270 likes | 287 Views
Advanced interoperability for Public Administration in Italy. IV seminar in “ICT Service Oriented Architectures ” April 21 th 2009 Marino Di Nillo Advanced Interoperabilty Unit at the Italian National Agency for Digital Administration - CNIPA.
E N D
Advanced interoperability for Public Administration in Italy IV seminar in “ICT Service OrientedArchitectures” April 21th 2009 Marino Di Nillo Advanced Interoperabilty Unit at the Italian National Agency for Digital Administration - CNIPA
Public connectivity & cooperation system (SPC) background • Started in 2003, SPC is the program for creating multi-domain interoperability across the administration using National shared infrastructures for guaranteeing peer-to-peer participation to any administration at an uniform level of service in a nation wide way. • Coordinated by CNIPA, more than 300 people from ICT industries, universities and PAs designed SPC, producing, from 2003 to 2005, a large set of specifications. • The law n. 82/2005, issued by the central government, with the agreement of local governments, defined: the legal and the organizational framework of SPC, the scope of SPC, the sectors of interest, the concept and the scope of national shared infrastructures, the governance, the management and the board. • A set of intra-domain services are provided by CNIPA for central government and by regions for local governments. • Technologies & services are supported by technological partners, selected through public tenderseitherat local or at central level. • A set of Nationwide specific domain projects (with central and local competencies) were launched in the areas of: employment, land register, health.
Legal framework The Law n. 82/2005 (Digital Administration Code) establishes two important principles: • the cooperation among administrations carried out on SPC, implemented in compliance with the tools of SPC and its technical rules, has legal value and no decree or official publication (Gazette) is needed (i.e. for example for data format specifications for data exchange); • public IT managers need to organize their Information Systems, also regarding organizational aspects, in order to be able to implement services compliant to SPCoop model.
Some needs to satisfy via SPcoop • The aim is to allow Public Administration ICT systems to cooperate between themselves • An administrative process activated by a citizen or a company request very often split up involving several Public Administrations • A standard dialogue among the P.A. applications has to be established • Citizens and companies will provide their data once only for a process that involves more than one Public Authority
SPC Management Board • The Law Decree n. 82/2005 define also the SPC Management Board (Commissione di Coordinamento) which is composed of 17 people, from central and local governments. • SPC Management Board is in charge of : • approving technical rules • approving guidelines • definition of scope • design of SPC evolution • definition of general criteria for Providers Certification • definition of general criteria for Services Certification
SPC complete ecosystem Working groups Organization Interdomain services Intradomain services Technical framework & services LAW
Interoperability issues FUTURE INNOVATION Multi domain Interoperability Data semantic Data semantic Domain Interoperability Data Semantic: Ontologies, Application: ws, Orchestration, Security: SAML, Network: VOIP, mobile TODAY INNOVATION security security Application Application Employment Healthcare Basic interoperability Data: XML, XDR, Security: SSL, HTTPS, Network: IP BODY OF KNOWLEDGE
SPC stack services Public Administrations SP Cooperation SPCoop e-gov messages SPC SP Connectivity http packets
Categories of SPCoop framework service’s Registry, Catologue, Directories Identity national Services Qualifing Services (interoperability check)
Domain gateway SPCoop framework service’s Infrastruttura per la cooperazione applicativa SICA Nationwide – Infrastructural services for interoperability Meta- Directory of public Employees Servizio di Servizio di Servizio di Servizio di SICA registry & repository Schemas & Ontologies Catalogue Federate digital Identities Servizio di Gestione Servizio di Servizio di Gestione Servizio di Certif. Author. Catalogo Catalogo Registro Federate Indice Servizio di Registro Federate Indice Servizio di Schemi Schemi SICA delle dei Certificazione SICA delle dei Certificazione e e Generale Identit à Soggetti Generale Identit à Soggetti Ontologie Ontologie digitali digitali SICA Internal services for monitoring, managing & security SICA Domain gateway Monitoraggio, Gestione e Sicurezza Interna Monitoraggio, Gestione e Sicurezza Interna Porta di Dominio SICA Porta di Dominio SICA Servizi di Servizi di Porta di Dominio SICA Domain SICA registry & repository Servizio di Servizio di Servizio di Servizio di supporto alla qualificazione supporto alla qualificazione supporto alla qualificazione supporto alla qualificazione del Servizio di del Servizio di della Porta di Dominio della Porta di Dominio Registro SICA Secondario Registro SICA Secondario Support services for interoperability qualification Supporto alla qualificazione di componenti di cooperazione appli cativa
SPCoopmodel Architectural Technological Organizational Integrationofdifferenttechnologies Standard interfaces and behaviors, caratteristiche, Separationofconcernsbetweenusers and service providers Entitydefinition Abstractionfromapplications Standards Formalizationof service agreements Definition and role management Workflowprocess management Consensus management Governnance E-gov national plan SOA Services Oriented Architecture Web Services Law Law n.82/05 SPCoop
Standard adopted in SPCoopframework XML-basedstandards: • SOAP forinvoking the services • WSDL forspecifying the services • UDDI forquerying the registry • BPEL fororchestrationof web services • SAML forrole management • Optional: • WS-agreement • WS-SLA • OWL-S
SPCoop • SPCoop is based on four leading-edge pillars in terms of technologies, best practices and organization: • formalization and publication of service agreements between Public Administrations; • definition of a federated identity management system for access control; • definition of the metadata which is the object of cooperation, of the semantics and the domain's ontologies; • defining and updating of the SPCoop model taking into account the latest progress in technologies and standards (SPCoop model evolution).
