SECURE DATA INTERCHANGING IN E-GOVERNMENT A MODEL FOR TURKEY

Transcription

1 SECURE DATA INTERCHANGING IN E-GOVERNMENT A MODEL FOR TURKEY A MASTER S THESIS in Computer Engineering Atılım University by ÖZGÜR ÖZTÜRK APRIL 2005

2 SECURE DATA INTERCHANGING IN E-GOVERNMENT A MODEL FOR TURKEY A THESIS SUBMITTED TO THE GRADUATE SCHOOL OF NATURAL AND APPLIED SCIENCES OF ATILIM UNIVERSITY BY ÖZGÜR ÖZTÜRK IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE IN THE DEPARTMENT OF COMPUTER ENGINEERING APRIL 2005

3 Approval of the Graduate School of Natural and Applied Sciences Prof. Dr. İbrahim Akman Director I hereby certify that this thesis satisfies all the requirements as a thesis for the degree of Master of Science. Prof. Dr. İbrahim Akman Head of Department This is to certify that we have read this thesis and that in our opinion it is fully adequate, in scope and quality, as a thesis for the degree of Master of Science. Prof. Dr. Ali Yazıcı Co-Supervisor Instructor Ziya Karakaya Supervisor Examining Committee Members Prof. Dr. İbrahim Akman Prof. Dr. Ali Yazıcı Asst. Prof. Dr. Çiğdem Turhan Dr. Ali Arifoğlu Instructor Ziya Karakaya

4 ABSTRACT SECURE DATA INTERCHANGE IN E-GOVERNMENT: A MODEL FOR TURKEY Öztürk, Özgür M.S., Computer Engineering Department Supervisor: Instructor Ziya Karakaya Co-Supervisor: Prof. Dr. Ali Yazıcı April 2005, 80 pages The developments in internet technologies provide opportunities for secure, fast and effective data interchange through the Internet. The efficient use of these technologies such as electronic government services contributes to the welfare of individuals, companies and agencies in several aspects. Since many of the currently used government architectures do not provide effective data interchange between the agencies and individuals, important problems occurred across the e-government network upon start of the new internet based technologies used as international standards; the proposed model provides an effective and secure data interchange in e- government. This thesis proposes a secure data interchange model in e-government for Turkey. Keywords: Interoperability, Interoperability Framework, Agency, E-Citizen, Portal, E-Company, E-government iii

5 ÖZ E-DEVLET İÇİNDE GÜVENLİ VERİ DEĞİŞİMİ TÜRKİYE İÇİN BİR MODEL Öztürk, Özgür Yüksek Lisans, Bilgisayar Mühendisliği Bölümü Tez Yöneticisi: Instructor Ziya Karakaya Ortak Tez Yöneticisi: Prof. Dr. Ali Yazıcı Nisan 2005, 80 sayfa İnternet dünyasındaki gelişmeler güvenli, hızlı ve etkili bir veri iletimine imkan sağlamaktadır. Bu teknolojilerin yerinde kullanımı insanların, kamu kurumlarının ve şirketlerin refahını etkileyen bir çok faktörden biri olan devletin elektronik ortamdaki hizmetlerine önemli katkılarda bulunabilecektir. Devlet kurumlarının kendi aralarında yada bu kurumlar ile bireyler veya şirketler arasında elektronik ortamda yapılmaya çalışılan veri iletiminin standart, güvenli ve hızlı olamaması önemli sorunlar yaratmaktadır. Bu model internet tabanlı yeni teknolojilerindeki gelişmeleri kullanarak e-devlet yapısı içerisinde ve e-devleti oluşturan unsurlar arasında güvenli, dünya standartlarına uygun, etkili ve hızlı bir veri iletimini hedeflemektedir. Bu tez, Türkiye için güvenli ve etkili bir e-devlet modeli önermektedir. Anahtar Kelimeler: Birlikte çalışabilirlik, Birlikte çalışabilirlik çerçeve yapısı, Kurum, E-Vatandaş, Portal, E-Şirket, E-Devlet iv

6 To my dear family Thanks for their endless support v

7 ACKNOWLEDGMENTS First, I would like to thank my thesis supervisor Ziya KARAKAYA for his guidance, insight and encouragement throughout the study. Thanks also go to my co-supervisor Prof. Dr. Ali YAZICI. I should also grateful to examination committee members Prof. Dr. İbrahim AKMAN, Dr. Ali Arifoğlu, Asst. Prof. Dr. Çiğdem Turhan for their valuable suggestions and comments. I would like to express my love to all the members of my family for their patience, sympathy and support during the study. vi

8 TABLE OF CONTENTS ABSTRACT... iii ÖZ...iv DEDICATION...v ACKNOWLEDGMENTS...vi TABLE OF CONTENTS...vii LIST OF FIGURES...ix LIST OF TABLES...ix LIST OF ABBREVIATIONS...x CHAPTER I...1 INTRODUCTION Background of Problem Definitions of Terms...5 CHAPTER REVIEW OF LITERATURE Determination of Main Policies and Targets Determination of Standards Web Services XML (extensible Markup Language) SOAP (Simple Object Access Protocol) WSDL (Web Services Description Language) UDDI (Universal Description, Discovery and Integration) XML Schema Interoperability Framework Legacy Systems...16 CHAPTER METHODS OF THE STUDY Main Problem and Sub Problems Main Research Question Sub-Questions Design of the Study The Current Situation The Data Interchange Model in E-government Outline of Data Interchange Model for Turkey Main Components of Data Interchange Model for Turkey...22 CHAPTER THE MODEL ARCHITECTURE Interoperability Framework Workflow in Data Interchange Model The Client Side Scenario The Agency Side Scenario...39 vii

9 4.3 Security Characteristics in Data Interchange Model Software Properties Assumptions and Limitations Assumptions Limitations...56 CHAPTER RESULTS AND CONCLUSIONS Results Answer Answer Answer Answer Answer Answer Answer Answer Conclusions Recommendations...62 REFERENCES...64 APPENDIX A...67 INTERNATIONAL STANDARDS USED IN THE PROPOSED MODEL...67 APPENDIX B...72 CENTRAL CENSUS MANAGEMENT SYSTEM PROJECT (MERNIS)...72 APPENDIX C...79 E-EUROPE AND E-EUROPE+ ACTION PLANS...79 viii

10 LIST OF FIGURES FIGURE 3.1 Model Outline Client-Agency Interactions SSL and Certification Mechanism Authentication Mechanism Portal Usage E-service Registry Usage Message Flow between Client, Registry and Provider User-Agency Interactions Agency-Agency Interaction Data Substitution Demographic Data Recording TCKIMLIKNO Searching VERGINO Searching and Recording Web Service Introduction Page Web Method of the Web Service Maliye Web Methods of the Web Service Mernis The web method GetMernisData The output of GetMernisData The web method SearchMernisData The Output of SearchMernisData Soap Request Soap Response...55 LIST OF TABLES TABLE 2.1 XML document SOAP Request SOAP Response Metadata Example XML Document (shiporder.xml) XML Schema Document (shiporder.xsd) SOAP Request SOAP Response 35 ix

11 LIST OF ABBREVIATIONS IF XML SOAP UDDI WSDL MS DBMS SSL TBD Interoperability Framework extensible Markup Language Simple Object Access Protocol Universal Description, Discovery, and Integration Web Services Description Language Metadata Standard Database Management System Secured Socket Layer Türkiye Bilişim Derneği x

12 CHAPTER I INTRODUCTION We live in an increasingly interconnected society, where the Internet has spawned tremendous improvements in efficiency and customer service. People use the telephone and the internet to get service 24 hours a day, seven days a week. In such a growing world, governments should transform themselves to give better services for citizens. In governments side, internet technologies become a key for new, technological government services. This approach, offering better government services using internet, created the concept of e-government [1]. It should be clear that, e-government is about transformation; technology is a tool. E-government is about transformation that helps citizens and businesses to find new opportunities in the world s knowledge economy. In addition, it can be considered that, e-government is a powerful tool for improving the internal efficiency of government and the quality of service delivery as well as enhancing public participation [2]. E-government is the use of the expertise, technology, and partnerships to integrate government services for the public by using power of the internet; it is not just a web page, which is simple HTML document on the web [3]. Until recent times, government, in general, has approached the task of providing services from an agency centric perspective. However, e-government views the world from a customer-centered perspective, a paradigm that precludes stovepipe services in which citizens must go to multiple agencies (and often multiple offices within an 1

13 agency) to do business with government. Providing services from a customer centered perspective means developing a single service interface regardless of what agency actually provides the service. By the E-government initiative, the primary goals for the governments are to: Make it easy for citizens to obtain service and interact with the government; Improve government efficiency and effectiveness; and Improve government s responsiveness to citizens [3, 4]. These three main targets can be explained in detail as the following outcomes that the e-government program seeks: Convenience and Satisfaction: Services provided anytime, anyhow, anywhere. People can have a choice of channels to government information and services that are convenient, easy to use and deliver what is wanted [5]. Integration and Efficiency: Services those are integrated, customer centered, and efficient. Information and services are to be integrated, packaged, and presented to minimize cost and improve results for people, businesses, and providers [6]. As an example, according to an IRS news release of April 26, 2002, 39.5 million Americans filed their 2001 income taxes electronically in 2002, 6.6 million of these used home computers a one-third jump from the previous year. People apply for passports and various licenses (for example, many states allow driver s license renewals via the Internet), and businesses apply for patents and permits, and supply wage reports and other required information to government agencies [7]. Participation: Participation in government. People and organizations are to be better informed and able to participate in government. The following approaches can be included in the meaning of participation: Aligning organization strategy and activities with the e-government strategy. Working with customers and stakeholders to learn how they can benefit from e-government. 2

14 Ensuring business plans (outputs, services, budgets) cater to the required activities. Integrating common foundations of e-government into the organization's business environment. Not all of these outcomes can be gained without the well-structured agencies that are responsible for giving customer centered services in e-government. Even if the government agencies can have their own infrastructures and specifications, the data/information should flow from an agency to another. This scenario is possible if the agencies can speak in the same language and understand each other. In e- government, this concept called as interoperability. By interoperating, agencies can: provide services and information electronically in the way that people want (convenience and satisfaction) work together electronically acting more like a single enterprise than a collection of individual agencies (integration and efficiency) make information available to people in ways that help them to participate in the processes of governance (participation) [8, 9] 1.1 Background of Problem E-government initiatives focus attention on a number of issues: how to collaborate more effectively across agencies to address complex, shared problems; how to enhance customer focus; and how to build relationships with private sector partners. Public administrations must address these issues if they are to remain responsive. These problems can be classified as follow. Citizens need to access government services or data/information at any time, anywhere, and by use of different types of technologies. Agencies need to work/understand with each other and prevent extra economic loads of storing same data/information in number of different places (agencies). 3

