SAGA 4.0 - Bund.de
Transcription
SAGA 4.0 - Bund.de
SAGA Standards and Architectures for eGovernment Applications Version 4.0 March 2008 2 SAGA 4.0 Reprint, even in part, subject to approval This volume was prepared by the Federal Ministry of the Interior in co-operation with ]init[ AG and Fraunhofer-Institut für Software- und Systemtechnik (ISST). Homepage and download of the digital version: http://www.cio.bund.de/saga mail to: IT2@bmi.bund.de SAGA 4.0 SAGA Standards and Architectures for eGovernment Applications Version 4.0 March 2008 Published by the Federal Ministry of the Interior 3 4 SAGA 4.0 SAGA 4.0 Word of thanks The Federal Ministry of the Interior and the SAGA authors would like to thank the representatives from the federal states and municipalities in the KoopA-SAGA project group, the representatives from the central IT service providers of the federal administration along with all the members of the SAGA expert group for their support during the preparation of this version of SAGA. We would also like to extend our thanks to all those who have made use of the SAGA forum and the SAGA contact form and whose committed comments constituted a valuable contribution towards updating the document. 5 6 SAGA 4.0 Introduction: This document presents in concise form widely used standards, processes, and methods of state-of-the-art IT development for eGovernment applications. Due to the nature of this subject, experts in this sector use many abbreviations and, in most cases, English acronyms. Some of these names are protected by copyright and/or are registered trademarks, or are products of certain manufacturers or standardization organizations that are protected at national and international level. In the interest of a simple structure, copyright and source references of this kind were generally omitted. The use of a "name" or abbreviation in this document does not mean that they are free from copyrights or intellectual property rights of third parties. Furthermore, neither the editor, the authors nor the experts consulted can accept any responsibility for the technical functioning, compatibility or completeness of the standards discussed. This version 4.0 was published in October 2007. Please send any comments, amendments or corrections to: Bundesministerium des Innern, Referat IT2. These comments, amendments or corrections can also be published on the SAGA forum at http://www.cio.bund.de. Version numbers are stated when they are relevant in the specific context discussed. If no version numbers of standards are stated, the version which is most stable from a market point of view should be used, even though this may not necessarily be the latest version. The authors permit the further use of this document - even in part - on condition that it is quoted as the source. A general demand for SAGA conformance is not enough in order to achieve the goals of SAGA. Due to the complexity of the document, a general demand leaves too much room for interpretation and misunderstanding. This makes it difficult for the supplier to fulfil the requirements and for the customer to check that requirements are fulfilled. To find out more about the correct handling of SAGA conformance, please refer to section 2.4 on page 25, and for further assistance, go to: http://www.cio.bund.de/saga. In the time since the first publication of SAGA 4.0 the website http://www.kbst.bund.de/saga was moved to http://www.cio.bund.de/saga. Therefore some of the links given in this document are no longer valid. For information on SAGA please refer to http://www.cio.bund.de/saga. SAGA 4.0 7 Table of Contents 0 Status, revision history and outlook..................................................................................................9 0.1 Amendments to version 3.0................................................................................................................9 0.2 Future issues.........................................................................................................................................10 1 Introduction..........................................................................................................................................11 1.1 Background...........................................................................................................................................11 1.2 Readers of this document...................................................................................................................11 1.3 Aims........................................................................................................................................................12 1.4 Tasks.......................................................................................................................................................12 1.5 Basic principles for eGovernment applications.............................................................................13 1.6 Relationships with other eGovernment documents.....................................................................13 1.7 The evolution process.........................................................................................................................17 1.8 Structure of the document.................................................................................................................18 2 Fundamentals of SAGA.......................................................................................................................19 2.1 Scope of validity and binding effect of SAGA..................................................................................19 2.2 Minimum requirements with regard to the openness of standards.........................................20 2.3 Classification and life cycles of standards.......................................................................................20 2.4 SAGA conformance.............................................................................................................................25 3 Architecture model for eGovernment applications......................................................................31 3.1 Overview...............................................................................................................................................31 3.2 Enterprise viewpoint..........................................................................................................................32 3.3 Information viewpoint.......................................................................................................................33 3.4 Computational viewpoint.................................................................................................................34 3.5 Engineering viewpoint......................................................................................................................34 3.6 Technology viewpoint........................................................................................................................34 4 Enterprise viewpoint: Fundamentals of eGovernment...............................................................35 4.1 Definitions of eGovernment in Germany.......................................................................................35 4.2 The philosophy underlying eGovernment.....................................................................................36 4.3 Strategic goals......................................................................................................................................37 4.4 Organizational requirements...........................................................................................................41 4.5 Legal frame of reference....................................................................................................................45 4.6 Processes in eGovernment................................................................................................................49 4.7 Modules for the implementation of eGovernment applications...............................................52 5 Information viewpoint: Standardization of data models............................................................55 5.1 Levels of interoperability...................................................................................................................55 5.2 Purpose of standardizing data models...........................................................................................56 5.3 The Deutschland-Online "Standardisierung" [Standardization] project.................................57 5.4 Support for data model developers.................................................................................................59 6 Computational viewpoint: Reference software architecture....................................................65 6.1 General requirements for software applications..........................................................................65 6.2 Implementation options and architecture paradigms................................................................67 8 SAGA 4.0 6.3 7 Reference software architecture for eGovernment applications...............................................72 Engineering viewpoint: IT service management and reference infrastructure.....................79 7.1 IT Service Management with the ITIL..............................................................................................79 7.2 Design of an eGovernment infrastructure.....................................................................................84 7.3 Networks as the link between an infrastructure and external services and users..................88 7.4 Access to external services................................................................................................................88 8 Technology Viewpoint: Standards for IT architecture and data security..................................91 8.1 IT security concept..............................................................................................................................91 8.2 Process models....................................................................................................................................95 8.3 Data models.........................................................................................................................................96 8.4 Application architecture...................................................................................................................98 8.5 Client....................................................................................................................................................101 8.6 Presentation.......................................................................................................................................105 8.7 Communication.................................................................................................................................121 8.8 Backend...............................................................................................................................................130 8.9 Encryption..........................................................................................................................................132 8.10 Electronic signature..........................................................................................................................133 8.11 Smartcards..........................................................................................................................................135 8.12 Long-term archiving.........................................................................................................................136 Appendix A References..........................................................................................................................................139 Appendix B Overview of Classified Standards....................................................................................................143 Appendix C Abbreviations.....................................................................................................................................153 SAGA 4.0 0 9 Status, revision history and outlook 0.1 Amendments to version 3.0 This document is a revised version of SAGA, version 3.0. The following changes have been made: In chapter 2 "Fundamentals of SAGA", the names of the lists for the extended classification of technical standards outside the document (White List, Grey List, Black List) were replaced with new names (List of Suggestions, Right of Continuance List, Negative List)1. Chapter 4 "Enterprise viewpoint: Fundamentals of eGovernment" has been re-organized. The terms "eGovernment" and "service" are now more clearly defined2. This chapter was also extended to include the topics of "eGovernment 2.0"3, "Deutschland-Online"4, "Germany as a member of the European Union"5, the "EU service directive"6 and the "Federal government's signature projects and initiatives"7 . Chapter 5 "Information viewpoint: Standardization of data models" was revised with a view to the Deutschland-Online "Standardization"8 project and the topics of XGenerator 2.09 and Core Components10. Chapter 6 "Computational viewpoint: Reference software architecture" now also includes sections on architecture decisions11 and information addressing the introduction of service oriented architectures12. Chapter 7 "Engineering viewpoint: IT service management and reference infrastructure" introduces the "IT Infrastructure Library" (ITIL) as best practice for IT service management13. In addition to this, the Deutsches Verwaltungsdiensteverzeichnis (DVDV) [German Directory of Administrative Services] is presented in more detail14. The previous chapter 8 “Technology viewpoint (part I): Standards for the IT architecture" and chapter 9 "Technology Viewpoint (part II): Standards for data security" were combined 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Refer to section 2.3.2 "Extended classification of standards" on page 21 Refer to section 4.1 "Definitions of eGovernment in Germany" on page 35 Refer to section 4.3.1 "eGovernment 2.0 – A Federal Government programme" on page 37 Refer to section 4.3.2 "Deutschland-Online - The joint eGovernment strategy of the Federal Government, federal-state governments and municipalities." on page 38 Refer to section "Germany as a member of the European Union" on page 43 Refer to section 4.5.4 "EU services directive – Creating a single EU market" on page 48 Refer to section "Federal Government initiatives and projects in the field of electronic signatures" on page 46 Refer to section 5.3 "The Deutschland-Online "Standardisierung" [Standardization] project" on page 57 Refer to section 5.4.3 "XGenerator 2.0" on page 62 Refer to section 5.4.4 "Core components" on page 63 Refer to section 6.3.1 "Architecture decisions" on page 72 Refer to section 6.3.2 "Introduction of a service oriented architecture" on page 73 Refer to section 7.1 "IT Service Management with the ITIL" on page 79 Refer to section 7.4.1 "Deutsches Verwaltungsdiensteverzeichnis [German Directory of Administrative Services]" on page 88 10 SAGA 4.0 to form chapter 8 "Technology viewpoint: Standards for IT architecture and data security". Moreover, products and implementations were persistently replaced by the underlying standards. The previous positive list of supported plug-ins was replaced by a list of requirements which plug-ins should fulfil in the federal administration's eGovernment applications. The topics of "IP telephony"15 and "Registries"16 were re-introduced and the topic of "Smartcards"17, which was already addressed in SAGA 3.0, was dealt with in more detail. SAGA 4.0 no longer features a separate appendix for the one-for-all offers (OFA offers) by the federal administration. The OFA offers will be soon described and will be updated outside of SAGA on the KBSt18 homepage and/or on the homepage of the individual OFA offers, respectively. The definitions of OFA service, OFA system, infrastructure and OFA concept were moved to chapter 619. Furthermore, this version also features a response to the further development of standards. Standards were accepted from the List of Suggestions (former White List), the classification of existing standards was changed and standards were moved from the document to the Right of Continuance List (former Grey List20). 0.2 Future issues The following topics are to be examined and dealt with in more detail in the next version of SAGA: a. Development and standardization of process and data models b. IT service management on the basis of the "IT Infrastructure Library" (ITIL) v3.0 c. Long-term archiving of dynamic information from databases and websites d. Communication per instant messaging and chat e. Exchange and visualization of 3D data Besides the SAGA document, the Federal Ministry of the Interior also provides additional information, links and tools on the web21. 15 16 17 Refer to section 8.7.4 "IP telephony" on page 125 Refer to section 8.8.1 "Directory services and registries" on page 130 Refer to section 8.11.2 "Contactless smartcards" on page 135 and section 8.11.3 "Reader units and interfaces for smartcards" on page 136 18 Refer to http://www.kbst.bund.de/efa 19 Refer to section 6.3.6 "Reuse and integration of OFA offers" on page 76 20 With regard to the definition of White List and Grey List, refer to section 2.3.2 on page 21 21 Refer to http://www.kbst.bund.de/saga SAGA 4.0 1 1.1 11 Introduction Background In an effort to create a more modern and service-orientated administration, the Federal Government is implementing more and more administration processes electronically. The application of eGovernment is making it possible for citizens, business and administrations to handle matters both faster and more efficiently. Standards are needed in order to enable these many different applications for the future and accessible for all. This is guaranteed by the Standards and Architectures for eGovernment Applications (SAGA) guideline. Shortly after the launch of the nation-wide BundOnline Initiative, the Co-ordinating and Advisory Agency of the Federal Government for Information Technology in the Federal Administration (KBSt) made this document available for the first time in 2002. Since then, SAGA has been helping public agencies to achieve the goal of the initiative and to offer more than 400 online services with Internet capability. On the basis of this success, the SAGA expert group continuously accompanies work on the standards. In this version 4.0, central IT service providers from the federal administration were involved for the first time in updating the guideline. The latest developments and experience are being added to the document through the discussion in the public SAGA forum. In close co-operation with a KoopA-SAGA project group22, the specific requirements of the federal states and municipalities are also being included. With this knowledge, the SAGA authors regularly prepare an updated version with the Federal Ministry of the Interior which is in charge of content. A host of completed projects has now been orientated towards the state-of-the-art and investment-safe standards and technologies recommended by SAGA. Many federal agencies use SAGA to plan and implement their IT projects, so that they can shape the interoperability of the various planned and existing applications. Widespread acceptance and especially growing interest among federal states and municipalities are proof that SAGA is becoming increasingly important for eGovernment in Germany. In this version 4.0, SAGA once again offers a guideline for the economic and future-orientated implementation of IT projects in administrations. 1.2 Readers of this document SAGA is primarily designed for decision-makers in the fields of organization, information technology and eGovernment teams in German administrations. The document is a guideline that serves as an orientation aid when it comes to developing concepts for technical architectures and general technical concepts for individual IT applications. 22 KoopA ADV = Co-operation Committee for Automatic Data Processing for the Federalgovernment, Federal-state Government and Municipal Administration Sector 12 SAGA 4.0 Application developers should feel free to seek further detailed solutions whenever the standards and solution proposals presented herein are not sufficient for the implementation of technical requirements. The Federal Government also sees its initiative as a contribution towards the development of eGovernment in Germany. The experience gained within the scope of the initiative should help to promote nation-wide, inter-agency eGovernment offers. 1.3 Aims SAGA pursues the following aims: a. Interoperability – Warranting co-operation between various eGovernment applications in order to effectively exchange information between the Federal Government, citizens, businesses and partners of the Federal Government b. Reusability – re-use of process and data models, systems, services and components in various eGovernment projects in order to generate synergies c. Openness – Inclusion of open standards in eGovernment applications in order to promote their long-term usability23 d. Reduction of costs and risks – Considering investment-safe developments on the market and in the field of standardization e. Scalability – Ensuring the usability of applications as requirements change in terms of volume and transaction frequency 1.4 Tasks SAGA pursues a comprehensive standardization approach for Germany's administrations in order to achieve the following goals. Defining technical Standards and Architectures for eGovernment Applications The technical standards and architectures cover all the levels and elements relevant for eGovernment. They form the basis for the interoperability and compatibility of the eGovernment applications to be developed. Standardizing processes and data in administrations In order to achieve interoperability and compatibility of eGovernment applications, it is necessary to create a basis for standardizing processes and data in Germany's administrations. In an effort to support this, systems and services are described on the KBSt website which can be used as modules (one-for-all offerings24) in eGovernment applications. 23 Refer to section 2.2 "Minimum requirements with regard to the openness of standards" on page 20 24 OFA offering and networks: http://www.kbst.bund.de/efa SAGA 4.0 1.5 13 Basic principles for eGovernment applications eGovernment applications are designed to fully reach their target groups. This is why it should be possible to access all the functions irrespective of the users' selected platform, the configuration of the user systems or the abilities of the users. eGovernment applications must be orientated towards the requirements and needs of the target groups. On the basis of these preconditions, the following basic principles are laid down for eGovernment applications: a. eGovernment applications primarily use the web browser as the front-end, unless the services to be implemented cannot be reasonably handled via a browser. b. They do without active contents so that users are not forced to reduce the browser's security settings and thus to make damage by invisible websites possible, or at least use only signed and quality-secured applications of the type contemplated in the section 8.5.1 "Access to information with computers” on page 101. c. eGovernment applications do not store any program parts or data on the users' computers beyond the users' control25. 1.6 Relationships with other eGovernment documents Trials with standards and architectures for eGovernment have been underway for some years now in Germany and in other countries26. Experience from these trials and international exchange help make it easier to define and implement SAGA. SAGA is published as part of the KBSt publication series which also includes, for example, the "V Model XT", the "Migrationsleitfaden" [Migration Guide] and the "DOMEA-Konzept" [DOMEA concept]. The documents of these series are adjusted to each other when updates are released. This means that SAGA supersedes contents and information of older documents and that new documents consider the contents and information of the latest SAGA version. A broad-based co-ordination process accompanies any SAGA update in order to avoid conflicts with valid documents. E-Government-Handbuch [eGovernment manual] In order to promote the Federal Government's eGovernment initiative – such as the BundOnline 2005 Initiative that was completed in 2005 – and to support federal-state and municipal agencies, the E-Government-Handbuch27 [eGovernment manual] is prepared under the leadership of the German Federal Office for Information Security. This manual is 25 The automatic installation of software playing certain music CDs is one negative example of non-requested saving of programs on computers. 26 Refer to the respective documents and publications in the UK [e-GIF], the United States of America [FIPS-PUBS], Australia [APEC] and Europe [IDABC]. 