The Management Centre for Interoperability, Cooperation and Access Infrastructure Services (CG-SICA) part 1

The Management Centre for Interoperability, Cooperation and Access Infrastructure Services (CG-SICA) part 1 Workshop on ICT Service Oriented Network Architectures University of Rome La Sapienza, May 5 th 2009 Stefano Fuligni Advanced interoperabilty and application cooperation services Unit, Italian National Agency for Digital Administration (CNIPA)

Agenda SPC: the Italian Interoperability framework The CG-SICA, a SPC s shared infrastructure Overview on services provided by the CG-SICA: SICA s Registers, repositories and directories Qualification of architectural components support eid and access management 2

The Italian interoperability framework Italian Digital Administration Code (C.A.D.) Technical Regulations for C.A.D. enforcement Connectivity and Cooperation Public System (SPC) Access to admin. s services Electronic documents exchange Digital signature Software reuse Public data base integration Common specifications for development, security, interoperability and quality of P.A. s services and infrastructural services Nationwide infrastructure Public administration s network made by multi-providers Infrastructural services for interoperability 3

Some definitions (from SPC s Technical regulations) SPCoop, the logic subsystem of the SPC consisting of a body of rules and functional specifications that define the application cooperation model for the SPC; SICA, interoperability, cooperation and access infrastructure services, the body of rules, services and shared infrastructures that enables interoperability and application cooperation between the Administrations and access to application services developed and made available on the SPC by those Administrations; telematic service, all functionalities implemented by means of software components, provided through a communication system that can also be accessed via the Internet; application service, all functionalities implemented by means of software components, provided or used by an Administration via the Domain Gateway; 4

SPC as a stack of services Backoffice P.A. s services Cooperation Public System Interoperability services Connectivity Public System Network services 5

SPC s shared infrastructure Qualified exchange Network (QXN) VoIP (NIV-SPC) Interconnection Node SPC Management Centre (CG-SPC) Interoperability, Cooperation and Access Infrastructure Management Centre (CG-SICA): includes all the general level components (hardware, software, documents, services) for providing the application cooperation services has a support role in relation to the qualification of domain gateways and of any secondary level federated SICA infrastructure services and provides the Committee with elements for assessing the qualitative and quantitative levels of SICA services; 6

The Cooperation public System s pillars Electronic Identity (eid) management Infrastructural Services for Interoperability (SICA) Domain s Gateways Service Agreements 7

SPC s interoperability infrastructure services Infrastruttura per la cooperazione applicativa SICA Nationwide Interoperability infrastructure services SICA Internal services for monitoring, Servizi di managing & security Monitoraggio, Gestione e Sicurezza Interna SICA Register Registro Service SICA & Generale P.A.s Directory Servizio di Servizio di Catalog of Catalogo Schemas Schemi & e Ontologies Servizio di Meta- Directory delle of Public Employees Gestione Federate Identit à digitali Secondary Servizio di level SICA supporto alla qualificazione Register service della Porta di Dominio Certifc. Author. dei & Validation Author. Servizio di Indice Soggetti Servizio di Servizio di Certificazione supporto alla qualificazione del Servizio di Registro SICA Secondario Supporto alla qualificazione di componenti di cooperazione appli Domain gateway Qualification Support services eid Federation Mgmt Sys cativa Porta Porta di di Dominio Dominio SICA SICA SICA Domain gateway 8

SPC s interoperability infrastructure services Infrastruttura per la cooperazione applicativa SICA Nationwide Interoperability infrastructure services SICA Internal services for monitoring, Servizi di managing & security Monitoraggio, Gestione e Sicurezza Interna Servizio di SICA Servizio di Servizio di Gestione Registers, Catalogo of Registro Federate Schemas Schemi SICA delle of & repositories, & e Generale Identit à P.A.s Ontologies digitali Register Service Directory directories Meta- Directory Public Employees Certifc. Author. dei & Validation Author. Servizio di Indice Soggetti eid and Servizio di eid Certificazione access Federation management Mgmt Sys Servizio di Servizio di Secondary level SICA Domain gateway supporto alla qualificazione supporto Register alla Qualification qualificazione service of architectural del Servizio di della Porta di Dominio Registro SICA Secondario components support Qualification Support services Supporto alla qualificazione di componenti di cooperazione appli cativa Porta Porta di di Dominio Dominio SICA SICA SICA Domain gateway 9