15 Businesses need to make efficient transactions with government using government web services and create new markets on the internet. Government agencies use old and technology dependent infrastructures. In this structure, interchanging data between two systems is difficult to realize. Inconsistent data definitions such as address, date, unique identifiers are the real problems for data interchanging. For instance, the government agencies and many of hospitals identify their clients or patients by use of different unique identifiers. Although Turkish people have unique identifier (TCKIMLIKNO), many of the government agencies do not use this number for identifying their clients. Shared data/information should have the same meaning for communicated agencies. It means that, there should be a consistency of semantics and syntax in data/information interchanging. In order to solve these types of technical problems, purchasing new systems, that are compatible with each other, is not a solution. Because, this type of approach requires lots of money and creates big economical load for the government agencies and government itself. These problems are caused by not only technological aspects but also legal difficulties and governmental procedures. In most cases, one of the most important problems is the absence of legal decisions for interchanging data between agencies. Agencies do not know how to share data/information with other agencies, and do not know what the sharing criteria in interchanging data/information are, which is the common opinion mentioned by the agencies, which participated into TBD meetings in Fall The e-government logic provides a solution for these problems providing a platform that has extensible, reusable, easy accessible, standardized, and secure structures at technological level and requires efficient managerial approaches. 1.2 Purpose of the Study Purpose of this study is to examine current approaches to e-government and develop an applicable data interchange model for Turkey based on current and 4

16 innovated technologies. This study also examines the advantages of the e- government project and the benefits of secure, layered, and integrated e-government infrastructures that make the adoption of e-government structure possible by other countries. 1.3 Definitions of Terms E-government: E-government is the use of electronic processes by citizens, businesses, and the government to communicate, to disseminate and collect information, to facilitate payments, and to carry out permitting in an online environment [10]. SOAP (Simple Object Access Protocol): SOAP is a lightweight XML-based protocol for exchanging structured and typed information. SOAP is the ingredient that provides functionality on remote machines without needing to know anything specific about those machines. (See section for details) WSDL (Web Services Description Language): When it comes to building a Web service, the Web Services Description Language (WSDL) is the most popular option for describing Web services. WSDL is the XML-based language for describing Web services [11]. (See section for details) UDDI (Universal Description, Discovery, and Integration): UDDI is a Web Service itself, and it allows businesses and individuals to publish information about themselves and the Web Services they are offering. It is conceived as a global directory service, open to everybody, simple to use, and comprehensive in its scope [12]. (See section for details) Web Service: A Web service is a unit of application logic providing data and services to other applications. Applications access Web services via ubiquitous Web protocols and data formats such as HTTP, XML, and SOAP, with no need to worry about how each Web service is implemented. Web services combine the best aspects of component-based development and the Web [13]. (See section for details) 5

17 Web Page: A HTML document on the web. Server: A machine that offers internet services. Client: A machine that operates on the user site. This term, sometimes can indicate the user or a computer program running on the user machine. Internet: A global network that includes the huge collection of computer networks on the world [14]. 6

18 CHAPTER 2 REVIEW OF LITERATURE Today we expect information and services to be online and available all times in our homes, schools, libraries, and work places. We have been quick to adopt the new ways of communicating both in business and in our personal life. Government is responding to these new demands [15]. E-government is all about government agencies that are working together to use technology so that they can better provide individuals and businesses with government services and information. E-Government is not a massive Information Technology (IT) project or a web page on the internet. Much of it is about establishing common standards across government agencies, delivering services more effectively, and providing ways for agencies to work together using technology [16]. E-government covers enhanced services for individuals and provides a better environment to build a knowledge-based economy and sustained prosperity. In addition, e-government makes it easier and cheaper to do business with government. Information systems have the potential to transform government and the services it provides to the public. However, it is not possible to work together to deliver joined up services without consistent policies and standards to underpin those systems. The well-defined web services make possible to achieve fast and efficient interaction of e-government components. There are main components that shape the e-government initiative and principles of data flow across the government sector. These main components are 7

19 Agency E-Citizen Portal E-Company Agency: Agency is the association in the government. Agency has its own services and shares these services with other agencies, companies and citizens. E-citizen: E-citizen is an individual. In e-government structure, citizens want to access any type of data/information about the government and try to make their government related works by using government agencies web services [17]. Portal: Portal is the place where people or companies find the ways to access other agencies web sites. In other words, portal provides a single point access to other part of the e-government structures [17]. It is a convenient way of finding out about government information and services from one place, without having to understand how government is structured and therefore which sites you need to use. In addition, government web site use is an important indicator proving whether government in general fulfills citizen expectations [18]. E-company: E-Company is the commercial institution that wants to offer its government related works via the internet and e-government structure. All of these components have great roles in the e-government initiative. Mainly, agency, e-citizen and e-company should be able to communicate with each other in secure ways and portal should provide a single point access to other agencies web sites. All agencies should be able to share data/information with other parties by using internet-based solutions. Agencies in e-government should be able to make data/information interchanging between each other and citizens by using common and consistent standards. This is one of the most important goals of an e-government project. In order to achieve seamless flow of data interchanging between agencies and other e- 8

20 government components, shared data/information should be same for all e- government parties. In order to achieve this goal, the special structure or platform is needed. At this point, the concept of interchanging data between e-government agencies becomes a problem that is absolutely needed to solve in E-government initiative. Transferring data from one agency to another, understanding the meaning of transferred data, processing this and producing other valuable information require interoperable, secure, adoptable and layered platform and all government agencies must have this framework structure for interoperability [19]. From now on, this platform will be called as Interoperability Framework (IF). The interoperability framework sets out the government s technical policies and standards for achieving interoperability [20, 21]. Clearly defined policies and specifications for interoperability and information management are also keys for staying connected to the outside world and aligned to the global information revolution. The IF provides all of these conditions. It is a fundamental framework policy for the e-government strategy [21]. The concept of interoperability is the core of the e-government initiative with respect to government. Interoperability can be explained as the ability of government organizations to share information and integrate information and businesses by use of common standards [22]. This ability, more precisely capability, clearly shows that the IF is a core and collective public sector asset, providing one of the common foundations of the e- government environment. It is critical to achievement of e-government goals, providing the capability for any agency to join with other electronically using known and agreed approaches to do so. This capability underpins several e-government objectives. In particular, use of the IF enhances the capability of agencies to integrate information and services across agency boundaries; and provide easy electronic access to government information and services for individuals and businesses [23]. 9

21 Governments should have interoperability framework to have better public services tailored to the needs of the citizen and business. If it is assumed that the legal and politic difficulties are overcome, main steps about producing government interoperability framework can be generalized as: determination of main policies and targets determination of standards and specifying core elements of interoperability framework 2.1 Determination of Main Policies and Targets IF, as a cornerstone of the e-government strategy, enables individuals to address the challenges of today s diverse systems and position themselves for new opportunities in the future. Adherence to the IF specifications and policies is mandatory. They set the underlying infrastructure, freeing up public sector organizations so that they can concentrate on serving the customer through building value added information and services. It should be for the organizations themselves to consider how their business processes can be changed to be more effective by taking advantage of the opportunities provided by increased interoperability. For governments, IF should be considered so that the data/information can be easily and securely accessible. In addition, IF should enable data/information flow between government agencies that have their own infrastructures and legacy systems. The legacy systems should not be the problem for data interchanging between government agencies. Agencies and other components of e-government should understand with each other independently from their technologies and legacy systems. 2.2 Determination of Standards In e-government structure, data/information should flow from one agency to another in the same meaning. All government components should talk in the same language. Otherwise, inconsistent dialogs, data/information redundancy problems 10

22 may occur. In order to overcome such problems common data dictionary should be created by taking opinions of all government agencies. With common data dictionary, providing secure, easy, standard, and fast data integration may be succeeded. In an e-government project, government aims to serve citizens, businesses and other government components by using well-defined web services. At this point, defining web services, registering these services and making agencies to speak in the same language are important issues. In most cases, to achieve these goals, new technologies, and international standards such as Web Services, XML, UDDI, SOAP, and WSDL are preferred Web Services To facilitate business processes, enterprise applications must communicate with one another and share data. Historically, is accomplished through proprietary specifications and data formats. However, the emergence of the World Wide Web and XML (extensible Markup Language) an open technology for data exchange has increased the possibility for interoperable system-to-system communication [24]. Web services are applications that communicate over open protocols such as HTTP using structured forms of XML such as the Simple Object Access Protocol or Remote Procedure Calls for XML. The success of web services is largely based on the continuous development of standards that ensure interoperability [25]. Web services are software programs that use XML to exchange information with other software via common Internet protocols XML (extensible Markup Language) XML is a widely supported, open (i.e., non-proprietary) technology initially released in 1996 by the World Wide Web consortium to facilitate data exchange. As the popularity of the Web exploded in the 1990s, the limitations of HTML (Hypertext Markup Language) became apparent. HTML s lack of extensibility (the ability to change or add features) and its inability to describe the data it formatted frustrated developers. XML is a complement of HTML. It is important to understand 11

23 that XML is not a replacement for HTML. In future Web development it is most likely that XML used to describe and carry data and focus on what data is, while HTML is used to format and display the same data and focus on how data looks [26]. XML is a cross-platform, software and hardware independent tool for transmitting information. The table 2.1 illustrates the basic example of the XML document, which can be used to define note data. <note> <to>sam</to> <from>mary</from> <heading>reminder</heading> <body>don't forget dinner!</body> </note> Table 2.1 XML document SOAP (Simple Object Access Protocol) SOAP is an XML-based protocol for exchanging information between computers. Although SOAP can be used in a variety of messaging systems and can be delivered via a variety of transport protocols, the initial focus of SOAP is remote procedure calls transported via HTTP. SOAP therefore enables client applications to easily connect to remote services and invoke remote methods. For example (as we shall soon see), a client application can immediately add language translation to its feature set by locating the correct SOAP service and invoking the correct method [27]. The purpose of SOAP is to enable data transfer between systems distributed over a network. When an application communicates with a web service, SOAP messages are the means through which the service is requested and provided. A SOAP message sent to a Web service invokes a method provided by the service, meaning that the message requests the service to perform a particular task. The service then uses information contained in the SOAP message to perform its function and return the results via another SOAP message. As an XML-based communication protocol, SOAP consists of a set of standardized XML schemas. The schemas define a format for transmitting XML messages over a network, including the types of data 12