27 Refer to http://www.bsi.bund.de/fachthem/egov/3.htm 14 SAGA 4.0 designed as a reference manual and central information exchange for issues related to eGovernment. The E-Government-Handbuch [eGovernment manual] is a modular compilation of material that covers a broader range of issues and topics than SAGA. As far as identical issues are addressed, the E-Government-Handbuch [eGovernment manual] does so in a more concrete manner. This is why certain modules of the eGovernment manual are referenced from within SAGA28. SAGA sets forth guidelines, whilst the E-Government-Handbuch [eGovernment manual] explains the implementation of these guidelines and offers practical advice. In mid-February 2003, SAGA became part of the E-Government-Handbuch [eGovernment manual]. It is the module of the manual with the strongest binding effect. All the other modules are designed to ensure conformity with SAGA. When examining the focal issue of "IT and IT security", the study titled "Sichere Integration von E-Government-Anwendungen(SIGA)"29 [Secure integration of eGovernment applications] was drafted. The aim of this study is to adapt the technologies presented in SAGA for the business logic level, to identify correlations and to provide valuable, independent assistance for IT experts and decision makers. IT-Grundschutz-Kataloge und -Standards [IT baseline protection catalogues and standards] In order to draft IT security concepts for normal security requirements, BSI recommends standard security measures for typical IT systems in its IT-Grundschutz30 [IT baseline protection]. The aim of these IT-Grundschutz [IT baseline protection] requirements is – through the suitable application of standard security measures at organizational, manpower, infrastructure and technical levels – to achieve a security level for IT systems which is reasonable and sufficient for normal protection requirements and which can serve as a basis for IT systems and applications with high security requirements. IT-Grundschutz [IT baseline protection] includes the BSI-Standards31 [BSI standards] for IT security management and the IT-Grundschutz-Kataloge32 [IT baseline protection catalogues] which replace the previous IT-Grundschutzhandbuch [IT Baseline Protection Manual]. The BSI-Standards [BSI standards] are broken down into: a. BSI-Standard 100-1: Managementsysteme für Informationssicherheit (ISMS)33 [BSI standard 100-1: Management systems for Information Security], b. BSI-Standard 100-2: IT-Grundschutz-Vorgehensweise34 [BSI standard 100-2: IT baseline protection approach] and 28 Refer, for instance, to section 8.1.4 "Implementation of the security concept" on page 93 and section 8.5.4 "Technologies for authentication" on page 104 29 Refer to [SIGA] 30 Refer to http://www.it-grundschutz.de/ 31 Refer to http://www.bsi.de/literat/bsi_standard/ 32 Refer to http://www.bsi.de/gshb/deutsch/ 33 Refer to http://www.bsi.bund.de/literat/bsi_standard/standard_1001.pdf 34 Refer to http://www.bsi.de/literat/bsi_standard/standard_1002.pdf SAGA 4.0 15 c. BSI-Standard 100-3: Risikoanalyse auf der Basis von IT-Grundschutz35 [BSI standard 100-3: Risk analysis on the basis of IT baseline protection]. The application of IT-Grundschutz [IT baseline protection] is supported in SAGA; the BSIStandards [BSI standards] for IT security management and the IT-Grundschutz-Kataloge [IT baseline protection catalogues] are defined as mandatory standards36. Barrierefreie Informationstechnik-Verordnung – BITV [barrier-free information technology ordinance] The ordinance on the creation of barrier-free information technology pursuant to section 11 of Behindertengleichstellungsgesetz [law on equal opportunities for the disabled] (Barrierefreie Informationstechnik-Verordnung – BITV)37, which came into effect on 24 July 2002, is referenced in SAGA and is defined as a mandatory standard with regard to the implementation of the presentation and client layers38. V-Modell XT The V-Modell XT39 is the binding process model throughout the federal administration for the development of IT systems for the federal authorities. The V-Modell XT must be considered in strategic planning and project management efforts and in conjunction with the implementation of eGovernment applications. Used as a guideline for planning and implementing development projects, this model defines the results to be achieved in a project whilst considering the entire system lifecycle. At the same time, it describes the concrete approach with which these results are to be achieved. Furthermore, the V-Modell XT also defines the responsibilities of each project participant. It hence serves as a basis for contracts, as a guideline for work and as a basis for communication. The V-Modell XT is subject to ongoing upgrading in the form of releases. IT Infrastructure Library – ITIL When it comes to the efficient and reliable management of IT processes, the "IT Infrastruc ture Library" (ITIL), as a process library which supplies best practices, has now become established as the globally accepted defacto standard. This is why KBSt has issued a series of publications concerning the application of ITIL40. In ITIL, Service Management addresses a general-interest topic that must be considered from the beginning of the lifecycle of an IT application. This results in synergies for the approach according to the other standards which are presented in a KBSt study41. 35 36 37 38 39 40 41 Refer to http://www.bsi.de/literat/bsi_standard/standard_1003.pdf Refer to chapter 7 on page 79 and section 8.1 on page 91 Refer to http://bundesrecht.juris.de/bitv/ Refer to sections 4.5.3 on page 47 and 8.6.1 on page 105 Refer to http://www.kbst.bund.de/v-modell Refer to http://www.kbst.bund.de/itil Refer to "ITIL und Standards für IT-Prozesse" [ITIL and Standards for IT Processes], version 1.0.1, KBSt Letter No. 1/2006, October 2006 16 SAGA 4.0 During the preparation of SAGA 4.0, an upgraded ITIL, version 3.0, was issued. In order to use a tried-and-tested approach as a basis and to be able to refer to German literature, ITIL version 2.0, which is supported by KBSt documents, is presented in the Engineering Viewpoint (chapter 7)42. Migrationsleitfaden [Migration guide] This guide43 is designed to offer both strategic/economic and detailed technical decisionmaking aids for forthcoming or recently completed migration projects. The focus of this guide is the replacement of proprietary products both with open source software (OSS) and – where necessary – future generations of proprietary products. Agency-specific scenarios are developed and different migration alternatives are discussed. The Migrationsleitfaden [migration guide] was developed with a view to SAGA version 2.1 as far as relevant interfaces were concerned. SAGA updates will have no repercussions on the statements made. DOMEA-Konzept [DOMEA concept] DOMEA44 stands for "Dokumentenmanagement und elektronische Archivierung" [document management and electronic archiving] in IT-based workflows. The aim of this concept is to introduce the electronic file. Physical files are to be replaced with workflows at public agencies in the form of fully electronic, media-consistent procedures. The electronic file is subject to the same legal and functional requirements as conventional files. Since the publication of the concept in 1999, DOMEA has become an established standard for electronic workflows at federal, federal-state and municipal agencies. For product manufacturers, the DOMEA-Konzept [DOMEA concept] is a major source of information when it comes to identifying the demands of public administrations which are considered when products are developed further. Besides the organizational concept and the resultant requirements catalogue, the modular concept includes further elements which address specific issues of the organizational concept in more detail. The requirements catalogue of the DOMEA concept translates organizational requirements into functional requirements which are orientated towards the SAGA standards on the one hand whilst also influencing the updating process of the SAGA document on the other. The DOMEA concept describes the relevant requirements for software products related to the area of electronic workflow management. These requirements are in some respects even more demanding than SAGA and hence do not jeopardise SAGA conformity. 42 Refer to section 7.1 "IT Service Management with the ITIL" on page 79 43 Refer to http://www.kbst.bund.de/migrationsleitfaden 44 Refer to http://www.kbst.bund.de/domea SAGA 4.0 1.7 17 The evolution process Standards and architectures in SAGA undergo a defined process before they are included: a. Proposal for standards and architectures in the public discussion forum, via the contact form, from the SAGA expert group, the KoopA-SAGA project group, the central IT service providers from the federal administration or the SAGA authors b. Examination of proposals by the SAGA authors c. Discussion in the SAGA expert group on the standards and architectures which were found to be suitable by the SAGA authors d. Acceptance of proposals in a KBSt resolution on the basis of the discussion between the SAGA authors and the SAGA expert group e. Inclusion of the accepted standards and architectures in SAGA by the SAGA authors as soon as the resolution has been made by the KBSt SAGA is updated at regular intervals, amended to reflect the latest developments and findings and published on the homepage of the KBSt45 and within the scope of the EGovernment-Handbuch46 (eGovernment Manual). If problems occur that cannot be resolved using known standards, requests for proposals (RFPs) are sent to the SAGA expert group in order to identify possible solutions. Public discussion forum A public forum at: http://www.kbst.bund.de/saga-forum enables Internet users to register and discuss issues related to the application and further development of SAGA. The results of the discussions are evaluated and, if suitable, are considered in the next version of the SAGA document. Contact form The SAGA homepage provides a contact form47 for SAGA users. This form can be used to send structured ideas and queries directly to the SAGA authors. The SAGA expert group The KBSt has established an expert group48 comprising representatives from business, science and administration and appoints the members. This expert group is involved in the updating process at regular intervals or whenever there is reason for involvement. The KoopA-SAGA project group and central IT service providers of the federal administration The Co-operation Committee for Automatic Data Processing for the Federal-government, Federal-state Government and Municipal Administration Sector (KoopA ADV) delegates 45 46 47 48 Refer to http://www.kbst.bund.de/saga Refer to http://www.bsi.bund.de/fachthem/egov/3.htm Refer to http://www.kbst.bund.de/saga-kontaktformular Refer to http://www.kbst.bund.de/saga-expertenkreis 18 SAGA 4.0 representatives from the federal states and municipalities to accompany the further development of SAGA in workshops. The SAGA authors draft a catalogue of questions for proposed amendments which are answered by the participants and supplemented by their own proposals. In analogy to this approach, the requirements of the central IT service providers of the federal administration are collected in workshops and written exchanges and taken into consideration in the updating of the document. SAGA examination report The proposals put to the SAGA authors in the public forum, via the contact form, in the SAGA expert group, in the KoopA-SAGA project group and by the central IT service providers of the federal administration are listed in a SAGA examination report49 and the result of the examination is documented. The reasons for acceptance or rejection are explained. 1.8 Structure of the document Chapter 2 addresses issues concerning the scope of validity and binding nature of SAGA. Furthermore, this chapter also presents minimum requirements concerning the openness of standards as well as definitions of the different classification of standards. In addition to this, the subject of SAGA compliance of eGovernment applications is dealt with. Chapter 3 describes the architecture model for eGovernment applications. This model was also adopted for the description of eGovernment in Germany. Accordingly, the following chapters 4 to 8 present viewpoints of the architecture model on eGovernment in its totality. a. Chapter 4 documents the goals of German eGovernment, the players, roles, frames of reference, guidelines and forms of interaction as well as the aims with regard to standardized processes (enterprise viewpoint). b. Chapter 5 describes the activities for defining standardized data models and help for developers of data models (information viewpoint). c. Chapter 6 contains a reference software architecture, which can be used to develop architectures for concrete eGovernment applications, and information for integrating modules, such as the one-for-all offerings (OFA offerings), into the software architecture (computational viewpoint). d. Chapter 7 describes the IT Service Management and requirement of eGovernment computer centres for operating eGovernment applications, as well as the use of modules, such as OFA offers, in an existing infrastructure (engineering viewpoint). e. Chapter 8 defines the standards, technologies and methods for the IT architecture and for ensuring data security (technology viewpoint). Appendix A contains a list of references and Appendix B provides an alphabetic list of the standards referred to in chapter 8. Appendix C finally presents a list of the abbreviations used in SAGA. 49 Refer to http://www.kbst.bund.de/saga SAGA 4.0 2 2.1 19 Fundamentals of SAGA Scope of validity and binding effect of SAGA Around 400 services have so far been identified for the different federal administrations. The services can be classified, for instance, according to their target groups50; refer to Fig. 21. G2C – Government to Citizen (Interaction between the administration and citizens) G2B – Government to Business (Interaction between the administration and business) G2G – Government to Government (Interaction between administrations) • BA: Job exchange • DRV: Calculation and payment of pensions • BMAS: Provision of information • DWD: Weather forecast and meteorological advice • BpB: Provision of information and order handling • BA: Job exchange • BeschA: Procurement • BBR: Procurement for construction and civil engineering projects • BMBF: Project-related subsidies • BMWi: Subsidy programmes • KBA: Central traffic and motor vehicle register • BBR: Procurement for construction and civil engineering projects • BMF: Management of FederalGovernment properties • BAköV: Further training and education • BZR: Federal Central Criminal Register Figure 2-1: Selected Federal Government services SAGA's scope of validity covers the federal administration and software systems with interfaces between federal authorities and federal-state and/or municipal authorities in order to support the services listed above. SAGA includes recommendations concerning standards and architectures for eGovernment applications. The term "eGovernment applications" refers to software systems which are used to fulfil services of the Federal Government or which actively support the fulfilment of such services. In the case of systems with no direct interfaces with eGovernment, migration is recommended on condition of a positive outcome of the costto-benefit analysis. Whenever possible, the standard software51 to be bought should be primarily products or product versions which are compatible with SAGA recommendations. Furthermore, SAGA considers only those areas which have a major influence on the aforementioned objectives52 rather than all the elements of a technical architecture. The Federal Ministry of the Interior recommends that SAGA be considered in invitations to tender for eGovernment applications for the federal administration in the manner described in section 2.4.1 "Definition of conformance" on page 25, and section 2.4.2 "SAGA conformance in invitations to tender" on page 26. 50 Refer to the section 4.6.2 on "Relationships in interaction" on page 49. 51 Software that is simply installed and configured 52 Refer to section 1.3 "Aims" on page 12. 20 SAGA 4.0 The federal ministries lay down rules for the binding effect of SAGA within their areas of competence. 2.2 Minimum requirements with regard to the openness of standards One aim of SAGA is the use of open standards in eGovernment applications, refer to section 1.3 "Aims" on page 12. There are currently many different definitions for an "open standard", however, there is no one generally valid definition accepted by all. Various standardization committees have issued definitions which are essentially the same in terms of how a standard emerges, its documentation and application. However, opinions do differ when it comes to the type of standardization organization and the license cost system of a standard. These issues are rated differently by the various committees (e.g. IDABC, ETSI, DIN, CEN, ISO). SAGA is not designed as a forum for these discussions, instead it is to remain a practice-based recommendation. This is why "minimum requirements" were defined for the openness of standards which will also serve as an evaluation basis for accepting or rejecting a standard in SAGA. The minimum requirements for the openness of standards for acceptance in SAGA are defined as follows: a. The standard was published and documentation of standard specifications is either free or at most available against a nominal fee. b. The intellectual property (for instance, in the form of patents) of a standard or of parts of a standard must, if possible, be accessible without being contingent upon the payment of a license fee. c. The federal administration and the users of its services must be able to use the standard without restriction. d. The standard must remain published and freely usable in the future. 2.3 Classification and life cycles of standards 2.3.1 Classification in SAGA Standards are divided into three categories. Competing standards which are not stated should not be used or only if absolutely inevitable; refer also to section 2.3.4 "Non-classified standards" on page 25. Under observation: Standards are under observation if they are in line with the intended development trend, are finalized and meet the minimum requirements for the openness of standards53. These 53 Refer to section 2.2 "Minimum requirements with regard to the openness of standards" on SAGA 4.0 21 standards may not yet have proven their worth in practical application or do not meet all the aims of SAGA; refer to section 1.3 "Aims" on page 12. In the event that no competing mandatory or recommended standards exist in addition to the standards under observation, such standards under observation can be used in eGovernment applications. Only in justified exceptional cases should preference be given to standards under observation over higher classified alternatives. Recommended: Standards are recommended if they have been tried and tested in practical application but if a more suitable, mandatory standard exists or if they do not meet all the aims of SAGA. However, minimum requirements for the openness of standards must be fulfilled and investment security warranted. In the event that no competing mandatory standards exist besides recommended standards, deviations from the recommended standards are permitted in justified, exceptional cases only. Competing standards can be recommended parallel if they have clearly different fields of application. The standard which is best suited for the given application must be adopted in such cases. Mandatory: Standards are mandatory if they have been tried and tested in practical application and represent the preferred solution. They are established on the market and meet all the aims of SAGA. Such standards must be observed and applied with priority. Competing standards can be mandatory parallel if they have clearly different fields of application. In such cases, the standard which is best suited for the given application must be used. In the event that mandatory and recommended standards or standards under observation exist parallel, the latter - i.e. standards under observation - should only be adopted in justified, exceptional cases. A standard classified as mandatory does not necessarily have to be used in every eGovernment application. A mandatory standard only should be adhered to if the use of the technology or functionality related to this standard is necessary or reasonable in view of the requirements of the specific application. 2.3.2 Extended classification of standards Three lists for the extended classification of standards were introduced with the publication of SAGA 2.0 on the SAGA homepage at http://www.kbst.bund.de/saga-standards. No standards other than those on the Right of Continuance List (former Grey List) may be given preference over the standards classified in the SAGA document (mandatory, recommended, page 20. 22 SAGA 4.0 under observation) – however, only if existing systems, in which these standards are already used, are being upgraded. List of Suggestions The List of Suggestions (former White List) was created in order to respond promptly to new developments and to be able to communicate these externally for information. During the course of developing the SAGA document further, the List of Suggestions is an important basis for including standards in SAGA. Standards are listed in the List of Suggestions if proposals and ideas for their inclusion in SAGA were submitted to the SAGA authors, if they have potential for use in eGovernment applications and if these standards have not yet been classified further. Standards in the List of Suggestions are evaluated by the SAGA authors and the SAGA expert group. The result of this evaluation can mean acceptance of the standards in the next version of the SAGA document, relocation to the Negative List (former Black List) or to the Right of Continuance List (former Grey List) or also remaining on the List of Suggestions, so that development can be observed, for instance, in the case of standards not yet finalized. Before being published in a new SAGA version, the standards on the List of Suggestions are again examined with regard to their suitability for inclusion. Right of Continuance List Standards are added to the Right of Continuance List (former Grey List) if they are no longer included in the current SAGA version, but if they had a "recommended" or "mandatory" status in an earlier SAGA version and/or if they were widely used in the market in the past. When existing systems are upgraded, these standards are to be kept in effect and can continue to be used. These standards, however, should no longer be used for new eGovernment applications. Negative List Within the scope of the SAGA discussion, certain standards that were already rejected in the past are repeatedly proposed for inclusion. The Negative List (former Black List) was set up in order to make the results of these discussions transparent and to identify those standards which can no longer be expected to be included in SAGA. Standards are added to the Negative List if they were examined and rejected by both the SAGA authors and the SAGA expert group. The standards should not be used in new or existing eGovernment applications. Their use is only permitted if a parallel SAGAcompliant solution exists. Images, for instance, can be made available in BMP format even though this is on the Negative List, if images are also offered at the same time in a SAGAcompliant format such as GIF. If a standard on the Negative List is developed further and differs from the old version in areas that were previously criticized, the version number of the negative-listed standard must be stated. Now nothing stands in the way of the new version being included in SAGA via the List of Suggestions (former White List). SAGA 4.0 2.3.3 23 Life cycles of standards Besides the standards classified in SAGA, refer to section 2.3.1 on page 20, other standards are recorded in three different lists, refer to section 2.3.2 on page 21. Whilst the classification of standards as "mandatory", "recommended" and "under observation" is defined and updated in the SAGA document, presentation and ongoing updating of the standards in the lists are carried out on the SAGA website at: http://www.kbst.bund.de/saga-standards. Standards can pass through different stages during their life cycle. These are illustrated in Fig. 2-2 on page 24. The transitions of a standard between the lists on the SAGA homepage at: http://www.kbst.bund.de/saga-standards and the classes in the SAGA document are defined in the following section. 1 New standards are proposed for classification by the SAGA authors, by experts or by users; refer to section 1.7 "The evolution process" on page 17. Without any further indepth examination, these standards are initially compiled in the List of Suggestions. A thorough examination is carried out before a new SAGA version is created. Apart from the transfer to the SAGA document, to the Right of Continuance List or to the Negative List, the examination may also result in the standard remaining on the List of Suggestions. Such standards do not yet fulfil the requirements for inclusion in SAGA, e.g. because they are not yet finalized. Their inclusion is re-examined for the next SAGA version. Before completion of a new SAGA version, transitions 1 and 2 or 1 and 3 may also take place in one step. 2 Standards which, following examination, are not included in SAGA are added to the Negative List as rejected standards. 3 Standards are transferred from the List of Suggestions to the Right of Continuance List when thorough examination suggests that these standards should not be used in new projects, but can still be used in existing projects. 4 Following a positive examination of the respective requirements, refer to section 2.3.1 "Classification in SAGA" on page 20, standards are included in SAGA with the classification "under observation". If the respective requirements are fulfilled, the standard can also be directly allocated to one of the higher classes, i.e. "recommended" or "mandatory". The transitions 4 and 5, or 4, 5 and 6, respectively, are then carried out in one step. 5 Following successful examination of the respective requirements in SAGA, standards with "under observation" status are classified as "recommended" in SAGA. If the requirements are fulfilled, the standard can also be directly allocated to the higher class, i.e. "mandatory". Transitions 5 and 6 are then carried out in a single step. Standards which after examination still fail to meet the requirements for higher classification in SAGA and which are not be transferred to the Negative List retain the "under observation" classification. 24 SAGA 4.0 SAGA HOMEPAGE SAGA DOCUMENT Negative List Mandatory 6 Recommended (former Black List) 7 10 8 Right of Continuance List (former Grey List) 3 5 Under observation 9 4 2 List of Suggestions (former White List) 1 New standards Figure 2-2: Lifecycles of SAGA standards 6 Following successful examination of the respective requirements in SAGA, standards with "recommended" status are classified as "mandatory". Standards which after examination still fail to meet the requirements for higher classification in SAGA and which are not be transferred to the Right of Continuance List retain the "recommended" classification. 7 Following examination and the respective re-evaluation in SAGA, standards with "mandatory" status are classified as "recommended". A standard which should no longer be used in new projects can also be directly transferred to the Right of Continuance List. Transitions 7 and 8 are then carried out in a single step. Standards which, after examination, continue to meet the requirements for classification as "mandatory" maintain their status. 