E-GOV Web-Services for eGovernment in Germany Brussels, Feb. 19, 2009 OASIS eGov Member Section Frank Steimke OSCI Leitstelle, Bremen, Germany.

Slides:

Advertisements

Similar presentations

17 March 2010 Workshop on Efficient and Effective eGovernment FASTeTEN : a Flexible Technology in Different European Administrative Contexts

Advertisements

Data Transport Standard (DTS) for NCHELP Business Perspective.

Siebel Web Services Siebel Web Services March, From

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

General introduction to Web services and an implementation example

Inter-Institutional Registration UNC Cause December 4, 2007.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

1 Introduction to XML. XML eXtensible implies that users define tag content Markup implies it is a coded document Language implies it is a metalanguage.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

Network Shared Services. Shared Services –Network Authentication and Authorization Services –Exchange Network Discovery Service –Universal Description.

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.

Web services security I

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

© Julia Wilk (FHÖV NRW) 1 Digital Signatures. © Julia Wilk (FHÖV NRW)2 Structure 1. Introduction 2. Basics 3. Elements of digital signatures 4. Realisation.

Web Services Michael Smith Alex Feldman. What is a Web Service? A Web service is a message-oriented software system designed to support inter-operable.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

Ministry of Transport, Information Technology and Communications Technological base: Interoperability Tsvetanka Kirilova Ministry of TITC Bulgaria.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

System Design/Implementation and Support for Build 2 PDS Management Council Face-to-Face Mountain View, CA Nov 30 - Dec 1, 2011 Sean Hardman.

Introduction to UDDI From: OASIS, Introduction to UDDI: Important Features and Functional Concepts.

JVM Tehnologic Company profile & core business Founded: February 1992; –Core business: design and implementation of large software applications mainly.

Exchange metering information of Elia through FTP or ECP? Why is Elia proposing 2 different protocols and what are the advantages of both protocols.

E-Quotes A Suite for Dynamic Integration of Stock Exchange Web Services Ajay Mansata Arpan Biswas Gaurav Sharma Sameer Yeolekar.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

November 10, 2010 Washington, D.C.. Agenda Secure Component tool Secure Component tool Contacts and Messaging Contacts and Messaging Workspaces Workspaces.

Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application A vision on a national Electronic Authentication.

EGov Interop'05 - Feb 23-24, Geneva (Switzerland) OBSERVATORY ON INTEROPERABLE eGOVERNMENT SERVICES eGov-Interop'05 Annual Conference February.

Digital Signatures and e-Identity. Getting the best out of DSS / DSS-X services. Andreas Kuehne – DSS-X member.

An XMPP (Extensible Message and Presence Protocol) based implementation for NHIN Direct 1.

Web Services An introduction for eWiSACWIS May 2008.

GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.

Statistisches Bundesamt eSTATISTIK.core: AN XML-BASED APPROACH TO DATA COLLECTION FROM ERP SYSTEMS Joint ECE/Eurostat/OECD Meeting on the Management of.

X-Road – Estonian Interoperability Platform

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

OEI’s Services Portfolio December 13, 2007 Draft / Working Concepts.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 1 The Finnish National Electronic Patient Record Archive

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Web Services Standards. Introduction A web service is a type of component that is available on the web and can be incorporated in applications or used.

XML Web Services Architecture Siddharth Ruchandani CS 6362 – SW Architecture & Design Summer /11/05.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.

Standards for Technology in Automotive Retail STAR Update Michelle Vidanes STAR XML Data Architect April 30 th, 2008.

Kemal Baykal Rasim Ismayilov

Data protection as an integral part of OOP implementations: The Austrian approach Peter Kustor.

SOAP-based Web Services Telerik Software Academy Software Quality Assurance.

The German eID and eIDAS

1 Registry Services Overview J. Steven Hughes (Deputy Chair) Principal Computer Scientist NASA/JPL 17 December 2015.

National IT Industry Promotion Agency E-document System Team.

The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”

INFSO-RI Enabling Grids for E-sciencE Web Services Mike Mineter National e-Science Centre, Edinburgh.

Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.

