2-ibm-rp - bi government soa scenario immigration and border management

8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management

1/56

Redpaper

Copyright IBM Corp. 2009. All rights reserved. ibm.com/redbooks 1

Government SOA Scenario:

Immigration and Border Management

This IBM Redpaper describes a service-oriented architecture (SOA) industry

solution for immigration and border management using the IBM GovernmentIndustry Framework. It describes how the IBM Government Industry Framework

can be used to implement two scenarios:

Advanced Passenger Analysis Registered Traveler

Martin Keen

Allen DreibelbisHungTack Kwan

John LaLone

Paul McKeown

Rashmi Kaushik

Robert Spory

Marilza Maia

Vinod Chavan
http://www.redbooks.ibm.com/http://www.redbooks.ibm.com/http://www.redbooks.ibm.com/http://www.redbooks.ibm.com/


2/56


3/56

Government SOA Scenario: Immigration and Border Management 3

Figure 1 IBM Government Industry Framework supports integrated government solutions

This paper discusses scenarios in the safety and security domain to illustrateleading practices and how to adopt the IBM Government Industry Framework

components.

New challenges at the border

Around the world, the threat of terrorism and the promise of globalization are

reshaping the fundamental nature of borders and how they are managed.Borders must be open for business and closed to unwanted guests. The desire to

improve speed and convenience is constantly held in check by the responsibilityfor security and safety

In many nations, control operations are now executed beyond the physical borderand before arrival at a nation's official points of entry. The result is a muchbroader and more complicated scope of operation for border management, and a

greater need for collaboration between nations.

IBM Systems and Technology Group

IBM Government Industry Framework

Key IBM Software Group Products

Government Extensions and Accelerators

Data, Processand Risk Models

Interfaces andAdapters

Templatesand Portlets

ReferenceArchitectures

ToolsDeliveryGuides

IBM Global Business Services

IBM Global Technology Services

Partner Ecosystem

IBM Government Services Solutions

Tax and

RevenueManagement

Social

Services andSocial Security

Safety and

Security

Metropolitan

Transportationand Roads

Integrated

UrbanInfrastructure


4/56

4 Government SOA Scenario: Immigration and Border Management

Border management duties are shared between a wide range of governmentagencies such as customs, border protection, immigration, police, and

intelligence. Each of these agencies have individual priorities in support of thecommon goal. There must be a constant flow of information between these

agencies to coordinate their activities effectively.

The need for international and inter-agency collaboration to achieve the twinobjective of security and facilitation means that government leaders responsible

for border integrity face rising complexity in accomplishing their missions.

Governments realize that the increase in international air travel and imposition of

rigorous security checks mean more queues and more inconvenience forpassengers. This can result in further disruption to airline schedules and

increased safety and security risks because crowded airports can become

terrorist targets.

Recognizing identity has never been more important to ensure homeland

security, travel, and public safety. If immigration and border agencies know withwhom they are dealing, they can treat them appropriately. The faster the process,

the less the disruption, making identity management technologies key. Some ofthese analytical tools are shown in Figure 2.

Figure 2 Analytical tools to identify and assess passengers

These tools will be referred to in more detail in the rest of the paper.

Screening

Assess Risk Profile

Passenger Data Load

and Score

Name Recognition

Record Results

Alerts against Watch

Lists

Watch Lists

Manage Lists

Passenger Records

Reprocessed

Secondary Analysis

Workflow for Manual

Expertise

Intelligence Resolution

Alerting

Manage Cases

Generate Alert

Notification

Auditing

Passenger Profile

Ticket

Case & Alert History

Biometrics

Stored in eDocuments

Local verification of ID

Identifying unknown

people

Uses face, fingerprints

iris scans for

identification
http://-/?-http://-/?-


5/56


What is being done to meet the twin challenges of security and

facilitation?

Airports, airlines, and governments are aware of the problem and are

considering a range of options to address this challenge. There are primarily tworanges of options:

Resource management

This option looks to increase capacity. Examples include adding moreairports, adding more security gates, and adding more staff. These solutions

are typically expensive to implement, and are subject to environmentalconstraints.

Technology

This option looks to increase throughput by early identification of passengers,

early risk assessment, and speeding low risk passengers through automatedchecks wherever possible. These options include, either singly or in

combination:

Advanced Passenger Analysis

Registered Traveler programs Automated border gates

Self check-in through the Web and kiosks

This paper focuses on Advanced Passenger Analysis and Registered Traveler

programs.


Advanced Passenger Analysis is the process of comparing passenger data withwatchlists and profiles before and during flights. Sending information from airline

to government prior to travel provides cost effective facilitation and securitybecause background checks on more passengers earlier in the process means

fewer delays due to manifest checks by the destination country prior to take-off.After high risk passengers are identified, border agents can focus their attentionson reducing their risk through detailed questioning. Focused checks are more

effective than random checks of everyone who attempts to board a plane.


6/56


Benefits of Advanced Passenger AnalysisThe following benefits are derived from a Advanced Passenger Analysis solution:

Advanced Passenger Analysis reduces cost of both the arrest of serious

criminals and the denial of boarding to certain passengers.

Border security is tightened because an early warning system allows more

time for the authorities to develop plans for intervention.

Passengers enjoy an easier, quicker travel experience because they aretreated sensitively according to the risk they present and by having sent

information in advance. Background checks that would normally cause aqueue at the border can be done before they arrive.

Airports benefit because they are less likely to incur fines for poor

performance due to long queues.

Airlines benefit because they are less likely to carry unwelcome passengers,

which could cost the airlines both large fines and the fee of returningunwelcome passengers to their departure point.

Registered Traveler programs

In a Registered Traveler program, registered travelers use a token to accessautomated or fast-service security and border checkpoints. The enrollment

process generally involves the traveler providing a detailed biography for riskassessment, and providing biometric information. Tokens are issued to travelers

meeting the credentials. The Registered Traveler program continues to performongoing checks to ensure that the traveler's behavior remains consistent withtheir trusted status.

The Registered Traveler program can be a commercial or government program:

As a commercial program it is a fee paying card-based program combined

with other services such as car parking and business lounges. As a government program it uses electronic passports or ID cards to access

automated gates.


7/56


Benefits of a Registered Traveler programRegistered Traveler programs offer benefits to a range of stakeholders:

For passengers it means more convenience and consistent and reasonable

times for security checks. These can be significant because Registered

Travelers are normally through the border in a few minutes. CommercialRegistered Traveler programs provide a full service offering, including accessto private lounges, preferential car parking, and loyalty schemes in the airport.

Airlines benefit indirectly. If fewer people are delayed due to queues at theborder and security they are likely to view air travel more positively. It could

also mean less disruption to their timetables because of late boarders.

Airports profit from their commercial Registered Traveler programs. Theymight also enjoy an improved image because the automation has reduced

queue times for all. There could be more repeat business as travelers are lesslikely to avoid airports in the future due to previous negative experiences.

Governments could see an improvement in national security because they

can process people more thoroughly using automated gates. It allows forbetter assessment of security risks because international schemes canenable multi-background checks.

Governments also have a biometric records of entry and exit. They know whois in or out of the country.