8 If, after in-depth examination, standards with a "recommended" status should not be used any longer in new projects, these standards are transferred to the Right of Continuance List. 9 Obsolete standards in the Right of Continuance List which were kept sufficiently long in the Right of Continuance and which should not be maintained any longer are transferred to the Negative List. 10 Standards with "under observation" status which no longer have any chance of ever being transferred into a higher classification are directly transferred to the Negative List. The standards which are examined within the scope of preparing a new SAGA version can not only move one step along the lifecycle previously presented, they can also retain their status or pass through several steps in one go. SAGA 4.0 2.3.4 25 Non-classified standards Standards or architectures not listed in SAGA: a. are not specific for eGovernment or eCommerce applications, b. refer to a detail level other than that of the standards dealt with here in SAGA, c. are included in or referenced by the aforementioned standards, d. are too new or too controversial and are hence unlikely to become a standard in the near future, e. are not desired because they are in conflict with standards or architectures already introduced or because they restrict interoperability. 2.4 SAGA conformance 2.4.1 Definition of conformance The SAGA conformance of an eGovernment application54 is evaluated on the basis of the models, procedures and standards described in SAGA: a. Consideration of standardized process models b. Consideration of standardized data models c. Compliance with the standards and architectures described in SAGA d. Use of existing one-for-all offers (OFA offers)55 In order to be able to make a comprehensive statement concerning the SAGA conformance of an eGovernment application – especially in conjunction with the implementation of complex, specialized processes – an application should first be broken down into individual units56 before evaluating its conformance. Software units developed internally are distinguished here from units (products) developed externally. In order to evaluate the SAGA conformance of products, importance is primarily attached to communication interfaces, data interchange formats and security. In the case of in-house developments, the technologies for creating models and implementing the application are additionally relevant as is the use of OFA offers. The SAGA homepage provides a blank declaration of conformance and an example of a completed declaration of conformance with checklists for software units and external units57. The checklists feature topical areas which are relevant for in-house developments or for products, respectively. 54 The term "eGovernment application" is used as a general term for any IT system which provides eGovernment services of the Federal Government. With regard to the definition of the term "eGovernment service", please refer to section 4.1.2 "The term "service" in eGovernment" on page 35. 55 Refer to section 6.3.6 "Reuse and integration of OFA offers" on page 76. 56 According to the XT process model, a unit is the system element on the very top of a hierarchical structure; refer to http://www.v-modell-xt.de/ 57 Refer to http://www.kbst.bund.de/saga-konformitaet 26 SAGA 4.0 eGovernment application SW unit 1 (In-house development) External unit 1 (product) ... Unit n (...) Check-list for SW units developed in-house Check-list for external units (products) ... Check-list for ... Figure 2-3: Layout of the SAGA declaration of conformity and checklists Which specific standards from the relevant topical areas have to be used to ensure SAGA conformance varies depending on the area of application and the functional scope of the application. For instance, definitions for creating information services for mobile phones and/or PDAs are only relevant for SAGA conformance if these terminal devices are to be used by the eGovernment application. SAGA conformance is hence achieved by applying the particular subset of all SAGA standards which is relevant for the specific eGovernment application. 2.4.2 SAGA conformance in invitations to tender In order to avoid neglecting the customer's concrete requirements when it comes to SAGA conformance and in order to avoid having to exclusively rely on statements by the supplier, the customer should include a section on "SAGA conformance" and SAGA-relevant criteria in its contracting documents. A general demand for SAGA conformance is not enough in order to achieve the goals of SAGA. Due to the complexity of the document, a general demand leaves too much room for interpretation and misunderstanding. This makes it difficult for the supplier to fulfil the requirements and for the customer to check that requirements are fulfilled. This is why no general demand for SAGA conformance may be made. Instead, the declaration-of-conformance process described below should be applied by the customer and the supplier, refer to Fig. 2-4. This process limits the room for interpretation and reduces misunderstandings. The concrete demands can be checked and thus create a sound basis for the contract between the customer and the supplier. Specifying the concrete details of demands also prevents offers from becoming unnecessarily expensive. SAGA 4.0 27 SUPPLIER CUSTOMER Project started 1 Create contracting documents Send documents with criteria related to SAGA Send offer 3 Evaluate offer considering supplier replies concerning SAGA criteria Write offer including replies concerning customer criteria related to SAGA Award contract Implement job Hand over application 5 2 Perform acceptance and subsequently complete SAGA conformance declaration 4 and check SAGA conformance Project completed Figure 2-4: Declaration-of-conformance process The process essentially comprises five steps which are briefly described below. Step 1: Including aspects of SAGA conformance aspects in the contract documents of an invitation to tender The customer puts together a series of exclusion and evaluation criteria which cover all the relevant aspects of the desired application. The criteria group example which can be downloaded from the SAGA homepage can serve as a template58. This criteria group example contains possible criteria which can result from the application of SAGA. The customer must select or supplement the criteria which are relevant for the project. The criteria group example contains explanatory information which makes selection easier. The customer must also decide whether criteria are defined as exclusion criteria or as evaluation criteria. Exclusion criteria should be used very moderately because they reduce the number of bids. Alternatively, high-weighted evaluation criteria should be taken into consideration. Step 2: Supplier response to the SAGA conformance criteria group within the scope of offer preparation The supplier responds to the "SAGA conformance" criteria group within the scope of his offer preparation. He can base his offer on a completed criteria group example which can also be downloaded from the SAGA homepage59. This criteria group is filled in, it serves as 58 Refer to http://www.kbst.bund.de/saga-konformitaet 59 Refer to http://www.kbst.bund.de/saga-konformitaet 28 SAGA 4.0 an example and contains explanatory comments which are helpful when filling in a concrete criteria group. Step 3: Supplier examination of the details concerning SAGA conformance, evaluation of the respective criteria within the scope of offer evaluation The customer checks the criteria groups completed for the offers received. Offers which do not fulfil the customer's requirements for the "SAGA conformance" criteria group, i.e. which cannot warrant "SAGA conformance", are evaluated accordingly. Step 4: Supplier completion of the declaration of conformance for the completed application If the supplier has implemented the eGovernment application, he declares the SAGA conformance of the application in writing. To do so, he completes the declaration of conformance for the application and attaches the checklists for the individual units of the application. Deviations from the commitments made in the completed "SAGA conformance" criteria group should be discussed with the customer at an early point in time and the reasons for such deviations must be stated in the declaration of conformance. The supplier can be supported by the sample declaration of conformance that can be downloaded from the SAGA homepage60. Blank templates of a declaration of conformance are also available on this homepage. Step 5: Examining SAGA conformance on the basis of the offer and the declaration of conformance by the supplier within the scope of acceptance During acceptance, the customer can evaluate SAGA conformance on the basis of the "SAGA conformance" criteria group completed by the supplier in the offer and the declaration of conformance issued after implementation. This evaluation is as easy as possible thanks to the specific details of the offer. If the application deviates from the commitments made in the offer, this is deemed to be a defect which must be considered during acceptance. 2.4.3 SAGA conformance despite low classification A SAGA-conformant application must not necessarily have been implemented solely with technologies which were given a "mandatory" classification in SAGA. For various reasons, the use of standards with a lower classification (or even without a classification in SAGA) is possible without violating SAGA conformance61. A lack of alternatives The use of recommended standards is SAGA conformant if no mandatory alternatives exist. Standards "under observation" can also be used and are SAGA conformant if no mandatory or recommended standards are listed in SAGA for the respective application purpose. 60 Refer to http://www.kbst.bund.de/saga-konformitaet 61 Refer also to the definitions for classification and lists on the web in section 2.3 on page 20 SAGA 4.0 29 Special functions and application areas If, for an area of application, SAGA not only contains higher classified standards ("mandatory" or "recommended") but also lists standards with a lower classification ("recommended" or "under observation"), the user must refer to the description of the standards in order to find out the circumstances under which the lower classified standards can be given preference. The reasons for this are, first and foremost, when extended functionality62 is required, or special areas of application63. The use of standards "under observation" should be particularly well considered because no investment security has been established for these standards and because it is not warranted that they will remain in effect. With the next version of SAGA, such standards can already be featured on the Negative List (former Black List). Parallel offers If SAGA-conformant standards are used as depicted above, additional standards and/or formats can be used which are not listed in SAGA or which have a lower classification in SAGA. If, for example, spreadsheet data64 is made available in CSV format, the same data can be additionally made available in other formats, such as Microsoft Excel, without violating SAGA conformance. Use of external units (products) In the case of external units (in contrast to software units developed in-house), the focus is placed on communication interfaces, data interchange formats and security. Technologies for process modelling, data modelling, application architecture and the use of OFA offers65 do not form part of the checklists for the SAGA declaration of conformance. In the case of certain units, customers should check whether the corresponding technologies should be specified in order to make use, for instance, of existing infrastructures for operating the unit and to achieve synergies with other eGovernment applications. Technologies beyond the focus of SAGA Of course, topics for which SAGA does not make or has not yet made any statements have no effect on the evaluation of the SAGA conformance of an eGovernment application. 2.4.4 Responsibility for conformance The public agency responsible for an eGovernment application is also responsible for ensuring conformance with SAGA. The public agencies are also responsible for examining ways to migrate special applications. The federal ministries lay down rules for responsibility within their areas of competence. 62 Refer, for instance, to the descriptions for the different PDF versions in section 8.6.7.1 on page 109 63 Refer, for instance, to the descriptions of Unicode coding in section 8.6.2 "Character sets" on page 106 64 Refer to section 8.6.7.4 "Formats for spreadsheets for further processing" on page 112 65 Refer to section 6.3.6 "Reuse and integration of OFA offers" on page 76 30 SAGA 4.0 Due to the complexity of SAGA, the process of securing SAGA conformance is also complex. This is why efforts are being made to provide even better support for users in future. Information on the latest developments in this field can be found on the SAGA homepage66 of the Federal Ministry of the Interior. 2.4.5 Migration for conformance Transition phase SAGA is undergoing continuous development and regular updating so that it can be adapted to meet new requirements. This is why individual eGovernment applications, which are orientated towards an older SAGA version67 , may temporarily not comply with the current SAGA version. Migration plans should be developed for non-conformant applications if the result of the cost-to-benefit analysis is positive. This may only be the case where major enhancements of the application are concerned. Measures to achieve conformance The following measures are designed to support conformance with SAGA: a. SAGA is included in project planning processes at an early stage. b. Conformance with SAGA is specified and checked when projects are approved. c. Conformance with SAGA can be a mandatory criterion for projects subsidized by public administrations. d. SAGA conformance is specified as a mandatory criterion for government contracts. 2.4.6 Non-conformance eGovernment applications which are, as a whole or in part, non-conformant with SAGA are subject to the following restrictions: a. The use of one-for-all offers (OFA offers)68 can be restricted. b. Advisory and consultancy services by competence centres are limited or even impossible. c. Interfaces with such systems may under certain circumstances not be supported. d. Generally speaking, no subsidies are available from public administrations. 66 Refer to http://www.kbst.bund.de/saga-konformitaet 67 Old SAGA versions are available from the SAGA archive at: http://www.kbst.bund.de/saga 68 Refer to section 6.3.6 "Reuse and integration of OFA offers" on page 76. SAGA 4.0 3 3.1 31 Architecture model for eGovernment applications Overview With the architecture model, SAGA aims at the following: a. In an effort to facilitate communications, a common understanding of up-to-date IT architectures, IT technologies and eGovernment structures is to be achieved. b. IT technologies available for eGovernment applications are to be identified, compared, evaluated with regard to their relevance, and given a uniform and consistent structure using this model. c. The aim is to provide uniform standards that can be used when it comes to implementing eGovernment projects. The Reference Model for Open Distributed Processing (RM-ODP69), which was standardized as ISO/IEC 10746-3:1996, is the approach of choice for describing complex, distributed eGovernment applications. The discussion on the application is broken down into different viewpoints in order to reduce the complexity of the overall architecture and this in turn makes it easier to understand and master an application. The object-orientated paradigm70 is the basis for the RM-ODP. Object orientation promotes clear-cut structures, re-usability and updating capability of both the models created and the system. The RM-ODP model defines five viewpoints of a system refer to Fig. 3-1: a. The enterprise viewpoint specifies the purpose, use area and rules of an application. b. The information viewpoint describes the structure and semantics of the data to be processed, i.e. the data model. c. The computational viewpoint represents the breaking down of an application into functional elements and their interaction interfaces. d. The engineering viewpoint represents the distribution of the individual elements of the system to physical resources and their connections. e. The technology viewpoint describes the technologies used to implement the system. The five viewpoints can be used both to describe existing systems and to model new systems and applications. SAGA suggests, but does not dictate, the use of RM-ODP to describe eGovernment applications. 69 Reference Model of Open Distributed Processing, refer to [ISO 1996] 70 Refer to [KBSt 2007], section 3.3.1 32 SAGA 4.0 Enterprise Viewpoint Purpose, use area and rules Information Viewpoint Computational Viewpoint Data structure and semantics eGovernment Hardware and infrastructure Engineering Viewpoint System elements and interfaces Standards and technologies Technology Viewpoint Figure 3-1: Viewpoints according to RM-ODP Furthermore, the SAGA document itself is structured according to the RM-ODP model. The result are chapters which can each be assigned to a viewpoint; refer to section 1.8 "Structure of the document" on page 18. 3.2 Enterprise viewpoint The enterprise viewpoint for eGovernment applications includes two fundamental elements: the organizational structure of eGovernment in general as well as the organizational models of the application. This is where the overall environment for the system and its purpose are described. Furthermore, the requirements for the system, relevant constraints, executable actions and data processing policies are defined from the organization's or enterprise's point of view. This exercise includes a definition of the procedures, their rules, as well as the actors and their roles in the process. The efficiency of information technology depends heavily on an integrated view. This means that instead of focusing on information technology, the technical application is primarily regarded and described as a process. Services can and should be described in the form of technical process models. This means looking at all the work steps from start to finish, i.e. from the inquiry by the "customer" SAGA 4.0 33 (citizen, business, other public agency, etc.) to the rendering of the service. On their first stage of development, these process models should be left at a relatively abstract level. New proposals for process definitions should always be checked with a view to a. Re-usability b. Simplicity c. The possibility to be described by existing process definitions. The KBSt website provides a guideline for process and data modelling71 and supports those in charge during process modelling. Support is also available from the "Workflow Management, Processes and Organization" (WMPO CC) competence centre72 at the Federal Office for Information Technology (BIT). Chapter 4 "Enterprise viewpoint: Fundamentals of eGovernment" on page 35 describes the enterprise viewpoint of German eGovernment as a model. In section 8.2 "Process models" on page 95, SAGA provides the descriptive tools needed for the definition of the enterprise viewpoint for concrete eGovernment applications. 3.3 Information viewpoint This viewpoint determines the structure and semantics of the system's information. Furthermore, the activities (status changes) which can be carried out with the information objects are also defined along with the restrictions which apply to these activities. A stringent process definition calls for the use of general data definitions for major data identities (such as the application) and for the data to be exchanged between processes or applications. Data models should always be checked with a view to a. Re-usability b. Simplicity c. The possibility to be described by existing data models The KBSt website provides a guideline for process and data modelling73 and supports those in charge during data modelling. Chapter 5 "Information viewpoint: Standardization of data models" on page 55 corresponds to the information viewpoint of German eGovernment and should be considered when creating own data models. Section 8.3 "Data models" on page 96 classifies the technologies to be applied. 71 Refer to http://www.kbst.bund.de/modellierungsleitfaden 72 Refer to http://www.kbst.bund.de/, "E-Government" > "Vorgangsbearbeitung, Prozesse und Organization" 73 Refer to http://www.kbst.bund.de/modellierungsleitfaden 34 3.4 SAGA 4.0 Computational viewpoint This viewpoint breaks an application down into logic, functional elements which are suitable for distribution. The result is objects with interfaces via which they offer their functionality and/or use the functionalities of other objects. Interaction takes place in the form of local and remote communication between the elements. Secure interaction may be required here. The protection aims are described in section 8.1.2.1 "Protection aims" on page 92. The applications are also broken down into layers in which each of the individual elements can be found. Chapter 6 "Computational viewpoint: Reference software architecture" on page 65 provides a description of a general computational viewpoint of eGovernment applications which can be used as a basis for creating this viewpoint for a concrete online service. Furthermore, the chapter also describes the architectures of different cases of eGovernment applications, such as systems and services. In chapter 8 "Technology viewpoint: Standards for IT architecture and data security" on page 91, SAGA defines standards and technologies for implementing the computational viewpoint and for creating secure interaction between system elements. 3.5 Engineering viewpoint The engineering viewpoint describes the system support needed to permit the distribution of objects from the computational viewpoint. This includes system elements for executing objects, such as computer hardware and communication infrastructures, as well as all kinds of software platforms for distributed systems. Chapter 7 "Engineering viewpoint: IT service management and reference infrastructure" on page 79 gives a general description of the engineering viewpoint for eGovernment applications of federal agencies. The corresponding viewpoint of a concrete online service can be derived from this. Chapter 8 "Technology viewpoint: Standards for IT architecture and data security" on page 91 presents several technologies to be adopted in order to support network security. 3.6 Technology viewpoint This viewpoint describes the concrete technologies selected for implementing the system. In chapter 8 on page 91, SAGA describes the classified standards, technologies and methods for the IT architecture and data security. SAGA 4.0 4 35 Enterprise viewpoint: Fundamentals of eGovernment In line with the definition of the enterprise viewpoint in chapter 3 "Architecture model for eGovernment applications", the fundamentals of eGovernment in Germany will be described in the following as the overall environment for the standardized introduction of eGovernment applications. Besides this general approach, the process level in eGovernment will also be addressed in more detail. The process models are the starting point for deriving inter-agency modules which are to be integrated into eGovernment applications. 4.1 Definitions of eGovernment in Germany 4.1.1 The term "eGovernment" eGovernment (electronic Government) is understood to be the use of electronic information and communication technologies in order to involve customers of administrations in the activities of government and the public administration74. The aim is to offer customers of administration services, i.e. citizens, businesses and the administration itself, electronic access to administration services and information. The possibilities offered by these technologies are very diverse. They range from the modernization of administrative processes using electronic workflow management to the provision of administrative information using public agency portals on the Internet and to complex transactions and interactive electronic web services for citizens. Aspects of eDemocracy are not explicitly addressed in this context because the government is assumed to pursue different approaches towards its roles in relation to citizens and business. As far as eGovernment is concerned, citizens and business are the clients of administrations and governments. eDemocracy is based on the concept of the citizen as the sovereign, representing the basis for the government to exert its power. 4.1.2 The term "service" in eGovernment Within the scope of eGovernment, the term "service" is understood to be the execution or result of an activity by a public administration which serves the citizen, business or another public agency75. A service includes processes, obligations and burdens, such as the recognition as a conscientious objector, applications for unemployment benefits, or the granting of an import permit. 74 Refer to BSI: "eGovernment Glossary", version dated 4 January 2006, section 1.1, page 3; http://www.bsi.bund.de/fachthem/egov/download/6_EGloss.pdf 75 Refer to BSI: "eGovernment Glossary", version dated 4 January 2006, section 1.2, page 4; http://www.bsi.bund.de/fachthem/egov/download/6_EGloss.pdf 36 4.2 SAGA 4.0 The philosophy underlying eGovernment eGovernment opens up new ways for reform and innovation in the pubic administration using electronic services and processes. This concerns internal relationships within administrations on the one hand as well as external relations between administrations, citizens and business on the other76. 4.2.1 Orientation towards the needs of citizens The Internet and networked computer systems are shaping the future. The growing penetration of the Internet, especially in private households, is also leading to a growing demand for electronic services by government. eGovernment is the response to this demand. For citizens, contact with administrations sometimes involves long distances and waiting time. Compared to this, Internet-based communication and transactions can help save considerable amounts of both time and money. This means that in future many citizens will frequently be able to handle their administration matters from the comfort of their own homes. Internet portals simplify access to public information and services. In order to tailor the service offered by administrations to demand, citizens must remain free to choose which form of access to the administration they wish to use. Access to the public administration must continue to be possible, in person, via the Internet and e-mail. These access channels must be integrated into administrations as early and as far as possible and processed in a standardized manner so that administration work can be shaped as efficiently as possible. Moreover, Internet barriers and restrictions posed by the Internet must be reduced and/or avoided. 