# # 0089CB # 00283C HEXRGB # COLOUR PALETTE TEXT COLOUR HEXRGB # FFFFFF 255 # # BFBFBF.

1 Virtual broker system Zlatica Tomašević. 2 Content External domain - Submission of customs declaration Introduction Croatian practise.

Training for developers of X-Road interfaces

Goals Introduce the Windows Server 2003 family of operating systems

Web-Services for eGovernment in Germany

NCHELP Update Common Record for FFELP & Alternative Loans Meteor

A non-statistical data exchange scenario

Presentation transcript:

E-GOV Web-Services for eGovernment in Germany Brussels, Feb. 19, 2009 OASIS eGov Member Section Frank Steimke OSCI Leitstelle, Bremen, Germany

E-GOV Folie 2 At a glance  Security as a key requirement for eGovernment Web Services  Paperless processes  Electronic Forms with electronic Signatures  Encryption for confidentiality, PKI for authentification  Development of OSCI-Transport 1.2 in 2002  Secure message exchange based on XML-Technologies  Implementing a Registry for OSCI-Transport bases Web-Services  Interconnecting the Registries of Residents as Killer-application  Standardization at the application level (OSCI-XMeld)  Nation-wide in use since Jan. 1, 2007  Other applications followed (e. g. Interior, Justice, Finance)  Next steps  Adopting international “web service security” in OSCI-Transport 2  New Projects at the European level

E-GOV Folie 3 Agenda  Web Services Security: 1st Approach, OSCI-Transport 1.2  Standardization at the Application Level  Next Steps

E-GOV Folie 4 OSCI Transport Version 1.2  Open Standard, developed in 2001 … 2002  Experts from Government and Industry  Based on W3C Standards XML digital signature and XML encryption  No WS* - Stack at this time  Profiled to meet German and European Laws (digital signature act)  Double-Envelope (Container) schema  Application independent  Sharing resources without loss of confidentiality  Uses Internet (http)  Allows economic Implementation at the local Government Level  Successfully checked against ITSEC

E-GOV Folie 5 Communication levels Internet / http Standardized message exchange (Application level)

E-GOV Folie 6 Reliable One-Way Scenario  User 2 acts as a service provider  Intermediary acts as mandatory controller  unable to decrypt message content  Delivery is recorded, can be retraced and confirmed  Service result can be sent back in a independent transmission  Processing of the message is done behind the scenes

E-GOV Folie 7 Implementation of OSCI-Transport 1.2  Described in terms of XML-Schema  Data structures for atomic messages (e. g. forward delivery request)  Problem with schema definition (Early version of XML-DSIG & XML-ENC)  Client components available free of charge and open source  OSCI-Transport library  Supplied by the government to support the use of OSCI-Transport  Available in JAVA and.NET  Server components available as commercial products  Developed and maintained by Industry  Different types of integration  OSCI-Transport library integrated in desktop applications  Intermediary integrated into legacy middleware  Special purpose middleware products (usually file-system based)

E-GOV Folie 8 German Government Services Registry (DVDV)  Build from scratch as a distributed system  Organizations and services managed in an LDAP tree  Master is operated by federal government  Slaves with replicated data at the federal state level  Maps service requests to data of communication endpoints  Request: service (‘xmeld-0201’, ‘bremen’)  Response: endpoint (X509-certificates, URI-of-intermediary, …)  Acts as a Indicator for non-mandatory services “Is service xmeld-0410 offered by the registration office in Bremen ?”  Describes in terms of WSDL, but …  Usually the service descriptions are hardcoded in the legacy systems  Transport-Binding is proprietary up to now (OSCI-Transport 1.2)  EU eGovernment Award 2007 for effective and efficient administration  See

E-GOV Folie 9 Agenda  Web Services Security: 1st Approach, OSCI-Transport 1.2  Standardization at the Application Level  Next Steps

E-GOV Folie 10 Civil registration in Germany  Mandatory for all residents  Used as a Source of Information about Citizens for many purposes  Municipal Administration and Statistics  Private Parties (Find someone's Address)  Security purposes  Decentralized System with more than registries at the local level  Sometimes filed in more than one Registry in case of Residences in different Municipalities  Need of Message exchange to keep Registries synchronous  More than 20 legacy Systems to operate these Registries

