Interoperability Support systems Nationwide components (Estonia)

Transcription

1 Interoperability Support systems Nationwide components (Estonia) July 6, 2007 Forum Standaardisatie, Netherland Uuno Vallner, PhD. Ministry of Economic Affairs and Communications

2 ICT legislation (1) Personal Data Protection Act (1996) /2007 protects individuals fundamental rights and freedoms states that all citizens have a right to see the data that the public sector maintains about them Databases Act (1997)/ 2007 Sets out rules for the creation and maintenance of public sector databases Does not deal with the front office (use and services of databases) New law currently elaborated (merged to Public Information act)

3 ICT legislation (2) Public Information Act (2001) ensures the opportunity for all to access information intended for public use imposes an obligation for public authorities to maintain a website and a document register states that everybody must have free access to the internet at public libraries Identity Documents Act (2000) establishess the national ID card as the primary personal identification document

4 ICT legislation (3) Digital Signatures Act (2000) states that digital signature is equal to the handwritten one imposes an obligation on public sector institutions to accept digitally signed documents regulates the activities of Certification and Time-Stamping Service providers

5 ICT legislation. Government acts Registry of registries RIHA (1998) /2007 Classification system (2003) /2007 Data exchange layer (X-road) (2003) /2007 System of security measures (2004) /2007 The system of address details (2003) /2007 The geodetic reference system (2002)

6 EstIF : is a set of standards and guidelines aimed at ensuring the provision of services for public administration institutions, enterprises and citizens EstIF serves as: A guide for those who are drafting concepts for country-wide information systems; A guide for IT project managers in the public administration when they wish to draft concepts for the information systems of their institutions; A form of assistance in organising public procurements.

7 Objectives of the EstIF (1) to facilitate and implement the transformation of institutionally based public administration into a service-centred ones, allowing all citizens to communicate with the state without knowing anything about its hierarchical structure and division of roles; to reduce public sector IT spending through the extensive use of centrally developed solutions; to improve the interoperability of new IT projects through co-ordinated use of centrally developed infrastructure, middleware: public key infrastructure (PKI), data exchange layer X-Road, citizen s environment etc. and open standards;

8 Objectives of the EstIF (2) to improve the co-ordination and management of state information systems and to accelerate the development of IT solutions; to contribute to the co-development of the state information system; to allow autonomous development for all systems within the principles of organisational, semantic and technical interoperability; to ensure free competition in the area of public procurement.

9 The key principles of EstIF (1) The institutionally based approach should be replaced by service-centred one; Public services (including nested ones) are provided free of charge for public sector institutions and citizens; The development of information systems is based on an Internet-centred approach; Information systems provide and use services via a data exchange layer based on multilateral agreements; XML-based technologies are used to integrate of information systems and to present data; There is a move toward the more extensive use of open standards;

10 The key principles of EstIF (2) In developing information systems, open source based solutions are considered alongside proprietary ones; Access to public services should preferably be ensured via a web browser and by different channels and devices; All services requiring user authentication and authorization must exploit the secure X-Road environment; The authentication and authorization procedures of civil servants are based on the use of the Estonian ID card; As a temporary alternative, authentication mechanisms used by Internet banks can be used for authentication individuals; central and local government agencies co-operate in order to ensure the provision of information and services for citizens, officials or entrepreneurs at a single place and without the need to know anything about the subordinating system of the executive power or the division of roles therein.

11 Documents of EstIF (2) Estonian Interoperability framework (in Estonian, abridgement version in English) Estonian IT Architecture (in Estonian) Semantic Interoperability (in Estonian) Web Interoperability Framework (in Estonian) Information Security Interoperability Framework (in Estonian) Requirements for Database Semantic Descriptions and Service Descriptions (in Estonian) Interoperable Document Management Systems (in preparation, it is moving from Architecture to separate document) Interoperable Geoinformation Systems (in preparation, it is moving from Architecture to separate document, ) Open Source Software (in preparation, it is moving from EstIF to separate document)

12 EstIF. Information in English Estonian IT Interoperability Framework. Abridgement of version Uuno Vallner. The Estonian IT Interoperability Framework, Baltic IT & T Review, No 2(41), 2006, pp Internet: 6A4D002A0ADF.nsf/ BAC2256A4E002DC32C/E003 B13A1059C212C22571B7003ABD44 Nationwide Components of Estonia's State Information System. Dr Uuno Vallner, 6A4D002A0ADF.nsf/ BAC2256A4E002DC32C/C054 7F95C C B78AC (X-road)

