-take-up using datawarehousing techniques • controlled management of own personal information • personalized simulation environments • better support of social policy • more efficient combating of fraud
European framework • Treaty of Rome: free movement of persons => need for co-ordination between social security schemes of the Member States • Co-ordination Regulations 1408/71 (to be replaced by Co-ordination Regulation 883/04) and 574/72: 4 basic principles: • only one applicable national legislation per period • equal treatment: no discrimination based on nationality • aggregation of insurance, employment and residence periods • exportability of rights • co-ordination regulations imply a lot of information exchange between social security institutions of different Member States
European framework • current situation • 78 types of information exchange processes related to have been defined by the Administrative Commission on Social Security for Migrant Workers • a lot of information is still exchanged on paper forms (E-forms) • exchange of paper forms appears cumbersome, complicated and expensive, which may deter possible migrant workers • Co-ordination Regulation 883/04 to come into force: the quality level of services provided by a social security institution to an insured person may not decrease because this person (e.g. migrant or frontier worker, tourist, student, pensioner, ...) made use of his right to move within the EU => provision of systematic electronic information exchange • TESS = TElematics for Social Security • working party managed by Technical Commission on Data Processing • set up to develop telematic services for the implementation of the European Union provisions on social security • huge need for electronic identification and authentication of citizens and companies of all EU-Member States, and for electronic verification of certain characteristics and mandates
Some use cases • individual residing in EU-Member State A is temporarily employed (posted) in EU-Member State B • a lot of EU-Member States provide an obligation to declare the temporary occupation of foreigners on their territory (see below, LIMOSA) • in case the employee wants to remain socially insured in the EU-Member State of residence • the employer or his representative has to ask for authorization from the competent social security institution of Member State A • the competent social security institution of EU-Member State A (electronically) sends an E101-form to the competent social security institution of EU-Member State B => need for (interrelated) identification of the employer, his representative and the employee in both EU-Member States, need for authentication of the characteristic "employer" and need for authentication of the mandate of the representative
Some use cases • individual residing in EU-Member State A works, studies or looks for work in EU-Member State B => exportation of rights to and constitution of rights in EU-Member State B => need for (interrelated) identification of the individual in both EU-Member States • individual residing in EU-Member State A simultaneously works in various other EU-Member States => need for (interrelated) identification of the individual in all EU-Member States • individual residing in EU-Member State A needs health care in member State B (form E111, (e)EHIC) => need for (interrelated) identification of the individual in both EU-Member States • individual that has been working in various EU-Member States is retiring and gets old age pensions based on his occupation within the various EU-Member States => need for aggregation of periods => need for (interrelated) identification of the individual in all EU-Member States
Some use cases • individual residing in EU-Member State A has to exchange (in an electronic way) data with public authorities in EU-Member State B => need for (interrelated) identification of the individual in both EU-Member States • employer or his representative residing in EU-Member State A has to exchange (in an electronic way) data about his employees with public authorities in EU-Member State B => need for (interrelated) identification in both EU-Member States of the employer, his representative and the employees, need for authentication of the characteristic of "employer" and need for authentication of the mandate of the representative
Some metrics • exchanged E-forms with Belgium (2005) • proof of health care insurance ((e)HCIC replacing E111): more than 700.000 issued • invoices exchanged for reason of healthcare reimbursement (forms E125, E127): 490.000 for a total amount of approximately 285.000.000 € • posting (E101): 250.000 • information of constitution of old age pension rights in another EU-Member State (E501, E502, E551): 160.000 • insurance history, career survey requests and pension claims: (E202, E205, E207, E210): 60.000 • family allowances sector (E401, E402, E403, E411): 60.000 • unemployment benefits sector (E301, E303): 5.000 • extrapolation • Belgium: > 1.700.000 exchanges a year • EU: > 80.000.000 exchanges a year
Case: the LIMOSA-project Monitoring foreign activities on Belgian territory and lessening the administrative burden
Objectives • mandatory declaration for foreign employees, self-employed persons and trainees when coming to Belgium • collecting all relevant information in one central database • coordination of electronic information flows between Belgian competent institutions • one stop shop: lessening the administrative burden for foreign employers and self-employed persons • statistical information about cross-border employment on Belgian territory • consultation tool for social inspection services
Czech Rep. = 1.3% India = 1.4% Japan = 1.3% Portugal Lux Belgium Nederland Frankrijk Germany Polen Duitsland The Netherlands België Luxemburg Portugal India Poland Tsjechische Rep. Japan France Results • guarantee for legal employment in Belgium • getting a view on the impact of the activities of foreign employees, self-employed persons and trainees on the Belgian economy • respecting the European basic right of free movement of services • estimated number of declarations on annual basis = 200,000 • meaning administrative simplification 7 % 40 % 14 % 14 %
Project in different stages • international portal site and mandatory declaration (01/04/2007) • portal site in order to enhance a quick and user friendly declaration tool for foreign employers and self-employed persons • access to application • information on other obligations (labour law, taxes, ...) • a specific user and access management ‘light’ has been created • central database (01/07/2007) • comprehensive database with data of foreign activities on Belgian territory • one stop shop (target: 01/11/2007) • all requests (residence permit, work permit, posting documents, assignments, professional cards,...) and declarations from other countries • automatic triggering and dispatching to competent institutions • by means of the user management system, one can easily follow the status of the processing of his requests
Towards a pan-European social service ? • Decision 2004/387/EC of the European Parliament and of the Council of 21 April 2004 on the interoperable delivery of pan-European eGovernment services to public administrations, businesses and citizens (IDABC) • “The European Council, meeting in Brussels in March 2003, drew attention to the importance of connecting Europe and so strengthening the internal market and underlined that electronic communications are a powerful engine for growth, competitiveness and jobs in the European Union and that action should be taken to consolidate this strength and to contribute to the achievement of the Lisbon goals. To this end, the development and establishment of pan-European eGovernment Services and the underlying telematic networks should be supported and promoted.” • “This Decision establishes, for the period 2005-2009, a Programme for Interoperable Delivery of pan-European eGovernment Services to (…) European Businesses and Citizens.”