4.2.2 eGovernment as a location factor for business Companies maintain regular contacts with the public administration in many different fields, e.g. for certification, licensing and approval procedures, as well as procedures related to the customs and excise and tax administration. On a global scale, all leading industrialized nations introduced powerful eGovernment services in recent years. eGovernment is today a location factor. The national and EU plans for expanding eGovernment services in the years to come are hence fully orientated towards boosting benefits for citizens and especially for companies, as well as reducing the cost of administration services. In some federal states, the focus is being placed on the demand-based expansion of eGovernment services and on increasing the number of users. The beginning integration of administration and business processes along value chains makes it possible to reduce bureaucracy costs in the interest of business and government, e.g. in the field of statistics or the import and export of goods. 76 eGovernment manual: http://www.bsi.bund.de/fachthem/egov/6.htm, chapter I, module "Chefsache E-Government – Leitfaden für Behördenleiter" [eGovernment as an executive task – a guide for heads of public administrations] SAGA 4.0 37 The availability and quality of electronic administration services is hence a factor not to be underestimated in the global competition to entice companies to relocate or set up business. Boundary conditions must be attractive and barriers for companies must be kept as low as possible. 4.3 Strategic goals The philosophy addressed in the previous section forms the main objective for the strategic goals of eGovernment for Europe and Germany. In order to reach these goals, the public administration must be modernized. A general overview of the programmes, strategies and measures pursued by the Federal Government here with a focus on human resources, administration management, organization and eGovernment can be found at http://www.verwaltung-innovativ.de/. The following section presents the Federal Government's central programmes and strategies which, in the years to come, will pave the way for the further development of eGovernment on Federal, federal-state and municipal level in Germany. 4.3.1 eGovernment 2.0 – A Federal Government programme The top priority of the eGovernment 2.0 programme77, which was adopted by the Federal Cabinet in September 2006, is to make the federal administration fit for a service-orientated information society. The needs of users of eGovernment applications are to be focused on more in the future – for instance, users are to be enabled to communicate with public agencies without the fear of identity fraud or electronic annoyance78. Accordingly, the federal administration's Internet offering is to be expanded by 2010, both in terms of quality and quantity. The programme is being coordinated by the Federal Ministry of the Interior in cooperation with the different federal ministries. The goals listed are supported by measures in four fields of action: a. Portfolio Demand-orientated, quality and quantity-related expansion of the eGovernment offering by the Federal Government (e.g. Arbeitsagentur-Online [online job agency]79) b. Process chains Media-consistent electronic process handling between business and the administration using integrated process chains, as well as standards for interface and exchange formats (e.g. secure foodstuff chain80) 77 Refer to http://www.kbst.bund.de/e-government/ 78 National Plan for Information Infrastructure Protection (NPSI): Federal Ministry of the Interior, 2005; http://www.bmi.bund.de/, navigation topics "Themen A-Z" [A-Z topics] > "Informationsgesellschaft" [Information society] > "Sicherheit in der Informationstechnik" [Security in information technology] > box: "Links zum Thema" [Links to the topic] 79 Refer to http://www.arbeitsagentur.de/ 80 IT FoodTrace research project: http://www.itfoodtrace.de/ 38 SAGA 4.0 c. Identification Launch of electronic identity management using future functions and applications, e.g. on the electronic ID card (ePA)81 as well as the development of eIdentity strategies d. Communication A secure communication infrastructure in the form of portals for citizens, businesses and administrations (e.g. citizens' portals82) 4.3.2 Deutschland-Online - The joint eGovernment strategy of the Federal Government, federal-state governments and municipalities. The aim of Deutschland-Online (DOL)83 is to create a fully integrated eGovernment landscape in Germany, so that electronically captured data can be exchanged between the administrations of the Federal Government, federal states and municipalities in a consistent manner and across all levels. This strategy is based on the following principles: a. One For All (OFA) The individual participants from Federal Government, the federal states and municipalities develop model solutions which are used by the other participants. b. Responsibility of lead units The main responsibility for a DOL project lies in the hands of the proposing public agency which is also in charge of the creation of a tenable business model and its implementation. c. Transparency of standards – competition between products. Transparent standards and process models are used to define a framework for which various products can be selected, hence promoting interoperability between different products. In order to implement the strategic goals, the heads of federal and federal-state government adopted the Deutschland-Online action plan in June 2006 with six prioritized projects and extended this in June 2007 with the IT implementation of the EU services directive84: Infrastructure85 The Federal Government, federal states and municipalities currently have different network infrastructures wich are not connected to each other and hence constitute island solutions. This means that for a host of public agencies it is not always possible to exchange data with other agencies in a reliable, simple and secure manner. The establishment of a 81 Refer to http://www.epass.de/ 82 Refer to http://www.kbst.bund.de/e-government/, navigation item: "Bürgerportale" [Citizens' portals] 83 Refer to http://www.deutschland-online.de/ 84 Refer to http://www.deutschland-online.de/, navigation item "Strategie" [Strategy] > download: "Aktionsplan Deutschland-Online vom 14.06.2007.pdf" [Deutschland Online action plan dated 14 June 2007] 85 Refer to http://www.deutschland-online.de/, navigation item "Vorhaben" [Projects] > "Priorisierte Vorhaben" [Prioritized projects] > "Infrastruktur" [Infrastructure] SAGA 4.0 39 communication infrastructure for Germany's public administration is designed to create a uniform network and hence achieve secure electronic communications between public agencies on Federal, federal-state and municipal level. Standardization The purpose of the DOL "Standardisierung" [Standardization] project is to support and coordinate the development and provision of technical standards for electronic data interchange (XÖV standards), so that electronic administration processes can be implemented in an efficient and uniform manner. For this purpose, the project for supporting the XÖV projects offers public administrations coordinated and harmonized measures, such as development methods, standardized data models, tools and technical infrastructures, along with advisory services and PR work.86 IT implementation of the EU services directive87 The goal of the project is to simplify and accelerate electronic administration processes in Germany within the scope of the EU services directive88. As of the end of 2009, entrepreneurs in the European Union are to be able to launch and perform their service activities via a uniform online contact, irrespective of their nationality or of the member state in which they are currently located. By mid-2008, a model for the IT implementation of the directive will be developed and tested as a milestone on the road towards this goal. Within the scope of this model, the infrastructural requirements at national level are to be defined, the IT support required for media-consistent process handling is to be described, a suitable IT architecture developed and technologies proposed with a view to the interfaces required. Registration services89 The registration data of 82 million citizens in Germany is currently electronically captured, registered and managed in a distributed manner at more than 5,000 registration offices and used in approx. 114 million business transactions every year – for instance to provide information. As of 1 September 2006, the Federal Government was given the sole legislative competence of registration services as part of federalism reform. The aim is to create a Federal Identity Register (BMR) in addition to the municipal register in order to simplify registration procedures for citizens, to make use of the identity register more efficient and less expensive for businesses and administration, to improve the quality and up-to-dateness of the registration data and to make it possible to create nationwide, uniform online services. 86 For more details, refer to section 5.3 "The Deutschland-Online "Standardization" project" on page 59 and http://www.deutschland-online.de/, navigation items "Vorhaben" [Projects] > "Priorisierte Vorhaben" [Prioritized projects] > "Standardisierung" [Standardization] 87 Refer to http://www.deutschland-online.de/, navigation item "Strategie" [Strategy] > download: "Aktionsplan Deutschland-Online vom 14.06.2007.pdf" [Deutschland Online action plan dated 14 June 2007] 88 Refer to section 4.5.4 "EU services directive – Creating a single EU market" on page 48 89 Refer to http://www.deutschland-online.de/, navigation item "Vorhaben" [Projects] > "Priorisierte Vorhaben" [Prioritized projects] > "Meldewesen" [Registration services] 40 SAGA 4.0 Motor vehicle registration services90 Citizens and the business sector can currently perform certain tasks in conjunction with the registration, de-registration and re-registration of motor vehicles online (e.g.: entering vehicle data to prepare for registration, reserving custom registration numbers). Citizens, however, still have to carry out the actual procedure itself on site at the registration offices. The aim of the project is to find an organizational, legal and technical solution for vehicle registration which offers citizens and the business sector a consistent process via the Internet without media inconsistencies. Civil status registration services91 On 23 February 2007, the "Gesetz zur Reform des Personenstandsrechts (PStRG)" [Law Reforming Civil Status Law] was ratified permitting, as of 1 January 2009, electronic registers and making these, as of 1 January 2014, mandatory. The aim of the project is to develop an electronic procedure for civil status registration services based on the Law and to use this to implement pilot projects for civil status registration services in certain federal states and also to enable citizens to obtain register information and apply for documents online. Part of the project also involves automated communications between the civil status register and other public agencies in response to requests for information. This exchange is to support the "XPersonenstand" data format to be developed. Other Deutschland-Online projects In addition to the previously described projects, there are a number of other projects being implemented within the scope of Deutschland-Online92: a. Official statistics b. BAföG (Federal Education Assistance Act) c. Clearing houses d. German Forum for Electronic Signatures and Chip Cards e. Geodata f. Business models g. Commercial register h. Judicial register i. VEMAGS (Procedure management for bulk and heavy transports) j. Internet portals / Responsibility finder project k. XAusländer [XForeigners] 90 Refer to http://www.deutschland-online.de/, navigation item "Vorhaben" [Projects] > "Priorisierte Vorhaben" [Prioritized projects] > "Kfz-Wesen" [Motor vehicle registration services] 91 Refer to http://www.deutschland-online.de/, navigation item "Vorhaben" [Projects] > "Priorisierte Vorhaben" [Prioritized projects] > "Personenstandswesen" [Civil status registration services] 92 Refer to http://www.deutschland-online.de/, navigation item "Vorhaben" [Projects] > "Weitere Vorhaben" [Other projects] SAGA 4.0 l. 41 XSozial [XSocial] 4.4 Organizational requirements The implementation of eGovernment in Germany is bound by organizational requirements which must be taken into consideration. The most important of these requirements are described in the following. 4.4.1 Cross-administration interaction Federalism in Germany When implementing eGovernment, federalist states like Germany must face the problems of a de-centralized administration structure because the de-centralized administrative units are largely independent of central government. Whilst the Federal Government holds most of the legislative power, it is the federal states and municipalities that are mainly responsible for implementation. The direct federal administration performs national tasks. Only those functions specifically defined in the Grundgesetz93 [German Basic Law] (articles 87-89) have an underlying administrative structure of their own, such as the Foreign Service, the Federal Armed Forces, the Federal Police or the Federal Revenue Administration. Besides these functions, there are other national tasks which are typically performed by special administrative agencies without an underlying administrative structure of their own (e.g. the Federal Criminal Police Office, the Federal Statistics Office, the German Patent and Trade Mark Office). The immediate federal administration consists of: a. The supreme federal authorities, e.g. the federal ministries, the Office of the Federal President and the Press and Information Office of the Federal Government b. The superior federal authorities with central responsibility for a particular aspect for the entire Federal Republic of Germany (for example, the German Federal Cartel Office) c. The intermediate-level federal authorities with regional responsibility (e.g. the different regional tax offices) d. The lower-level federal authorities with locally restricted activities (for example, main customs and excise offices) Within the scope of certain federal-state tasks related to law enforcement, the Federal Government commissions external administrative bodies as independent legal entities. These legal entities, in their capacity as corporate bodies, institutions and foundations of the indirect federal administration, are independently responsible for their fields of competence throughout the territory the Federal Republic of Germany and report to a ministry. Comparable structures exist in the individual federal states. Furthermore, cities, districts and municipalities constitute the third administrative level in their capacity as territorial 93 Basic Law of the Federal Republic of Germany [German Constitution] (GG): http://www.gesetze-im-internet.de/bundesrecht/gg/ 42 SAGA 4.0 communities with autonomous administrations which also perform their own tasks in addition to federal and federal-state functions. The users of eGovernment services usually do not differentiate between the federal, federal-state and municipal levels of administration. Instead, companies and citizens tend to expect standardized and consistent eGovernment services, refer to Fig. 4-1. Fed. Gov. § Fed. States G2G Agency § Municipalities § G2G Agency Agency G2G G2G § § G2G Agency Agency G2C G2B € Citizens Business Figure 4-1: eGovernment interaction in Germany What is generally needed is cooperation, networking and coordination within and between administrative levels. A first step taken at federal level was the implementation of the Informationsverbund Berlin-Bonn (IVBB)94 [Information Network Berlin-Bonn] which is an intranet for the supreme federal authorities. The upgrading of this network to form the Informationsverbund der Bundesverwaltung (IVBV)95 [Federal Administration Information Network] will connect all the federal authorities to a secure, closed network – this constitutes an enormous challenge on both a technical and organizational level96. With Deutschland-Online as the joint national eGovernment strategy of the Federal Government, the federal states and municipalities, an expanded action plan was presented in June 200797. 94 Refer to http://www.kbst.bund.de/ivbb 95 Refer to http://www.kbst.bund.de/ivbv 96 eGovernment manual: http://www.bsi.bund.de/fachthem/egov/6.htm, chapter V, subchapter C, module: "Network platform for eGovernment" 97 Refer to section 4.3.2 "Deutschland-Online - The joint eGovernment strategy of the Federal Government, federal-state governments and municipalities." on page 38 SAGA 4.0 43 Germany as a member of the European Union As a member of the European Union (EU), the Federal Republic of Germany is increasingly being required to implement cross-border eGovernment services like those demanded in the EU services directive. The goal is to create a uniform, single market in the EU and to offer all citizens and businesses the same opportunities and rights. As shown in Fig. 4-298 , national services have to be offered more to citizens, business and public agencies of other member states. Cooperation with the EU administration is also to become more important in the future. MEMBER STATE A MEMBER STATE B National eGovernment interaction Cross-border eGovernment interaction G2C Citizens Citizens G2C € € G2B Business Business G2B § § G2G G2G Agency Agency G2G § Agency § EU ADMINISTRATION Agency Figure 4-2: National and cross-border eGovernment interaction Citizens and businesses using such cross-border eGovernment applications do not differentiate between the different areas of responsibility of national administrations, instead they expect a uniform, multilingual and consistent eGovernment offering between the member states. This means that in future it must be possible, for instance, for a building contractor in Italy wishing to relocate to Spain to be able to carry out the required communications with public agencies electronically from Italy. The contractor only communicates with one contact partner in this context. The necessary interaction between the different administrations in the member states takes place in the background as a cross98 Pursuant to the "European Interoperability Framework for Pan-European eGovernment Services" (EIF) v1.0, IDABC, 2004; http://ec.europa.eu/idabc/servlets/Doc?id=19528, page 12, Fig. 3 44 SAGA 4.0 border eGovernment application without the contractor being aware of this or having to contact the individual agencies. In addition to the registration of companies, the following areas were identified for crossborder applications: tax returns, applications for unemployment benefits, motor vehicle registrations. The EU services directive99 provides the corresponding framework for the implementation of these applications. 4.4.2 Optimization of administrative processes The successful introduction and implementation of eGovernment calls for the examination of grown processes. Existing rules, processes and structures must be adapted and simplified in a suitable manner taking technical and legal circumstances into consideration. The mere electronic implementation of conventional procedures seldom leads to optimization. Existing administrative processes are partly the result of historical developments and have become complex over the course of time as a result of many changes. The following measures are hence recommended before special applications are implemented electronically. a. Simplification of processes and procedures b. Deregulation c. Shortening of process chains d. Reduction in the number of interfaces e. Avoiding iteration f. Reduction in cycle and dead times100 First steps towards reducing red tape were designed to simplify processes and legal regulations for administration services. This is why Deutschland-Online101 covers services that concern several administration levels. The Federal Government's "Zukunftsorientierte Verwaltung durch Innovationen"102 [Future-orientated administration through innovation] programme triggers level-spanning processes which lead to an open dialogue on a joint vision for a future-enabled, network-orientated administration in Germany. 4.4.3 Qualification of staff The use and updating of standards, along with the development, operation and correct handling of IT-supported systems, calls for the continuous exchange of information and training. Many employees in the public sector are highly motivated when it comes to supporting eGovernment. This important asset must be exploited and increased in the interest of implementing eGovernment. This means that intensive training must be carried out for employees. Moreover, the administration must be made more attractive for IT experts. 99 Refer to section 4.5.4 "EU services directive – Creating a single EU market" on page 48 100 eGovernment manual: http://www.bsi.bund.de/fachthem/egov/6.htm, chapter III, module "Phase 3 – Analysis" 101 Refer to http://www.deutschland-online.de/ 102 Refer to http://www.verwaltung-innovativ.de/ SAGA 4.0 45 4.4.4 Involvement of users The use of eGovernment is strongly dependent on customer acceptance of the services offered. Full utilization of the savings potential of eGovernment is contingent upon the online services provided being accepted and used by potential users. Expectations among citizens, companies and public agencies as the specific target groups need to be identified on an ongoing basis. The service portfolio and the service rendering process must be adapted to these expectations. 4.5 Legal frame of reference In addition to the strategic goals and organizational frame of reference, legal guidelines must also be considered. The most important of these will be described in the following along with the legal adjustments in conjunction with the electronic signature, laws, ordinances and assistance for data protection and barrier freedom as well as the EU services directive. A detailed description of the legal adjustments implemented can be found in the Federal Government's E-Government-Handbuch103 [eGovernment manual]. 4.5.1 Electronic signatures Electronic signatures allow users of eGovernment applications to have themselves authenticated104. Sensible, practical and timely legal adjustments will make it possible for eGovernment to shape administrative processes efficiently and without media inconsistencies. Legal adjustments The legally binding nature of electronic communications is a crucial success factor for the implementation of eGovernment. What is hence needed is a digital solution for a signature with legally binding effect, i.e. the qualified electronic signature. Contrary to a simple or advanced electronic signature, a qualified electronic signature offers the highest degree of electronic replication of a handwritten signature. The legal adjustments required to enable the use of electronic signatures and to place these on the same standing as a hand-written signature have been completed in Germany. Besides amendments to the Signaturgesetz [Act on Digital Signature] to comply with European requirements, the electronic signature has also been integrated into the relevant blanket clauses in administrative and private law105. Dissemination of the electronic signature The dissemination and acceptance of qualified electronic signatures has been slow up to now due to the still prevailing disproportion between benefits and costs. For instance, 103 eGovernment manual: http://www.bsi.bund.de/fachthem/egov/6.htm, chapter II, module: "Legal frame of reference for eGovernment" 104 Refer to section 8.5.4 "Technologies for authentication" on page 104, section 8.10 "Electronic signature" on page 133 and section 8.10 "Electronic signature" on page 133 105 For information concerning the legal basis for the electronic signature, please refer to http://www.bsi.bund.de/esig/ 46 SAGA 4.0 qualified electronic signatures are only used up to now in a few mass processes and administration areas, for example, in invoicing. The reasons for this are mostly related to security in the application of signatures and signature cards, the lack of interoperability between different signature applications, as well as the limited legal recognition in just a few individual states. In order to bridge these security-related concerns, the Bundesnetzagentur (BNetzA) [Federal Network Agency] has already examined and certified products for qualified electronic signatures106. These products comply with the necessarily high security requirements of the Signaturgesetz107 (SigG) [Act on Digital Signature] and the Signaturverordnung108 (SigV) [Digital Signature Ordinance]. Furthermore, the costs involved in reorganizing internal administrative workflows, installing systems (smartcards, software, card readers) and ongoing use (the need to have the signature key regularly renewed) is a factor for administrations which, compared to the benefits, is still relatively high and hence hinders faster dissemination. When it comes to citizens, on the other hand, there is a need to inform about the use and added value of electronic signatures. First practical applications show that smartcards are particularly attractive for citizens if they can use them for both private-sector and public services. Federal Government initiatives and projects in the field of electronic signatures The signature initiatives and projects of the federal administration are to be more closely coordinated with each other in the future in order to promote dissemination and acceptance, especially in conjunction with signature cards. The following cases are example of projects by the federal administration dealing with the use of signatures and signature cards: a. The electronic health card109 The electronic health card covers the electronic prescription, the European healthinsurance card, data for emergencies, documentation of medication as well as the electronic patient file. Furthermore, an electronic medical profession ID card is being developed which a doctor can use to generate a qualified electronic signature to replace the current, independent signature, for instance, to "sign" an electronic prescription for a patient. Field tests with the electronic health card began in December 2006. b. The electronic ID card (ePA)110 The electronic signature function is also to be optionally integrated into the electronic ID card. "Optionally" means that the electronic ID card is prepared to hold a qualified signature certificate, but the certificate itself must then be loaded into the memory chip 106 Federal Network Agency (BNetzA): http://www.bundesnetzagentur.de/enid/Elektronische_Signatur/Produkte_pi.html 107 Act on the boundary conditions for digital signatures (SigG): http://www.gesetze-iminternet.de/sigg_2001/ 108 Digital Signature Ordinance (SigV): http://bundesrecht.juris.de/sigv_2001/ 109 Refer to http://www.die-gesundheitskarte.de/ 110 Refer to http://www.epass.de/ SAGA 4.0 47 by the holder of the ID card. This freedom of choice means that the card can be used according to specific needs. The integration of biometric information and an authentication function round off the future electronic ID card, making it reliable proof of identity and a universal, future-enable and secure key for eGovernment and eBusiness. c. The electronic tax return (ELSTER)111 Within the scope of the electronic tax return, citizens and businesses can, for instance, complete and submit online VAT returns, wage tax returns or wage tax certificates. It is also possible to view tax accounts; this requires a signature card which is supported by the system. An overview of such signature cards is provided on the website112. 