24 that the message can include and the precise way in which the message must be structured so that the server on the other end can interpret it correctly. (e-gif UK, 2004) In the example below, a GetStockPrice request is sent to a server. The request has a StockName parameter, and a Price parameter returned in the response. The namespace for the function is defined in " address. The tables 2.2 and 2.3 illustrate the basic example of the SOAP request and response. <?xml version="1.0"?> <soap:envelope xmlns:soap=" soap:encodingstyle=" <soap:body xmlns:m=" <m:getstockprice> <m:stockname>ibm</m:stockname> </m:getstockprice> </soap:body> </soap:envelope> Table 2.2 SOAP Request HTTP/ OK Content-Type: application/soap; charset=utf-8 Content-Length: nnn <?xml version="1.0"?> <soap:envelope xmlns:soap=" soap:encodingstyle=" <soap:body xmlns:m=" <m:getstockpriceresponse> <m:price>34.5</m:price> </m:getstockpriceresponse> </soap:body> </soap:envelope> Table 2.3 SOAP Response WSDL (Web Services Description Language) Another standard that plays a crucial role in enabling Web services is WSDL. It is an XML format to describe how a particular Web Service can be called, what arguments it takes, and so on [12]. Every Web service published on the Internet accompanied by an associated WSDL file, which lists the service s capabilities, states its location on the Web, and provides instructions regarding its use. A WSDL file defines the kinds of messages a Web service can send and receive, as well as 13

25 specifying the data that a calling application must provide for the Web service to perform its task UDDI (Universal Description, Discovery and Integration) The third major Web services standard, UDDI, enables developers and businesses to publish and locate UDDI defines an XML-based format in which companies can describe their electronic capabilities and business processes; the specification also provides a standardized method of registering and locating the descriptions via the Internet. Part of the information that companies can supply is data regarding available Web services. Companies can store their information either in private UDDI registries, which are accessible only to approved business partners, or in public UDDI registries, which any interested party can access XML Schema XML Schema Published as a W3C Recommendation. XML Schemas define shared markup vocabularies, the structure of XML documents, which use those vocabularies, and provide hooks to associate semantics with them. XML Schema provides an essential piece for XML to reach its full potential. 2.3 Interoperability Framework The IF is a critical component of the e-government strategy, which implies development of a framework of policies and standards for achieving the capability for agencies to electronically interoperate on a consistent basis. IF is the key for many of the countries that try to create/design interoperable, easily accessible and secure government systems (Denmark, New Zealand). In all of these countries, the framework considered so that it covers the high-level policy statements, technical policies and management, implementation and compliance regimes. Standards and architectures for e-government applications contain technical directives and specifications for the development of e-government in the countries that work on the development of IF. The directives and standards aim at ensuring interoperability among the different IT systems of the public administration, thereby 14

26 enabling seamless communications and data sharing between all levels of government. In addition, this standardisation generates savings by reducing overall development costs and dramatically cutting the financial costs associated with noninteroperability of public sector systems. The policies and standards in the IF cover three key areas of technical policy, which are essential for interoperability. These are Interconnectivity, Data Integration, and Information Access. In all of these areas, the main trust of the specification has been to adopt the Internet and World Wide Web standards for all government systems. In most cases, to achieve this goal, some common technical approaches, listed below, are applied in the current interoperability frameworks that different governments designed/created for themselves. Metadata Standard (MS) MS defines the structure and rules governing metadata used by the public sector [28]. XML Schema Structure XML Schemas may be used to support an environment in which data is always in same meaning [29]. Data Standard Catalogue Sets out the rationale, approach and rules for setting and agreeing the set of Government Data Standards [30]. E-Service Registry E-Service registry considered as a structure that is responsible for storing e- government web services [31]. All of these technical approaches applied in many of the e-government systems for similar purposes [33, 34]. Even if these technical standards are used for the same purposes in current systems, some differences are observed. For example, the New Zealand uses the layered model and common technical standards for IF, while the UK uses the e-gif Registry approach for IF, but both countries uses XML, metadata standards, XML Schema standards, data standards catalogue architecture and other international open standards. 15

27 Even if the e-government initiatives have some differences in technical meanings, the main purpose of IF, for all governments, is to identify significant technology standards that have been deployed on a large scale across the e- government initiatives so as to ensure overall technical consistency. As such, it provides a guideline for public agencies as they develop new ICT projects. In this case, all government agencies are encouraged to adhere to the framework in order to avoid a multitude of bilateral interoperability agreements and to allow for a seamless flow of data exchange between administrations. In addition, the general framework recommendations should include the use of open standards and the redesign of administrative processes taking advantage of available technology. The policies and specifications, placed in IF, should be focused on the following high-level principles [35]: Effectiveness: e-government should not be limited to put existing services online, it should also enable the delivery of entirely new services. Efficiency: integrating local, regional, and national administrations should cut costs and improve access to information. Flexibility: citizens and companies should have multi-channel access to e- government services 24 hours a day, 7 days a week [35]. 2.3 Legacy Systems The concept of "legacy systems" is the critical point of the e-government project. The legacy systems are the systems that used by the agencies or other associations. For example, currently used database management system in a certain agency can be called legacy system. It is possible that the different agencies will use different legacy systems. Therefore, the IF should offer a medium in which all of these different types of systems can talk with each other. The associations or agencies may made big investments for these legacy systems and their currently used systems in the past. For the success of the e- government project, dropping these legacy systems and purchasing new structures for all agencies requires lots of money. This type of approach is a big economical 16

28 load for the governments. Therefore, The IF and other e-government systems should be independent of the legacy systems. 17

29 CHAPTER 3 METHODS OF THE STUDY This chapter reveals the main question of the study and related sub-questions. The methods of the study and research design are also discussed in this chapter. In addition, the proposed data interchange model for Turkey, the appropriate components of this model and the workflow are also presented. 3.1 Main Problem and Sub Problems Main Research Question The main purpose of this study was to offer e-government data interchange model for Turkey and to investigate the advantages of this model across the government Sub-Questions In this research, answers to the following questions were sought. Question 1. What is the e-government concept? Question 2. What are the main advantages of the e-government? Question 3. What are the main components of e-government data interchange Model? Question 4. What are the main technologies that can be used for e-government Data Interchange Model? Question 5. What is the current state of data interchange between government agencies in Turkey? 18

30 Question 6. What should be the key strategies for developing a data interchange model for Turkey? Question 7. Is the proposed model different from other models? If yes, what are the advantages that shared with other models, and the additional advantages? Question 8. Is there any international approach about the e-government initiative and the information society that is taken into consideration by Turkish Government? (See the answers of these questions in section 5.1 on page 57) 3.2 Design of the Study In this research, a data interchange model is offered for Turkey. In addition, the mechanisms for the concept of secure data interchanging are considered. For the purposes of the study, firstly, the concept of e-government investigated. Then, the current approaches in the world for e-government initiative were taken into consideration and studied. Afterwards, the new technologies used in current e- government models were investigated and studied. The specific agencies in Turkish government shared their opinions and approaches regarding e-government in meetings (TBD, Fall 2004). During the discussions, predefined the agencies were asked questions to find out limitations, technical deficiencies, and legal difficulties. In these discussions, agencies explained their current structures, workflows, technical infrastructures, and legacy systems. After these meetings across the government, the technical components of the e-government model were considered and necessary elements of the model were specified based on the standards. Finally, all of the agencies feedbacks, recommendations, limitations and technical deficiencies were taken into consideration and a data interchange model was developed for Turkey by use of international standards and new technologies (Section 3.4.1). After that, small application software was produced for demonstration of the data interchanging in government model. 19

31 3.3 The Current Situation The government includes many agencies. These agencies have their own policies and legacy systems. At a technical level, they have different types of operating systems, network infrastructures, data formats, and database management systems. In the current architecture, generally, the same data/information is stored by the agencies in different semantics. Because of this problem, generally, the agencies may not understand each other even if they try to share the same data/information. The concept of legacy system is the other important point for e-government initiative. Agencies have made big investments for their systems and storage areas (database systems) and set up their network infrastructures and database architectures. Therefore, dropping the current structures, legacy systems creates big economical loads for both government and its agencies. Because of this, the data interchange model for e-government agencies should be designed so that the legacy systems and current technologies can still be utilized within the new structure. 3.4 The Data Interchange Model in E-government The main purpose of this research was to offer a secure data interchange model in e-government for Turkey (Figure 3.1). This section presents an overview of the data interchange model and infrastructure of this model Outline of Data Interchange Model for Turkey In this model, data flow logic between the e-government components is designed based on the international standards. The proposed model for Turkey consists of several components as shown in Figure

32 DBMS B Data Agency Interface Response E-company Web Service Agency X Direct Request Ask E-government Network Data Access Government Metadata Standard XML Schema Standard Government Data Standards Catalogue E-service Registry (UDDI Registry) Interoperability Framework (IF) S E C U R I T Y G O V E R N M E N T Data Web Service DBMS A Data Agency Y Agency Interface Access P O R T A L Response Ask Figure 3.1 Model Outline E-citizen The Figure 3.1 shows the interaction of the e-government components with each other. According to this model, the data can flow from/to agency-agency and the client-agency. A client can be an e-company, an e-citizen, or another agency. In this model, the clients are able to request specific data/information from the agencies by use of the e-government portal or by use of agencies web sites directly. As seen in Figure 3.1, the agencies may have different types of technologies like database management systems, web services, or network infrastructures. It means that, this model consists of diverse systems, which does not create a communication problem between the e-government units because of the adoptable and extensible interoperability framework structure and the other platform independent technologies 21

33 such as XML, web services. There is an extremely important point that must be clear. The web service and the web page are different things technically. A web page is a HTML document on the web or internet just like e-government portal (see in Figure 3.1), but a web service is a software program, which is capable of exchanging information with other software programs over HTTP. The model in Figure 3.1 includes two web services in different agencies. These web services are just software programs that may be written in different programming languages but understand each other, because the entire web services produce data based on the XML document to be exchanged and the XML document is a platform independent. Another important point for this data interchange model is the agency interface approach. The one of the most important benefit of this model is saving the currently used systems. As a sample, by agency-interface approach, there is no need to make modifications on different databases (diverse systems) in agency X and agency Y in figure 3.1. Instead of making large scale of modifications on all database architectures in the agencies, this model supports an interface mechanism and keeps the legacy systems (Section 2.3). These technologies and the framework structure provide an efficient data communication in e-government network. The technical details of the framework architecture and the workflow of the model presented in sections 4.1 and Main Components of Data Interchange Model for Turkey Agency: The agency is a government association. In this model for Turkey, the agency can have its own web services and legacy systems such as different types of databases. The E-government agencies are able to interact with other agencies, citizens, companies. In addition, agencies can share their data/information by using web services on the WWW. E-Citizen: The E-Citizen is an individual. E-Citizens can access any permitted data/information about the e-government and make their government related works or processes by using governments web services. Portal: Portal is the door for e-government services. It is a place where the individuals or companies find the ways to access government agencies web sites. In 22