8/56


Capability model for a new and improved border management

process

Figure 3 shows the capability model for a new and improved border management

process. This border management process needs to support collaborationbetween agencies, secure and timely exchange of critical information, ability to

meet increased demand, and the ability to respond quickly to changingregulations and policies.

Figure 3 Capability model for a new and improved border management process

The result of this enhanced border management process are two offerings:

Enhanced Advanced Passenger Analysis A new Registered Traveler program

These two offerings are the subject of the remainder of this paper.


This section describes how to model a Advanced Passenger Analysis process,perform business service modeling, and illustrates a solution architecture withIBM product mappings.

Business

Initiatives

Value

Proposition

Capabilities

Offering

Enhanced Advanced Passenger Analysis (APA) New Registered Traveler (RT) Program

Boost national

economy through more

travel and trade

Improved mgmt of

crisis and alerts

Tighten national

security

Improved convenience

for air/sea/land

travelers

Improved

effectiveness and efficiency

of border control

resources

Enhanced Border Management Processes

Rapid response to new

government regulationsand security policies

Ability to increase

collaborationwith other agencies

Ability to be sure of

passenger identity

Ability to process more

passengers using

Automated borders


9/56


Modeling the Advanced Passenger Analysis process

This section describes an Advanced Passenger Analysis process for an

international air travel example. This solution can be applied to a broader rangeof border agency/immigration departments that might already have a basic

Advanced Passenger Analysis solution or no Advanced Passenger Analysissolution at all.

What is the Advanced Passenger Analysis System?Advanced Passenger Analysis (APA) is an early warning system that allows

governments to collect and analyze Advance Passenger Information (API) andPassenger Name Record (PNR) data from airlines before and during their

journey. By comparing API and PNR data with watchlists and profiles,

governments can be alerted if named persons of interest, or unnamed individualswho fit the profile of high risk passengers are attempting to cross their borders.

Some countries believe that the use and storage of API/PNR Data intrudes on

passenger privacy and are seeking compromises on the amount of data that isprocessed and stored.

Countries are reaching consensus on a standard way of collecting informationfrom airlines.

Advance Passenger Information:

Concerns data that air/sea carriers did not store previously but which they

now have to collect separately for the benefit of border authorities.

Includes all the data elements that travelers have to present at the bordercontrol at the travel destination.

Transmission resembles a pre-arrival manifest sent to the border authoritiesof the travel destination.

Consists of data that can be directly taken from the machine-readable part ofa passport plus the general flight-related data that exist in the airlinecomputers.


10/56


Advanced Passenger Analysis business processFigure 4 shows the high level activities in an Advanced Passenger Analysis

business process.

Figure 4 Advanced Passenger Analysis process (tier 1)

The high level process operations are as follows:

1. An individual makes travel reservations using a travel request system (using

an online reservation system, kiosk, mobile device, or in person).

2. An e-ticket is generated.

3. API is routed from airline reservation system to border control operations

center (BCOC).

4. BCOC normalizes the data and matches against a number of watch lists.

5. The system generates hits if there is a match.

6. A person intervenes to decide if a hit should be an alert.

7. Authorities are alerted to possible travel of person of interest.

8. Instructions on passenger handling are issued (such as deny, accept, or

arrest on arrival).

We now look at each activity in this process in turn.


11/56


12/56


Activity 1.2: Government agency review

After the travel reservation is made, pre-travel verification if performed as shown

in Figure 6.

Figure 6 Activity 1.2: Government Agency Review (tier 2)

1. Based on the ePassport number taken from the reservation, the passportvalidity is checked.

2. That persons name is checked against watch lists for immigration, crime, and

other possible interested stakeholders.

3. If there is a match the operators decide what action to take.


13/56


Activity 1.3: Day of travel

On the day of travel the events detailed in Figure 7 occur.

Figure 7 Activity 1.3: Day of Travel (tier 2)

1. A passenger checks-in using appropriate travel documents (such as a valid

photo id, and an e-ticket) and continues with travel to a destination ifbackground security checks are passed.

2. For international travel, additional checks are conducted at the port of arrival.

Next, we take a closer look at the two activities that make up this part of theprocess.


14/56


Activity 1.3.1: Check-in

For countries where real time authority is desired, the events detail in Figure 8 on

page 15 occur.


15/56


Figure 8 Activity 1.3.1: Check-in (tier 3)

1. A traveler checks-in using the appropriate travel documents (such as a valid

photo ID, and an e-ticket).

2. Personal information and travel details are validated.

3. Information is submitted real-time for checks and screening againstgovernment databases (see Activity 1.2: Government agency review on

page 12 for government agency checks)

4. The traveler is either approved or rejected for travel.

5. If the traveler is approved, their bags are checked-in and travel continues.

6. If the traveler is declined, they are notified. Carrier and border management

systems are updated with the travel decline information.

Activity 1.3.2: Arrival clearance

For international travel, identity is monitored at the travel destination for fraud or

abuse to ensure the trustworthiness of the identity. This process to perform this isas shown in Figure 9.

Figure 9 Activity 1.3.2: Arrival Clearance


16/56


1. Validation of the ePassport or eVisa to ensure it is generated from acompetent authority.

2. Verification and validation of the biometric or biographic information of the

traveler.

3. Validation of the traveler using random second factor identification (includingrandom questions, fingerprints, or iris identification).

4. Verification of the health, quarantine form, or reason of travel.

Benefits of Advanced Passenger AnalysisThe Advanced Passenger Analysis process described in this section offers thefollowing benefits:

Ensures border protection from undocumented or undesirable passengers at

departure time. This is achieved by:

Providing a mechanism to anticipate threats and alerts reported for thetraveler

Obscure and anonymous relationship resolution

Risk assessment

Checks can be done prior to a passenger commencing their journey. Thisreduces time for screening passengers on the day of travel or upon reaching

their destination.

The security check is more thorough and completed within minutes ascompared to manual procedures of interviews and secondary random checks.

Adding a new government agency check or making changes to policies in thefuture is easy, without having to alter the entire business process.

Ensures compliant measures for international identity standards, treaties, and

conventions

Updates ePassport information across the border management systemsafter the person crosses the border. This provides tracking information.

Border security violation information is forwarded to alert border guardspromptly.

Handles exceptional situations, and initiates a remedy procedure. Exceptional

situations include:

Diverted travel due to bad whether, technical problems, or medical

emergencies

Other emergencies where travelers reached the wrong country withoutany bad intention but without the appropriate visa


17/56


Business service modeling

After performing business process modeling, the next task is to delineate the

services that comprise the business processes. This can be achieved using theservice-oriented modeling and architecture (SOMA) approach from IBM,

illustrated in Figure 10.

Figure 10 Service-oriented modeling and architecture (SOMA)

SOMA provides an approach to building a SOA that aligns to business goals andties the business processes directly to underlying applications through services.

The process of SOMA consists of three general steps:

Identification Specification Realization of services, components, and flows

The service identification step of SOMA consists of three techniques that canhelp identify services for the Advanced Passenger Analysis business process:

Domain decomposition

This is a top-down view of the business process. It consists of processdecomposition where processes are broken up into sub-processes and

high-level business use cases. In this top-down decomposition, businessprocesses are represented hierarchically.