4.5.2 Data protection eGovernment offers a host of options and rationalization potential in the IT sector. Ideally, data from the most varied contexts is gathered once only by a central function and could be subsequently available for any de-centralised purpose and use. However, when electronic data is interchanged within and between public agencies, data protection requirements must be considered and implemented by way of suitable technical and organizational measures. Personal data, in particular, may not be gathered, processed or disclosed for any purpose other than the use explicitly contemplated by law. The Federal Government's E-Government-Handbuch [eGovernment manual] includes a separate module113 with comprehensive information concerning the issue of dataprotection-compliant eGovernment. Under the title "Technological Data Protection", the Federal Commissioner for Data Protection and Freedom of Information provides orientation aids for certain application cases114, such as the use of document management systems or cryptographic methods. 4.5.3 Barrier-freedom More than eight million disabled people, 6.6 million of whom are severely disabled, live in Germany. People with impaired vision and physical handicaps are especially dependent on technical aids as a precondition for using the Internet, such as large screens or a magnifying-glass function, Braille line, voice output, etc. In order to optimally enable these devices for eGovernment applications, a host of rules and requirements must be considered during programming, designing and editing. On 1 May 2002, the new Behindertengleichstellungsgesetz115 (BGG) [Law on Equal Opportunities for the Disabled] came into effect. The aim of this Law is to overcome 111 Refer to http://www.elsteronline.de/ 112 Refer to https://www.elsteronline.de/eportal/Sicherheit.tax#sigkarte 113 eGovernment manual: http://www.bsi.bund.de/fachthem/egov/6.htm, chapter II, module: "Data-protection-compliant eGovernment" 114 Refer to http://www.bfdi.bund.de/, "Startseite Datenschutz" ["Home" page - Date protection] > "Themen" [Topics] > "Technologischer Datenschutz" [Technological Data Protection] 115 Law on Equal Opportunities for the Disabled (BGG): http://www.gesetze-iminternet.de/bundesrecht/bgg/ 48 SAGA 4.0 disadvantages for disabled people, to ensure their discrimination-free participation in social life and to enable them to live an autonomous independent life. This is also applicable to the use of the Internet. The most important criteria and references are to be found in the Ordinance on the Creation of Barrier-free Information Technology pursuant to section 11 of the BGG (Barrierefreie Informationstechnik-Verordnung – BITV116) which came into force on 24 July 2002. This ordinance specifies the Web Content Accessibility Guidelines117 1.0 (WCAG 1) from 1999 as the technical standard. The BITV is binding upon public agencies of the federal administration118 since 1 January 2006 and applies to: a. website and Internet offerings, b. intranet sites and offerings which are available to the general public, c. IT-based graphic user interfaces which are available to the general public. 4.5.4 EU services directive – Creating a single EU market The EU services directive119 was adopted on 12 December 2006 by the European Parliament and the European Council. The aim of the directive is to reduce red tape in the European Union (EU), to promote the cross-border provision of services120 and hence the resultant implementation of a uniform, single EU market. This directive must be implemented by the end of 2009. Within the scope of electronic procedures, it covers, for instance, the demands for: a. Points of single contact "Member states shall ensure that it is possible for providers to complete the following procedures and formalities through points of single contact: a) all procedures and formalities needed for access to his service activities, in particular, all declarations, notifications or applications necessary for authorization from the competent authorities, including applications for inclusion in a register, roll or a database, or for registration with a professional body or association; b) any applications for authorization needed to exercise his service activities." (Article 6 (1)) b. Ensuring access to and exercising of services "Member states shall ensure that all procedures and formalities relating to access to a service activity and to the exercise thereof may be easily completed, at a distance and by 116 Ordinance on the creation of barrier-Free information technology pursuant to the Law on Equal Opportunities for the Disabled (BITV): http://www.gesetze-im-internet.de/bitv/ 117 Refer to http://www.w3.org/TR/1999/WAI-WEBCONTENT-19990505/ 118 eGovernment manual: http://www.bsi.bund.de/fachthem/egov/6.htm, chapter II, module: "Barrier-free eGovernment" 119 Directive 2006/123/EC of the European Parliament and of the Council of 12 December 2006 on services in the internal market: http://ec.europa.eu/internal_market/services/servicesdir/index_de.htm 120 Contrary to the customary use of the term "service" in conjunction with eGovernment (refer to section 4.1.2 "The term "service" in eGovernment" on page 35), the following definition of a service is used in conjunction with the EU services directive: "[...] any self-employed economic activity, normally provided for remuneration" (article 4, para. 1) SAGA 4.0 49 electronic means, through the relevant point of single contact and with the relevant competent authorities." (Article 8(1)) c. Taking common standards into account "The Commission shall, in accordance with the procedure referred to in Article 40(2), adopt detailed rules for the implementation of paragraph 1 of this Article with a view to facilitating the interoperability of information systems and use of procedures by electronic means between Member States, taking into account common standards developed at Community level." (Article 8 (3)) 4.6 Processes in eGovernment 4.6.1 Levels of interaction eGovernment services can be generally broken down according to interaction levels, i.e. information, communication and transaction121. Information covers the provision of information to people, businesses and other members of society. Users on this level merely act as recipients of information. This area is the most developed level, and almost all public institutions are present on the Internet with an website. Many of these information systems are supplemented by communication solutions with interactive and participation services which enable the exchange of news, messages and information. These services range from simpler solutions, such as e-mail or web-based discussion forums, right through to more complex applications, such as video conference systems for telecooperation. In this respect too, the development status of German administrations can be described as being well advanced. Transaction applications feature the highest level of interaction. This area covers the actual provision of services in the public administration. These applications include, for instance, the electronic receipt and processing of applications or orders as well as the provision of forms which are filled in on the computer and directly sent to the proper recipient. Electronic payment or tendering systems also belong to this category. Compared to other levels of interaction, transaction services have been implemented to a lesser extent up to now. Public Key Infrastructures (PKIs) are an important precondition when it comes to ensuring the authenticity and confidentiality of the data exchanged between the different parties. The electronic exchange of documents with legally binding effect still involves technical and organizational challenges for public administrations and a satisfactory solution has yet to be found here. Another adverse factor is the currently sparse dissemination of the electronic signature in all parts of society. 4.6.2 Relationships in interaction Besides the classification in terms of interaction levels, the various partners involved in eGovernment can also be differentiated122, refer to Fig. 4-1 on page 42: 121 Refer to [v. Lucke et al. 2000], page 3 122 Refer to [v. Lucke et al. 2000], page 3 50 SAGA 4.0 a. Government to citizen (G2C) Electronic interaction between citizens and the administration – this area also includes non-profit organizations b. Government to business (G2B) Electronic business relations between the administration and the business sector c. Government to government (G2G) Electronic relations between different public agencies and public administration institutions Administration customers are hence citizens, business and other administrations. The focus in this case is on the G2C and G2B interaction relations. Relations between public agencies (G2G) are handled within the framework of the relevant transaction services between administrations and citizens and/or businesses. Communications within a public agency (government-to-employee, G2E) are not explicitly addressed in this context. 4.6.3 Transactions in eGovernment As mentioned earlier in section 4.6.1, public administration services not only cover pure services, but also rights and obligations. A functional classification of administrations is necessary as a precondition for standardizing the different types of administrative activity – and hence the possible transactions. Generally valid types of transactional services can be identified on this basis. Transactional service types The German administration can be divided into service and intervention functions based on responsibilities and legal forms. Different service types can be identified and classified as service-type and intervention-type services on the basis of the different categories of functional administrative branches. Services mean that citizens or a business enterprise demand from the administration a service or benefit, i.e. the citizen or business initiates the process. Services include: a. Applications for government money b. Granting of subsidies c. Subsidy and promotion measures d. Approval procedures Intervention is a case where the administration enters into the citizen's legal sphere, encroaching upon the citizen's freedom or property and/or imposing obligations upon the citizen. In this case, certain measures are initiated by the administration. Cases of intervention are: a. Administrative fines b. Criminal prosecution procedures c. Legal proceedings SAGA 4.0 51 d. Collection of taxes e. Collection of customs duties f. Registration obligations Public procurement represents another service type where the government acts as the customer for businesses. Contracts for goods and services are subject to defined administrative procedures. Process-related structure of transaction services The individual transaction types can be broken down further into individual sub-steps. The sub-steps consist of one or more actions in which different actors are involved. Examples of sub-steps, actions and roles related to the service area will be discussed in the following. This methodological approach can then be used as a basis for developing similar process models for any other transaction type. The sub-steps, which are correlated with each other and explained in more detail in Fig. 4-3 and in Table 4-1, are now defined for the services area. Every sub-step involves different actions and roles which are attributed to different actors. The "application" sub-step, for example, includes the actions of submitting, transmitting and receiving the application. 1 Information 2 Application 3 Processing 5 Decision Comment and opinion 6 Collection of administrative fees 4 Payment or disbursement of funds 7 Control of fund application 8 Archiving 9 Figure 4-3: Sub-steps of transaction services 10 Other procedures (e.g. appeal) 52 SAGA 4.0 The applicant's role is typically performed by a citizen or company. At the public agency, the post office – ideally a virtual one – receives the application and passes it on to the officer in charge. In analogy to this procedure, the other sub-steps include further actions and roles which are summarized in the table below. Sub-steps 1 2 3 Information Application Processing Actions Roles Provision of information Editorial team Information request Interested party Submission of application Applicant Transmission of application (Virtual) post office Receipt of application Officer Examination of the case Officer, superior, other officers Request for information Officer, superior, (virtual) post office, other officers Provision of information Applicant, (virtual) post office 4 Comment and opinion Information evaluation Officer, superior, other officers 5 Decision Writing the decision Officer, superior Service of the decision Applicant, (virtual) post office 6 Collection of Collection of fees administrative fees Payor, (virtual) cashier's office 7 Payment or disbursement of funds Payee, (virtual) cashier's office 8 Control of fund Examination of the case application Request for information 9 Archiving 10 Reference to other procedures Payment Officer, superior, other officers Officer, superior, (virtual) post office, other officers Provision of information Payee, (virtual) post office Archiving Officer, records management unit Data transmission Applicant, officer, other public agencies and officers Table 4-1: Sub-steps, actions and roles of transaction services Not every service type defined in the section on "Transactional service types" on page 50 must necessarily include all the sub-steps. Depending on the particular process, sub-steps can be carried out repeatedly during the life of a case. 4.7 Modules for the implementation of eGovernment applications The analysis of service types presented in section 4.6 "Processes in eGovernment" on page 49 and the related identification of sub-steps, actions and rules can be used as a basis for SAGA 4.0 53 identifying functional modules which – given the required configuration possibilities – can be used to implement different procedures using information technology. The potential applications of these modules are dependent upon the quality of the process analysis and the chosen software architecture123. The following types of modules can be defined in conjunction with the above-described procedure. a. User interface The analysis of the different roles leads to a need to develop certain modules which provide functions for accessing the eGovernment application. This includes a standardized, easily recognized user interface for user and role management functions as well as functions for authenticating users in the system. b. Process modules The actions identified are standardized, if necessary, and implemented as a service or system and defined with priorities depending, for instance, on the potential frequency of use in the implementation of the business logic. c. Infrastructure modules Other modules standardize and implement communication with the other components of electronic procedures. The German federal administration's one-for-all services (OFA services) were largely created within the scope of the BundOnline Initiative124 and are described in more detail on the KBSt website125 as examples of such modules. The creation of specialist applications on the basis of reusable services and systems is outlined in chapter 6 "Computational viewpoint: Reference software architecture" on page 65. 123 Refer to chapter 6 "Computational viewpoint: Reference software architecture" on page 65 124 Refer to http://www.bundonline2005.de/ 125 Refer to http://www.kbst.bund.de/efa SAGA 4.0 5 55 Information viewpoint: Standardization of data models This chapter describes as the information viewpoint according to RM-ODP126 how interoperability between applications is established and/or improved by standardizing data models using suitable modelling methods. 5.1 Levels of interoperability One important SAGA goal is to secure the interoperability of eGovernment applications, refer to section 1.3 "Aims"on page 12. Defining the technology viewpoint on XML as the standard for exchanging data127 merely provides a technical basis for this. Although XML does offer the required technical basis, but just like a series of correct words in a certain language do not necessarily make a sensible sentence, XML alone is not sufficient when it comes to warranting interoperability between applications. In order to be able to ensure that data can be sensibly interchanged between systems and further processed, it is vital that interoperability be secured, not just on a technical level, but also on an organizational and semantic level. Organizational interoperability Organizational interoperability primarily determines when and why certain data is exchanged. This means that within the scope of organizational interoperability, processes which result in the interchange of data are coordinated with a view to legal parameters (e.g. legislation and regulations). Technical interoperability Technical interoperability on the other hand refers to the mere possibility to exchange information. Technical interoperability includes the definition of transmission routes and protocols (e.g. SOAP, HTTP, FTP, IP, SMTP). The respective standards are referenced in the technology viewpoint, for instance in section 8.7 "Communication" on page 121. A common language for data description is the required technical precondition for interoperability. Section 8.6.6 on page 109 identifies XML as the mandatory standard for exchanging data. Semantic interoperability Semantic interoperability is given when two systems exchange data in such a manner that the data is interpreted in the same way by both communication partners and misunderstandings are ruled out. This applies not just to the form but also and especially to the content of the data transmitted. 126 Refer to chapter 3, "Architecture model for eGovernment applications”, section 3.4 "Computational viewpoint” on page 34 127 Refer to section 8.6.6 "Interchange formats for data ” on page 109 56 SAGA 4.0 Semantic interoperability is achieved by defining a uniform presentation form and semantics for the elements of the XML files exchanged. This definition can be achieved, for instance, by specifying concrete data models in the form of XML schemas (XSD) or by a Regular Language Description for XML New Generation (Relax NG)128. Moreover, the documentation of the schemas must ensure that the constituent parts are interpreted in a uniform manner. For instance, it must be documented whether an element, e.g. "Street", also includes the house number within an address, or whether an element, e.g. "First name", can contain several first names or the forename used only. Sensible processing of the data content hence often requires prior definitions via the schemas. For instance, in order to make it possible to compare details of occupations, it is necessary to define certain spelling and wording, because software simply comparing the profession of an "interpreter" and "translator" will not find any match. If, however, the use of the standard classification of occupations by the German Federal Pension Insurance were specified, all data records for translators as an occupation would be given the value "8220". This would make it possible to compare data and semantic interoperability would be established. The use of such uniform code lists is hence a suitable way to establish semantic interoperability. In addition to this, the use of code lists also improves the quality of the data to be processed. The codes presented in the selection lists prevent, for instance, wrong spellings and non-plausible data from being entered in the free-text fields. 5.2 Purpose of standardizing data models As already shown in section 5.1, the definition of XML as the standard for data description in SAGA129 merely secures technical interoperability for the interchange of data between applications. Due to the flexibility of XML, however, this definition alone is not sufficient to ensure the standardization of data models. The components of data models especially, for instance, the address and name of an individual, which occur in many different eGovernment applications, are presented in a number of ways. There is no semantic interoperability since the data model in each application can be described in a different manner in XML. Standardizing these data models can help to avoid variants and improve the interoperability of applications based on the same standardized data models. First results with the standardization of data models have already been achieved. Private sector standardization projects have shown that any attempt to achieve full-scale standardization of data models is usually doomed to fail. The standardization activities within the scope of Deutschland-Online hence focus on communication interfaces for electronic data interchange in two separate areas. The first area is the standardization of specific data models and the second area is the standardization of general data models, socalled core components. Specific data models Specific data models are understood to be those data models which have a strong reference and which can usually only be used in one area of application even if several public 128 Refer to section 8.3.2 "Interchange formats for data models” on page 96 129 Refer to section 8.6.6 "Interchange formats for data ” on page 109 SAGA 4.0 57 agencies may be involved in the exchange of specific data. One example of such a data model is "XMeld" from the field of citizen registration services. General data models Contrary to specific data models, general data models – also referred to as core components130 – are data models that are used in many different areas of application. Examples of such data models are "Name" and "Address". 5.3 The Deutschland-Online "Standardisierung" [Standardization] project 5.3.1 Task and project aim No. 2 of the Deutschland-Online action plan131 finds that binding, uniform standards for data interchange are a vital precondition for consistent electronic business processes in the public administration in Germany. In light of this, the Deutschland-Online "Standardisierung" [Standardization] project was set up as one of six prioritized Deutschland-Online projects and handed over to the Federal Government (represented by the Federal Ministry of the Interior132) and the federal Land of Bremen (represented by the OSCI steering group133) as the lead unit. The purpose of the project is to support and coordinate the development and provision of technical standards for electronic data interchange (XÖV standards), so that electronic administration processes can be implemented efficiently and in a uniform manner. The results of the "Standardization" project will be used predominantly in XÖV projects134. Common methods, tools and infrastructures are to be created for the XÖV projects. Examples of such XÖV projects are: a. "XMeld" (citizen registration services) b. "XBau" (building/construction) c. "XJustiz" (electronic legal communications) d. "XDomea" (workflow management) e. "XKfz" (vehicle registration services) f. "XFinanz" (finance) 130 Refer to section 5.4.4 "Core components” on page 63 131 For more detailed information, please refer to section 4.3.2 "Deutschland-Online - The joint eGovernment strategy of the Federal Government, federal-state governments and municipalities.” on page 38 and also refer to http://www.deutschland-online.de 132 Refer to the Co-ordinating and Advisory Agency of the Federal Government for Information Technology in the Federal Administration, http://www.kbst.bund.de/ 133 Refer to the OSCI steering group, http://www.osci.de/ 134 Refer to http://www.osci.de/, navigation items "XÖV-Koordination" [XÖV coordination] > "XÖV-Projekte" [XÖV projects] 58 SAGA 4.0 5.3.2 XÖV working groups The Deutschland-Online "Standardisierung" [Standardization] project is broken down into four sub-projects: "Bestandserhebung und Gesamtkonzept" [Stock-taking and overall concept], "Technische Infrastruktur für XÖV" [Technical infrastructure for XÖV], "XÖVKoordination" [XÖV coordination] and "Kommunikation, Öffentlichkeitsarbeit und Vertretung in Gremien" [Communication, PR work and representation in committees]. A more detailed presentation of the overall project can be found in the project manual135. The "XÖV-Koordination" [XÖV coordination] sub-project has two working groups for the development of uniform methods and concepts for standardizing specific XÖV standards and the general XÖV core components: a. The "Datenkonferenz" [Data conference] working group: In this working group, experts – above all, federal-agency representatives of the individual XÖV projects (e.g. XMeld, XKfz) – are working on the identification and definition of general data models (XÖV core components). This hence ensures that the requirements of the XÖV project, which already exist, are included in the data standards and the standards created can be reused in the different XÖV projects. Furthermore, within the scope of the working group, a procedure was developed for the application and coordination of XÖV core components. Work on the individual topics was carried out in various sub-working groups. b. The "Auslieferung und Implementierung von XÖV-Standards" [Delivery and implementation of XÖV standards] working group: This working group addresses the practical use of the completed XÖV standards. The working group is responsible for defining the following: i. general rules for describing test cases in XÖV projects in order to check the compliance of specific IT applications which implement this XÖV standard, ii. the name and design rules for XML schemas, iii. concepts for using and updating code lists, as well as iv. the procedure in the event of a change of XÖV standards. 