February 2011 www.ega.ee

Interoperability Frameworks

Arvo OtteGovernance Academy

Estonia

E- Gov Center:

-strategy

-budget

-regulation

-training

Shared,

services infrastructure,

portal,

interoperability

architecture,

eID, payment

gateway etc.

VISION

Ministries

Service Points

More and better services, More locations, 24/7,smaller Government, lower costs

Governmental Registries

• Many registries, all very different, managed and developed by different organizations and financed separately

• Very many users, most of them are very small organizations without security knowledge and with a very small IT budget

• Very high security requirements. Registries contain personal data that is in some cases used to make high value decisions and in some cases needed in real time

Interoperability Framework

• Organizational interoperability

• Legal framework

• Technical architecture

• Semantic interoperability

Interoperability Framework – set of

principles, agreements, commitments

February 2011 www.ega.ee

Political ContextCooperating partners with compatible visions, aligned priorites and focused objectives

Semantic interoperability --- Semantic AlignmentPrecise meaning is preserved and understood by all parties

Organisational interoperability --- Process AlignmentDifferent organisations achieve a agreed and mutually beneficial goal

Legal interoperability --- Legislative AligmentAligned legislation so that echanged data is accorded proper legal weight

Technical interoperability --- Interaction ja TransportPlanning of technical isuses involved in linking computer systems and services

Nature of document Name of Document Nature of regulation

Policy and strategy

documents

Interoperability

Framework

Infopolitical agreement,

strong recommendation

Laws and sub-acts Databases acts,

Personal Data

Protection Act, Digital

Signature Act etc.

Compulsory

Framework descriptions Architecture

descriptions

Strong recommendation

Interoperability Related

Standards

Documents, digital

signature, security,

message transfer etc.

Advise and

recommendation

Regulations1. ORGANIZATIONAL

coordination

– Responsible institution for general coordination/management of the

integrated register system (preparation and implementation of strategy

and basic concepts of interoperability framework)

– Availability to set-up official (and unofficial) work groups. Different advisory

and management boards regulated by government. Official procedure is

needed to engage different stakeholders into the coordination process.

Implementation

– registration of databases and services, management of data exchange

process

– offering some shared services

– cooperation with different stakeholders of the project

– supervision of the implementation

– helpdescFeb 2011 www.ega.ee

Regulations

2. DATABASES and INFORMATION SYSTEMS

• Process of creation, integration and termination of state databases. Who is

responsible, what legal act is needed to describe the functions of databases

(statute, approved by Government?). Who is responsible on data

processing. Role of basic data. Auditing of databases.

• Principles – ask once, use multiple; personal data protection etc.

• Components of the integrated system. Database of databases –

responsibility of institutions to give metadata about their databases.

Repository of XML descriptions of services. In future database of

ontologyies

• Finance models

• Data services are the priority... not data collection. Customers orientation –

not collect data if the services does not need it

• Ownership of the data

• Authorization and audentication

Feb 2011 www.ega.ee

Regulations2. DATABASES and INFORMATION SYSTEMS

Feb 2011 www.ega.ee

Regulation about supporting systems of the framework:

•System of unified classifications (Estonian: sub act of the

Public Information Act “Clastification system”)

•Address system (Estonian: sub act of the Public Information

Act “Address system”)

•Geodetic system (Estonian: sub act of the Public Information

Act “Geodetic System”)

•System of data security measures of databases (Estonian:

sub act of the Public Information Act “System of Security

Measures of Information Systems”)

•Environment of sharing data - data exchange system

between registers (Estonian: sub act of the Public Information

Act “Management system of State Information System”)

IOF Questions (1):

• Question 1. IOF is in-line with European Interoperability Framework

European ISA program (http://ec.europa.eu/isa/ )?

• Question 2. There is govermental portal as single contact point for

citizens and businesses.

• Question 3. Websites comply with WAI quality criteria.

• Question 4. Public administrations will agree on an appropriate,

common security and privacy policy and concrete requirement.

Government will implement IT baseline security system. For

example: The production and development of baseline security

system is recommended to base on the IT Baseline Protection

Manual (IT-Grundschutz Handbuch) issued by Germany’s BSI

(Bundesamt für Sicherheit in der Informationstechnik ).

www.ega.ee

IOF Questions (2):

• Question 5. The national supervision agency is established with

following main roles:

– personal data protection - inviolability of private life;

– public information - complying with requests for information and publication of

information on the Internet and elsewhere

• Question 6. Public administrations are designing information

systems and technical architectures that are linguistically neutral in

order to cater for multilingualism when establishing an International

Public Service.