For example, the Government Registered Traveler Program process can be

decomposed into sub-processes such as: Advanced Passenger Analysis

Registered Travel Program

service allocationto components

component layer

Service realization decision

Subsystemanalysis

Componentspecification

Servicespecification

component flow

specification

informationspecification

service flow

specification

message & eventspecification

Identification

Specification

Realization

Domaindecomposition

Goal-servicemodeling

Existing assetanalysis
http://-/?-http://-/?-


18/56


Each sub-process can in turn be decomposed further, ultimately leading to alist of business use cases. For example, the Advanced Passenger Analysis

sub-process can be decomposed as follows:

Advanced Passenger Analysis Travel Request,

Advanced Passenger Analysis Passenger Screening Advanced Passenger Analysis Day of Travel

The Advanced Passenger Analysis Travel Request sub-process ultimately

leads to the business use cases such as:

Complete Online Travel Request E-Ticket is Generated for Traveler

These business use cases are typically good candidates for business

services.

Goal-service modeling

In this phase, business services are identified based on goals and metrics.

For example, goals can be defined such as:

Reduce Traveler Time Increase Collaboration with Other Government Agencies

These goals might consist of sub-goals, such as Reduce Travelers Time by30% (the percentage value will, of course, vary dependant on the project).

Business services can be identified and grouped under these goals. Existing asset analysis

In contrast to domain decomposition, this is a bottom-up approach. Existing

systems are analyzed according to their suitability for inclusion in businessprocesses. For example, the Complete Online Travel Request process can beanalyzed to determine if any of the services used in this existing process

meet the needs of the new business processes. Typically, reuse of existing

systems and assets provides a lower cost solution to implementing servicefunctionality than creating new assets.

IBM provides service offerings for working with SOMA. The IBM SOA IntegrationFramework service offering is shown in Figure 11 on page 19.


19/56


Figure 11 Using the IBM SOA Integration Framework to perform SOMA decomposition

Note: For more information about applying SOMA, refer to the

developerWorks article, Service-oriented modeling and architecture,available at the following Web page:

http://www.ibm.com/developerworks/library/ws-soa-design1/
http://www.ibm.com/developerworks/library/ws-soa-design1/http://www.ibm.com/developerworks/library/ws-soa-design1/


20/56


Technical solution

This section describes the technical solution that was designed and built for the

Advanced Passenger Analysis process. It includes a description of the IBMproduct offerings that were used in the implementation.

Technical challenges, solution design, and system contextThe following technical challenges should be considered when designing anAdvanced Passenger Analysis process:

There is point-to-point integration between several applications as well as

applications and data sources.

Scaling the existing architecture to accommodate new data sources such as

international watch lists and criminal data is complex and time consuming. There is a high level of complexity in effectively supporting multicultural

names and personal identity information that comes from a variety of data

sources.

The travelers data has to be consolidated from several different sources toverify identities, match against watch lists, and support detection of fraud and

threat.

SOA-based projects are not planned at an enterprise level, causing

governance, service management, and service security concepts to beimplemented only in pocket.

To meet these technical challenges, the following architectural principles shouldbe used in the solution design:

The solution should provide an enterprise integration framework, components

and reusable services that make use of existing systems that span multiple

hardware and software platforms.

The solution should be designed to provide the flexibility to incorporate futuretechnology and accommodate changes to business and performance

requirements, changes to laws and regulations, trade volumes, and securitythreats.

The solution should provide a common programming model based upon

industry-accepted computing standards to improve reuse within thearchitecture.

The solution should support the use of multiple technologies and techniquesfor interoperability with external systems and for the integration of systemsand applications within the Integrated Border Management solution.


21/56


The solution should be based upon an architecture approach andtechnologies using industry-accepted open computing standards,

Government, World Customs Organization (WCO), and internationalstandards.

The solution should be built upon the concept of tiers and layers, which

requires the separation of presentation, application, and data to develop aresilient, secure, and end-to-end solution architecture.

The location and internal working and implementation details of a serviceshould be isolated from the service consumers to provide a dynamically

reconfigurable architectural style.

The system context diagram for the Advanced Passenger Analysis process is

shown in Figure 12.

Figure 12 System context diagram for Advanced Passenger Analysis


22/56


Solution architectureThe solution architecture for the Advanced Passenger Analysis process is shown

in Figure 13.

Figure 13 Solution architecture for Advanced Passenger Analysis

Understanding the solution architecture

Note some of the highlights of this architecture:

An Advanced Passenger Analysis Portal has been introduced to allowstandardized access to APIs by authorized carriers, government agencies,and border agencies in other countries.

In the Integration layer, an enterprise services bus (ESB) has been introducedto make applications and information available within and outside the

enterprise in a flexible, agile and secure manner.

Process services in the integration layer denote the business processes andworkflows in execution (such as the APA and case management processes)

Advanced

Passenger

System Portal

Enterprise

Service Bus

Application

Logic

Presentation Tier Data Tier Integration Tier

External Systems Government Commercial Passenger datafrom Carriers

Application Tier

CarrierHelp

Desk

Customs & ImmigrationBorder ControlLaw EnforcementCommercialPublic

Messaging, Web Services

SOA Governance, Security and Management

HTMLHTML

XMLXML

Case Mgmt

Targeting

Screening

Alert Generation andMgmt

Advanced PassengerInformation System

Content Mgmt

TransactionServices

WebServices

MessageMediation

ComplexEvents

InformationIntegrationServices

ProcessServices

AnalyticsData

Rules

PassengerData

Case MgmtData

NORAData



23/56


In the application tier, two separate applications are introduced:

Screening passengers using PNR data against watch-lists, crimedatabases, no-fly lists, public records, and so forth.

Targeting by using analytics capabilities to analyze behaviors of risky

travelers to develop risk-based profiles that can be used for screeningagainst the passenger lists.

In the integration tier, Information Integration Services provides support fordata consolidation from several government sources and criminal databases,

along with cleansing as needed.

The case management database contains case details for the processing andevaluation of passengers that have been flagged for further investigation.

Triton

Several components of the solution design can use a framework component

called Triton. This is a SOA Foundation Accelerator that helps realize the

business value of SOA faster and with less risk than typical customimplementations. Triton addresses the following business and IT pain points:

Business pain points:

We bought all of this software months ago and I still have not seen any

benefit.

All I wanted to do was to integrate these existing information systems, andnow I have more software and still no integration.

IT pain-points:

We are having a difficult time putting all these software products together.

We are having a hard time locating all of the skill sets necessary tointegrate all of these products.

We need a common platform across our enterprise to lower total cost ofownership, to improve interoperability, and to share more information.

Note: This paper uses a patterns-based approach in arriving at thearchitecture described here. To read more about the patterns associated

with this architecture, see Applying business and infrastructure patternson page 40.


24/56


Triton can help address these pain points in the following ways:

Triton uses the IBM investment in SOA implementations worldwide andharvested leading practices to provide an advantage over competitors who

are still building every business solution for the first time, every time.

Triton removes the focus on integrating middleware. Triton is the core of the IBM Government Industry Framework, which means

that many independent software vendors are integrating theirbusiness/mission applications to this same stack, providing a built-in path for

enabling additional functionality.