5.3.3 XÖV framework The XÖV framework136 describes a procedure model based on the V-Modell XT137 for implementing XÖV standardization projects. The various project phases which an XÖV project should pass through are described along with the rules for the successful completion of these phases, refer to Fig. 5-1. 135 Refer to http://www.deutschland-online.de/, navigation item "Vorhaben" [Projects] > "Priorisierte Vorhaben" [Prioritized projects] > "Standardisierung" [Standardization] > "Downloads & Informationen" [Downloads & Information] > link "Projekthandbuch" [Project manual] 136 Refer to XÖV-Framework v1.0 - Leitlinien für die XÖV-Standardisierung [XÖV Framework v1.0 – Guidelines for XÖV Standardization], October 2006, Fig. 1, http://www.deutschlandonline.de/, navigation items: "Vorhaben" [Projects] > "Priorisierte Vorhaben" [Prioritized projects] > "Standardisierung" [Standardization] > "Downloads & Informationen" [Downloads & Information] > link "XÖV-Framework" [XÖV Framework] 137 Refer to the XT V model, http://www.kbst.bund.de/v-modell and section 1.6 "Relationships with other eGovernment documents” on page 13 SAGA 4.0 XÖV goals Improved interoperability 59 Rules for XÖV projects The possibility to use existing, specific modules was examined. The project order includeds a benefit assessment. XÖV project types Process-orientated XÖV-expanded projects (E projects) Lower project risks Processes were standardized also across administrations. Lower costs of XÖV standardization XGenerator was used to create schemas / documentation. Data-orientated XÖV basic projects (B projects) … supports is a mandatory rule for is an optional rule for Figure 5-1: Goals, rules and project types in the XÖV framework The aim is provide uniform quality and evaluation criteria for the status of current and future XÖV standardization projects. Uniform evaluation criteria, on the other hand, are an important precondition for the binding recommendation of XÖV standards and hence for the use of the project results and the success of the standardization projects. The main goals of the XÖV Framework are: a. to improve interoperability, b. to reduce costs through reusability, and c. to reduce project risks by exchanging experience and learning from best practices. The XÖV Framework distinguishes between two types of XÖV projects: a. XÖV base projects (B projects): The aim of B projects is to create a standardized data model or an XML schema. b. XÖV expanded projects (E projects): E projects go beyond the aim of B projects and attempt to improve and standardize inter-agency processes (XÖV standards, for instance, for XMeld). 5.4 Support for data model developers Due to the growing networking of applications, securing semantic interoperability through suitable data modelling is becoming more and more important. Data modelling in complex eGovernment projects poses ever-greater challenges for those in charge of such projects. In a first step towards standardized data models, the Federal Ministry of the Interior is supporting developers of data models through measures which are described below, refer also to Fig. 5-2. 60 SAGA 4.0 Guide document Recommendations for action and assistance Feedback Generation of XML schemas and documentation Basics for semantic interoperability Core components Project-specific requirements Modeller Identification of relevant data models Project-specific requirements XGenerator 2.0 Import of own data models XRepository Figure 5-2: Support for data model developers 5.4.1 Guideline for developers of process and data models On its website, the KBSt offers a guideline for developers of process and data models138. This guideline provides those in charge of projects with practical assistance and recommendations for action during their day-to-day work, and describes how high-quality data models can be developed. The guideline is designed to address the entire process modelling and data modelling complex. It also features information on how to prepare modelling, on modelling itself, and on analyzing and optimizing existing models. All these topics are addressed in the guideline and illustrated by examples. 5.4.2 XML Infopoint and XRepository The KBSt unit also provides another tool on its homepage, i.e. the XML Infopoint139. This is where information is gathered on planned, current and completed projects with an XML reference. Synergies can be achieved and work reduced by making use of information publicly available as well as specifications of projects with a similar topic, or by contacting those in charge of other projects. In Spring 2008, XML Infopoint is to be replaced by XRepository. 138 Refer to "Leitfaden für Entwickler von Prozess- und Datenmodellen" [Guideline for developers of process models and data models], KBSt, 2007, http://www.kbst.bund.de/modellierungsleitfaden 139 Refer to XML Infopoint, http://www.kbst.bund.de/xml-technologie SAGA 4.0 61 The main aim of XRepository is to publish specific and general data models140, so that they can be reused in projects, thus leading to savings and improved interoperability. A focus is also placed on standardized data models (XÖV standards and core components). In order to obtain a large content base, the obstacles to the inclusion of data models are kept as low as possible. This can, however, be opposed by the demand for higher quality. XRepository will hence be set up on several levels, refer to Fig. 5-3. COLLECTION Specific data models General data models Proposal list for specific data models Proposal list for general data models Quality assurance CATALOGUE Positively rated specific data models Recommended XÖV standards REJECTION LIST of rejected data models Positively rated general data models Standardization STANDARDS Rejection Rejection Recommended XÖV core components CONTINUANCE LIST Data models to be retained Mapping, if necessary Figure 5-3: Standardization process in XRepository The first level is a collection which includes the required broad base of data models. Registered users can include models here without significant obstacles. Only a brief preexamination is designed to prevent the inclusion of irrelevant or unsuitable content. Users of XRepository are informed that when these models are used, high quality and compatibility with future standards are not warranted. Despite this, by reusing the models from the XRepository collection, savings can be made since double work is avoided. Using models from the collection is particularly good when no interoperability with other systems is required. In order to achieve high quality despite the low requirements for the XRepository collection, a second level will be introduced: a catalogue of quality-assured data models. This catalogue only includes those models from the collection which fulfil defined quality requirements141. In the third level of XRepository, the standards, i.e. the XÖV core components (general) and the XÖV standards (specific), will be included. The standardized data models fulfil the 140 Refer to section 5.2 "Purpose of standardizing data models” on page 56 141 The quality requirements will be described in detail on the homepage following publication of XRepository. 62 SAGA 4.0 quality requirements of the catalogue. Care will be taken to ensure that no data models exist in the catalogue which compete with the standards. A continuance list will be set up for those models of the catalogue which will be replaced by standards. Data models in this continuance list can still be used. New projects, however, should use the standards. In order to make it easier to replace established models of the catalogue with standards, migration instructions can be provided in XRepository which facilitate the transfer of established models to XÖV core components or XÖV standards, respectively. Mappings could enable the use of standards for data interchange without having to internally replace established data models. The use of the standards for data modelling shown in XRepository is recommended particularly for those eGovernment applications which involve data interchange across agencies and across applications. The standardization of data models – and especially the development of core components is being promoted not just in Germany, but also on an international level, and repositories are being created for their dissemination. On international level, UN/CEFACT is the leader in the development of core components142. As soon as German standards come into contact with international data traffic, an exchange with international standardization projects will be sought at an early point in time. 5.4.3 XGenerator 2.0 XGenerator 2.0143 is a tool provided by the Federal Ministry of the Interior that can be used to automatically generate specifications for XML-based data interchanged from UML models. These specifications can be made available in machine-readable form to the software implementations. A specification in this case consists of a number of machine-readable XML schemas and documentation for the application developer which is consistent with this. The use of XGenerator 2.0 avoids the difficult, manual updating of the schemas and the documentation which would otherwise be necessary. In the event of modifications of the specific model, XGenerator 2.0 can be used to automatically generate the new XML schemas and the documentation. XGenerator 2.0 offers the following functions, refer to Fig. 5-4: a. Validation of the UML models against the XÖV-UML profile144 b. Automatic generation and validation of XML schema files from UML models c. automatic generation of DocBook files145 from UML models 142 Refer to Core Component Library, http://www.unece.org/cefact/codesfortrade/codes_index.htm#ccl 143 Refer to XGenerator 2.0, http://www.kbst.bund.de/xgenerator 144 A UML profile is a standard mechanism in order to individually expand the UML specification. The XÖV-UML profile defines, among other things, a number of specific additional annotations (stereotypes) in order to generate XML schemas and to steer their documentation, refer to http://www.osci.de/, navigation items: "XÖV-Koordination" [XÖV co-ordination] > "XÖV-UML-Profil" [XÖV-UML profile]. 145 DocBook is an open document format that was standardized by OASIS (Organization for the Advancement of Structured Information Standards) and is ideally suited for generating print and online formats, e.g. PDF and HTML. SAGA 4.0 Specialist group defines the specific model UML model 63 Specification developer adds information for the generation of schemas and their documentation Documentation XGenerator generates Refined specific model with an XÖV UML profile XML schema Figure 5-4: How XGenerator 2.0 works 5.4.4 Core components The media-consistent electronic exchange of data, also across various fields, calls for general, standardized data models, for example, when personal data is to be exchanged between citizen registration and vehicle registration services. The United Nations Centre for Trade Facilitation and Electronic Business (UN/CEFACT) developed the Core Components concept precisely for this purpose. Within the scope of the DeutschlandOnline "Standardization" project, a series of core components were created and presented to the Co-operation Committee for Automatic Data Processing for the Federal-government, Federal-state Government and Municipal Administration Sector (KoopA ADV) for its approval and were subsequently made available to Germany's administration. These core components include, among others: a. Natural person b. Name of a natural person c. Organization d. Authority e. Address f. Gender g. Religion h. Marital status i. ID document 64 j. SAGA 4.0 Language k. Country l. Time period Developers of data models can use these core components as templates and, by omitting attributes, can restrict value ranges and/or quantities in order to create a specific component which meets the requirements of the respective data interchange. Redundantfree modelling (information cannot be stored in different elements) and clear documentation of the core components help to ensure that data can be exchanged without human intervention. The core component "address", for instance, ensures that the house number is an attribute of its own and may not be saved together with the name of the street. The only way to avoid conflicts in automated data interchange is to ensure that all communication partners model their data according to the same rules. The involvement of the XÖV projects in the development of core components ensures that they fulfil these requirements. The DOL "Standardisierung" [Standardization] project ensures that new requirements are considered when core components are updated and that additional core components are created according to demand. Final versions and drafts of core components and specific components are to be stored in future in the so-called XRepository and are to be made generally available. SAGA 4.0 6 65 Computational viewpoint: Reference software architecture The computational viewpoint according to RM-ODP146 describes the architectural structure of distributed eGovernment applications in abstract form and omits implementation details. In this chapter, issues of architecture are explained and the resultant reference software architecture is presented. This chapter also offers assistance for designing and developing long-term eGovernment applications for the federal administration which are suitable for operation, maintenance and further development. The term "Reference Software Architecture" refers to an ideal architecture type of the federal administration. It describes the design layout of eGovernment applications (specifically: services147 and systems148) of an administration or – more generally – of an organization. Section 6.1 describes the general, non-functional requirements for developing applications which must be viewed independent of use in eGovernment. The extent of these requirements influences the architecture decisions to be made. Section 6.2 "Implementation options and architecture paradigms" presents the main alternatives and guidelines for architecture decisions. The options and paradigms reflect the current state of the art in software architecture. Finally, a reference software architecture for eGovernment applications is developed in section 6.3 based on the requirements and alternative solutions contained in sections 6.1 and 6.2. 6.1 General requirements for software applications The computational viewpoint in SAGA provides assistance when developing eGovernment applications with a view to the aims identified in SAGA149 and to the guidelines and requirements presented within the scope of the examination of the enterprise viewpoint in chapter 4. In addition to the specific functional requirements for developing an eGovernment application, which can be derived, for instance, from the technical specification, there is a series of general requirements which are relevant for the architecture. The following list of such non-functional requirements is arranged alphabetically and does not reflect any 146 Refer to chapter 3 "Architecture model for eGovernment applications”, section 3.4 "Computational viewpoint” on page 34 147 Services are entities which provide functionalities for applications. The use of services also makes it possible for external applications to manage the resources provided by the service. Services are specified via their interfaces and the functionality made available. 148 Systems are entities which provide the user with complex functionalities. If necessary, they use the services made available. 149 Refer to section 1.3 "Aims” on page 12 66 SAGA 4.0 weighting of the individual requirements with a view to software and technical aspects150. However, the aims of interoperability and reusability laid down in SAGA have an outstanding role to play. a. Extendibility Extendibility refers to the economically reasonable ability to add new functionalities to the system, or to extend the existing functionality without any adverse effects on such functionality. Especially if eGovernment applications are operated over a long period of time, it must be possible to extend them as laws change. b. Flexibility "Flexibility" generally refers to the ability to modify an architecture in order to meet with new, non-functional requirements in a cost-efficient manner. A topology that can be changed permits quick modification of a distributed architecture and hence improves non-functional requirements, such as availability, reliability and scalability. c. Interoperability Interoperability refers to the media-consistent implementation of transaction services between special inter-agency applications. One organizational precondition for this is that the administration processes must be harmonized so that the eGovernment applications implemented can interact with each other. d. Openness The "openness" feature of an eGovernment system is one of the crucial factors for its successful use. In order to allow existing and new systems to be easily integrated into other systems, such systems must have clearly defined and documented interfaces or must be so encapsulated that they can be at least integrated via portals. e. Performance The "performance" feature of a system generally refers to the ability to execute functionality quickly enough to warrant the usability of the system. A measure for performance is the capacity of a system, i.e. the ability to process a defined number of jobs per time unit. f. Security Security describes the assurance that information can only be modified or published in compliance with the proclaimed security policy. Confidentiality, authenticity and traceability, as well compliance with the Federal Data Protection Act and the relevant chapters on security in the eGovernment manual must be ensured in the use of online services, refer also to chapter 8.1 "IT security concept" on page 91. g. Scalability Scalability refers to the ability to warrant the desired operating efficiency and scalability even as the degree to which an application is used grows. It must be possible to easily distribute the application or its components. h. Availability Availability is a measure that shows how reliably an application makes functionalities, services or resources available. 150 Refer to [KBSt 2007] SAGA 4.0 67 i. Updating capability eGovernment applications suitable for updating feature economically efficient operation and updating. Efficient updating must be possible for external technicians who were not involved in the development of the application without requiring extensive familiarization or training. j. Reusability Reusability refers to the repeated use of an application or its components with the same or similar services. This avoids redundant development. Reuse is possible on several different levels of abstraction, e.g. exchange of experience between agencies and the use of joint data and process models, architecture patterns and central services. The concrete weighting of the different requirements depends on factors which must be identified and evaluated when developing the concept for the individual eGovernment applications. In the case of applications with very high access rates, for example, availability is likely to be more important, whereas security issues are more likely to have priority in the case of approval and licensing procedures. Additional information can be found in the federal administration's "ITArchitekturkonzept für die Bundesverwaltung" [IT architecture concept for the federal administration] [KBSt 2007]. 6.2 Implementation options and architecture paradigms The following sections discuss the implementation options and architecture paradigms which should be observed when implementing eGovernment applications or which should be used to select suitable options. The options and paradigms reflect the current state of the art. Additional information can be found in the federal administration's "ITArchitekturkonzept für die Bundesverwaltung" [IT architecture concept for the federal administration] [KBSt 2007]. 6.2.1 Component-based development A component is understood to be a software entity which can be used without the need for modification in software applications which are beyond the control of the component developer. Users normally do not have access to the source code of a component, however, they can adapt the behaviour of the component in the manner foreseen by the developers of the component. Components offer their functionalities via export interfaces and, if necessary, can use the functionalities offered by other components in order to implement the functionalities offered; the use of these functionalities is specified in the import interface, refer to Fig. 6-1. Since the description of the functionalities offered and consumed by a component is independent of the actual implementation, implementations may be exchanged without the user realizing this and this offers many possibilities for the further development of the implementation. 68 SAGA 4.0 Component platform Component 1 Component 2 Export interface Export interface Body Body Import interface Import interface Figure 6-1: Component-based development Another major improvement compared to purely object-orientated concepts is offered by standardized runtime environments for components in the form of application servers or light-weight frameworks which enable the declarative use of special, independent services, such as authorization, localization, persistence or transaction management for components. Since these functionalities no longer have to be implemented in the components, software creation is both easier and faster. Furthermore, the exchange and simple reuse of components is possible as contemplated in the paradigm for separating concerns in other application contexts. In order for components to be able to use the functionality of a platform, special component platform contracts must be implemented, i.e. components are always implemented for precisely one type of component platform. 6.2.2 Service-orientated software architecture The term "service" refers to a concept from the business process modelling context which stands for the repeated execution of business activities. The approach described below requires services to be stateless – contrary to component-based development. Fig. 6-2 "SOA reference model" on page 69 provides an example of service rendering and service use in a Service Oriented Architecture (SOA). The individual levels in the illustration are merely used to show the logic breakdown and do not represent any tiers in the sense of a tier model. Service use SAGA 4.0 69 User Business processes composed of activities Service interface atomar and composed Components Service delivery for implementing services Service 1 component Service 2 component OFA service component Operating infrastructure and data management DBMS Legacy system ERP system Figure 6-2: SOA reference model Services make their functionalities available via interfaces (dark circles with a bright border in the middle of Fig. 6-2). How the functionality is performed is irrelevant for the user. The functionality of newly implemented services is carried out by components. Using connectors, the functionality of existing systems is subjected to modular encapsulation and made available as a service. Users (bright circles with a dark border in the upper section of the Fig. 6-2) use the services either directly or integrate these into their business processes. These processes (white border) result from the composition of individual activities (circles). The activities use other activities within a composition. Each activity requires either manual access (light circle) and or can be mapped by services (dark circle). This mapping can be carried out on a standalone service or a composition, i.e. a combination of services (symbolized by the border around two service interfaces). The composition of existing services offers a higher value service for the business processes and users. The technical strength of a service oriented architecture is that it makes it possible to combine existing functionalities irrespective of the technologies used to implement these functionalities. A service oriented architecture, however, must meet with certain preconditions: a. For interaction between services and their users (the arrows in Fig. 6-2 in the direction of service interfaces and their compositions), a communication basis must be defined which is rooted in generally accepted standards151. The service must master these standards, so that it can be used. 151 Refer to section 8.7.1.2 "Middleware communication with applications outside the administration” on page 123 70 SAGA 4.0 b. Potential users must be able to receive information about the services available. A repository can provide this information and hence enable uniform access to services. From an economic point of view, the service oriented architecture reduces the costs of developing and operating applications if a larger number of services are made available and are used by many applications. This then reduces the time and work involved in developing new applications because only the functionality which is not yet covered by existing services now has to be implemented. The central operation of services, in particular, helps to reduce costs thanks to a more economic use of resources and lower manpower demand. A directory of electronic services for the public administration is being implemented by the Deutsche Verwaltungsdiensteverzeichnis (DVDV) [German Directory of Administrative Services]. This is where the connection parameters of the services, which are required for use, are saved, refer to section 7.4.1 on page 88. 