Agenda - 18 February 04 Welcome Round Table - Who? Where? What? Introduction to FAME Fame Generic Framework –Overview –Technical components Round table discussion Next actions

FAME Generic Framework

Objectives To explore and understand the work of FAME pilot streams. To synthesise views of a deliverable overall generic framework with appropriate (vendor neutral) technical and social/organisational elements. It is NOT about individual stream level service or software design.

Objectives The generic framework will be the accumulation of ideas and experience from the individual streams together with relevant research input. It will act as a guide to other LAs in their sourcing and implementation of systems and service development.

Headings High level scoping statement Legal powers and responsibilities Governance Information sharing Identity management Infrastructure Messaging, events and transactions Sustainability Federation

High level scoping statement What services are we exploring? What are the aspirations for outcomes? How will these outcomes be evaluated? Takes account of the different requirements of the contexts of: – citizens/communities, –service providers, –service commissioning and –national governance. Defines the ‘business case’.

Legal powers and responsibilities Defines the multi agency services to be provided (e.g. practice, assessment, care planning and delivery). Identifies the legislative/guidance framework covering these services. Identifies the legal powers, statutory duties and responsibilities of the agencies and organisations providing the service.

Governance The organisation of multi agency services and practice. Information sharing. The infrastructure- relationships, hard and soft assets. Procurement and ownership. Participation of stakeholders in the evaluation of outcomes. The links to the duties and legal powers available is clearly identified.

Information sharing A multi agency hub facilitates a variety of information sharing modes. Information sharing may apply in all contexts- amongst citizens, services, commissioning and policy making. The information sharing protocol will explicitly define the limits information sharing enabled.

Identity Management Identity is more than a personal dataset. Identity is context dependent and must be defined in terms of relationships. Statements about identity have a provenance associated with the trustworthiness of their sources. Extends ideas of identity and consent.

Infrastructure Communication within a multi agency community requires shared resources and capabilities. The infrastructure must respect appropriate diversity and autonomy as well as commonality and uniformity. Its use is defined by the user community.

Messaging, events, transactions Process maps, workflows and catalogues may be shared. The infrastructure will support broadcast, narrowcast publication and may automatically generate: –Notifications –Updates of shared data items, documents and content.

Sustainability A capability for continuous adaptation. Identifies the scale, scope and context of change. Links systems and organisational change processes. Sustains on-going processes for training, review and further development. Recognises the required skill-sets, project resources, cultural sensitivity and people.

Federation Co-operative working evolves between multi agency communities of service. Local shared infrastructures can inter- work with other local and national infrastructures. These processes are facilitated by Internet technologies e.g. portals and hubs/spokes.

Headings High level scoping statement Legal powers and responsibilities Governance Information sharing Identity management Infrastructure Messaging, events and transactions Sustainability Federation

Project Sponsor Practitioner IT Manager High level scoping statements Governance High level scoping statements Legal Powers Governance Information sharing Identity Events, Messages & Transactions Infrastructure Sustainability Federation Events, Messages & Transactions Infrastructure Legal Powers Governance Information sharing Identity Sustainability Federation Possible paths through the framework Information sharing Identity Legal Powers Events, Messages & Transactions Sustainability Federation

The areas with a strong technical component. Headings High level scoping statement Legal powers and responsibilities Governance Information sharing Identity management Infrastructure Messaging, events and transactions Federation Sustainability

Systems and infrastructure An historical perspective

Integrates platforms within an enterprise: our computers and networks become a unified resource Hardware and Operating System Layer Middleware Preserves and manages data over space and time Persistent data layer Local interaction Application layer with local event handling and workflow Application layer Transaction Management

Modes and means of access Channels Integrates platforms within an enterprise: our computers and networks become a unified resource Hardware and Operating System Layer Middleware Preserves and manages data over space and time Persistent data layer Local interaction Application layer with local event handling and workflow Application layer Applications are WEB enabled CRM Shared Workflow Knowledge Portals eCommunity Each of these “integration products” has its own origins in concepts of resource management or process management.

Resource Integration Identifiers and identities Process Integration Master Index Shared Workflow and Message Hub Portal Integration layer Modes and means of access Channels Application Adapters Domain of Integration Integrates platforms within an enterprise: our computers and networks become a unified resource Hardware and Operating System Layer Middleware Preserves and manages data over space and time Persistent data layer Local interaction Application layer with local event handling and workflow Application layer

The information systems and communications utility. Commodity products and services Hardware and Operating System Layer Middleware Persistent data layer Master Index Shared Workflow and Message Hub Portal Integration layer Local interaction Channels Local interaction Support for users to shape and govern their information environment. Application layer Domain of Integration Structure and infrastructure

Master Index Shared Workflow and Message Hub Portal Application layer Hardware and Operating System Layer Middleware Persistent data layer Master Index Shared Workflow and Message Hub Portal Integration layer Channels Local interaction Application layer Hardware and Operating System Layer Middleware Persistent data layer Integration layer Channels Local interaction Systems Integration and change management. Provision value chains Box shifting Software technology licensing Software development and support Integration Engines: CRM, BPR, media/content, Knowledge/document Management Commodity devices and services Applications service provision / In-house