The benefits of Triton are as follows:

Lower maintenance cost and effort.

Improved time-to-value and return on investment.

Improved quality of implementation through the use of harvested leadingpractices from worldwide SOA engagements.

Lowered risk of failed engagements due to the inability to install and configure

the SOA infrastructure.

IBM Government Industry Framework components recommended toimplement the solution architecture

This section describes the IBM Government Industry Framework componentsrecommended to implement the solution design:

Component options products used to implement the Advanced PassengerSystem Portal in the presentation tier:

IBM WebSphere Portal Server

Triton (SOA Foundation Accelerator)

Connectivity infrastructure products used to implement the ESB in the

integration tier:

ESB runtime, such as one or more of the following:

IBM WebSphere Enterprise Service Bus IBM WebSphere Message Broker

IBM WebSphere DataPower

IBM WebSphere Service Registry and Repository



25/56


Business process management products used to implement process servicesin the integration tier:

IBM WebSphere Dynamic Process Edition

Triton (SOA Foundation Accelerator) IBM WebSphere iLOG JRules

Information integration services products used to consolidate and cleansedata from various sources in the integration tier:

IBM InfoSphere Information Server

IBM InfoSphere DataStage IBM InfoSphere QualityStage

IBM InfoSphere Global Name Recognition

Analytics data product used to implement Analytics Data and Rules in thedata tier:

IBM Cognos

Risk products used to implement NORA data in the data tier:

IBM Entity Analytic Solutions

IBM Relationship Resolution IBM Identity Resolution

IBM Anonymous Resolution

IBM Cognos

Infrastructure products used to implement SOA Security:

IBM Tivoli Access Manager IBM Federated Identity Manager

IBM Tivoli Identity Manager IBM Tivoli Directory Server


Rapid deployment (for service creation and service reuse) products:

IBM Rational Software Architect

IBM InfoSphere Data Architect

Infrastructure products used to implement SOA Management:

IBM Tivoli Performance Analyzer

IBM Tivoli Composite Application Manager for SOA IBM Tivoli Composite Application Manager for WebSphere



26/56


Products used to implement SOA Governance:

IBM WebSphere Service Registry and Repository IBM Rational Asset Manager

IBM Tivoli Change and Configuration Management Database IBM Rational Method Composer

Registered Traveler program

Registered Traveler provides a secure, fast, and robust solution for both

governments and travelers. This section describes how to model a RegisteredTraveler process, and perform business service modeling. It illustrates a solution

architecture with IBM product mappings.

Modeling the Registered Traveler process

This section describes a typical Registered Traveler process that could be offered

by a government agency or through a commercial program. The borderagency/immigration department might have an Advanced Passenger Analysisprocess in place before undertaking this solution.

Business challenges and pain pointsThe business challenges and pain points experienced in a typical bordermanagement process are as follows:

Immigration and border agencies

There is a heavy burden of analysis of travelers (name and identity,

possible relationship to wanted individuals, unobvious threats, and so

forth) with limited resources and ever increasing demands on homelandsecurity.

Relying purely on Advanced Passenger Information (API) data provides

limited details for risk assessment.

There is often limited information sharing across immigration agencies andgovernment bodies, with poor means of electronic notification and alerts.

Travelers

Travelers face lengthy security checks and lines at airports.

Frequent travelers, especially, need faster and more convenient means to

reduce travel time.


27/56


Government IT systems

Response to changing security requirements, with new checks andaddition of new data sources, is slow and turns into lengthy projects.

Inflexible enterprise architecture limits building new services (online, self

service, real-time automated checks) from existing silo systems. Airports and travel carriers (airlines, sea, and land carriers)

Travel carriers are constantly improving the end-to-end passengerexperience, but many factors are outside of their control.

Lengthy queues at security and the border and restrictive processes arerarely the travel carriers fault, but they lead to a feeling of dissatisfaction

with their product and service.

Authenticating trusted users with biometric technologyA Registered Traveler solution uses biometric technology to authenticate trustedusers. Biometrics is the science of identifying or verifying the identity of a personbased on physiological or behavioral characteristics. Physiological

characteristics include fingerprints, retinal pattern, iris, and facial appearance.Behavioral characteristics are actions carried out by a person in a unique way.

They include signatures, voiceprints, and gait, although these are naturallydependent on physical characteristics as well.

Biometrics have several advantages over conventional password and PIN-based

systems. Three primary advantages of biometrics are noted in a securityenvironment are as follows:

Biometrics does not need to be remembered and cannot be easily lost. This

makes it much easier for the user.

Biometrics cannot be easily stolen or loaned to a friend. This makes it more

secure from a system point of view.

Biometrics typically has higher information content than a password, making itharder for a hacker to crack such a system.

Immigration and border agencies can use a combination of biometrics andbiographics information for enrollment and proofing, based upon which anapplicant is issued Registered Traveler credentials.


28/56


Registered Traveler business processThe overall flow of the Registered Traveler contains the stages detailed in

Figure 14.

Figure 14 Overall flow of the Registered Traveler process

Pre-enrollment

Collect biographic data that is used to initiate the enrollment process.

Enrollment

The enrollment process drives the identity proofing and results in the approvalor rejection of an application.

Proofing

Validate all of the identity information that is provided by an applicant.

Enrollment approval

If there are no issues during enrollment and proofing, then approve theenrollment application.

Credential provisioning

Create the credential that will be used when issuing an identity token (such asa national ID card).

Credential issuance

Issue the credential using the required physical token (such as a smart card).

Credential activation

Activate the issued credential so that it can be used to validate an individuals

identity.

Identity usage

Use the credential in a high assurance transaction where it is required to

validate a persons identity.

Identity monitoring

Monitor identity usage for fraud or abuse to ensure the trustworthiness of the

identity.

Pre-

EnrollmentEnrollment Proofing

Enrollment

Approval

Credential

Provisioning

Identity

Usage

Credential

Activation

Credential

Issuance

Identity

Monitoring


29/56


Figure 15 shows the two high-level steps in a Registered Traveler process.

Figure 15 Registered Traveler process (tier 1)

Obtain a Registered Traveler credential through a domestic application

process (includes pre-enrollment, enrollment, proofing, enrollment approval,credential provisioning, and credential issuance).

Use the credentials on the day of travel at the airport (includes credential

activation, identity usage and identity monitoring).

We now look at each activity in the process in turn.

Activity 1.1: Registered Traveler Domestic Application Process

The domestic application process involves the steps shown in Figure 16.

Figure 16 Activity 1.1: Registered Traveler Domestic Application Process (tier 2)

An individual applies for Registered Traveler credentials or identification (thisis pre-enrollment).

Enrollment into the program requires capture of biometrics. In someRegistered Traveler programs, up to 10 fingerprints, iris patterns of both eyesfor recognition, and a digital photograph are required.

A proofing system verifies fingerprints and irises as part of the scan againstwatch lists.

Next, we take a closer look at the two activities that make up this part of the

process.


30/56


Activity 1.1.1: Registered Traveler Application

The online application process involves the steps shown in Figure 17.

Figure 17 Activity 1.1.1: Registered Traveler Application (tier 3)

1. The applicant submits an online application with requested biographicinformation, along with appropriate processing fees.