13 What is differently in Estonia? We protect data not channels; PKI infrastructure; Evidentiary value of data; High availability; Confidentiality; Transparent usage of web services; Asynchronous mode in synchronous mode

14 What we protect: data or channels? The old problem: What we need to protect the king (person) or route (where king is moving)? We choose the king (data) Most attacks comes from inside We use public Internet, but data is crypted, signed. NATO, EU, IDABC decided to protect channels TESTA and S-TESTA do not add security

15 PKI infrastructure Persons are authenticated by: ID card (90% of citizens in age have ID card) mobile-id, replacement-id, additional-id (Not yet) Internet banking (citizens only): Roll of Banks: authentication and e-payment Soft Certificate (officials only) strongly not recommended

16 Evidentiary Value first priority In order to preserve the evidentiary value and integrity of the data, all outgoing messages are signed. Signing keys are registered with third party All incoming messages are logged. The message log is cryptographically protected. The intermediate hash values are periodically time-stamped by the X-Road central agency. This allows detecting the message log tampering attempts. Message receiver can later prove with the help of the X-Road central agency when and by whom was the message sent.

17 Availability --- the second priority In order to ensure the high availability of the system, X- Road is built as a distributed system, with minimal number of central services. The directory service is built on top of Secure DNS (DNS- SEC). The usage of well-proven DNS protocol and implementation provides very robust, scalable directory service with built-in caching and redundancy. Security extensions of the DNS (signed zones) ensure that the data cannot be tampered. All X-Road servers have their own local caching DNS server that ensures the availability of directory information even in case of (partial) network outage.

18 Confidentiality --- the third priority SSL protocol is used as a defence mechanism against external attackers. All exchanged data is encrypted. Two level access rights control mechanism is used as a defence mechanism against internal attackers. Two level access control mechanisms isolates the details of the authentication and access control mechanisms used internally by the organizations was biggest success factor of the X-Road because the impact to the existing systems was minimized.

19 Authentication We have two-level authentication: that of information systems and that of users. Every information system is authenticated by the certificate issued by certification authority of X-road Persons are authenticated by: ID card Internet banking (citizens only): Roll of Banks: authentication and e-payment Soft Certificate (officials only)

20 Authorization Two levels of authorization: information systems and users Groups of consumers Every institution (as user) is responsible for the authorization of its own users (before: service provider was responsible for the authorisation of users. It is similar to situation where alcohol factories are responsible for results of alcohol misuse) Service providers must open a new service in case any public institution should need (customers are owners of state registers)

21 The transparent usage of web-services X-Road server functions as a proxy to all services provided by other organizations, so all services appear to be behind the same URL. XMLRPC X-Road server XMLRPC service Client (SOAP) X-Road server X-Road protocol (secure) X-Road secure and transparent SOAP X-Road server SOAP service SOAP

22 Asynchronous mode Big amount of data (asynchronous mode) Multilateral approach: exists central repository of messages C2C: two secure signing portals (citizens can to each other send and receive documents) A2C: personal document handling systems (citizen can fill application, administrations report results) A2A: Document management systems exchange information without the use of paper and ordinary postal services.

23 Support systems Registrer of registers (RIHA) Classification systems System of addresses Data exchange layer (X-Road) Geodetic system Security measures system

24 NWC: Registry of registries First version (1999) Text database (TRIP engine), full text search, approximately 100 attributes Databases, objects, services, responsibility, classifications, standards, Second version (2004) MySQL (Later Postgres), more information about services; WSDL, service providers; customers; X-road connection information; persons; security. Third version (2007)

25 Example: Data about the Land Cadastre

26 Example: Sample WSDL

27 Existing registry of registries (ARR) Evolved into a web based system with a UDDI interface Information about registries, their X-road services, classifications Registration of registries limited Registry metadata inconsistently documented Difficult to see the big picture