6.2.3 Multi-tier architecture The following section explains why both component-based as well as service-based multitier architectures support compliance with the requirements set forth in section 6.1. Separation of business and data storage logic The separation of business and data storage logic minimizes the dependency of systems or services on database manufacturers. In response to growing requirements, e.g. concerning performance or availability, the database can be exchanged without having to change the business logic. In addition to this, the same software can be reused with other database products with few difficulties. Separation of presentation and business logic Separating the presentation and business logic offers a technical solution with optimum support for multiple presentation channels, such as different browser types or mobile devices, e.g. personal digital assistants (PDAs). Besides this aspect, the separation of presentation and business logic significantly enhances the structure of the architecture, thereby substantially improving updating capabilities, trouble-shooting, flexibility, reusability and reproducibility whilst at the same time lowering costs in the medium term. Furthermore, such a separation enables the potential distribution of the application to several servers – where one server is responsible for the presentation tier and a second server for the business logic – and it is from here that the services are triggered which in turn can run on other servers. This has a positive impact on operation with regard to security, upgrading capability and scalability. Special attention should be paid here to communication because a less-than-optimum distribution adversely affects performance. Separating client and presentation logic In order to avoid having to install a separate client software for each application, uniform access is recommended via the browser, refer to section 8.5.1 "Access to information with computers" on page 101. Since barrier freedom and security require that eGovernment SAGA 4.0 71 applications remain usable even if all active contents have been deactivated at the client end, the data must be processed at the server end in a separate presentation tier. Different presentations can be generated for different clients on the basis of the respective requirements. Multi-tier architecture The separation of client, presentation logic, business logic and data storage logic leads to a multi-tier architecture: Security Presentation Middle tier Integration components Communication Client Persistence / Backend Figure 6-3: Structural view - multi-layer architecture a. The client tier is where users and software interact. The data processed by the presentation logic as well as the user interface is visualized. The client tier hence represents different access channels reflecting different users, devices, transmission paths, as well as different application purposes in order to interact with special applications. SAGA refers to the following terminal devices: i. Web access via web browsers or special browser plug-ins ii. Mobile phones and personal digital assistants (PDAs) iii. External applications (e.g. ERP systems) b. The presentation tier implements the processing of application data for the client (e.g. as a website) and the interaction between the user and the special application. The presentation tier includes all the standards for communication with the relevant terminal devices of the client tier. c. The middle tier, also referred to as the business tier, implements the business logic irrespective of its presentation and processes the data from the persistence tier. This is carried out on the basis of services and by components when services are unable to perform this. This is where the program sequence is controlled and this steers interaction between the services and components. d. The persistence tier is responsible for the storage of data objects. It abstracts from the database. The backend is the collective term for functionalities of the operating system, 72 SAGA 4.0 specific databases as well as existing, non-SAGA-conformant special applications, legacy or ERP systems. 6.3 Reference software architecture for eGovernment applications Interoperability, reusability, economic efficiency, openness and scalability are the key requirements for eGovernment applications152. The reference software architecture described is based on implementation options and architecture paradigms from section 6.2 which, in turn, are used to fulfil the general requirements contained in section 6.1. This architecture is based on multi-tier architectures and permits both the use of services as well as the direct use of components. Implementation should be object-orientated153. 6.3.1 Architecture decisions Due to the heterogeneous requirements of the different public agencies, it does not make sense to define a reference software architecture based on just one architecture paradigm to be used for all applications. Instead, the approach which is most suitable must be sought for from case to case. The possibility of a service-orientated approach154 should always be examined because this permits a high degree of flexibility, interoperability, reusability and openness. If an organization introduces a service oriented architecture, this usually requires close cooperation between IT and technical staff in order to document existing business processes and to identify suitable services. The advantages of the new approach then become particularly obvious when existing processes are revised with a view to the new architecture. Compared to component-based architectures, service oriented architectures require an additional abstraction level. This abstraction is achieved with communication protocols which are supported by all component platforms. These protocols then usually have a restricted functionality and are less performant than special platform-specific communication platforms. Under the following circumstances, it is advisable to implement a component-based architecture rather than a service oriented architecture: a. The requirements placed on the performance of the application cannot be implemented by a service oriented architecture (e.g. response times). b. The business processes to be supported are so complex that single activities can no longer be implemented as stateless services. c. The flexibility of the service oriented architecture is not required. Detailed recommendations for selecting the suitable architecture paradigms can be found in sections 3.4 "Architekturentscheidungen" [Architecture decisions] and 4 "Fallbezogene Architekturentscheidungen" [Case-related architecture decisions] of "IT152 Refer to section 1.3 "Aims” on page 12 153 Refer to [KBSt 2007], section 3.3.1 154 Refer to section 6.2.2 "Service-orientated software architecture" on page 68 SAGA 4.0 73 Architekturkonzept für die Bundesverwaltung" [IT architecture concept for the federal administration] [KBSt 2007]. 6.3.2 Introduction of a service oriented architecture The following section addresses the organizational challenges and the aspect of costs for the introduction of a service oriented architecture. The main organizational challenges a. The introduction of a service oriented architecture is a complex process because the application landscape is marked by a number of existing systems and there is little room for new development or adaptation. This is why such an introduction can take considerable time. The introduction should be carried out gradually, beginning with a pilot project. b. A host of reusable services are created when services are developed not for a specific application but for many applications in terms of an overall IT structure within the meaning of a development plan for the entire application landscape. This calls for an IT architecture management function which is responsible for the planning and design of the overall IT architecture, refer to "IT-Architekturkonzept für die Bundesverwaltung" [IT architecture concept for the federal administration] [KBSt 2007]. IT architecture management is an ongoing process which involves both strategic and operational elements. c. In contrast to customary architectures or architectures with largely closed individual applications, service oriented architectures have other, frequently more complex requirements or challenges regarding security. In a service oriented architecture, it is no longer the IT security of the individual special applications which has to considered, instead that of all services involved in a special application, which may be operated in a distributed manner, must be considered. These requirements must already be coordinated in the development process with distributed responsibilities and then later in operation. d. Parallel development of services in different projects, which are to be used together in one application, calls for project-spanning project management, i.e. multi-project management. This is the only way in which project-spanning requirements can be fulfilled. e. The project-spanning nature of a service oriented architecture has implications for the organization and performance of testing, for instance, due to a version change in a service. All applications using the service are then affected by test activities. f. The independent further development of services by various suppliers means that changes must be coordinated within the scope of a change management system for all applications. Rules must be defined for new versions of services (release policy), such as the scope and the related test work for all suppliers. g. Distributed responsibility for the development and operation of services calls for a Service Level Management for a suitable and economically sensible level of IT services, although when it comes to specific services, SLAs (Service Level Agreements) must be 74 SAGA 4.0 concluded between service users and service providers. IT operations must be organized in a process-oriented and service-oriented manner. The recommendations of the ITIL155 provide a suitable basis for this. h. Service orientation calls for the development of new billing models which reflect the distributed development and distributed operation of the applications or services, respectively. The introduction of a service oriented architecture leads to investments, especially at the beginning, because the use of new principles and technology means that training will be required for staff and the previously mentioned organizational challenges must be overcome. 6.3.3 Three-tier architecture for services Client When implementing a service with a multi-tier architecture according to section 6.2.3, the presentation tier is omitted, refer to Fig. 6-4. The reason for this is that the services perform their functionality from within the business logic, i.e. the middle tier. The user of the service is another application (client) which may itself be responsible for presenting the results. Service delivery and service use are carried out as described in Fig. 6-2 "SOA reference model" on page 69. Service user Communication protocol Middle tier Services platform Service interface Service components Persistence / Backend Components platform DBMS Integration components Legacy system ERP system Figure 6-4: Model of a three-layer architecture of services 155 Refer to section 7.1 "IT Service Management with the ITIL" on page 79 SAGA 4.0 75 6.3.4 Four-tier architecture for eGovernment systems Client Fig. 6-5 provides an example layout with a concrete structure for a multi-tier architecture of an eGovernment system based on the general description in section 6.2.3. It can be seen that the presentation tier consists of a Presentation Application Server which generates, for instance, HTML and XML data with Java Server Pages. The Business Application Server on the middle tier forms the backbone of the application and performs the special functionalities on the basis of services and components. Via application interfaces (or also service interfaces as shown in Fig. 6-4), external applications and services can access the eGovernment system whilst bypassing the presentation tier. Middle tier Presentation Mobile device Web browser HTML / XML Servlets Java Server Pages Presentation Application Server Application component Application interface J2EE SOAP JMS RMI Business Application Server Persistence / Backend Integration components DBMS Legacy system ERP system Figure 6-5: Example model of a four-layer architecture of eGovernment systems Legacy and ERP systems are integrated via the respective integration components. The systems provide their functionalities via application interfaces or service interfaces. Connectors may be needed in order to achieve modular encapsulation of the legacy systems. 6.3.5 Security In order to implement the requirements for security, the design recommendations contained in the E-Government-Handuch [eGovernment manual] must be considered. The 76 SAGA 4.0 "Sichere Integration von E-Government-Anwendungen - SIGA"156 [Secure Integration of eGovernment Applications] and "Sichere Architekturen für Client-Server-Architekturen für E-Government" [Secure architectures for client-server architectures for eGovernment] modules in the sub-chapter on "IT und IT-Sicherheit" [IT and IT security] are particularly relevant. Although designed for component-based implementation, the architecture principles contained here can usually be applied to service oriented architectures on a oneto-one basis. 6.3.6 Reuse and integration of OFA offers When designing a new eGovernment application, an analysis is conducted in order to determine which services and systems have to be newly developed and which existing services and systems can be used. Special consideration must be given to the OFA services, OFA systems, infrastructures and OFA concepts on the KBSt website157. The term "service" refers to a concept from the business process modelling context which stands for the repeated execution of business activities. The OFA services make their functionality available via interfaces. The properties of the implementation are fully abstracted. Examples of OFA services a. Payment platform (ePayment) b. Directory service c. GeoDataCentre (GDZ) An OFA system is a uniform whole, a software entity, that makes a complex functionality available. OFA systems include the following: a. Form Management System (FMS) b. Content Management System (CMS) c. Travel Management System (TMS) Although the services of infrastructures are not specific to concrete eGovernment applications, they nevertheless have a key role to play in electronic communications between public agencies. The following infrastructures are available, for example: a. Informationsverbund der Bundesverwaltung (IVBV) [Federal Administration Information Network] b. Deutsches Verwaltungsdiensteverzeichnis (DVDV) [German Directory of Administrative Services] c. Public-Key-Infrastruktur der Verwaltung (V-PKI) [Administration Public Key Infrastructure] An OFA concept describes a generally reusable approach for the implementation of specific issues in eGovernment applications. The following concepts are available, for example: 156 Refer to [SIGA] 157 Refer to “OFA offers and networks”: http://www.kbst.bund.de/efa SAGA 4.0 77 a. ArchiSafe b. Online-Beratung (online consultation) If the data security OFA system158 is used, a separate client application (the OSCI client enabler) must be installed at the end of the users of the online service. However, the browser remains the client of choice for eGovernment applications which is why this scenario is not part of the reference software architecture. Client Mobile device Web browser Presentation Presentation Middle tier Middle tier External application Application interface Service interface Persistence / Backend Integration components OFA system Persistence / Backend Middle tier Service interface ERP system Persistence / Backend Specific application OFA service Infrastructure Legacy system ERP system Figure 6-6: Integration of OFA offers More complex eGovernment applications come with integration components so that existing IT applications, such as OFA offers, legacy systems and especially non-SAGA compliant applications, can be integrated. These integration components – as shown in Fig. 6-6 – are directly located in the middle tier. They offer communication possibilities with applications, such as ERP solutions, in as far as these applications are not available as a 158 Refer to the data security OFA system ("virtual post office") http://www.kbst.bund.de/efa-vps 78 SAGA 4.0 service and can be triggered via a service interface. In the latter case, no special integration components are required. SAGA 4.0 7 79 Engineering viewpoint: IT service management and reference infrastructure This chapter describes operating processes and the establishment of an effective and secure infrastructure as the Engineering Viewpoint according to RM-ODP159. Today's data protection, data security, efficiency and availability requirements for eGovernment are setting high standards for operators of applications and technical infrastructures. This is why a suitable technical infrastructure has to be set up for the applications from the physical resources and suitably connected for users through the network level to the external services which can only be successfully and securely operated within the scope of ongoing processes of IT service management. 7.1 IT Service Management with the ITIL As a best practice, the "IT Infrastructure Library" (ITIL) provides an established basis for designing, implementing and managing essential control processes in IT. During the preparation of SAGA 4.0, an upgraded ITIL, version 3.0, was issued. In order to use a tried-and-tested approach as a basis and to be able to refer to German literature, ITIL version 2.0, which is supported by KBSt documents, is presented in the engineering viewpoint. 7.1.1 Introduction to ITIL ITIL is oriented towards customers, services and processes and comprises eight closely interlinked publications on main topics which address support for business processes by IT processes. IT service management is broken down into the following processes: a. tactical processes for planning and implementing service requests (service delivery), as well as b. operative processes to support the quality and economic efficiency of the services in day-to-day operation (support service), which are introduced in brief in a study by BSI and supplemented with synergies with IT security which is also implemented as a continuous process160. Successful IT service management requires interaction between the individual processes whilst mutual control also takes place. ITIL describes in this context the tasks of the processes, however, the specific demarcation can be chosen according to the specific circumstances. Since the processes must be continuously operated, this requires concrete responsibilities. According to ITIL, this means that roles must first be defined for the respective process managers which must then be filled by individuals. An individual can 159 Refer to chapter 3 "Architecture model for eGovernment applications", section 3.5 "Engineering viewpoint" on page 34 160 Refer to [BSI 2005] 80 SAGA 4.0 assume several roles in this context as long as this does not result in a conflict of interest and representation is secured. This means that when ITIL is introduced, the coordination of processes and responsibilities must begin. SERVICE DESK SERVICE DELIVERY SERVICE SUPPORT Service Level Management Incident Management Availability Management Problem Management IT Service Continuity Management Capacity Management Configuration Management Change Management Release Management Finance Management Figure 7-1:Overview of ITIL processes The ITIL processes communicate with each other via commonly used information collections. The control of the processes depends heavily on reporting which is integrated into all ITIL processes in order to assure quality. Object success control is also supported by ITIL through the use of so-called key performance indicators. 7.1.2 Tactical IT Service Management processes (Service Delivery) For eGovernment applications as services, concrete service requests by customers must be planned and lastingly implemented. For this purpose, ITIL calls for the operation of the Service Delivery processes. Service Level Management When developing a new eGovernment application, the service provider and the customer negotiate customer requirements as a concrete service offer in a service agreement (Service Level Agreement, SLA). This is where functionalities, as well as non-functional requirements, such as performance (according to the number of users active at the same time) or availability (with maximum downtimes and recovery times), are co-ordinated. The aim is to draw up a clear definition of the expectations of both sides regarding a new SAGA 4.0 81 service. In addition to the first-time creation of an SLA, subsequent customer requests and the monitoring of compliance with the SLA are also handled by the Service Level Management process. This process steers and monitors both the performance and the quality of a service. Availability Management Availability Management steers the functional provision of eGovernment applications during the required working hours. The aim is to achieve cost-efficient control of uninterrupted availability in line with business requirements. Dependencies on external service providers, e.g. due to maintenance agreements, must also be considered. IT Service Continuity Management (ITSCM) IT is an important production factor; its continued functioning must be planned in IT Service Continuity Management (ITSCM) even under the impact of disasters in the ITIL process. This is carried out within the scope of Business Continuity Management (BCM) which ensures that the business processes are restarted in order to secure the required minimum production capacities. Capacity Management The economic use of IT resources should be controlled on a long-term basis for competitive services using the ITIL Capacity Management process. Financial Management Controlling costs for eGovernment applications and hence planning and controlling economic efficiency, e.g. in a budget process, are carried out by the ITIL Financial Management process. This can also manage the billing of services to customers. 7.1.3 Operative IT Service Management processes (Service Support) The service quality of eGovernment applications can only be steered in conjunction with the operative side. The IT services are performed on a day-to-day basis by the ITIL Service Support processes. Service Desk Effective communication with customers is an efficient precondition for the successful operation of eGovernment applications. This means that customers or users must be provided with quick and simple contact to IT. According to ITIL, this means that a central point of contact, the Service Desk, must be set up in order to bundle communications economically whilst providing ongoing user support. In the case of eGovernment applications, communication with citizens can also take place via the Service Desk. In order to boost acceptance, it should be possible to reach a service desk through a number of different communication paths, such as telephone, email, or web applications. 82 SAGA 4.0 Incident Management Reports of incidents, as well as general queries, must be collected and promptly handled. The ITIL Incident Management process receives reports from users, responds by ensuring consistent handling with the least possible annoyance for the user, and informs the user of the status of trouble-shooting activities. In order to ensure a high degree of satisfaction among users, trouble-shooting as set forth in the SLA (refer to "Service Level Management" on page 80) is monitored on the basis of the support level and, if necessary, stepped up by way of escalation. Incident management should be supported by software, such as a ticketing system (also referred to as a trouble ticket system), in order to be able to manage messages and communicate these to other processes and also in order to evaluate them. Incident management also includes reports on security incidents and is hence of considerable importance for information security161. Problem Management If immediate and clearly identification of incidents and trouble-shooting are not possible, Incident Management can restore the service quickly for the user with a bypass solution. At the same time, however, Incident Management commissions the ITIL Problem Management process to search for the fault. The elimination of the causes of the incident, which can also be carried out proactively, improves the reliability and economic efficiency of IT services. Configuration Management The operation of eGovernment applications requires an information basis for all IT service management processes. The ITIL Configuration Management process manages information concerning the properties and relationships of all components of the IT infrastructure. This also includes archiving master copies of the software used. The other ITIL processes can use this information or can also report changes in configuration. Change Management Applications, infrastructure, documentation, processes and methods must be modified and amended in order to further develop IT or eliminate the causes of incidents. The ITIL Change Management process is used to steer and control these changes. One key aspect here is agreement among all those involved about the expected effects of the planned changes in a so-called change-release committee (Change Advisory Board, CAB). Release by the CAB is a prerequisite for reducing, to a reasonable level, the risk of endangering the availability of IT services as a result of change conflicts. Changes must be tested and secured through suitable fall-back procedures. A regularly updated change calendar simplifies coordination. Release Management Infrastructures are further developed in new releases. The ITIL Release Management process covers the planning, design, generation, configuration, testing, acceptance and 161 Refer to [BSI 2005] SAGA 4.0 83 putting into operation of a software or hardware version for a production environment. Releases must be planned in line with a version policy, adequately tested prior to release and, in order to secure ongoing operations, taken into production (roll-out) under the control of Change Management. Release Management is linked to IT procurement and to contract managements as described in the KBSt publication series (e.g. "ITIL and IT procurement"162). 