34 other words, portal provides a single point access to other part of the e-government structures or e-government agencies. It is an appropriate way for finding government information and services from one place. For a state government, the web portal serves as the integrated gateway, or main user interface, into the website. It provides both external constituents and internal government personnel with a single point of contact for online access to state information and resources. Through this gateway, millions of web users can access the vast landscape of information, services, and applications available on the state web sites [32]. E-Company: The E-Company is the commercial institution that wants to make its government related works via the internet and e-government structure. 23

35 CHAPTER 4 THE MODEL ARCHITECTURE In this chapter, the technical architecture of the IF and the workflow in data interchanging model are presented. 4.1 Interoperability Framework The IF, which includes the high-level policy statements, technical policies, implementation and compliance regimes, covers the exchange of information between government systems and the interactions between: Government and e-citizen Government and e-company (worldwide) Government and agency Government and other governments In order to provide these types of interactions, the interoperability framework should consist of important core elements. These elements play key roles for providing secure, seamless, and fast data/information interchanging across the government. The core elements of interoperability framework can be listed as: Metadata Standard XML Schema Structure Data Standard Catalogue E-Service Registry 24

36 Metadata Standard (MS) The metadata is data about data. Search engines can use it when they search the web or an intranet looking for information on a particular subject. The usage of metadata concept is the mandatory for accessing any type of data/information about the government since the other e-government players like e-citizens, agencies, e- companies usually want to reach specific government resources. In the data interchange model proposed for Turkey, the metadata descriptions should be defined for all resources that someone might search for via the web. A metadata record should describe, manage, and catalogue these resources in a consistent and efficient way that makes data/information easily accessible. It also means that people searching government websites are more likely to get relevant and meaningful hits when they search for government information. A metadata record should be made up of a number of separate elements. People should use these elements when they want to search government resources. As a sample, the author, title, and publisher can be elements about the book that is to be searched in government resources. Creator, function and availability can be other elements about the service that is given by the government agencies. The table 4.1 shows the example metadata descriptions and their explanations. Metadata DATE.CREATED: ISSUED: T11:00 Meaning For a press release approved and sent to editors on 2nd December 2002 but not available for public viewing until 11:00 a.m. the following day DATE.ACQUIRED: T15:37 For an received on 3rd July 1997 CREATOR: Assistant Director; Technology Strategy Team, Office of the e-envoy, Cabinet Office [email protected] For a resource for which chief responsibility for content rests with the Assistant Director Table 4.1 Metadata Example 25

37 Metadata standard should define the structure and rules governing metadata used by the public sector. This standardization is essential since the data/information interchanged in e-government and citizens should be able to find government information and services without having knowledge of the structure of government. In addition, agencies may use the metadata standard for the definition and discovery of government services and resources. The Metadata standard should be based on the internationally recognized Dublin Core standard, but has additional elements and refinements to meet the specialist needs of the public sector. In the model, the metadata standard should be developed and managed according to following principles: It should be independent. It should not be software, application, or project based. It should be simple to use by those with widely varying experience of preparing resource descriptions. It should be compliant with other government standards and policies, such as the data standards catalogue. It should be compliant with international standards. It should be extensible. XML Schema Structure Many of operations occurred in e-government initiative require data interchanging. While data/information is flowing from one agency to another across government, the meaning of the data should not be changed. Data should have same meaning for communicated parties. At this point, the inconsistent data definition is a critical problem. In order to solve this problem across the government, XML Schema may be used that support an environment in which data is always in the same meaning. XML Schemas can be used for data integration, validation, and management and may be placed in data standards catalog. With this approach, data can be defined once and used many. So, data standards catalog structure may be considered 26

38 as the huge list of data definitions based on XML Schemas. The tables 4.2 and 4.3 illustrate the basic examples of the XML document and its schema definition. <?xml version="1.0" encoding="iso "?> <shiporder orderid="889923" xmlns:xsi=" xsi:nonamespaceschemalocation="shiporder.xsd"> <orderperson>john Smith</orderperson> <shipto> <name>ola Nordmann</name> <address>langgt 23</address> <city>4000 Stavanger</city> <country>norway</country> </shipto> <item> <title>empire Burlesque</title> <note>special Edition</note> <quantity>1</quantity> <price>10.90</price> </item> <item> <title>hide your heart</title> <quantity>1</quantity> <price>9.90</price> </item> </shiporder> Table 4.2 XML Document (shiporder.xml) The XML document above consists of a root element, "shiporder" that contains a required attribute called "orderid". The "shiporder" element contains three different child elements: "orderperson", "shipto" and "item". The "item" element appears twice, and it contains a "title", an optional "note" element, a "quantity", and a "price" element. The top line: xmlns:xsi=" tells the XML parser that this document should be validated against a schema. The line: xsi:nonamespaceschemalocation="shiporder.xsd" specifies where the schema resides (here it is in the same folder as "shiporder.xml"). 27

39 <?xml version="1.0" encoding="iso "?> <xs:schema xmlns:xs=" <xs:element name="shiporder"> <xs:complextype> <xs:sequence> <xs:element name="orderperson" type="xs:string"/> <xs:element name="shipto"> <xs:complextype> <xs:sequence> <xs:element name="name" type="xs:string"/> <xs:element name="address" type="xs:string"/> <xs:element name="city" type="xs:string"/> <xs:element name="country" type="xs:string"/> </xs:sequence> </xs:complextype> </xs:element> <xs:element name="item" maxoccurs="unbounded"> <xs:complextype> <xs:sequence> <xs:element name="title" type="xs:string"/> <xs:element name="note" type="xs:string" minoccurs="0"/> <xs:element name="quantity" type="xs:positiveinteger"/> <xs:element name="price" type="xs:decimal"/> </xs:sequence> </xs:complextype> </xs:element> </xs:sequence> <xs:attribute name="orderid" type="xs:string" use="required"/> </xs:complextype> </xs:element> </xs:schema> Table 4.3 XML Schema Document (shiporder.xsd) The Table 4.3 shows the schema that is used to describe data, which is in the form of XML document (shiporder.xml). From now on, this data definition (shiporder.xsd) can be used in data standards catalogue, which is used as huge list of data definitions book in the framework. Thus, the usage of the shiporder data does not create ambiguities across the government network since it was defined in data standards catalogue once. 28

40 The IF should mandate the adoption of XML and the development of XML Schemas as the cornerstone of the government interoperability and integration strategy. A key element in the development of the XML Schemas is an agreed set of data standards. The data standards catalogue should set out the rationale, approach and rules for setting and agreeing the set of data standards that may be used in the schemas and other interchange processes. In addition, the advantages of the XML Schema Structure for the model can be generalized as: It can provide means for defining the structure, content and semantics of XML documents. It can be used for data integration. By XML Schema, processors receiving data know what to expect, and how to handle it. XML Schema can enable data interchange with much reduced ambiguity. E-Service Registry (UDDI Registry) E-Service registry may be considered as a structure that is responsible for storing e-government web services. By this approach, classifying, categorizing, integrating web services may become easy and fast. Table 4.3 can be an example record in the e-service registry. 4.2 Workflow in Data Interchange Model This section explains how e-government units interact with each other. The workflow in e-government architecture also explained in this section. The information request may be started by an agency or another client (e-citizen, e- company etc.) in this data interchange model. Two scenarios are used for explaining the workflow. In the first scenario, the data/information request started at the client side and the data communication is created between client and agency. In the second scenario, the data/information interchanged between different agencies. 29

41 4.2.1 The Client Side Scenario In this scenario, a client has three alternative ways to communicate with an agency. The first way is to interact with an agency directly using the web site of this agency and second way is the usage of the e-government portal for finding the web site of an agency. The other alternative solution is the e-service registry use for discovering the web services given by the agency. In the first way, if the client knows the internet address of an agency then he/she can use the browser based solutions (web page browser) and interact with an agency directly. The Figure 4.1 illustrates this type of interaction. DBMS Web Service AGENCY Y i n t e r f a c e Data Encryption Authorization / Authentication Firewall Security Policies B R O W S E R Client Figure 4.1 Client-Agency Interactions In Figure 4.1, client (e-citizen) requests specific type on information like TCKIMLINO or VERGINO from an agency web site using his/her browser and this service offered by a web service in an agency Y. For this operation, the web service needs some demographic information (name, surname, birth date, and birthplace) of e-citizen. After the e-citizen submits his/her demographic information, then the information sent to the data is encrypted using 128-bit SSL encryption procedure. By this approach, data/information becomes unreadable form against the illegal operations like hacking or sniffing attacks. 30

42 SSL Client (e-citizen) SSL Server (agency) I Handshake Start Client Random Supported Cipher Suites Supported Compression Algorithms II Server Random Decided Cipher Suite Decided Compression Algorithm Server Certificate and Server Public Key III Client Certificate Client Public Key Encrypted Premaster Secret Handshake Finished IV Handshake Finished Application Data Figure 4.2 SSL and Certification Mechanism Encrypted and compressed Figure 4.2 illustrates how a security handshake establishes a secure connection between the client and agency. Once the handshake completes, the server and client have a common secret key with which data is encrypted and decrypted. In other words, SSL uses the public key(s) to encrypt exchanges for generating the shared secret key. Despite the advantages of using public key encryption alone, SSL 31

43 combines them. It does so because the public key encryption system takes more time to encrypt and decrypt messages than the secret key encryption system. Thus, the combination used by SSL takes advantage of both the easy maintenance of public key encryption and the quicker operating speed of secret key encryption. In Figure 4.3, at phase I, the client starts the handshake, and then sends a random number, a list of supported ciphers, and compression algorithms. At phase II, the server selects a cipher and a compression algorithm and notifies the client. Then it sends another random number and a server certificate (which includes a public key). At phase III, the client sends a pre-master secret to the server, encrypting it with the server public key. Finally, the client might send a client certificate. Now the handshake is completed. The server and the client each generate a master secret key by combining the random number that the server sent, the random number that the client sent, and the pre-master secret. Several secret keys are created from the master secret. For example, one is used for encrypting transmitted data, and another is used for calculating digest value of the date for integrity. SSL ensures authentication (by verifying the certificates), confidentiality (by encrypting the data with a secret key), and integrity (by digesting the data). Some information or data accessing operations at the agency side can be arranged according to authentication policy. In this case, the e-citizen should need to be authenticated in order to access some specific type of data by using his/her unique identifiers like username/password pair or TCKIMLIKNO (login procedure). Figure 4.4 illustrates the authentication procedure that happens when the e-citizen attempted to access special data/information over the government network. 32