Master Index Shared Workflow and Message Hub Portal Application layer Hardware and Operating System Layer Middleware Persistent data layer Master Index Shared Workflow and Message Hub Portal Integration layer Channels Local interaction Application layer Outsource: we do it all for you… Box shifting Software technology licensing Software development and support Integration Engines: CRM, BPR, media/content, Knowledge/document Management Commodity devices and services Systems Integration and change management. Applications service provision / In-house Hardware and Operating System Layer Middleware Persistent data layer Integration layer Channels Local interaction Box shifting Software technology licensing Software development and support Integration Engines: CRM, BPR, media/content, Knowledge/document Management Commodity devices and services

Hardware and Operating System Layer Middleware Persistent data layer Master Index Shared Workflow and Message Hub Portal Integration layer Channels Local interaction Application layer “Best of breed”: The IT department in control Box shifting Software technology licensing Software development and support Integration Engines: CRM, BPR, media/content, Knowledge/document Management Commodity devices and services Systems Integration and change management. Applications service provision / In-house

Hardware and Operating System Layer Middleware Persistent data layer Master Index Shared Workflow and Message Hub Portal Integration layer Channels Local interaction Application layer Government Gateway: Fit a DIS Box and London will do the rest Box shifting Software technology licensing Software development and support Integration Engines: CRM, BPR, media/content, Knowledge/document Management Commodity devices and services Systems Integration and change management. Applications service provision / In-house

Hardware and Operating System Layer Middleware Persistent data layer Master Index Shared Workflow and Message Hub Portal Integration layer Channels Local interaction Application layer Strategic integration: Box shifting Software technology licensing Software development and support Integration Engines: CRM, BPR, media/content, Knowledge/document Management Commodity devices and services Systems Integration and change management. Applications service provision / In-house

Hardware and Operating System Layer Middleware Persistent data layer Master Index Shared Workflow and Message Hub Portal Integration layer Local interaction Channels Local interaction PortalIndexHub Application layer Domain of Integration Other Domains We are not alone: There are other domains around us.

Hardware and Operating System Layer Middleware Persistent data layer Master Index Shared Workflow and Message Hub Portal Integration layer Local interaction Channels Local interaction PortalIndexHub Hub to Hub interactions Application layer Domain of Integration Other Domains We are not alone: There are other domains around us.

Universal point of Access Is offer X in your catalogue the same as offer Y in mine? How do we support and nurture brokers and intermediaries? Sometimes we need to be able to “google” the whole federation… This universal service enables signaling for an information economy. –Financial cost and value –Social value –Political value Portal

Universal point of Publication and Recourse The audit trail may lead to a boundary: where do you go then? Escalation has to stop somewhere. Can you deliver my scripts and can I deliver yours? How do I tell the people who need to know? –Individually addressed messages, –Role and workflow based structured messages, –Narrow-cast, –Universal broadcast, –Publication. Shared Workflow and Message Hub Hub

Who gives the identity management service the right to do this and how? Identity Management I have identifier B in domain X Domain id XA Domain id XB Domain id XC Domain id XD Application xa Application xb Application xc Application xd Master Index X Index and identifier C in domain Y. If application xb needs to talk to application ym about me, then it must do so via a hub to hub message. This requires that the identity management service, at the federation level, must confirm that XB ≡ YC ≡ “Me”. Application yk Application ym Domain id YA Domain id YB Domain id YC Domain id YD Application yj Application yl Master Index Y

Hardware and Operating System Layer Middleware Persistent data layer Master Index Shared Workflow and Message Hub Portal Integration layer Local interaction Channels Local interaction Portal Index Hub Hub to Hub interactions Application layer Federal points of access: the catalogue of catalogues Universal point of publication, recourse and resolution. Domain of Integration Other Domains Federation Services We are not alone: There are other domains around us. Federated Identity Management Services

Hardware and Operating System Layer Middleware Persistent data layer Master Index Shared Workflow and Message Hub Portal Integration layer Local interaction Channels Local interaction Portal Index Hub Application layer Federal points of access: the catalogue of catalogues Federated Identity Management Services Universal point of publication, recourse and resolution. Domain of Integration Other Domains Federation Services Smart Cards: Integrating the integration technologies Accepting networks Identity tokens and keys Brand Apps Pocketable data

The areas with a strong technical component. Headings High level scoping statement Legal powers and responsibilities Governance Information sharing Identity management Infrastructure Messaging, events and transactions Federation Sustainability

Hierarchical model Trust anchors must link root and end entities. A business anchor linking end entities. Certification authorities

Hierarchical model Distributed model Trust anchors must be local.

Hierarchical model Distributed model A CA acting as facilitator between CA domains. Bridge model

Portal Hardware and Operating System Layer Middleware Persistent data layer Master Index Shared Workflow and Message Hub Integration layer Channels Portal Index Hub Application layer Federal points of access: Federated Identity Services Universal point of publication. Domain of Integration Other Domains Federation Services Views of federation

Safe & secure public service infrastructure: What does Liberty Alliance do? –Best practice PKI to protect the channels and the messages. –Authentication enrolment mechanisms. –A set of mutual and community based trust creation and implementation mechanisms. –Open, progressive and federable approach. But multi-agency public service delivery, particularly the caring services, present more demanding requirements than does commerce.