Physical architecture of CG-SICA FW 10

The SICA Register Service Provides functionalities: to manage the Service Agreements and the Cooperation Agreements. for accessing, registering, updating, cancelling and searching for Service and Cooperation Agreements through integration with the IPA (Public Administrations Directory), for managing information on organisational bodies (public administrations and associated organisational structures, certified electronic mail addresses and Homogeneous Organisational Areas) that operate within the framework of the SPC and of the telematic services provided by them 11

Service Agreement The Service agreement shall contain a definition of the service and of the associated procedures for provision and use indicated below: service interface, intended as a set of operations provided by the said service; access points within which the service is available; request procedures and related responses permitted by the service (conversation protocol); semantics of the service and of the information processed; guaranteed service levels; requirements and security characteristics of the service. 12

Service Agreement: logical structure Common for all users (*) Interface Provider and user Specified for each service Published in SICA s registry service behaviour model (for multiple async. Inter.) Provider and user Semantic reference Link to the Schemas/ Ontologies Catalogue For any Specific user(*) Ports Ports Ports Service level Service agreement level Service agreement level agreement Security agreement Security agreement Security agreement All in XML (*) users and providers are administrations or authorized organizations 13

SICA register s logical architecture SPCoop Utente Pubblica Amministrazione Servizio Offline di Compilazione dell AS Registro web app Altri Servizi SICA Servizi di Registro SICA Secondari app (sync) IPA Sync + Integr Servizi di: Controllo e Monitoraggio Gestione e Sicurezza Repository degli Accordi di Servizio e di Cooperazione Servizi / Utenti web / app Servizi / Utenti AS/AC Altri Servizi SICA: Catalogo Schemi ed Ontologie, Certificazione, Indice dei Soggetti, ecc SICA Generale 14

SICA register s physical architecture Rich Client Offline GUI Altri servizi SpCoop Interfaccia Utente (Web) Web Server Interfaccia Applicativa (Web Service) Gestione dell indice dei soggetti organizzativi Gestione degli indirizzi dei punti di accesso Gestione dell elenco dei servizi Gestione degli accordi di servizio e di cooperazione Logica di sincronizzazione IPA/Soggetti Org. Gestione e Monitoring Strato di Business Notifica via Sottoscrizione e-mail e Notifica eventi Logica di sincronizzazione Primario/Secondari Data Access Objects IPA (XML) Sapienza - Univ.of Rome, May 5th 2009 UDDI 3.0 Strato delle Risorse DB2 9 Registri Secondari Registro Ontologie CG-SICA: interoperability infrastructure shared services CNIPA 15

CG-SICA home page 16

SICA register service home page 17

Search into SICA register 18

IndicePA restricted area for Pas management 19

The public home page of IPA 20

Example of search on IPA 21

The Schemas/Ontologies Catalogue Service Provides functionalities to describe the semantic elements associated with the application services and with the managed information, including for the purposes of automatically identifying services available for providing the required services, and to share the data and metadata schemas, as well as the domain ontologies, among cooperating Administrations; 22

Ontologies Life Cycle Ontology definition using available third party s authoring environment (i.e. Protégé) Ontology pubblication in the Catalog, from OWL and UML v2.0 Query of concepts contained in the Catalog Detailed view and/or deprecation of a selected concept Download of an Ontology associated to a selected concept Deprecation of concepts 23

XML Schema (XSD) Life Cycle Schema definition using available editors Schema publication in the Catalog, from XSD file Query of schemas contained in the Catalog Detailed view and/or deprecation of a selected schema 24

Relationship between SICA Register and Schemas & Ontologies Catalogue Service Agreements Registry (Registro degli Accordi di Servizio) Contains formal specifications of application services provided to SPCoop network for cooperation, in terms of: SA SA SA Services Agreement repository service description service semantics Catalog of Schemas and Ontologies (Catalogo degli Schemi e delle Ontologie) Contains domain ontologies, data schemas and semantics in order to share and reuse vocabularies (ontologies) and schemas for the service semantics concepts services Off line editor Import & design application Schema & Ontologies catalogue Appl. versioning WEB Query & reasoner Appl. WEB 25

Catalog s Reference Architecture SICA Registry User Interface (Web) Application Interface (Web Services) Publishing Show details Search Deprecation Business Logic ODM Data Access Object ODM Reasoner Interface XML DB IODT Integrated Ontology Development Toolkit 26

Ontologies and Schemas Management in the Catalog Service Ontologies functionalities Public Administrations can publish ontologies in the Catalog, under own namespace All P.A.s are encouraged to download available ontologies from the Catalog to leverage, extend, and refine them Support for queries and concept-level navigation Supported languages: OWL-DL UML V2.0 class diagrams (only for publishing) Schemas functionalities Public Administrations can publish data schemas in the Catalog All P.A.s are encouraged to download available schemas from the Catalog and reuse them to define new schemas for use in services definition Support for shemas queries Supported languages: XML Schema (XSD) 27