44 Web Browser Web Server GET /protected/index.html HTTP/1.0 HTTP/ Unauthorized WWW-Authenticate: Basic realm= Basic Authentication Area Input password GET /protected/index.html HTTP/1.0 Authorization: Basic U2htdkshd7s7s8m2lkhsd8sn3ksns HTTP/ OK Figure 4.3 Authentication Mechanism When the web browser sends an HTTP request to access a protected Web resource, the Web server returns an HTTP response, which includes the error code "401 Unauthorized" and the following HTTP header: WWW-Authenticate: Basic realm= Realm Name. Realm is a name given to a set of Web resources, and it is a unit to be protected. Basic in front of realm indicates a type of authentication in this case, BASIC-AUTH. Based on this information, the Web browser shows a login dialog to the user. Then, the Web browser sends an HTTP request again including the following HTTP header: Authorization: Basic credential. Although the credential looks like encrypted text, it is logically plain text because its format is simply UserName:Password encoded with Base64, for example, U2thdGVib. The Web server authenticates the user with the user ID and password included in the 33

45 credential. If the given user ID and password are wrong, "401 Unauthorized" is returned. Moreover, the Web server has an access control list that specifies who can access what and checks whether the authenticated user can access the web resource. If the check succeeds, then "200 OK" is returned; otherwise, "401 Unauthorized" is returned. The agency has also firewall mechanism for preventing the incoming requests from unsecured area. By using the firewall mechanism, agencies can arrange the trusted or not trusted areas by filtering the IP numbers. Thus, agency users or software programs used at the agency side cannot reach the unsecured regions on the web. The data/information exchanging between the client browser and agency is in the form of XML by means of SOAP request and SOAP response. The client and agency communicated with each other using the SOAP technology. The Table 4.4 and 4.5 illustrate important parts of the client s SOAP request and the web service s SOAP response that are produced due to client s TCKIMLIKNO request from the web service. <soap:body> <SearchMernisData xmlns= > <ad xsi:type="xsd:string>ozgur</ad> <soyad xsi:type="xsd:string>ozturk</soyad > <anaadi xsi:type="xsd:string>minor</anaadi > < babaadi xsi:type="xsd:string>bahattin</babaadi> <dogumyeri xsi:type="xsd:string>uskudar</dogumyeri> <dogumtarihi xsi:type="xsd:string> </dogumtarihi> <SearchMernisData> </soap:body> Table 4.4 SOAP Request 34

46 <soap: Body> <SearchMernisData> <SearchMernisDataResult xsi:type="xsd:string">321321</searchmernisdataresult> </SearchMernisData> </soap: Body> Table 4.5 SOAP Response The SOAP request includes the value of the parameters, which are required by web service function SearchMernisData. It is important that, the data types of these parameters are also included in SOAP request. By this way, the client says that, I am sending these parameters, their types and their values, so, give me a return value of the function, give me a result. After that, web service function SearchMernisData (See the implementation of the SearchMernisData in Appendix B) takes these parameters, processing them and produce the result. The type of the return value of the function is string and its value is By the SOAP response, server says that, I received parameters that you sent, and now I am sending the result value whose type is string. Both the request and response are in the form of XML, therefore, this information can be exchanged between different platforms. Another security policy is XML encryption that can be applied during this SOAP communication between client and server. In the second way, a client may not know the exact internet address of the agency. In this case, e-government portal shown in Figure 3.1 can be used. A government web portal should have consistent interfaces that are easy to use. Further, the portal content should be accessible to all state constituents. Unlike private companies, which can develop their web portals to meet the needs of a carefully defined target audience, states must develop their web portals to provide equal access for all state constituents [32]. The e-government portal covers the access points to the agencies web sites. By this approach, client can visit the government portal and find the desired agency. The Figure 3.3 demonstrates the second way. 35

47 Agency X Web Page e-government web PORTAL ASK Agency Y Web Page agency X URL agency Y URL... Client Figure 4.4 Portal Usage According to Figure 4.4, the e-government portal is an easy way for locating government agencies web sites from one place and this situation facilitates the client operations while he/she searching the agencies internet address. People also use government Web sites to complete transactions. According to an IRS news release of April 26, 2002, 39.5 million Americans filed their 2001 income taxes electronically in 2002, 6.6 million of these used home computers a one-third jump from the previous year. People apply for passports and various licenses (for example, many states allow driver s license renewals via the Internet), and businesses apply for patents and permits, and supply wage reports and other required information to government agencies [7]. The other alternative way to reach the agency or its web services is the e- service registry (UDDI registry) use. This structure is located in the IF and it helps clients to search and locate the web services. The e-service registry is the mandatory for those who do not know the web services locations. The Figure 4.5 illustrates the e-citizen-registry-agency relation. 3 1 Agency X (service provider) SearchMernisData 2 E-service registry Figure 4.5 E-service Registry Usage 36

48 In Figure 4.5, it is assumed that, the e-citizen does not know the location of the web service SearchMernisData that is responsible for querying the TCKIMLIKNO of individuals. The e-service registry includes the meta service for locating web services by enabling robust queries against rich metadata. In step1, e-citizen interacts with the e-service registry interface and uses a meta services. In step 2, the e-service registry returns the location information of web service back to the client. The answer of e-service registry consists of web services list, which are responsible for querying SearchMernisData and the internet address of the web services. In this case, the registry returns the SearchMernisData and its provider address (agency X). In step3, client can easily locate the web service location and access it. As a technical level, the web service registry contains programmatically accessible descriptions of businesses and the services they support. It can also include references to industryspecific specifications that a web service might support and identification systems (used for meaningful identification of businesses). Figure 4.6 shows the technical relation between client-registry-service providers. The e-service registry built on the data provided by its customers. There are several steps to make data useful in this registry. Publishing useful information to the registry begins when software companies and standards bodies define specifications relevant to an industry or business, which they register in registry. The web service registry keeps track of all these entities by assigning each one a programmatically unique identifier, known as a Unique Universal Identifier (UUID) key. This key is guaranteed to be unique and never changes within a registry. These keys look like a formatted random hexadecimal string (for example, C0B9FE13-179F-413D-8A5B-5004DB8E5BB2). They may be used to reference the entity with which they are associated. UUID keys created in a registry are only meaningful within the context of that registry. Other clients, such as search engines, and business applications, use a UDDI registry to discover services of interest. In turn, other businesses may invoke these services. 37

49 Figure 4.6 Message Flow between Client, Registry and Provider All exchanged messages in Figure 4.6 are in the form of XML documents. The following lines explain the message flow in Figure 4.6 The Service Provider: E-government agency Directory : The UDDI Registry Service Consumer : The any types of client 1. A service provider describes its service using WSDL. This definition published to a directory of services. The directory can use Universal Description, Discovery, and Integration (UDDI). 2. A service consumer issues one or more queries to the directory to locate a service and determine how to communicate with that service. 3. Part of the WSDL provided by the service provider passed to the service consumer. This tells the service consumer what the requests and responses are for the service provider. 4. The service consumer uses the WSDL to send a request to the service provider. 5. The service provider provides the expected response to the service consumer. 38

50 4.2.2 The Agency Side Scenario In this scenario, the agencies (agency X, agency Y) are communicating each other as illustrated in figure 4.7 and 4.8. These agencies can interoperate each other in e-government network even if they have different types of legacy systems since the interchanged messages over the network based on the XML documents. Thus, the diverse systems can share and integrate the platform independent XML documents. In this scenario, two types of interaction may happen between the agencies. In first case, the agency users can request data/information from another agency services. Agency X User Agency Y Server Get outside network rights from firewall OK/ Access to outside network Get Agency Y electronic certification info OK/ electronic certification acceptation state Get data/information access rights from agency Y interface OK/ Access to data/information Send encrypted SOAP request Send encrypted SOAP response Figure 4.7 User-Agency Interactions 39

51 When the agency user needs to communicate with other agency, he/she should face the firewall mechanism to check the user rights for outside network. If agency user does not have permission to go outside of the agency network then this action should rejected. However, if the agency user has enough permission for outside, in this time the digital certification security policy should be applied. The two different agencies should know each other over the network by checking their electronic certificates. If a computer on the agency X network tries to reach the server of agency Y then, the agency Y should know that, this visitor computer belongs to agency X network. The digital certification security policy can be used for this checking/matching (validations of an agencies) process. If server of agency Y cannot know/define the visitor then request should automatically rejected. After the digital certificates accepted by agencies then the data communication can start. If the data/information that is to be accessed in agency Y needs the special rights, then the user in agency X need to be authenticated for this action. The incoming/outgoing data between the agencies may be confidential for the agencies; in this case, the data encryption policy should be used for data interchanging. Thus, the interchanged data/information is unreadable for not trusted networks or individuals. Some operations like confidential data modifications, private data security on the e- government network may require high-level permissions or passwords that are impossible to duplicate. In this case, more advanced secure techniques than simple password mechanisms may be required. The digital signature application should be used in such actions. If the agency user does not fail in these security levels then, the data or message flow between the agencies is identical to the client side scenario, which means the agency user makes SOAP request to the agency Y web service and web service gives SOAP response back to the agency user. As in the second case illustrated in Figure 4.8, the web services in the agencies can communicate with each other. The security approach of such type of interaction is similar to first communication situation illustrated in Figure 4.7 (agency user-agency). As a difference, instead of checking/matching the agency user rights for accessing data, in this case the web services can be checked by agency interface mechanism during data/information access. 40

52 Agency X Web Service X DBMS Update DBMS X Data Agency Interface (Arrange incoming data for DBMS X) D A T Auth./Authorization Certification A Firewall Digital Signature Encryption Security Policies Agency Interface (Arrange incoming data for DBMS Y) Agency Y Data Web Service Y DBMS Update DBMS Y Figure 4.8 Agency-Agency Interactions In this situation, web service X can request information (SOAP request) from the web service Y and then the web service Y can response (SOAP response) back to the web service X (same as in the tables 4.4 and 4.5) even if these web services are written in different programming languages. This situation does not create a communication problem. Because, whatever the web services programming language is, all of the web services produce XML document as a request/response and XML document is a platform independent technology that is readable and understandable for different programming languages in different platform. During the communication of the web services each other the firewall mechanism, digital certification system and data encryption policies must be activated. 41