The requirements: Governance. –who participates in defining the rules and processes? –how is their engagement informed and made effective? Flexibility. –The process to be supported is the one that reengineers processes and creates new structures. Trust. –New demarcations between structure and infrastructure. Ideas of identity and of relationship seem to be very significant in addressing these requirements.

Some definitions… ….but not just a glossary. We need to be clear about the terms and concepts we use. Events, Messages and Transactions.

Events → Individuals → Transactions An event: an occasion when information is generated. Unique birth and death events delimit the existence of an individual, (also known as a principal or a party). An event becomes a transaction when: –It involves 2 or more individuals and… –Produces intended changes in the distribution of resources and responsibilities among them Information News of a contingency that has significance. A state of affairs that could be one way or another. It causes something and so makes a difference. It is communicated, - moving in space and or time.

Transactions → Relationships → Identities If information from a previous transaction is used, by the same parties, in subsequent ones then this is a relationship. –Multiple encounters –Recognition –Persistence –More and different transactions. An identity is the information used by parties to recognise each other. An identifier links an identity to a history. These definitions lead to two implementation concepts: –A register –An index.

Relationship Rc. Relationship Ra. Sets of records of the same individual with different relationships. A local identifier Identity attributes Profile and history An identity An Individual Register 1

Hardware and Operating System Layer Middleware Persistent data layer Master Index Shared Workflow and Message Hub Portal Integration layer Local interactio n Channels Local interactio n Application layer Domain of Integration Associated identifiers Register 1 Relationship Ra. Relationship Rc. An Individual An identity Ra, Pb Rb, Pb Rc, Pb Rd, Pb Re, Pb Rf, Pb Rg, Pb An index correlating identifiers A relationship type + A provider identity Sets of records of the same individual with different relationships.

Index based, narrowcast publications: I,, having relationship w with individual I know as, am willing to enter transactions q, r or s with anyone who has relationships x, y or z with this individual. With whom can I engage in transaction u, regarding the individual I know as ? These may be subject initiated, permissioned, joint or independent of the subject. Associated identifiers Ra, Pb Rb, Pb Rc, Pb Rd, Pb Re, Pb Rf, Pb Rg, Pb A relationship type + A provider identity

Associated identifiers Ra, Pb Rb, Pb Rc, Pb Rd, Pb Re, Pb Rf, Pb Rg, Pb Register 1 Registers which use different attribute sets to indicate identities. Relationship Ra. Relationship Rc. An Individual An identity An index correlating identifiers A relationship type + A provider identity A domain of integration… …but where is federation?

IMPb Identity Management Provider B IMPb IMPa Identity Management Provider A Relationship Rb. Relationship Rk. Sets of records of the same individual with different relationships in two different domains. Relationship Ra. Relationship Rc. Ra, Pb Rb, Pb Rc, Pb Rd, Pb Re, Pb Rf, Pb Rg, Pb IMPa Register 2Register 3 Registers which use different attribute sets to indicate identities. Register 1 Rc, Pb Rm, Pb Rk, Pb Rl, Pb Ra, Pb Rb, Pb Rd, Pb

Rk, Pb Rl, Pb Rm, Pb Ra, Pb Rb, Pb Rd, Pb Rc, Pb IMPa IMPb Ra, Pb Rb, Pb Rc, Pb Rd, Pb Re, Pb Rf, Pb Rg, Pb IMPb Register 2Register 3Register 1 One register An index of registers and a register of registrars? One index distributed over the federation. A universal identity management service. Multiple registers, indexes and identity management services. Centralisation policies:

Rk, Pb Rl, Pb Rm, Pb Ra, Pb Rb, Pb Rd, Pb Rc, Pb IMPa IMPb Ra, Pb Rb, Pb Rc, Pb Rd, Pb Re, Pb Rf, Pb Rg, Pb IMPb Register 2Register 3Register 1 A range of trust models: A B A B C A B A B C

Rk, Pb Rl, Pb Rm, Pb Ra, Pb Rb, Pb Rd, Pb Rc, Pb IMPa IMPb Ra, Pb Rb, Pb Rc, Pb Rd, Pb Re, Pb Rf, Pb Rg, Pb IMPa IMPb An index row represents the business anchor list for relationship suppliers who have direct trust respecting a common client. Identity managers support brokered trust (both direct and indirect) respecting an individual client. Registrars deliver Authentication Enrolment Agreements to Certification Authorities (CAs). The trusted core services support a federal, mixed model CA network in which relationship providers (and clients) are authenticatable end entities. Mapping to Liberty Alliance concepts and terms:

The areas with a strong technical component. Headings High level scoping statement Legal powers and responsibilities Governance Information sharing Identity management Infrastructure Messaging, events and transactions Federation Sustainability

Issues How does all this feel to you? How much of this is available now? What can I buy today? Do our IT departments have the skills and know-how to deliver this vision? Some of this has to be bought and deployed collectively – Who? How?