2. The information is sent to government agencies for identity checks.

3. The applicant is either approved for further Registered Traveler processing or

declined.


31/56


The Review Other Travel and Government Agency Checks process shown inFigure 17 on page 30 is implemented as a sub-process (Figure 18). In this

sub-process the identity checks are performed against e-Identity trackingsystems, border clearance systems, e-Passport/e-Visa systems, and e-Identity

management systems to ensure the applicant is a low risk applicant.

Figure 18 Sub-process: Review Other Travel and Government Agency Checks

Note: A variation to this process is also valid, where biographic and biometricsinformation are accepted up front with the application. In this case,

government checks are completed in parallel with biometrics proofing, insteadof a two-step process.


32/56


Activity 1.1.2: Registered Traveler Enrollment and Proofing

After the biographical data is vetted against watch lists, the applicant is approved

for further processing as shown in Figure 19.

Figure 19 Activity 1.1.2: Registered Traveler Enrollment and Proofing (tier 3)

Up to 10 fingerprints are captured, iris patterns of both eyes are recorded for

recognition, and a digital photograph is taken.

During the manual interview stage, the interviewer decides whether or not togrant the Registered Traveler privilege.

A physical identification card or logical credentials based on biometricsmatches (where the biometrics is stored in a government repository) might be

provided to approved applicants.

F t R i t d T l th th t l i


33/56


For cross country Registered Traveler programs, the threat analysis processis repeated at individual locations. Therefore, the enrollment system needs to

have the capability to aggregate results from systems other than its own.

The enrollment system contacts agencies and cross country enrollmentsystems through the card interfacing system.

The program is typically offered to only citizens or permanent residents of thecountry.

At the time of enrollment, applicants decide the duration for enrollment in the

program (a minimum of one year) and pay the corresponding fee.

The enrollment procedure is same for re-enrollment upon expiry.

Activity 1 2: Day of Travel


34/56


Activity 1.2: Day of Travel

On the day of travel, the travelers identity is checked and monitored as shown in

Figure 20.

Figure 20 Activity 1.2: Day of Travel (tier 2)

The traveler proceeds through a dedicated Registered Traveler lane (ifapplicable) for security checks.

The traveler uses the Registered Traveler identification card.

Upon approval, a receipt is printed with a photograph of the traveler.

It is possible that the Registered Traveler lanes have automated security


35/56


It is possible that the Registered Traveler lanes have automated securityscanners to make the physical security screening faster.

The Registered Traveler program maintains its own watch list (cached) that

contains information about travelers that should not travel due to variousreasons (such as criminal, law enforcement, invalid Registered Traveler

traveler credentials, and so forth).

The Registered Traveler systems continuously update the watch list for

invalid, expired, revoked, or profiled travelers.

Business service modeling

After performing business process modeling, the next task is to delineate the

services that comprise the business processes. This can be achieved using the

SOMA approach from IBM. The service identification step of SOMA consists ofthree techniques that can help identify services for the Registered Travelerbusiness process.

The use of SOMA is outlined in Business service modeling on page 17.

Technical solution

This section describes the technical solution that was designed and built for theRegistered Traveler process. It includes a description of the IBM product

offerings that were used in the implementation.

Technical challenges, solution design, and system contextThe technical challenges and architecture principles of design for building aRegistered Traveler process are essentially the same as those described for

Advanced Passenger Analysis. For more information about these challenges andprinciples, refer to Technical challenges, solution design, and system context on

page 20.

In addition to the architecture design principles for Advanced PassengerAnalysis, a Registered Traveler solution requires the management of registeredtraveler data. The solution design should provide the enterprise with an

authoritative source for Master Data such as registered traveler data thatmanages information integrity and controls the distribution of master data across

the enterprise in a standardized way that enables reuse.

The system context diagram for the Registered Traveler process is shown in


36/56


The system context diagram for the Registered Traveler process is shown inFigure 21.

Figure 21 System context diagram for Registered Traveler

Solution architecture


37/56


Solution architectureThe solution architecture for the Registered Traveler process is shown in

Figure 22.

Figure 22 Solution design for Registered Traveler

Understanding the solution architecture

Note some of the highlights of this architecture:

A master data repository containing a single, accurate view of registeredtraveler data has been created.

The data tier contains a registered traveler registry and registered traveler

content.

Advanced

Passenger

System Portal

Enterprise

Service Bus

Application

Logic

Presentation Tier Data Tier Integration Tier

External Systems Government Commercial Passenger datafrom Carriers

Application Tier

Carrier

HelpDesk

Customs & ImmigrationBorder ControlLaw EnforcementCommercialPublic

Messaging, Web Services


HTMLHTML

XMLXML

Case Mgmt

Targeting

Screening

Alert Generation andMgmt

Advanced PassengerInformation System

Content Mgmt

TransactionServices

WebServices

MessageMediation

ComplexEvents

ProcessServices

AnalyticsData

Rules

PassengerData

Case MgmtData

NORAData


Client Data

Integration

Registered TravelerMgmt

Biometrics SystemRT Registry

RT Content

The registered traveler data contains data provided by the registered traveler


38/56


g p y gapplicant (such as biographical information) in addition to data used to

support the approval process for screening of the applicant. The registeredtraveler data consists of:

A consolidated view of privately owned data (such as DMV records,

information from credit agencies, banks, and so forth).

Biographic data of the individual that holds the registered traveler

identification.

Biometrics of an individual in the registered traveler content repositorywhich can drive the unique key in the master data repository.

A registered traveler management application has been created to process

new registered traveler identification applications, as well as handle traveldeparture clearance on the day of travel.

IBM Government Industry Framework components recommended toimplement the solution architecture

This section describes the IBM Government Industry Framework componentsrecommended to implement the solution design:

Component options products used to implement the Advanced PassengerSystem Portal in the presentation tier:

IBM WebSphere Portal Server


Connectivity infrastructure products used to implement the ESB in the

integration tier:

IBM WebSphere Enterprise Service Bus IBM WebSphere Message Broker

IBM WebSphere DataPower IBM WebSphere Service Registry and Repository


Business process management products used to implement process servicesand client data integration in the integration tier:

WebSphere Dynamic Process Edition Triton (SOA Foundation Accelerator)

IBM WebSphere iLOG JRules

Note: This paper uses a patterns-based approach in arriving at thearchitecture described here. To read more about the patterns associated

with this architecture, see Applying business and infrastructure patternson page 40.

Products used to implement NORA data in the data tier:


39/56


IBM Entity Analytic Solutions

IBM Relationship Resolution IBM Identity Resolution IBM Anonymous Resolution

IBM Cognos

Single View1 of entity master data management products used to implementthe registered traveler registry and registered traveler content in the data tier:

IBM InfoSphere Master Data Management Server


IBM InfoSphere DataStage

IBM InfoSphere QualityStage IBM InfoSphere Global Name Recognition

Single View of entity enterprise content management products used toimplement the registered traveler registry and registered traveler content in

the data tier:

IBM FileNet Business Process Manager IBM FileNet Image Services

IBM FileNet Records Manager

IBM FileNet Content Services

Infrastructure products used to implement SOA Security

IBM Tivoli Access Manager IBM Federated Identity Manager

IBM Tivoli Identity Manager IBM Tivoli Directory Server


Rapid deployment (for service creation and service reuse) products:

IBM Rational Software Architect

IBM InfoSphere Data Architect

Infrastructure products used to implement SOA Management:

IBM Tivoli Performance Analyzer IBM Tivoli Composite Application Manager for SOA IBM Tivoli Composite Application Manager for WebSphere


1 Single View is a middleware solution that supports identity and relationship analytics in addition to

managing the authoritative source of registered traveler master data.