28 Objectives for RIHA (the new registry of registries) Main objective is to create a integrated information system that would give a clear view of the state s registries and related services. Enhance technical, organizational and semantic cooperation in the public sector Collect data about Registries Services provided by registries (Service providers) Service consumers Classifications Enable coordinating agencies (RISO) to see the big picture and make informed decisions

29 Service providers Service consumers Main user groups Help desks (Service Desks) Coordinating agencies (RISO/RIA) Classification administrators (Statistical office of Estonia) Estonian Data Protection Inspectorate Citizens

30 Service providers will be able to: Apply to join the X-Road Register existing registries Update registry metadata Post semantic information for databases and services Register new services including web services Initiate negotiations for creation of a new registry View users of a service and inform them of impending outages/changes

31 Service Consumers will be able to: Apply to join the X-Road See a complete view of state registries and the information stored within them See a complete view of existing services and apply for permission to use them Request creation of a new service See an integrated view of monitoring and statistical information Find appropriate contact information for registries Register complex services (web services that call other web services)

32 Help desks will be able to: View interdependencies of services Track reported errors to originating service/registry and find appropriate contact information for the registry Compare promised service availability to actual service availability

33 Coordinating agencies will be able to: View a complete picture of the state s registries and services Complete list of registries and their associated services Complete list of users of a particular web service Integratated with monitoring and usage statistics system Use RIHA to assist with the administration of the X-Road

34 Statistical office will be able to: View existing classifications and their administrators View registries using particular classifications Register new classifications

35 Data Protection Inspectorate will be able to: Examine the existence and use of delicate data in registries

36 Citizens will be able to: View a complete list of registries and associated services Obtain contact information for registries

37 The classification system In order to understand, process and categorize data in information systems in a standardised way, data need to be classified and tagged. The use of classifications facilitates the standardisation of data, enables information exchange between information systems (data providers and data receivers), and allows the comparison and analysis of the published data.

38 The address system The system of address details is a set of common principles, which ensures a standardised identification of address objects both in their location and in different information systems, and allows the comparison of addresses submitted at different times and based on different principles.

39 The geodetic system The geodetic system consists of: the geodetic reference system; the system of plane rectangular co-ordinates; the height system; the gravimetric system.

40 The system of security measures The objective of the system is to define an unequivocal procedure for the specification of security requirements for information systems; a procedure for determining, pursuant to security requirements, security classes; and a procedure for the selection of security measures according to security classes.

41 The address system The system of address details is a set of common principles, which ensures a standardised identification of address objects both in their location and in different information systems, and allows the comparison of addresses submitted at different times and based on different principles.

42 Nationwide components (NWC) Estonian government agencies are all responsible for the development and maintenance of their information systems, and they all must keep in mind the general principles of the state s IT interoperability framework. In order to ensure interoperability and a multilateral approach, the public sector assumes responsibility for the development and maintenance of several central and nationwide components of these systems. There are two types of nation-wide information systems in Estonia witch are developed and managed centrally: the common single point of entry Infrastructure and support systems which refer to agreements among state information systems and the relevant middleware.

43 NWC: PKI infrastructure (2002) Contains two certificates: 1) one for authentication 2) for giving digital signature Types of eid instruments: ID card (2007: 90% of citizens in age have ID card) mobile-id, replacement-id, additional-id (2007) Internet banking (citizens only): Roll of Banks: authentication and e-payment Soft Certificate (officials only) strongly not recommended

44 ID card - fields of application As a regular ID As an authentication tool for e-services both in the public and the private sector For giving digital signature As an ID-ticket for public transport For transfer money in Internet Bank As a loyal customer card As a door card In evoting

45 NWC: Interoperability of document management systems Do not use scanners Do not use ordinary post Cases must be transferred from one systems to other without additional entry All document management systems need to have an interface with the central document exchange point

46 NWC: Interoperable geoinformation systems (2007) The interoperability of geoinformation systems means that relevant services are easy to use, and digital maps are accessible for all authorized users and for other information systems. It must be possible for all agencies, enterprises and citizens to use digital maps which have been developed by the public sector on the bases on open GIS standards; It must be possible to use geoinformation data sources to provide new e-services through open interfaces, and to add to the existing e-services links to geoinformation services, all without any significant additional costs; Authorized use of data has to be ensured (e.g. objects falling into the Category I of nature conservation are only accessible for authorized users).