E-GOV Folie 11 Amendment of Federal Law  Prerequisites: Law and Techniques for Secure Data Exchange  German Digital signature Act (2001)  OSCI – Transport (2002)  Public Key Infrastructure with Certificates for Registration Offices  ( Centralized Registry for electronic Services )  Commitment of Ministries of Interior for Automation  Based on open Standards for Transport and Application Level  Protection of Investment for Legacy Systems  Amendment of Federal Law took place in 2002  Transitional period ends in 2006  Electronic Data Exchange became …  Mandatory for messages between registries in different federal states  Every Vendor was obliged to implement the standards  Mandatory for Federal Authorities  Possible for Inquiries and other messages

E-GOV Folie 12 Application Level Standardization  OSCI XMeld (XML für das Meldewesen) OSCI XMeld  Open Standard, designed for civil registration in Germany  Based on the German federal law about Content of Registries  E. g. Name, Address, Locations, Citizenship, Tax data …  Described in Terms of UML Classes  Implemented as Types in XML Schema, derived from UML  Messages for Processes in Civil Registration  Based on Data exchange liabilities in the Federal Law  E. g. Inquiries, Synchronization between Registries, …  Described in Terms of UML Classes: Aggregations of Base Data Structures  Implemented as Root-Elements in XML Schema, derived from UML  OSCI XMeld-Message  XML Document Instance, valid with Respect to OSCI-XMeld Schema  Signed, encrypted and transferred within OSCI-Transport Infrastructure

E-GOV Folie 13 Single source modeling  Modeling is done within UML  Use Cases, Activity Diagrams, Class Diagrams  Single source for Schema and Documentation guarantees Consistency  XML-Schema is derived from UML Classes  Using the UML profiling Mechanism (“UML-Profil für XÖV”)  Generation of > or >  Documentation is derived from UML Classes  XMeld-Specification is a docBook which consists of  Fragments, automatically generated from UML Classes  Manually written parts  Software “XGenerator” has been written for this Task  Open Source Java Project, hosted at Sourceforge  Eclipse Modeling Framework (EMF)  USE, an A UML based Specification Environment with OCL Engine University of Bremen, Germany

E-GOV Folie 14 Chain of Tools

E-GOV Folie 15 Responsibilities for XMeld

E-GOV Folie 16 New services for TAX purposes  New centralized Database for TAX purposes  Unique TAX-ID for every citizen  Services offered by TAX Registry  Insert  Forced-insert  Update  Delete  Services offered by Residents Registry  Accept-tax-ID  Check-for-duplicates  Services are described in OSCI-XMeld  Security assured by OSCI-Transport  In use since 2008  More than Messages / Month

E-GOV Folie 17 Agenda  Web Services Security: 1st Approach, OSCI-Transport 1.2  Standardization at the Application Level  Next Steps

E-GOV Folie 18 OSCI Transport 2 and SAFE  OSCI-Transport 2: secure web services profiled for German needs  Bases on international standards from WS* and WS-Security  Profiling is done to meet German (and European) laws  Some extensions for issues known from Version 1 Experiences  Specification will be published soon  Implementation will be done by using WS-Frameworks (Apache, SUN, MS)  SAFE: Secure Access for Federated eGovernment  Standardized interfaces to identity management techniques  Registration, authentication, authorization of communication participants  Based on WS*-Stack, profiled to improve interoperability  Basic part: Application independent  Further profiling for applications in eJustic in a second part  Shall be used in conjunction with service Registry and OSCI-Transport 2

E-GOV Folie 19 Application interoperability Issues  Status quo  Different Standards at the application level  Problem: Interoperability Issues with legacy systems and –data  Every system has its own information model …  … which is usually not explicit  Sometimes they are not easy to transform  Sometimes they are conflicting  How to develop a common nucleus for eGov-Message exchange ?  What about OASIS Core Componentes, part of ebXML?  How to deal with legacy data?  Common data structures or transformation and conversion  Top down or bottom up?  Costs (Invest and long term) ?

E-GOV Folie 20 Thank you very much Frank Steimke OSCI Leitstelle, Bremen, Germany