Products used to implement SOA Governance:


40/56


IBM WebSphere Service Registry and Repository IBM Rational Asset Manager

IBM Tivoli Change and Configuration Management Database IBM Rational Method Composer

Benefits of the Registered Traveler architectureThe solution architecture for Registered Traveler provides the following benefits:

Moving towards an SOA based connectivity architecture allows flexibility,faster response to changes in government security requirements, legislation

and lower cost development in future projects.

Establishing an enterprise-wide strategy for governance, security, andmanagement paves the way for:

Controlled, well-planned rollout of future projects that impact internalsystems and external communication.

Simplification of troubleshooting of composite applications.

Confidentiality, integrity, and availability of components to cater to safety of

information processing needs.

Adding on registered traveler requirements to a basic level of Advanced

Passenger Analysis functionality becomes easier by taking a SOA approach.

Establishing a single view of managed, trusted registered traveler data sharedacross carriers and government agencies, is a critical factor for faster,

thorough travel security clearance and safety.

Provides identity insight capabilities to discover non-obvious relationships andperform identity management.

Applying business and infrastructure patternsThis section describes the business and infrastructure patterns associated with

the solution architectures for Advanced Passenger Analysis and RegisteredTraveler. By breaking down these solutions into common patterns, it simplifies

the understanding and development of the overall solution.

Table 1 on page 41 shows the business and infrastructures patterns used, andwhether they apply to Advanced Passenger Analysis and Registered Traveler.

Table 1 Business and infrastructure patterns
http://-/?-http://-/?-


41/56


Business patterns for Advanced Passenger Analysis and Registered

Traveler

This section addresses the business patterns that apply to both AdvancedPassenger Analysis and Registered Traveler.

Applying the data consolidation and data cleansing patternsInformation integration services consists of the data consolidation and data

cleansing patterns. It addresses the following pain points:

Data arrives in many different formats from carriers (such as UN Edifact,TN3270, proprietary) so it is difficult to compare data.

Supplementary information, such as address, phone number, and routing isrequired to be more certain of identity.

Names are entered inconsistently through the process making it hard to

recognize the same individual with different titles.

Pattern name Advanced

Passenger

Analysis

Registered

Traveler

Business patterns

Information Integration Services - Data Consolidation

and Data Cleansing

Yes Yes

Risk Analytics and Relationship Resolution Yes Yes

Business Process Automation and Business Rules

Integration

Yes Yes

Interaction and Collaboration Yes Yes

Master Data Management Yes

Enterprise Content Management Yes

Infrastructure patterns

Connectivity Yes Yes

Security Yes Yes

SOA Management Yes Yes

SOA Governance Yes Yes

How this pattern should be applied

P ti l t t/t f /l d (ETL) i d t lid t d t f l


42/56


Partial extract/transform/load (ETL) is used to consolidate data from several

diverse sources, such as public records and government sources (includingcrime databases, no-fly lists, and police records).

Data cleansing and standardization might only be done partially to merge

data properly from multiple data sources leaving critical data elements in theiroriginal state to support screening.

This consolidated data is used for identity screening, targeting and profiling.

Business value of adoption

The key value of this process lies in improving the reliability, quality andconsistency of the data so that decisions that are made based on this information

have higher accuracy.

Recommended IBM Government Industry Framework products


IBM InfoSphere DataStage IBM InfoSphere QualityStage

IBM InfoSphere Global Name Recognition

Applying the Risk Analytics and Relationship Resolution

pattern

This pattern addresses the following pain points:

Manual checks and screening is extremely slow and analysis is not simple.

Targeting, if done manually, can be complex and impossible to get throughmassive numbers of the PNR data in time.


Profiles of risky travelers with indications of suspicious behavior are createdbased on historical data and complex behavioral patterns. Create profiles of

travelers is known as targeting. For this to be executed efficiently we needanalytical tools, rather than human operators manually scrutinizing data toidentify out of the ordinary behaviors.

Personal identity information from the booking records are used to check against

watch lists, crime databases, and publicly available information to make suretraveler does not pose any risk. In addition, the non-obvious relationships of

travelers with any criminals can also be resolved using identities and passengerinformation.


IBM Cognos is used for targeting


43/56


IBM Cognos is used for targeting.

IBM Entity Analytic Solutions is used for screening and identity resolution.

IBM Relationship Resolution

IBM Anonymous Resolution IBM Identity Resolution

IBM InfoSphere Global Name Recognition provides multi-cultural nameinformation, analytics, and name matching through a series of flexible,

easy-to-integrate, SOA-enabled interfaces.

Applying the Business Process Automation and BusinessRules Integration patterns

These patterns addresses the need to quickly integrate new technologies andrequirements to ensure that CBP agencies are alerted to unobvious threats andsuspicious behavior, so prompt action can be taken.

How these patterns should be applied

Modeling the entire Advanced Passenger Analysis process provides anend-to-end view of the actors, operations, and feasibility of the process. The

process can then be documented, simulated, and put into execution, and theprocess can refined iteratively.

Due to large volumes of passenger data and data provided for analysis to

develop profiles flowing through the systems, it is almost impossible tomanually develop and manage risk profiles without automation.

Profiling: Rules are created based on the development of profiles to screen

passengers based upon passenger traveler information to ensure thatbehavior is not at a high risk.

If the passenger gets flagged as a result of the targeting process, an alert is

sent for further investigation to case management, where a human operatortakes charge of the case to decide if the traveler should or should not

continue the journey.


Integration of business rules with passenger screening makes the AdvancedPassenger Analysis solution robust, fast, and much more secure with

automated pre-built rules that can analyze traveler profiles, instead ofmanually studying the behavior.

Addition of new behavioral patterns or modification of existing rules are easyand does not require the alteration of existing business process.


The following IBM Government Industry Framework products are recommended:


44/56



IBM WebSphere Dynamic Process Edition IBM WebSphere iLOG JRules

Applying the Interaction and Collaboration patternThis pattern addresses the following pain points:

Different border agencies have different interfaces and disparate applications

(such as 3270, green screens, and portals) for various users inside andoutside their agency.

A wide range of software manageability and deployment leads to higher

costs.


The following approaches are advised in applying this pattern:

Border agencies should move towards an open interface for exchange of

information and communication with other security agencies and carriers. Theintent is to develop common channel agnostic services and serve them up to

any front end. This decreases maintenance costs and increases flexibility andcustomer satisfaction.

CBP agencies could provide an integrated desktop to their border protectionpersonnel at the ports that allows all disparate applications, communicationfrom the carriers, security agencies and commercial Registered Traveler

programs to be integrated on the glass into a composite application

This pattern allows information aggregation from multiple diverse sources or

applications (internal and external information required by a user) while alsoproviding collaborative experience to conduct business more efficiently.