47 NWC: Trust environment X-road (2002) X-Road allows information systems to use the common data exchange environment as well as the common set of interfaces and common authentication system. Joining an information system with X-Road saves money and considerably increases the efficiency of data exchange among state agencies and in communications between the local residents and the state. Number of queries made via the X-Road in million

48 Institutional Databases Banks X-road backoffice Taxing system Services AS TS Population registry Services AS TS Vechiles registry Services AS TS Other AS TS Banks auth. payment services AS TS X-road cert.center Server II (Backup) Server I HELPDESK Monitoring Central Registry of Institutional Databases AS TS X-road (over Internet) Citizens Portal TS AS KIT Citizens Portal Enterpreneur Portal TS AS EIT Enterpreneur Portal Riik.ee (public servants) TS AS AIT AIT AIT Public Servant Portal (ametnikuportaal) (ametnikuportaal) National ID-Cart Certification Center Centralizes systems developed by Government Cert. Center

49 Case police (traffic) Police vehicles have been equipped with positioning devices and with mobile workstations which enable integrated queries in the databases of Police and: Citizen and Migration Board Estonian Motor Vehicle Registration Centre Estonian Traffic Insurance Fund Control centre knows where is patrol car Patrolling police officer has computerized map

50 X-road --- open source software X-Road servers are built on a base of GNU/Debian Linux. All the additional software is packaged as Debian packages that can be installed and maintained using standard Debian tools. In addition self-contained installation CD is provided that installs and configures minimal GNU/Debian Linux and X-Road software with minimal user intervention. X-Road servers have minimal user-interface for maintenance and configuration tasks. All keys, including the top-level certification keys can be changed on the fly, without interruptions to the system operations and with minimal user intervention X-road software is OSS for everybody, but it is restricted to use changed software in live environment without security audit.

51 NWC: Single point entry Ensures access to information provided by the constitutional institutions, as well as central and local government agencies; Presents, in a balanced manner, the functions of all state institutions; Offers an English and a Russian version to provide a balanced and adequate overview of Estonia s state structures to the rest of the world.

52 NWC: Information portal This portal is freely accessible and contains information about the rights and obligations of Estonian citizens, as well as about services which are provided to them by public sector institutions. The information is relevant both for permanent residents and foreign residents who are interested in having a better understanding of the Estonian way of life. The information portal ensures access to information provided by state institutions throughout the citizen s life cycle and by thematic fields

53 NWC: Personal portal Having passed authentication, the citizen portal allows citizens to use personal secure environment Public sector institutions are obliged to provide e-services that require authentication and are targeted at citizens and the private sector (express services, notification services etc.) via the citizen portal. Besides, respective links to the citizen portal should additionally be published on their own websites.

54 NWC: Personal portal. Secure The secure area. Each local resident has his or her own address, which is recorded on the citizens ID card and can be used to send signed and encrypted E- mail. The system does not, however, support boxes for users. Each resident must declare an address to which mail is to be forwarded so as to redirect the address that has been provided trough the national ID card

55 NWC: Personal document management system The personal document management system allows people to fill in forms and then forward them to the relevant institutions. The institutions process the forms and report the results to the personal document management system from which the form has been submitted. People can trace the proceeding of their case through various institutions. No user is allowed to monitor someone else s case.

56 NWC: Direct services The direct services area allows people to view the data which the government has collected about them. They can also receive e-services which do not involve specific institutions. Direct services are produced through the X- road.

57 Databases Users Pension Insurance Register of Social Insurance Board Citizen Portal Citizen Population Register IS of Health Insurance Fund X-Road MISP IS of Tax & Customs Board Civil servant Students Register Parental benefit & Family benefits in Internet

58 NWC: Notification services There is an area for notification services: breaks in electricity or water deliveries; expiration of a period of validity etc.

59 NWC: Personal document management system The personal document management system allows people to fill in forms and then forward them to the relevant institutions. The institutions process the forms and report the results to the personal document management system from which the form has been submitted. People can trace the proceeding of their case through various institutions. No user is allowed to monitor someone else s case.

60 NWC: Personal area for signing The secure documents area allows the user to sign documents and then send them. These facilities are based on DigiDoc software, which was developed by the Centre for Certification and financed by the private sector project.

61 Thank you for your attention!