53 The agency interface approach is the other important point of this scenario. It must be clear that, in this model, the agency interface and the agency web site are completely different things. The interface mechanism considered to provide effective communication between agencies without much modification on currently used systems. Because, according to data interchange model offered by this research, the legacy systems (currently used systems in agencies) should not be wasted. According to interface mechanism, if the web service Y sends data/information to the web service X then the agency X interface should check incoming data whether it is compatible with the legacy system (DBMS X) of agency X. The interfaces of the agencies can use the XML Schema for this operation. As a sample, in figure 4.8, the in the case of web service X requests a data from the web service Y, the web service Y can retrieve this information from DBMS Y, and after that, data is sent to the web service X as a response. The web service X may need to store this data/information in DBMS X. However, what happens if the type of data stored in DBMS Y is different from the type of data, which is stored in DBMS X? In this case, the type mismatches problems occurring during the database operations such as INSERT or UPDATE. The answer is the interface mechanism with XML Schema and its substitution property. Substitution is one of the main benefits of defining type hierarchies and it is similar to a type cast in most programming languages. XML Schema makes possible a substitution in two different types. The interface mechanism can use this property to substitute the incoming data with another, which is compatible with the DBMS. By this way, the data/information can easily flow agency to agency without huge amount of arrangements/modifications on the agencies. The figure 4.9 shows the data conversion between the agencies. In this figure, the interface mechanism of the agency Y makes incoming data compatible with its legacy system (DBMS Y) that is incompatible with the incoming data at the beginning. Therefore, the interface mechanism can be considered as a type cast level during this conversion operation. 42

54 Incoming data (Data type is: X, value is: ) Interface of Agency Y <tns:x xmlns:tns="..." xmlns:xsi=" xsi:type="tns:y">12345</x> Outgoing data (Data type is: Y, value is: ) DBMS Y (Legacy System) (Compatible with data type Y) Figure 4.9 Data Substitution Now the XML Schema processor treats X as Y. Thus, the converted data becomes a compatible form, which may be inserted or updated in DBMS Y. 4.3 Security Characteristics in Data Interchange Model In section 3.4.1, security is shown, as crossing all components of interoperability framework to reflect the fact it needs to be designed into a system, not added as a layer on top. The IF should contain standards at the various levels designed to offer different levels of security as appropriate. In the offered model, the concept of security is essential for data interchanging and for the integrity of the e-government model components. In order to provide secure data interchanging in e-government, all of the security issues should be considered from the point of basic password authorization to complex e- 43

55 government systems. The mandatory security policies that must be applied for secure data interchanging model can be classified as: password authorization data encryption techniques, digital certificates and digital sign application The outline of data interchange model has been given in the section According to the outline, agency users, e-citizens, e-companies or other agencies, may access data/information. Therefore, the user authentication/authorization for accessing data, digital certification system for agency validation, encryption for interchanging data between the e-government components, and digital sign application for authenticating/verifying the identity of the data/information owner, should be applied for the security of the model. The next step in the security policy should provide the policy-based security management. In this approach, a policy management server should provide a single and global sign-on for multiple systems, which can eliminate the need for multiple passwords. It also manages the security independently from each of the individual applications, with authorization administered and managed at a single point as an enterprise-wide common service. 4.4 Software Properties In most cases, the organizations and government agencies need the personal information of individuals. The same personal data/information is stored by the different agencies diverse systems However; this operation causes technical and economical loads for the agencies and companies. In the model proposed for Turkey, it is recommended that this type of information should be stored in a central location. In addition, this data/information should be interoperable with the agencies and their legacy systems. 44

56 In this research, the prototype software called patient registration system was produced. This software is considered to demonstrate the registration procedure of the hospital. Instead of storing the e-citizens demographic data/information, this system stores the unique number that is called TCKIMLIKNO that identifies the individuals and stands for abbreviation of Turkish Republic Citizen Identification Number. The unique number TCKIMLIKNO is the part of the MERNIS project and consist of 11 characters. (See details of the MERNIS project in APPENDIX B) The demographic data/information about the e-citizen retrieved from a central location by using a web service and after this operation; only the TCKIMLIKNO data is stored in the system. This operation has been shown in Figure Figure 4.10 Demographic Data Recording If the e-citizen does not know his/her TCKIMLIKNO, the software provides a functionality to get the needed TCKIMLIKNO via another web service. By this web 45

57 service, the user of the software can search the e-citizen s TCKIMLIKNO by use of specific demographic information of individual as shown in Figure 4.11 Figure 4.11 TCKIMLIKNO Searching When the button Sorgula is pressed then the parameters on figure 4.11 are transferred to the WebMethod which declaration is written below. After the parameters processed, the TCKIMLIKNO information is returned to the client. [WebMethod] public DataSet SearchMernisData(string ad, string soyad, string anaadi, string babaadi, string dogumyeri, string dogumtarihi) Method implementation (see appendix B)} 46

58 In the same logic, the VERGINO is retrieved from a central location for the insurance and the billing procedures. In this case, the produced software uses another web service. The user sends citizens TCKIMLIKNO and gets his/her VERGINO by use of the software functionality as shown in Figure Figure 4.12 VERGINO Searching and Recording In figure 4.12, if the TCKIMLIKNO parameter is sent to the WebMethod by clicking the button Ara then this parameter is processed by the method and then, the VERGINO information is returned back to the client. The declaration part of this function is written below. [WebMethod] public string GetVergiNo(string kimlikno) Method implementation (see appendix B) } 47

59 The purposes of the designed web services are to make a small reorganization for exchanged XML messages, SOAP actions and created WSDL documents between client and server like e-citizen and agency. These web services can be called directly from the other application programs and those programs can use the result XML document/message. In addition, the client browser as shown in Figure 4.13 can directly call the web services. Figure 4.13 Web Service Introduction Page When the web service (Maliye.asmx) is called from the client s browser, the service name and its service method name are shown in the browser window. Then the web service can be used by just clicking on its service method name, GetVergiNo. 48

60 Figure 4.14 Web Method of the Web Service Maliye The web method shown in Figure 4.14 takes the TCKIMLIKNO as a parameter from the client (e-citizen) and gives VERGINO back to the client. The required parameter TCKIMLIKNO should be written in prompt box displayed on the screen. Afterward, if the invoke button is pressed then web method of the web service is processed and result is sent to the client as XML document (soap response/message). This web interface, shown in figure 4.14, uses the same WebMethod GetVergiNo (see declaration on page 47). It means that, after the web services and their methods declared once, and then application programs (Figure 4.12) or web pages (Figure 4.14) can access these web services. This is the one of the big advantages of the usage of the web services. 49

61 Figure 4.15 Web Methods of the Web Service Mernis The other web service is Mernis, illustrated in Figure 4.15, which is responsible for retrieving and searching the demographic data/information of individuals from a central location. This web service is consisting of two web methods. First web method is the GetMernisData and it is responsible for retrieving demographic information. The interface of this method and its output are shown in Figures 4.16 and

62 Figure 4.16 the web method GetMernisData The method declaration of the GetMernisData is written below. The TCKIMLIKNO information is received by the method and then demographic information of an individual is returned back to the client as a dataset. [WebMethod] public DataSet GetMernisData(int kimlikno) Method implementation (See appendix B) } 51

63 It is very important that, the web interface of the GetMernisData (Figure 4.16) is very similar to the method declaration above. There are SOAP request and the SOAP response parts in the web interface. The method parameter (kimlikno) is placed in the SOAP request part in the web interface, and returned value (DataSet/Schema) of the method is placed in the SOAP response in the interface. It means that the communicated parties (client and server) know the type of the information before the data transmission has been started. This functionality is provided by the usage of the schema technology as illustrated in Figure In this figure, the type of the requested/response data specified in schema before the Invoke button is pressed. Figure 4.17 the output of GetMernisData The figure 4.17 shows the schema output of the method (GetMernisData) in the form of XML document. Since the method (on page 51) returns the dataset in its 52

64 declaration, the schema elements are defined as complextype and their names are specified as Table which encapsulates pieces of data. In the implementation part of the method GetMernisData, the demographic information of an individual are retrieved from a central database and these information transferred to the client as illustrated in figure Since the returned value of the method is in the form of XML (Figure 4.17), another application program or a web service can use this XML document. The second web method SearchMernisData that is responsible for getting the TCKIMLIKNO that belongs to e-citizen. The interface of the web method SearchMernisData and its output can be shown in Figures 4.18 and Figure 4.18 the web method SearchMernisData 53

65 Figure 4.19 the Output of SearchMernisData At this point, it is needed to deal with the important part of this research that is SOAP message, shown in Figures 4.20 and The term soap message stands for the XML messages/documents that interchanged between client (e-citizen) and server (agency). There are two SOAP messages in data interchanging procedure between client and server. First message is SOAP Request (Figure 4.20) and second message is SOAP Response (Figure 4.21). <soap:body> <GetVergiNo xmlns=" "> <kimlikno>321321</kimlikno> </GetVergiNo> </soap:body> Figure 4.20 Soap Request 54

66 <soap:body> <GetVergiNoResponse xmlns=" "> <GetVergiNoResult>111111</GetVergiNoResult> </GetVergiNoResponse> </soap:body> Figure 4.21 Soap Response In Figure 4.20, the TCKIMLIKNO parameter is placed between the <kimlikno></kimlikno> tags and name of these tags (TCKIMLIKNO) is used as a parameter in the implementation part of the web service. The method name and its parameter can be shown in the SOAP request. In Figure 4.21, the VERGINO parameter is placed between the <GetVergiNoResult></GetVergiNoResult> tags and value between these tags stand for the result of web service method and the result (111111) is sent to the client as XML document. In the model, all data interchanging operations can be realized in the form of extensible and platform independent XML documents. The produced software is the application example of the proposed data interchange model where the agencies can have diverse systems. For example, the agencies can have different types of database management systems. Besides, the web services that are used in the agencies can have different types of technologies. In addition, the agencies software can be produced by use of different types of programming languages. However, the proposed data interchange model integrates these diverse systems into e-government architecture by use of the common standards since the proposed model is independent of the legacy systems used in agencies. By this way, all agencies and diverse systems can speak in the same language and understand each other. 55

67 4.5 Assumptions and Limitations Assumptions For this study, the following assumptions were made: The legal difficulties for the data/information interchanging between government agencies have been removed. The infrastructures for security layer that contains authentication, authorization, digital certificates, and digital signature in data interchange model have been designed and produced. The format of interchanged data across the e-government has been specified according to national/international data standards using XML Schema. The interoperability framework whose components offered in this research has been produced. All programs and agency interfaces in the model have been produced according to Open System Architecture and not related to any type of the specific technologies Limitations The following limitations were relevant to the present study. This study was limited to capability of the current technologies used in data interchange model. Only technological part of data interchange is considered. Although security components are listed, they are assumed to be ready for use. 56