Request Request Response Response e-gov Envelope e-gov Envelope e-gov envelope e-gov envelope Cooperationsystems Back Domain gateway Services shown Back SPCoop Services shown Administration Domain Domain gateway Standardizing Level Administration Domain
Service #1 eGov envelop Service #2 Service #3 Domanin Gateway 1 Domain Gateway 2 Service #4 Domain gateway as proxy
Domain Gateway: some functionalities • HTTP connection Management • TLS and SSL connection management • E-gov envelop management (including envelop tracing) • Security compliant to WS-Security specification • Time synchronization
Request Answer E-gov envel. e-gov envel. Domain gateway • Managing of : • exchange and security at connection level • e-Government envelope • Operation logging • Ws-security framework E-gov envelope SPC Network Domain gateway Domain gateway Addressing, Security, Availability Tracking Administration 1 Administration 2 Message body Application
Service Agreement • formal and well specified XML document • Expect to support: • the development and the life-cycle of services in a (semi)automatic way • the establishment of a domain ontology which allows the aggregation of services with similar semantic • composition and orchestration of services described even them recursively by service agreements.
Service Agreement: complete structure WSDL (usage of only types, message, operation e port type) WSBL (Web Service Behavior Language) Is a special XML-syntax based on a finite state machine to represent conversation and security requirements WSDL (use of service, binding e port) WS-Agreement used to describe involved entities (Parties), metric and SLA parameters (ServiceDefinition).
SPCoop: Federated Identity Management • Federation for identity management is needed to reuse the identity management systems of regional and national authorities. • Every SPCoop entity (human or service) has a X.509 certificate (given by the certification service or by a local authority) • Federated identity management has a double role: • Credential checker • Attribute authority • Federation will be done through specific interfaces supporting at least Security Assertion Markup Language SAML v. 2.0.
SPCoop: Framework & services functional view Nationwide SPCoop Services SICA security service directory SICA Registry Services Service agreement Federal digital identity Conceptual schemas / ontologies 2 3 PAC1 PAC3 PAL2 PAL3 PDL2/3 PDC1 DSC1 DSC3 DSL2 DSL3 PDC3 4 Connectivity Erogazione Servizio 3 -> 4 PDC4 PAC2 PAL1 PAC4 DSC4 PDC2 PDL1 DSC2 DSL1 SPCoop services 1 citizen
Cooperation systems - the interaction through the framework - Runtime Design time Citizen’s requests INTERNET Coordination level (Multi domain interoperability, also directory services for citizens & industry) SPC Network Interaction level • SPC is also a network framework: • network services • Voip clearing house • ubiquity services • International network
The european framework/the italian framework All aspects considered SPCoop, interfaces Network services SPC SPCoop service agreement Domain gateway Federate Identity mngmnt SPC Board, working group, roadmap, discussion forum SPCoop, schema’s & ontologies catalogue
CNIPA tasksalreadyaccomplished • Definitionofstandardstobeadopetdby Public Adminidtrationstorealize/useservices in a standard way. • Responsibleforinstrastructuralservices (i.e. Servicesregistry, Service agreementsregistriesimplemeneted and managedby a technologial partner selectedbymeansof a callfor tender process (CONTRACT n. 6/2007)) • Makingavailable, via a FrameworkContract (CONTRACT N. 5/2007 signedwith a consortiumofprovidersselectedbymeasnof a callfortenders) toitalian Public Aministrationsservicesforimplementingtheir IT services in compliancewithSPCoopmodel
Others components of SPC • Hosting web sites • Projects of web sites • Editing of contents • Multi channel access • PC Management • Wan & Lan Management • System ed Asset management • Electronic mail • Certified e-mail • Unified messaging • Identity management • Web services (Porta di dominio) • Applicative Cooperation Telecom Italia-Elsag-Datamat-Engineering EDS Italia -Almaviva
Thank you Marino Di Nillo dinillo@cnipa.it