• Question 7. Public administration have a long-term preservation

(sustainability) policy.

www.ega.ee

IOF Questions (3):

• Question 8. Public administrations will favour openness regarding

public information.

• Question 9. Public administrations are encouraged to reuse and

share solutions and to collaborate on the development of common

solutions.

• Question 10. Public administration should not impose any specific

technological solution on citizens, businesses and other

administrations

• Question 11. Public administration will develop a component based

service model, allowing the establishment of Public Services by

reusing, as much as possible, existing service components

www.ega.ee

IOF Questions (4):

• Question 12. Public administrations will make their authentic

sources of information available to others while implementing the

appropriate access and control mechanism to ensure security and

privacy as foreseen in the relevant legislation.

• Question 13. Public administrations will develop the necessary

interfaces to authentic sources and align them, at semantic and

technical level.

• Question 14. Public sector will develop the common service

infrastructure.

• Question 15. Public administrations will obtain political support for

their interoperability efforts.

www.ega.ee

IOF Questions (5):

• Question 16. Public administrations will carefully consider all

relevant legislation linked to the information exchange, including

data protection legislation.

• Question 17. Government will elaborate legislation (laws and other

government acts) in area of registers, infrastructure services,

register of registers, register of certificate service providers, security

baselines.

• Question 18. Model of coordination? Government is using the

European Method of Open Coordination (OMC, see

http://en.wikipedia.org/wiki/Open_Method_of_Coordination) as the

governance model for organisational interoperability.

• Question 19. Public administrations will document their business

processes and agree on how these processes will interact to

contribute to the delivery of a Public Service.

www.ega.ee

IOF Questions (6):

• Question 20. Public administrations will systematically define

Service level agreements (SLA) for the part of the Public Service

they provide and/or consume.

• Question 21. Public administrations will support the establishment

of both sector-specific and cross-sectoral communities aimed at

facilitating semantic interoperability and will encourage the sharing

of results produced by such communities through national and

international platforms.

• Question 22. Public administrations will agree on the standards and

specifications to be used to ensure technical interoperability.

• Question 23. Public administrations will, as much as possible, base

interoperability agreements on existing formalised specifications, or

in case such specifications do not exist, collaborate with

communities working in the same areas.

www.ega.ee

IOF Questions (7):

• Question 24. Other things being equal, public administrations

should prefer open specification.

• Question 25. Public administrations will actively participate in the

standardisation activities that are relevant to their needs.

• Question 26 ?? Example: National GovNet will operate as a public

network. Principles of GovNet:

– Every state and local government agency has the right, though

not obligation, to use GovNet.

– The use of the backbone network is recommended to finance

centrally from the state budget and the use free of charge for

subscribed clients. The client has to pay only for access to the

backbone network.

– End-users will be responsible on security of their local network.

www.ega.ee

IOF Questions (8):

• Question 27. Government will elaborate personal secure

environment using ID card for citizens accessed. Personal area can

contain following subareas:

– E-service area allows people to survey the data which the

government has collected about them.

– Notification services (breaks in electricity or water deliveries,

expiration of a period of validity, etc.);

– Application which enable citizen to fill different forms and forward

them to the relevant institutions. The institutions process the

forms and report the results to the citizens.

– The secure document area allows users to sign documents and

forward them.

www.ega.ee

IOF Questions (9):

• Question 28. Use of the PKI infrastructure is free for citizens – they

don’t pay for certificates and for presentation and validation of a

digital signature.

• Question 29 ?? Government will develop the primary open source

software applications for ID cardholders:

– Client software for signing and signature checking

– Portal for signing and signature checking

– Program library for signing and signature checking for using

inside of other software products (for example from document

management systems).

www.ega.ee

IOF Questions (10):

• Question 30. Government is elaborating the middleware and

corresponding organisation for integration of information systems

(registers). Middleware solution will contain interoperable

infrastructure services:

– audit trail and log;

– service registry and metadata management;

– access control;

– data certification;

– data transport;

– data translation;

– workflow management.

www.ega.ee

Thank you for your

attention!

Arvo Ott

arvo.ott@ega.ee

www.ega.ee