68 CHAPTER 5 RESULTS AND CONCLUSIONS In this chapter, the questions in Chapter 3 are answered and the main proposed advantages of data interchange model are presented. 5.1 Results The questions given in chapter 3 are listed below. What is the e-government concept? What are the main advantages of the e-government? What are the main components of e-government data interchange Model? What are the main technologies that can be used for e-government Data Interchange Model? What is the current state of data interchange between government agencies in Turkey? What should be the key strategies for developing a data interchange model for Turkey? Is the proposed model different from other models? If yes, what are the advantages that shared with other models, and the additional advantages Answer 1 The E-government, or electronic government, is the use of technology to improve government services. E-government is a way for governments to use the new technologies to provide people get access that is more convenient to government information and services. The E-government is the composition of expertise, 57

69 technology, and partnerships for integrating government services for the public by use of power of the internet Answer 2 The purpose of this question was to explain the main advantages of the E- government. The main advantages of the e-government listed below. E-government is all about government agencies that are working together to use technology so that they can better provide individuals and businesses with government services and information. It is not a massive Information Technology (IT) project. The main advantages of the e-government can be listed as: Convenience and Satisfaction: Services provided anytime, anyhow, anywhere. Integration and Efficiency: Services those are integrated, customer centered, and efficient. Participation: Participation in government. People and organizations are to be better informed and able to participate in government Aligning organization strategy with the e-government strategy. Working with individuals to learn how they can benefit from e-government. Ensuring business plans cater to the required activities. Integrating the common foundations of e-government into the organization's business environment Answer 3 The purpose of this question was to summarize the main components of the data interchange model for Turkey. In this research, it is considered that the model has four important components. These components can be classified as: Agency E-Citizen Portal E-Company Interoperability Framework 58

70 5.1.4 Answer 4 The main purpose of this question was to give an idea about the popular and standard technologies that can be used to build data interchange model for Turkey. In this research, the current technologies were investigated in detail and the benefits of these XML based technologies for the proposed model were discussed. These technologies can be classified as: UDDI (Universal Description, Discovery, and Integration), for locating and accessing web services that are used in e-government. SOAP (Simple Object Access Protocol), for initiating conversations with a UDDI service. SOAP makes object access simple by allowing applications to invoke object methods, or functions, residing on remote servers. WSDL (Web Service Description Language), for defining the web service interface and its implementation characteristics. Web Services, for providing a new level of interaction to all kinds of applications. The ability to access and use a remote web service to perform a function within an application enables programmers to quickly deliver more sophisticated applications in less time. XML Schema, for making it easier for an application to process the contents of a document. All of these technologies have been used as international standards because of their flexibility, extensibility, security and the platform independency Answer 5 During this research, interviews were made with the authorized officers of the agencies to understand the state of the data interchange between agencies. Many of them stated the problem of redundant data, which are stored by the different agencies. In addition, inconsistent data definitions were stated as another important problem. Many of them stated that there is no consistency of syntax and semantics in data interchanging between the agencies. Besides, according to agencies, the technological dependency was the critical point. The authorized officers of the 59

71 agencies stated that the old and technology dependent structures creates big economical loads for the agencies, and is the main threat for e-government Answer 6 The purpose of this question was to give an idea about the key strategies for developing a data interchange model for Turkey. These strategies can be classified as follow: Flexibility, the proposed model should be easily integrated into the other structures. Extensibility, the data interchange model should be developed and extensible according to needs of the Turkey. Security, the model should contain high-level security policies. Open Standards Compliance, this model should be compatible with the common technologies used as international standards. Cost effectiveness, the proposed model should prevent the economical loads during the e-government formation. Technology independency, the data interchange model should be independent of the certain technologies and systems. Interoperability, this model should be interoperable with the other applications or structures used in the agencies Answer 7 The purpose of this question was to explain the similarities and the differences between the proposed data interchange model and the other currently used models. Similarities, the proposed e-government data interchange model has the similar advantages of the other models. Among the said advantages are flexibility, extensibility, interoperability, technology independency, security and open standards compatibility. In addition, the core part of the proposed model is the interoperability framework as it is in other models. Differences, but the proposed data interchange model has some differences. For example, there is interface logic in the model (See the Figure 3.9 and 60

72 Page 39). All agencies are able to interact with the other clients through this interface without the modification of their legacy systems. Besides, by the proposed data interchange model, the currently used systems or diverse systems located in the agencies do not need to be wasted Answer 8 The purpose of this question was to give an idea about the international approaches to e-government initiative and the information society, which contains the Turkish Government. As a strategic approach, the Turkish Government has technical, political and common movements with the European Union about the e- government and the information society concepts. These movements are known as eeurope and eeurope+ action plans at the international platform (see small presentations from eeurope and eeurope+ in appendix C). 5.2 Conclusions Building trust between government and citizens is fundamental to good governance. The e-government can help to build trust by enabling citizen engagement in the policy process, promoting open and accountable government and helping to prevent corruption. Furthermore, it can provide effective participation of individuals to government. The efficient use of e-government structure can generate savings on data collection and transmission, provision of information and communication with clients across the government. With the proposed data interchange model including the extensible, platform independent and interoperable technologies, the following conclusions can be deduced. With the interface mechanism, there is no need to make high-level modifications on the agencies legacy systems during the adoption of e- government structure. The agencies can easily be integrated into the e-government architecture since they are considered to have an interface technology. The interface technology behind the communicated agencies is considered as a XML 61

73 Schema data arrangement layer. The exchanged data/information between the agencies can be transformed (converted) from a specific type to another. With this approach, the data/information can flow from one agency to another even if they have different types of technologies. The technologies included in the proposed data-interchanging model for Turkey are not under monopolistic control of any companies or individuals. This approach provides high-level of flexibility in development of e- government systems. Since the proposed data interchanging model covers the technologies complying with international standards, the model can easily be integrated with other e-government systems in different countries. With the security layer in IF, which contains data encryption, authorization/authentication, digital certification and digital signature application, the maximum data/information privacy can be provided. Since the technologies in the proposed data interchanging model are interoperable and platform independent, the Turkish Government can use existing systems (legacy systems) without high-level modifications instead of making big investments on new systems or architectures. Because of the extensibility of the proposed data interchanging model, the Turkish Government not only succeeds the G2G (government-togovernment) data interchanging but also produces/develops new e- government systems for its own requirements. 5.3 Recommendations There is a continuous need to conduct further studies to make the offered data interchange model more applicable. Some recommendations are listed below for those who want to conduct studies in the area. 1. The standardization of data/information is a very important point for the model. The research about the concept of e-government data standards may be conducted with this research. 62

74 2. One of the core points of this study is the interoperability framework that provides stability in the model. The interoperability framework may be improved and more sophisticated framework model may be added. 3. The concept of security is essential for this study and latest security technologies may be focused and conducted with the data interchange model. 4. Legal and technical difficulties for interchanging data/information across the government agencies may be investigated and the results obtained may be embedded into this research. 63

75 REFERENCES [1] last access: [2] Michael Parent, Christine A. Vandebeek, Andrew C. Gemino, Building Citizen Trust Through e-government, Paper of Proceedings of the 37th Hawaii International Conference on System Sciences, , 2004 [3] last access: [4] last access: [5] last access: [6] docs/e-gov-strategy-dec-01/chapter4.html, last access: [7] Gary Marchionini, Hanan Samet, Larry Brandt, Digital Government, Paper of E-government, 25-27, 2003 [8] last access: [9] last access: [10] Gregory G. Curtin, Defining the E-Government Transformation, Journal of E- government, 1-7,

76 [11] Keith Ballenger,.NET Web Services: Architecture and Implementation, 2003, ISBN: , p57, 58 [12] David Jorgensen, Developing.NET Web Services with XML, 2002, ISBN: , p [13] Steve Graham, Building Web Services with Java, 2001, ISBN: , p8-9 [14] Kushwaha, International Conference o Distributed Multimedia Systems Applications, 1994 [15] last access: [16] last access: [17] last access: [18] Eric W. Welch, Charles C. Hinnant, M. Jae Moon, Linking Citizen Satisfaction with E-Government and Trust in Government, Journal of Public Administration Research and Theory Advance Access, 7-10, 2004 [19] last access: [20] e-gifv6-pc-draft pdf, last access: [21] europa.eu.int/idabc/servlets/doc?id=1295, last access: [22] last access:

77 [23] last access: [24] last access: [25] Julian Day, Ralph Deters, Christine A. Vandebeek, Selecting the Best Web Service, Paper of Proceedings of the 2004 conference of the Centre for Advanced Studies on Collaborative research, , 2004 [26] last access: [27] Ethan Cerami, Web Services Essentials, 2002, ISBN: , p43-44 [28] last access: [29] last access: [30] last access: [31] last access: [32] Jon P. Gant, Diana Burley Gant, Web portal functionality and State government E-service [33] last access: [34] [35] 66

78 APPENDIX A INTERNATIONAL STANDARDS USED IN THE PROPOSED MODEL There are new technologies for the secure and efficient data interchange. These technologies have been used as international standards and they can be applied in data interchange model proposed for Turkey. These technologies are explained in detail below. Web Services Web services is a term that describes a collection of industry-standard protocols and services used to facilitate a base-line level of interoperability between applications. The industry support that Web services have received is unprecedented. Never before, have so many leading technology companies stepped up to support a standard that facilitates interoperability between applications, regardless of the platform on which they are run. Web services can transfer data using many Internet protocols, but most employ Hypertext Transfer Protocol (HTTP) the key communication protocol of the World Wide Web. Web services can perform almost any kind of task. For example, a Web portal might obtain top news headlines from an Associated Press Web service, whereas a financial application might employ a Web service that checks a stock quote and returns its current value. A Web service s functionality can be as trivial as multiplying two numbers together or as complex as the functions carried out by an entire customer relationship management (CRM) software system. Web services possess certain characteristics that distinguish them from other computing models. 67

79 Web services are programmable. A Web service encapsulates a task; when an application passes data or instructions to it, the service processes that information and returns something to the application. Second, Web services are based on XML. XML and the XML-based SOAP (Simple Object Access Protocol) are technologies that enable Web services to communicate with other applications, even if those applications are written in different programming languages and run on different platforms. Web services also are self-describing, meaning that they are accompanied by information explaining what they do and how other applications can access and use them. These descriptions typically are written in WSDL (Web Services Description Language), an XML-based standard explored later in this chapter. In addition, Web services are discoverable. This refers to the ability of applications and developers to search for and locate desired Web services through registries, such as those based on UDDI (Universal Description, Discovery and Integration), another emerging Web services standard. XML (extensible Markup Language) XML is a widely supported, open (i.e., non-proprietary) technology initially released in 1996 by the World Wide Web consortium (W3C) to facilitate data exchange. As the popularity of the Web exploded in the 1990s, the limitations of HTML (Hypertext Markup Language) became apparent. HTML s lack of extensibility (the ability to change or add features) and its inability to describe the data it formatted frustrated developers. XML is a complement to HTML. It is important to understand that XML is not a replacement for HTML. In future Web development it is most likely that XML will be used to describe the data, while HTML will be used to format and display the same data. XML is a cross-platform, software and hardware independent tool for transmitting information. 68