Use of Ontologies and Schemas for semantic services Define a service Reuse of available XML Schemas in the Catalog Semantic annotation Join semantics informations to WSDL and XSD using SAWSDL Sharing semantic services Search a service by concepts Publishing Service Agreements with semantic annotation to the SICA Registry Support to semantic searches through Catalog on Service Agreements with Semantic Annotations 28

Schemas & Ontologies Catalogue home page 29

Example of search on the Catalog Type the keyword to search a concept in the Catalog. The query can be performed on Concept Label, or Description, or See also (one at time) The query result for each concept contains URI, label, a comment, validity (deprecated or not) User can view the details of a selected Concept 30

Example of the Details View of a selected concept Concept detail informations: Owner, URI, label Navigation between father/children concepts, Deprecation of the concept List of Ontologies that contain the concept 31

The SICA workbench 32

Parts of a Service Agreement 33

The Application service s Lifecycle START SA definition Design phase SA publishing on SICA Register Service shutdown and SA cancel Service running (Providing/consuming) Service Management Implementazione del Servizio in conformità con l accordo Running phase Service delivery on SPCoop 34

Support services for qualification of architectural components Provide functionalities: to support the qualification of the domain gateways, through appropriate tests to check that messages are being correctly processed, performed by means of a sample domain gateway; to support the qualification of the secondary level SICA Register Service, through appropriate tests to verify interoperability with the general level federated SICA Register Service 35

The domani Gateway SPCoop s distributed component that publish the service application interfaces It works like a proxy/dispatcher towards others back-end platform in which are executed that services 36

The Domain Gateway like a distributed Enterprise Services Bus SA1 SA2 PD PD PD PD PD SA3 37

The DG qualification process Training and tuning DG Registration Preliminary test Qualification test Qualification digital certificate issuing 38

Test sequence for DG qualif. (1/3) checktestasincronoasimmetrico checktestasincronoasimmetrico 39

Test sequence for DG qualif. (2/3) 0.11.1: ricevirispostatestasincronosimmetrico 0.11: ricevirispostatestasincronosimmetrico 0.5.3.0.1: checktestasincronoasimmetrico 0.5.3: checktestasincronoasimmetrico 40

Test sequence for DG qualif. (3/3) 0.5.4.2.1: ricevirispostatestasincronosimmetrico 0.5.4.2.1.1: ricevirispostatestasincronosimmetrico 41

The DG qualification process Amministratore PA 4.0.a Gestione della Qualificazione 4.0 Invio della richiesta di Qualificazione della PDD (con eventuale allegato PKCS#10) 4.5.a Ricezione email con Certificati digitali Gestore SICA 4.1 4.2 Registrazione della PDD Rilascio di una presso la RA passphrase Tramite applicazione da parte opportuna del la RA 4.1.a Gestione Qualificazione QD RA 4.3 Qualificazione della PDD QD 4.4 Emissione Certificati digitali CA 4.5 Invio email con Certificati digitali (*.cer/ *.p12) Legenda 4.6 Aggiornamento IPA RA Interfaccia Web Posta elettronica Registration Authority QD Qualificazione PDD CA Certification Authority IPA Indice delle PA IPA Nota: *.cer : se presente il PKCS#10 *.p12: se generato dal sistema 42

Qualification of a Domain Gateway 43

The Secondary level of SICA Register qualification process Registration Preliminary test Qualification test Qualification Enrollment The secondary level instance take part of SICA Register structure 44

The secondary SICA Reg. Qualification test steps Register a secondary SICA Reg. SA subscription request Remove organozational subject from IPA Discharge Secondary SICA Reg. Delegation transfer to administr. SA publishing Update organizational subject on IPA Remove PA from Secondary SICA Reg. SA publishing notification SA subscription notification Insert organizational subject on IPA Cancel SA SA cancel notification SA revocation subscription notification DG data communication Cancel SA subscription 45

Qualification of a secondary level of SICA register 46

Thank you www.cnipa.gov.it SPCoop technical documentation: http://www.cnipa.gov.it/site/it- IT/Attivit%C3%A0/Sistema_Pubblico_di_Connettivit%C3%A0_(SPC)/Servizi_i nfrastrutturali_di_interoperabilit%c3%a0,_cooperazione_ed_accesso_(sica)/ Documenti_tecnico-operativi/ fuligni@cnipa.it 47