Adoption of this pattern provides business value in the following ways:

Provides increased productivity for users through composite applications and

integration of existing applications on the glass.

Supports enterprise integrated desktops across application types and surfacerole based workspaces for given tasks.

Reduces IT and administration costs through remote deployment andmanagement of software across all customer segments.

Business patterns for Registered Traveler


45/56


This section addresses the business patterns that apply to Registered Traveler.

Applying the Master Data Management pattern

This pattern addresses the following pain points:

Traveler data is redundant, often inconsistent, and not current across multipleheterogeneous systems that are typically developed in silos.

Point-to-point interfaces are often developed to move updated traveler data

from one system to another, which constrains the ability for IT to makechanges and increases the overall cost of ownership.


The following approaches should be taken in applying this pattern:

An approved registered traveler registry should be established to maintain anauthoritative source of registered traveler master data that is current and of

high quality, and can facilitate the secure sharing of registered traveler datawithin the organization and across organizational boundaries (for exampleDMV records, credit reports, and financial information from banks).

Registered Traveler could be used to support Advanced Passenger Analysisscreening for international travel and to support domestic travel for security

screening where the traveler would provide their biometrics to match againsttheir credentials to expedite domestic travel.

From a MDM perspective, registered traveler data can be loaded through

batch, messaging, Web service, or real time through EJB calling an MDMservice.

The Registered Traveler system itself would support the business process for

managing the application, vetting (background processing), adjudication andapproval, and payment processing.

A CSR or multiple user roles might be involved in the processing andmanagement of the application as a case. The Registered Traveler system

should invoke a MDM server transaction to either perform a person look-up tosee if the person applied before or call the MDM Server AddParty Service,

which would find a match and update or add that information to Single View.This can be done as part of a global transaction with the Registered Travelersystem calling the MDM service, and is XA compliant.

The biometrics stored can drive the unique identification for a person in the

MDM server.

The MDM server publishes changes so that there is a publish/subscribemodel pattern for the synchronization of trusted traveler data. For example, if


46/56


a registered traveler updates their address or contact information, the updateis sent to passport and visa immigration systems.

Any time a MDM add/update transaction occurs, there is a pattern of data

quality management (cleansing and standardization) and then suspectduplicate processing to see if the person already exists.


Adoption of this approach provides business value in the following ways:

The actual passenger data (PNR) for those persons that are traveling canonly be retained for limited time. However, registered traveler data andcontent is established for a much longer time. Treating this as master data will

ensure accuracy and consistency with dependent sources of public andprivate data.

Establishing a single view of managed, trusted, and registered traveler data

shared across carriers and government agencies is a critical factor for faster,thorough travel security clearance and safety for frequent travelers.


IBM InfoSphere Master Data Manager Server is recommended for creating asingle view of registered travelers.

Applying the Enterprise Content Management patternThis pattern addresses the following pain points:

Inability of the current systems to integrate with a biometric system to capture

fingerprint images.

Inability to capture and store content associated with a person such as a

passport image, birth certificate, and so forth.

Inability to manage and link content distributed over multiple contentmanagement systems with structured data about a person.


The following approaches should be used to apply this pattern:

Use master data management to associate structured data along withunstructured content through a common key, driven by data cleansing,standardization, and matching.

Use MDM as a controller to the drive-federated query requests about aperson to retrieve all content and data about a person relevant to a query.


Adoption of this approach provides business value in the following ways:


47/56


p pp p g y

Ability to access the correct content at the right time quickly, and easily and

accurately associate a travelers biographic records from a single contentrepository

Ability to manage exposure to litigation, internal policy, external mandatoryregulations, and government compliance

Increased productivity:

Having the right information captured in a single version and singlelocation for all unstructured content

Content-centric processes are automated and integrated as part of theoverall registered traveler business process



IBM FileNet Business Process Manager IBM FileNet Image Services IBM FileNet Records Manager IBM FileNet Content Services

Infrastructure patterns that apply to Advanced Passenger Analysisand Registered Traveler

This section addresses the infrastructure patterns that apply to both AdvancedPassenger Analysis and Registered Traveler.

Applying the Connectivity patternThis pattern addresses the following pain points:

Point-to-point integration between several applications such as screening,targeting to data sources such as analytics databases, case management

data, and so forth.

Scaling Advanced Passenger Analysis architecture to accommodate new

data sources (such as international watch lists and criminal data) becomescomplex and time consuming.


The following approaches should be taken in applying this pattern:


48/56


An ESB architecture behind the firewall enables loose coupling, basic routing

and easy integration and adaptation of their diverse applications inside andoutside the enterprise.

Development of new applications for Registered Traveler along withcorresponding data sources becomes much faster.

The ESB provides support for different protocols and the exchange of

message formats between applications at the channels and within the datacenter.


Adoption of this pattern offers business value in the following ways:

The ESB provides a solution to respond to requests in a channel independentfashion to support user interface flexibility.

Development and updates to applications to keep up with changing security

mandates becomes considerably faster.



IBM WebSphere Enterprise Service Bus IBM WebSphere Message Broker IBM WebSphere DataPower IBM WebSphere Service Registry and Repository

Applying the security patternThis pattern addresses security across all tiers of the solution architecture.

Presentation tier security

Consider the following guidelines for presentation tier security.

The Web interface to Advanced Passenger Analysis /Registered TravelerPortal needs to be covered in aspects of security by employing best practices

such as defense-in-depth. By this, the solution is protected by its layeredplacement across security zones.

IBM Tivoli Access Manager for e-business provides an access management

infrastructure that can fulfill the above needs.

Identity management

Consider the following guidelines for identity management.


49/56


As the realms within which the solution operates is important (national

security), it is essential that the users who interact with the system, especiallythose who can modify the information (such as over presentation tier), are

identified with high levels of assurance.

As per security best practices, the channel for verifying the identity of an

Advanced Passenger Analysis/Registered Traveler critical user should bemultiple. For example the user should provide what they know (user

ID/password over the Web) and provide information about what they have(token/smart card/biometric information). A combination of the two would

better determine the identity.

To have access to the Advanced Passenger Analysis/Registered Traveler

solution, an infrastructure has to be provided for users to enroll, anydocuments to be scanned for approval (and stored), workflow systems to get

required approvals, and for scanning of biometrics.

Determine which internal government employees should have access toregistered traveler identification information.

Upon approvals, a secured credential would be granted and issued to theuser.

The credential (such as a smart card) contains aspects of the user that can

be verified with the user's biometric information. Solution components for thisinclude an approval engine such as IBM Tivoli Identity Manager.

Integration tier security

Consider the following guidelines for integration tier security.

The integration tier of Advanced Passenger Analysis is primarily performed bythe ESB/Message Queue (MQ) components. The security aspects, such as

integrity of messages and confidentiality (such as who or which application

can write into the queues and read from it), are critical. Similarly for Webservices invocations, it is important that these invocations are performed bythe authorized entities as per the security policies.

To achieve both these requirements, the following security components can

help:

WebSphere MQ Extended Security Edition

IBM Tivoli Federated Identity Manager

Application tier security

Consider the following guidelines for application tier security.