80 SOAP (Simple Object Access Protocol) SOAP is the protocol that drives XML Web Services. In order to send a message from one machine to another, a protocol is needed. Although many protocols have been developed, most have been tied to a particular operating system or development platform. SOAP is a simple protocol that was developed for compatibility with many different platforms and operating systems, and it enables machine-to-machine communication in very heterogeneous environments. At its core, SOAP describes very simple XML-based packaging for sending messages. It also includes optional descriptions for how to use this packing mechanism with RPCs (remote procedure calls), as well as with HTTP A SOAP message consists of three main parts: An envelope, a header and a body. The envelope wraps the entire message; it describes the content of the message and indicates the message s intended recipient. The next part of the SOAP message is the header, which is an optional element that provides information regarding such as security and routing. The data is marked up in XML and adheres to a specific format, which defined by the schemas. This formatting enables the recipient to process the data correctly. SOAP messages are received and interpreted by SOAP servers, which, in turn, trigger Web services to perform their tasks. WSDL (Web Services Description Language) Web Services Description Language (WSDL) is a new specification to describe networked XML-based services. It provides a simple way for service providers to describe the basic format of requests to their systems regardless of the underlying protocol (such as Simple Object Access Protocol or XML). When SOAP and other Web services technologies were first developed, software vendors realized that applications calling services across a network would need information about a specific service before interacting with it. However, each vendor began building its method of description, resulting in service descriptions that were incompatible with one another. 69

81 The WSDL specification emerged when vendors Microsoft and IBM decided to combine their description technologies into a universal standard. In March 2001, Microsoft, IBM and Ariba submitted WSDL 1.1 to the W3C; a W3C technical committee is working to standardize the language further. Although the technology is still under development, nearly all Web services products now provide support for WSDL. WSDL files provide specific technical information that informs applications how to connect to and communicate with Web services over HTTP or another communications protocol. It is important to realize that WSDL is a language understood by applications, rather than by humans. Although the structure of WSDL files might appear complex, computers that understand WSDL can process the files and extract the information they need. UDDI (Universal Description, Discovery and Integration) UDDI enables companies to register their electronic services. They can do it from a Web page or by programmatically use of the UDDI interface. The information is then replicated to IBM, Microsoft, and several other database providers that run UDDI registries. Then, anyone who needs to query for these services (again, either from a Web page or programmatically) can do so using any of these registries. The structure of UDDI registries is modeled on that of the phone book. Registries contain white pages, where companies list contact information and textual descriptions of themselves; yellow pages, which provide classification information about companies and details on companies electronic capabilities; and green pages, which list technical data relating to services and business processes. Information regarding businesses and services is highly categorized, enabling companies to search for desired partners or services. XML Schema 70

82 The XML Schema is used to describe the structure of an XML document and its type information. The XML Schema specification consists of three parts. One part defines a set of simple data types, which can be associated with XML element types and attributes; this allows XML software to do a better job of managing dates, numbers, and other special forms of information. The second part of the specification proposes methods for describing the structure and constraining the contents of XML documents, and defines the rules governing schema-validation of documents. The third part is a primer, which explains what schemas are, and how someone builds a schema. XML Schema introduces new levels of flexibility that may accelerate the adoption of XML for significant industrial use. 71

83 APPENDIX B CENTRAL CENSUS MANAGEMENT SYSTEM PROJECT (MERNIS) MERNIS is the most important system that affects most of the other e- government projects. Its main objective is to automate all census events and to store the census information in a more reliable and computerized environment. The system assigns a unique ID-number for about 120 million Turkish citizens, both alive and passed away, which is to be used in many e-services. The first phase of the MERNIS Project, which helps government to build an e-government infrastructure, allows birth certificates to be transferred to a computerized format and entire transactions and processes related with birth certificates will be carried out with an updated data processing technology. Implementation of the SearchMernisData web method [WebMethod] public string SearchMernisData(string ad, string soyad, string anaadi, string babaadi, string dogumyeri, string dogumtarihi) string TCKIMLIKNO; try string SQL ; SQL = "" ; SQL = " SELECT * FROM MERNIS WHERE 1=1 "; 72

84 if(!ad.equals("")) SQL = SQL + " AND ADI = '" + ad + "'"; } if(!soyad.equals("")) SQL = SQL + " AND SOYADI = '" + soyad + "' "; } if(!anaadi.equals("")) SQL = SQL + " AND ANA_ADI = '" + anaadi + "' "; } if(!babaadi.equals("")) SQL = SQL + " AND BABA_ADI = '" + babaadi + "' "; } if(!dogumtarihi.equals("")) SQL = SQL + " AND DOGUM_TARIHI = '" + dogumtarihi + "' "; } if(!dogumyeri.equals("")) SQL = SQL + " AND DOGUM_YERI = '" + dogumyeri + "' "; } TCKIMLIKNO = con.openresultset(sql); } catch(exception exp) throw exp; } return TCKIMLIKNO; 73

85 } Implementation of the GetMernisData web method [WebMethod] public DataSet GetMernisData(int kimlikno) DataSet mdata; try string SQL ; SQL = "" ; SQL = "SELECT * FROM MERNIS WHERE SQL = SQL + TCKIMLIKNO = + kimlikno ; mdata = con.openresultset(sql); } catch(exception exp) throw exp; } } return mdata; Implementation of the Connection class namespace TezWebServisleri public class Connection private System.Data.OleDb.OleDbConnection Conn; private System.Data.OleDb.OleDbTransaction Trans; private static string pconnectionstring = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\\work\\dbs\\TezDB.mdb"; public static string ConnectionString 74

86 } get return pconnectionstring;} public System.Data.OleDb.OleDbTransaction ActiveTransaction set Trans = value;} get return Trans; } } public System.Data.OleDb.OleDbConnection SQLConnection get return Conn; } } private string connectionstring get return pconnectionstring; } } set pconnectionstring = value; } public Connection() // // TODO: Add constructor logic here // } public void BeginTrans() ActiveTransaction = Conn.BeginTransaction(); } public void CommitTrans() if ( ActiveTransaction!= null ) ActiveTransaction.Commit(); ActiveTransaction = null; } } public void Rollback() if ( ActiveTransaction!= null ) ActiveTransaction.Rollback(); 75

87 } } ActiveTransaction = null; public object ExecuteScalar(string sql) object retobj = null; try OleDbCommand cmd = new OleDbCommand (sql, SQLConnection); retobj = cmd.executescalar (); } catch (Exception ex) throw ex; } } return retobj; public DataSet OpenResultset(string sql) DataSet ds = null; try ds = new DataSet(); OleDbDataAdapter da = new OleDbDataAdapter(sql, SQLConnection); da.fill(ds); } catch(exception ex) throw ex; } return ds; } public int Execute(string sql) System.Data.OleDb.OleDbCommand cmd = new System.Data.OleDb.OleDbCommand(); if (ActiveTransaction!= null) cmd.transaction = ActiveTransaction; } cmd.connection = SQLConnection; cmd.commandtext = sql; return cmd.executenonquery(); 76

88 } public bool Open() try if ( Conn == null ) Conn = new System.Data.OleDb.OleDbConnection (); } string tempstr = ""; tempstr += connectionstring; tempstr += ";USER ID = "; tempstr += ";PASSWORD = "; connectionstring = tempstr; Conn.ConnectionString = connectionstring; Conn.Open(); } catch(exception ex) Console.WriteLine(ex.Message.ToString()); } } return true; public void Close() } if (Conn!= null && Conn.State!= System.Data.ConnectionState.Closed ) Conn.Close(); } public bool Open(string username, string password) try if ( Conn == null ) Conn = new System.Data.OleDb.OleDbConnection(); } 77

89 } } } Conn.ConnectionString = connectionstring; Conn.Open(); } catch(exception ex) Console.WriteLine(ex.Message.ToString()); throw ex; } return true; Implementation of the GetVergiNo web method [WebMethod] public string GetVergiNo(string kimlikno) string vergino = "" ; try DataTable d1 = null; DataSet ds = null ; string SQL ; SQL = "" ; SQL = "select vergino from maliyeinfo where tckimlikno = '" SQL = SQL + kimlikno + "'"; ds = con.openresultset(sql); d1 = ds.tables[0]; if (d1.rows.count == 0) vergino = "VergiNo was not found in database " ; } else } foreach(datarow dr in d1.rows) vergino = dr["vergino"].tostring(); } } return vergino ; 78

90 APPENDIX C E-EUROPE AND E-EUROPE+ ACTION PLANS At the European Council held in Lisbon on March 2000, the Heads of Government and State of the EU-15 set the ambitious goal for Europe for the next decade to become the most competitive and dynamic knowledge-based economy in the world. It recognized the urgent need for Europe to quickly exploit the opportunities of the knowledge-based economy and in particular the Internet. In response to this need, the eeurope Action Plan was launched in Feira on the June At the European Ministerial Conference held in Warsaw on May 2000, Central and Eastern European Countries recognized the strategic goal set by the EU- 15 in Lisbon and agreed to embrace the challenge set by the EU-15 with eeurope and decided to launch an eeurope-like Action Plan by and for the Candidate Countries as a compliment to the EU political commitments in order to try and broaden the base for achieving the ambitious above mentioned goal. In February 2001, the European Commission invited Cyprus, Malta and Turkey to join the other candidate countries in defining this common Action Plan. Our initiative, which we name eeurope+, mirrors the priority objectives and targets of eeurope but provides for actions, which tackle the specific situation of the Candidate Countries. It should not be perceived as a substitute for or interfering with accession negotiations. Like eeurope, the eeurope+ Action Plan aims to accelerate reform and modernization of the economies in the candidate countries, encourage capacity and institution building, improve overall competitiveness and provide for actions which address the specific situation of the Candidate Countries. 79

91 The objectives: Positive action on the basis of a strong, political commitment is needed to ensure that the EU Candidate Countries use the full potential offered by the Information Society and avoid a further digital divide with the EU. The implementation of the acquits alone is not sufficient. The modernizations of the economy, the changes in business processes, the functioning of governments and the changing relationships between citizens, businesses, and governments require a broader based policy approach, which recognizes the potential of these developments, particularly for the Candidate Countries, in advancing their economies and bringing prosperity and new opportunities to their citizens. With this point of view, the main objectives of the eeurope and eeurope+ can be listed as: A cheaper, faster, secure Internet Investing in people and skills Stimulate the use of the Internet 80

92 81

93 82