Towards a pan-European social service ? • a standardised, pan-European declaration system across all EU-Member States is beneficial for • employers and self-employed persons • unique, multifunctional declaration system across EU-Member States • available 24/7 and everywhere • available in the own language of the user • re-use of national basic services (e.g. portal environment, user- and access management, …) • the EU and the EU-Member States • higher degree of satisfaction of the employers and the self-employed persons • higher degree of notoriety of the system across the EU => higher guarantee of use and avoiding of unnecessary foreign information campaigns • electronic availability of all relevant information
Towards a pan-European social service ? • service oriented architecture of LIMOSA permits an evolution towards a pan-European social service • modular, layered architecture • presentation layer (multiple portal environments) • application layer (processes) • basic services layer (user and access management, return of receipt, …) • information layer (databases) • entirely based on open standards • components can be easily integrated in other environments • possibility to valorise the Belgian know how related to eGovernment in the social sector and electronic identity, user and access management
Towards a pan-European social service ? • excellent possibility to use the solution for cross-border electronic identification of citizens and companies in execution of the Interministerial Statement of 24 November 2005 in Manchester “By 2010 European citizens and business shall be able to benefit from secure means of electronic identification that maximise user convenience while respecting data protection regulations. Such means shall be made available under the responsibility of the Member States, but recognised across the EU.” “Member States will, during 2006, agree a process and roadmap for achieving the electronic identity objectives and address the national and European legal barriers to the achievement of the electronic identity objectives; work in this area is essential for public administrations to deliver personalised electronic services with no ambiguity as to the user’s identity.” “Member States will, over the period 2006-2010, work towards the mutual recognition of national electronic identities by testing, piloting and implementing suitable technologies and methods.”
Proposal of concrete objectives • internationally, authentication levels are established in relation to identity, characteristics and mandates • each country has registration procedures for establishing the identity of individuals residing in their own country, according to the internationally established authentication levels • each country has registration procedures for establishing the identity of legal entities and actual associations that are established in their own country, according to the internationally established authentication levels • each country makes available to each individual, each legal entity and each actual association for whom/which the identity is established in accordance with the registration procedures, the means by which the concerned entity can produce and prove its identity (whether or not in a particular context) locally or remotely, verbally, visually and electronically on the territory of the country in question, without that entity’s identity being confused with the identity of another individual person, legal entity or actual association in that country
Proposal of concrete objectives • each country has registration procedures for establishing the type of characteristics indicated by an internationally accredited body, according to the internationally established authentication levels • each country has registration procedures for establishing the mandate of an individual to represent a legal entity or actual association, and the other types of mandates that are indicated by an internationally accredited body, according to the internationally established authentication levels • each country has the necessary systems to produce and prove the characteristics and mandates of individuals, legal entities and actual associations that have been established according to the registration procedures (whether or not in a particular context), locally or remotely, verbally, visually and electronically on the territory of the country in question, either with the permission of the concerned entity or in accordance with a statutory or legal provision
Proposal of concrete objectives • under the coordination of the European Commission, the Member States of the EU develop EU standards and specifications to ensure the semantic and technical interoperability of resources for producing and proving electronically the identity, characteristics and mandates through or in relation to individuals, legal entities and actual associations on the territory of other Member States • the described policy enforcement model could serve as a model for concrete implementation
More information • personal website http://www.law.kuleuven.ac.be/icri/frobben • Crossroads Bank for Social Security http://www.ksz.fgov.be • social security portal https://www.socialsecurity.be • Federal Public Service for ICT http://www.fedict.be