50/56


Application level security on which roles can perform which actions will be

performed by the application itself. The information about the mapping ofusers to roles, roles to actions, and actions to resources is handled by the

application itself.

In the Advanced Passenger Analysis solution, WebSphere Portal Server

(based on WebSphere Application Server) will handle these aspects. Theapplication components can, however, delegate the responsibility of storing

this data to CIS components (such as IBM Tivoli Directory Server) orexternalize access management to IBM Tivoli Access Manager for

e-business.

Data tier securityConsider the following guidelines for data tier security.

Data storage encryption

Sensitive information needs to be encrypted and stored in tape drives,

virtualized storage, or disk subsystems. It is important to have a systemthat can store this data and manage the set of encryption keys.

Advanced Passenger Analysis data will come from all over the world, so it

needs to be encrypted during transition and not just during rest in the case

management database. WebSphere MQ Extended Security Edition hasthis capability.

The Registered Traveler data is persistent for the lifetime of the registeredtraveler identification. Therefore, encrypting this data is important.

Data access

User access to stored data needs to be controlled both logically andphysically. Information in user repositories (such password information) needsto be encrypted and stored using security algorithms (for example

SHA1/AES) as per business policy. Information stored in the databasesneeds to be encrypted using directory or database provided encryption

mechanisms.

Applying the SOA Management patternAdvanced Passenger Analysis and Registered Traveler business service level

agreement (SLA) requirements and non-functional requirements are key todetermining exact systems management requirements. This section lists

systems management components and a mapping of IBM solution offerings thatcater to them.

Note that although these solutions and services are positioned for the boundaryof control of a Advanced Passenger Analysis or Registered Traveler project, they

can be expanded to other enterprise class solutions.


51/56


can be expanded to other enterprise class solutions.

Availability of systems and services

Consider the following guidelines for availability of systems and services To meet the expected throughput and performance SLAs, it is important to

know the availability characteristics of the system where the components run.It is therefore imperative in real time to:

Determine the availability of operating system resources (such as

memory, hard disk space, and CPU cycles).

Determine the availability of applications and services.

Send alerts when critical thresholds are reached for resources or critical

applications are not running.

Take corrective actions where possible by running system commands attarget machines that can be configured to perform remediation steps (For

example, start an application server if it is down).

Report the availability snapshot of the critical systems in a dashboard.

The IBM Tivoli Monitoring suite can help with these requirements.

Capability of predictive alertsTo be better prepared to predict issues, consider the following issues:

Keep historical data (not just real-time data) of systems utilization.

Determine trends of peaking resources.

Determine the time to reach resources limit (for example a hard disk would

reach capacity in 30 days at the current rate).

Provide growth statistics for multiple time periods (such as one week, one

month, 90 days).

Send alerts by integrating with existing e-mail/SMS systems to page theconcerned person.

IBM Tivoli Performance Analyzer can help with these requirements.

Systems troubleshooting

When solution systems are not functioning to the expected levels, informationshould be available on where the problem is occurring. This is often a dauntingtask with many participants involved.

There is a need to improve operational efficiency by providing visible informationof what is happening in the environment and which components are performing

poorly. This information should show the performance of transactions over


52/56


p y pmultiple stages. This will help identify where bottlenecks are in a system.

The following products can help:

IBM Tivoli Monitoring IBM Tivoli Composite Application Manager for Transactions IBM Tivoli Composite Application Manager for SOA IBM Tivoli Composite Application Manager for WebSphere

Applying the SOA Governance patternThis pattern addresses SOA governance concerns.

How this pattern should be appliedConsider the following guidelines for how this pattern should be applied:

Plan, develop, and deploy an enterprise level governance strategy, so it is not

done in pockets within each department.

Execution of governance practices need proactive best practices andenforcement.

Compliance reports need to be stored and retrieved for audits.

When starting SOA-based projects, identify and prioritize new and ideal setsof service candidates. By following best practices and adopting SOMA, the

highest value business services that will need to be implemented can beidentified easily and accurately.

To regulate the creation of new services with future SOA projects, implement

a centralized registry and repository.

Institutionalize governance best practices with executive sponsorship and

support across departments.

By adopting the SOA Governance and Management Methodology (SGMM),assign roles and responsibilities for spawning and owning services and put a

funding model in place.

Comply with government and regional regulations:

ICAO 9303 machine readable travel documents.


53/56


IATA target times for passenger throughput (for example, 15 minutes toclear security).

USA TSA regulations. FBI T60 rule: Information about all passengers flying to the USA must

reach the FBI one hour before the plane takes off.

EC API directive: airlines must send passenger API for each passenger

before the plane lands.


Consider the following guidelines for business value of adoption

By adopting an enterprise level governance strategy, the benefit comes fromreduced costs through standards-enforced usage of the same monitoring

tools, technologies, procedures, and reporting for audit compliance.

Reduced exposure to litigations as the regulation and audit compliances are

managed using standard procedures as at enterprise level.


Consider the following guidelines for recommended IBM Government Industry

Framework products IBM WebSphere Service Registry and Repository IBM Rational Asset Manager IBM Tivoli Change and Configuration Management Database IBM Rational Method Composer

The team who wrote this IBM Redpaper

This paper was produced by a team of specialists from around the world:

Martin Keen, Consulting IT Specialist, IBM ITSO

Allen Dreibelbis, Executive Solutions Architect for Single View of a Citizen, IBMSWG IM Advanced Engagement Team

HungTack Kwan, Certified IT Architect, IBM Global Solution Center

John LaLone, Executive Consultant, IBM SOA Sales

Paul McKeown, Associate Partner, IBM Customs Revenue and BorderManagement.

R h i K hik SOA S i P d t M IBM SOA P tf li


54/56


Rashmi Kaushik, SOA Scenarios Product Manager, IBM SOA PortfolioConsumability

Robert Spory, SOA Consultant, IBM SOA Sales

Marilza Maia, Business Integration Solutions Architect, IBM SOA AdvancedTechnologies

Vinod Chavan, Global Sales Leader, IBM Industry Frameworks

Thanks to the following people for their contributions to this project:

Wendy Clarke

David Waxman Leonard Lee John J McKeon Ashish Cowlagi

Notices


55/56

Copyright International Business Machines Corporation 2009. All rights reserved.

Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by

GSA ADP Schedule Contract with IBM Corp. 55

This information was developed for products and services offered in the U.S.A.

IBM may not offer the products, services, or features discussed in this document in other countries. Consultyour local IBM representative for information on the products and services currently available in your area.Any reference to an IBM product, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product, program, or service thatdoes not infringe any IBM intellectual property right may be used instead. However, it is the user'sresponsibility to evaluate and verify the operation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matter described in this document.The furnishing of this document does not give you any license to these patents. You can send licenseinquiries, in writing, to:IBM Director of Licensing, IBM Corporation, North Castle Drive Armonk, NY 10504-1785 U.S.A.

The following paragraph does not apply to the United Kingdom or any other country where suchprovisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATIONPROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS ORIMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimerof express or implied warranties in cer tain transactions, therefore, this statement may not apply to you.

This information could include technical inaccuracies or typographical errors. Changes are periodically madeto the information