7.1.4 IT security IT security is an important basis for successful eGovernment applications. For this purpose, a separate dedicated publication on Security Management is issued in ITIL which refers to a far-reaching linking of the Security Management process with the IT Service Management processes. Furthermore, with a view to security management, ITIL also refers the BS 7799163 standard by the British Standard Institution; their recommendations are considered as the international standard ISO/IEC 279001 in the BSI's IT-Grundschutz [IT Baseline Protection] in BSI-Standard 100-1. Generally speaking, the recommendations by the German Federal Office for Information Security (BSI) on the security of eGovernment applications164 and the BSI's IT-Grundschutz [IT Baseline Protection] (former IT-Grundschutzhandbuch [IT Baseline Protection Manual])165 must be taken into consideration here. When planning eGovernment applications, IT security must be included from the very beginning166. In the interest of economic efficiency, IT security measures must be reasonable. A protection requirement report, like the one recommended in BSI-Standard 100-2167 should be drafted as early as possible in order to serve as a basis. Such a protection requirement report classifies the IT infrastructure on the basis of possible damage in the protection requirement categories of normal, high and very high. When a normal protection requirement for eGovernment applications is found, the standard measures recommend in the IT-Grundschutzkataloge [IT Baseline Protection catalogues] can be used. In the case of high or very high protection requirements, a risk analysis based on BSI-Standard 100-3168 should be additionally carried out with the support of the IT-Grundschutzkataloge [IT Baseline Protection catalogues]. This can be used not just to evaluate the extensively described risks but also to adopt extended measures from the ITGrundschutzkataloge [IT Baseline Protection catalogues] or additional measures from the E-Government-Handuch169 [eGovernment manual] in order to compensate for higher risks. The work involved in operating a secure infrastructure may not be economically feasible for smaller public agencies so that it could make sense to outsource this to the computer centres of external IT service providers of higher-level public agencies. 162 Refer to http://www.kbst.bund.de/itil, box 2Produkte & Dokumente" [Products & Documents] > "ITIL und IT-Beschaffung" [ITIL and IT procurement] 163 Refer to http://www.bsi-global.com/ 164 Refer to the eGovernment manual at: http://www.bsi.bund.de/fachthem/egov/3.htm 165 Refer to IT baseline protection catalogues at: http://www.it-grundschutz.de/ 166 Refer to section 8.1" IT security concept" on page 91 167 Refer to http://www.bsi.de/literat/bsi_standard/standard_1002.pdf 168 Refer to http://www.bsi.de/literat/bsi_standard/standard_1003.pdf 169 Refer to http://www.e-government-handbuch.de/ 84 7.2 SAGA 4.0 Design of an eGovernment infrastructure The purpose of introducing a reference infrastructure in SAGA is to define the infrastructural preconditions necessary for operating eGovernment applications and the required system structure. The following goals are to be achieved in line with the protection requirements by defining parameters for a reference infrastructure in the sense of an operating environment. a. Suitable physical protection of systems b. Suitable availability of systems c. Suitable security of systems and their components d. Classification of systems and their components according to separate security zones Users / External services External specific External application specific User User Central OFACentral offeringOFA application offering Network Internet Extranet, VPN IVBV Network access Infrastructure Information & service zone Access control Access control Access control Logic & processing zone Access control Data backup Management zone Access control Access control Data zone External backup Figure 7-2: Engineering viewpoint of an eGovernment application SAGA 4.0 85 e. Scalability of systems and infrastructures f. Simple service, efficient maintenance and updating of complex systems and their components by operating personnel Fig. 7-2 on page 84 shows a general overall view of a distributed eGovernment application with the user, network and infrastructure areas. Both the network and the user areas are typically beyond the control of the operator of an eGovernment application and hence do not form a focal point of interest in this discussion. The infrastructure area, in contrast, is controlled by the operator and must feature a suitable system structure in order to meet the operational requirements for eGovernment applications. The requirements for a computer centre and its IT infrastructure will be described in the following sections. 7.2.1 Physical infrastructure Servers and IT systems must be installed in suitable locations if they are to be protected against force majeure, such as lightning, fire, water, excessively high temperatures, or technical failure, such as power outages, as well as organizational shortcomings, such as unauthorized access to protected rooms. This is why computer centres planning to operate eGovernment applications should use the protection requirement report in order to implement the required IT security measures according to the BSI's ITGrundschutzkataloge [IT baseline protection catalogues]. These measures include, for instance: a. Installing IT systems in suitable rooms b. Controlling access to these rooms c. Suitable fire detection and fire-fighting systems d. Suitable power supply systems e. Suitable air-conditioning systems f. Data backup according to the related data backup concept 7.2.2 Zone concept and communication relations The systems inside the computer centre are located in different zones which are defined on the basis of the relevant safety and security requirements for the services and data of the respective zones. In order to ensure that the zone concept covers the general protection requirements of eGovernment applications, at least the four zones described below should be implemented within a computer centre's infrastructure. Operation of complex eGovernment applications may require additional zones. These zones should be adequately separated according to the basic structures for security gateways170, i.e.: 170 BSI IT baseline catalogues, measure M 2.73, Selecting suitable basic structures for security gateways, http://www.bsi.de/gshb/deutsch/m/m02.htm 86 SAGA 4.0 a. Any network component (router, switch, hub, etc.) can only be used as an interface between one zone and another, so that any network component only passes on data concerning or originating from the two zones directly connected to it. This prevents any mixing up of data streams in the case of a fault or deliberate attack. b. A server system can host the systems of a single zone only. This means that distributed applications must run on server systems in different zones. c. A server system with eGovernment applications requiring communication connections to several zones must include a corresponding number of physically and logically separated network connections (e.g. multiple network cards). This system thereby rules out a transition from one zone to another. Information and services zone The information and services zone covers that part of the network which is located between the Internet and the other zones of the network. This zone contains servers which can be accessed by external networks or which, for their part, use the services of external networks. Further information zones should be set up if systems with different security levels are to be operated. In line with protection requirements, communications between the systems of the information and services zone and the systems of the logic and processing zone should be protected by encrypted communication channels. Logic and processing zone The systems of this zone process data from the data zone and make such data available to users via systems of the information and services zone. Direct communication between external networks – such as the Internet – and the logic and processing zone is not permitted. Data zone The data zone contains all the systems where data is stored and made available for longer periods of time. Access to this zone is permitted from the processing zone and the management zone only. Direct access from external networks is not permitted under any circumstances. In the same way, direct access from this zone to other zones is not permitted. One exception to this is the management zone. Management zone The management zone contains all the systems which are needed for administrative purposes or for monitoring systems in other zones. Furthermore, this zone can also contain central user administration or authentication services. Access from the management zone to other zones and vice versa is hence permitted. Access from within external networks to the management zone is not permitted under any circumstances. SAGA 4.0 87 Data backup Every zone should include its own data backup components. Data of the information zones should also be backed up in this case via protected communication channels. 7.2.3 Network access and access control Security gateways control the separation of the individual zones within the computer centre as well as access by and to external networks. Different technologies can be used for these purposes. The interface between the information and services zone and external networks is the most security-critical point and is hence protected by a combination of multiple security mechanisms. Different network segments and address areas are separated here on the network protocol level. Internal network addresses are masked and are hence not published in external networks. In the case of small networks on an IPv4 basis without a high protection requirement, this can also be carried out with Network Address Translation (NAT). Furthermore, filter mechanisms are in place in order to ensure that access from external networks is restricted to defined services in the information and services zone. The filter rules are typically implemented on firewalls or firewall routers which screen the information in the headers of the incoming data packages on the basis of package filters and reject unauthorised access attempts. Furthermore, application gateways can be used which fully isolate communications, validate data streams on the application level and, when necessary, implement a protocolconforming re-generation of requests. The communication relations between the internal zones are also controlled by security gateways. In order to adequately control access to the sensitive areas of the logic and processing zone as well as the data zone, firewalls should be used because of their comprehensive filter options. These firewalls work on the basis of dynamic package filters (stateful inspection) and are capable of monitoring not just individual packages but even communication streams involving multiple packages. Dynamic package filters enable the validation of network connections not just on the basis of invariable rules, but additionally even on the basis of historical communication relations. Thanks to simple and flexible administration, VLAN technology is the system of choice for controlling access to the systems in the management zone. For this purpose, all the systems requiring access to a service in the management zone are combined to form a virtual network segment (VLAN). In order to prevent unwanted communication between the individual zones via the VLANs of the management zone, all the systems are fitted with a second network interface which may not be used for any purposes other than administration and which is fitted with a package filter. Using VLAN technology for connecting any zones other than the management zone is not recommended for security reasons. 88 7.3 SAGA 4.0 Networks as the link between an infrastructure and external services and users The network level is the link between the systems of the computer centre infrastructure and external services as well as users of eGovernment applications, refer to Fig. 7-2 "Engineering viewpoint of an eGovernment application" on page 84. This level also contains the Internet, TESTA (Trans-European Services for Telematics between Administrations), the Informationsverbund der Bundesverwaltung (IVBV) [Federal Administration Information Network], the Informationsverbund Berlin-Bonn (IVBB) [Berlin-Bonn Information Network] as well as other VPN-based networks or extranets. In-house intranets also form part of the network level. Although a clear consolidation trend has been observed in recent years in the field of network technologies, many different technologies are still in use. However, abstraction to higher protocol or application levels can render the system interoperable, so that SAGA does not give concrete technology recommendations for the network level. From the point of view of the engineering viewpoint of an eGovernment application, however, secure and performant communication with the Internet, TESTA, IVBV, IVBB or extranets has an important role to play in order to ensure reliable access to users and external services. When eGovernment applications are designed, the necessary bandwidths must hence be made available on the basis of an assessment of the anticipated network communication, and the access control mechanisms described in section 7.2.3 must be implemented. 7.4 Access to external services External services use the infrastructure of eGovernment applications via networks, refer to Fig. 7-2 "Engineering viewpoint of an eGovernment application" on page 84. 7.4.1 Deutsches Verwaltungsdiensteverzeichnis [German Directory of Administrative Services] The Deutsches Verwaltungsdiensteverzeichnis (DVDV)171 [Germany Directory of Administrative Services] forms a universal infrastructure for eGovernment in Germany. This is where the addressing parameters of the public administration's online services are stored in XML format. These are primarily technical descriptions of the services in WSDL format172 as well as supplementary URLs and cryptographic certificates. The DVDV makes it possible to find all the information required for automated machine-to-machine communication in machine-readable form. This is the basis for fully automated online services between machines which are nevertheless secure and legally binding. 171 Refer to http://www.dvdv.de/ 172 Web Service Description Language; refer to section 8.7.1.1 "Middleware communication within the administration” on page 121 SAGA 4.0 89 The LDAP173 directory service standard is the technical basis for this and defines the structure for the storage and retrieval of DVDV information. The core of the DVDV is the central federal master which is provided by the Bundesstelle für Informationstechnik (BIT) [Federal Office for Information Technology], refer to Fig. 7-3. This is the only place where write access to the data stocks is possible. Data updating is carried out by the connected, authorised offices in the federal states. The federal master continuously mirrors its data stock on distributed (e.g. in the federal states) DVDV federal-state servers which share the query load for the individual data retrievals. OSCI transport protects the updating and replication of the WSDL files and the supplementary parameters. TESTA network DVDV fed. state server 1 Other networks / Internet Agency network / infrastructure DVDV update client (per fed. state) DVDV federal master Agency 1 procedure Agency 2 procedure DVDVfed. state server 2 DVDV fed. state server n Clearing house A Clearing house B Agency 3 procedure Agency 4 procedure Agency 5 procedure Figure 7-3: Structure of the German Directory of Administrative Services The first application since 1 January 2007 is the implementation of the Framework Act on Registration, which was revised in 2002, especially the part concerning data transmissions between federal states. This makes paper-based responses and updating of the civil register obsolete. Instead, the exchange of data between participating public agencies is exclusively electronic and automated. Other services already integrated (as per mid-2007) are the services of the Federal Central Tax Office for communication with the registration authorities within the scope of issuing uniform tax ID numbers and the municipal core identity register of the Free State of Saxony. The architecture of the DVDV is designed in such a manner that any automated communication relationships in eGovernment can basically use its services. 173 Lightweight Directory Access Protocol, refer to section 8.8.1 “Directory services and registries“ on page 130; the open source reference implementation OpenLDAP is used for DVDV, refer to http://www.openldap.org 90 SAGA 4.0 BIT operates the coordination office of the DVDV. This secures the flow of information to users and service providers. Queries can be sent to the DVDV via the e-mail address: dvdv@bva.bund.de. 7.4.2 Use of OFA offers Within the scope of the federal administration's one-for-all offers (OFA offers)174 – broken down into OFA services, OFA systems, OFA concepts and infrastructures – offers that can be used by public agencies to integrate their eGovernment applications are made available via the Internet and via the IVBV. Services, such as the ePayment OFA service175, can be accessed via the web service interfaces on the Internet. For this purpose, the OFA service provides the web service interfaces required at the server end along with a reference implementation for accessing the web services by the relevant eGovernment application. Communication with external special applications of other public agencies or enterprises proceed in a similar manner; middleware communication interfaces may be used for these purposes too. De-centralized OFA offers, on the other hand, such as the OFA data security systems176 and the form management system177, are implemented within the computer centre infrastructure of the different public agencies. The rules already described in section 7.2 "Design of an eGovernment infrastructure" on page 84 should be observed in this case too. 174 175 176 177 Refer to section 6.3.6 "Reuse and integration of OFA offers" on page 76 Refer to OFA service - Payment platform ("ePayment"): http://www.kbst.bund.de/efa-zvp Refer to OFA system - Data security ("virtual post office") http://www.kbst.bund.de/efa-vps Refer to OFA system - Form Management System: http://www.kbst.bund.de/efa-form SAGA 4.0 8 91 Technology viewpoint: Standards for IT architecture and data security In this chapter, technical standards are assigned to the individual elements of the architecture model introduced in chapter 3. Furthermore, this chapter also provides brief descriptions of these technical standards. If no version numbers of standards are stated, the version which is most stable from a market point of view should be used, even though this is not necessarily the latest version. The meaning of the classifications "Mandatory", "Recommended" and "Under observation" are described in more detail in section 2.3.1 "Classification in SAGA" on page 20. 8.1 IT security concept The standards for IT security presented recommend a system approach in order to achieve and maintain a suitable level of IT security. For this purpose, an IT security concept will be drafted and further-developed in an IT security management process which will be continuously operated following its initiation. Since December 2005, the Germany Federal Office for Information Security (BSI) has recommended and supported an approach in several BSI-Standards and the IT-Grundschutzkataloge [IT baseline catalogues] which was previously presented in the IT-Grundschutzhandbuch (IT-GSHB) [IT Baseline Protection Manual]. 8.1.1 Management systems for information security The first step towards a comprehensive IT security concept requires the creation of a management system for information security. Mandatory: BSI-Standard 100-1: Managementsysteme für Informationssicherheit (ISMS) v1.0 [BSI standard 100-1: Management systems for Information Security] BSI standard 100-1178 with the general requirements for an ISMS (information security management system) should be applied within the scope of the security concept. The standard is fully compatible with ISO standard 27001 and also considers the recommendations of ISO standards 13335 and 17799179. 8.1.2 IT baseline protection approach In the interest of the economic efficiency of the IT security concept, only those IT security measures must be adopted for the IT application and the data to be processed which are 178 Refer to http://www.bsi.de/literat/bsi_standard/standard_1001.pdf 179 Refer to http://www.iso.org/ 92 SAGA 4.0 suitable for the protection requirement identified. The system approach for the IT concept involves steps such as the protection requirement analysis. Mandatory: BSI-Standard 100-2: IT-Grundschutz-Vorgehensweise v1.0 [BSI standard 100-2: IT baseline protection approach] In December 2005, the German Federal Office for Information Security (BSI) published its "BSI-Standard 100-2: IT-Grundschutz-Vorgehensweise"180 [BSI standard 100-2: IT baseline protection approach]. The standard describes how IT security management can be set up in practice and operated. It should be used within the scope of the IT security concept. With this approach, IT security concepts can be created, simply and efficiently, whilst IT security can be maintained and improved in ongoing operations. 8.1.2.1 Protection aims Protection aims define the security interests of communication partners in a general form: a. Confidentiality – protection against disclosure to unauthorized parties: No data is made available or disclosed to unauthorized individuals, entities or processes. Confidentiality is ensured by encrypting the information (cryptography). b. Integrity – protection against manipulation: Unauthorized modification or destruction of data is not possible. This includes information concerning the origin or time of creation. Integrity is ensured by encrypting the information (cryptography) or by the use of signatures. c. Availability – protection against failure of IT systems: The properties of an entity and/or resource can be accessed and/or used when this is desired by an authorized entity. A high degree of availability is achieved through multiplicity, distribution and error tolerance. 8.1.2.2 Protection requirement categories The protection requirements must be identified for each IT application of the data processed. These requirements are a function of the potential damage that can be caused by impairment of the IT application in question with regard to the protection aims defined in section 8.1.2.1. A protection requirement category can be assigned to every protection aim in order to evaluate applications from a security point of view. In "BSI-Standard 100-2: IT-GrundschutzVorgehensweise" [BSI standard 100-2: IT baselines protection approach], the following classification is hence made: 180 Refer to http://www.bsi.de/literat/bsi_standard/standard_1002.pdf SAGA 4.0 93 Protection requirement categories "Normal" The impact of loss or damage is limited. "High" The impact of loss or damage may be considerable. "Very high" The impact of loss or damage can reach catastrophic proportions and could threaten the very existence of the agency/company. Table 8-1: Protection requirement categories One particular aspect which must be considered when determining protection requirements is whether personal data is processed in order to ensure that data protection laws are adhered to. SAGA does not explain any data protection measures. The EGovernment-Handbuch [eGovernment manual] (module: Datenschutzgerechtes EGovernment181 [Data-protection-compliant eGovernment]) contains data protection information with regard to frames of reference, challenges and recommended actions. 8.1.3 Risk analysis Mandatory: BSI-Standard 100-3: Risikoanalyse auf der Basis von IT-Grundschutz v2.0 [BSI-Standard 100-3: Risk analysis on the basis of IT baseline protection] BSI standard 100-3182 for additional risk analysis following the IT baseline protection analysis should be applied to areas with security requirements that go a long way beyond what is normally required. The reasons for a risk analysis could be a high or very high security requirement, the use of applications or components not (yet) addressed in the IT Baseline Protection Catalogues, as well as the operation of application scenarios (environment, application) not considered in IT baseline protection. 8.1.4 Implementation of the security concept Mandatory: Industrial Signature Interoperability Specification – MailTrusT (ISIS-MTT) v1.1. ISIS-MTT v1.1183 specifies fundamentals, standards and profiles for implementing security concepts. This specification was the result of the merger of the Industrial Signature Interoperability Specification (ISIS) and MailTrusT (MTT). ISIS-MTT is a delta specification which is based on existing, relevant international standards (S/MIME, PKIX, PKCS, X.509, ETSI, CEN ETSI) and which defines these in precise detail for use in practical application. The specification focuses on conformance requirements which must be fulfilled by compliant PKI components and applications during the generation and processing of certain data objects, such as certificates. The ISIS-MTT specification chiefly consists of a kernel document which is exclusively based on the profiling (restriction of optional characteristics) of international standards and which is hence expected to ensure interoperability on an international scale. This core 181 Refer to the eGovernment manual (http://www.bsi.bund.de/fachthem/egov/6.htm), chapter II, module "Data-protection-compliant eGovernment" 182 Refer to http://www.bsi.de/literat/bsi_standard/standard_1003.pdf 183 Refer to http://www.isis-mtt.org/ 94 SAGA 4.0 specification is mandatory for all manufacturers and suppliers and can be supplemented by optional profiles as required. The "SigG Profiles" and "Optional Enhancements to the SigGProfile" already available describe the current status of qualified signatures in Germany. The kernel document of the ISIS-MTT specification consists of eight parts with the following contents: 1. Establishing public-key certificates, attribute certificates and certificate revocation lists 2. Setting up and sending requests to the certification authority (PKCS#10) and replies from the certification authority (PKCS#7) 3. Setting up encrypted and signed messages 4. Requests for public-key certificates, attribute certificates and certificate revocation lists using LDAP, OCSP184, FTP or HTTP; setting up queries and responses to and from timestamp units 5. Validity check for public key certificates and attribute certificates 6. Approved algorithms for hash functions, signatures, encryption, authentication of messages to and from the certification authority; approved algorithms for XML Signature and XML Encryption 7. Description of the "Cryptographic Token Interface" (PKCS#11) with data types and functions 8. Profiling and expanding XML signatures and XML encryption Mandatory: BSI, IT-Grundschutz-Kataloge [IT Baseline Protection Catalogues] The BSI's IT-Grundschutz-Kataloge185 [IT Baseline Protection Catalogues] should be applied and the standard security measures described there should be implemented. The use of module, measure and risk catalogues supports a component-orientated work approach with which IT security concepts can be implemented easily, efficiently and effectively. Recommended: KoopA ADV, Handlungsleitfaden für die Einführung der elektronischen Signatur und Verschlüsselung in der Verwaltung v1.1 [Guideline for the Introduction of the Electronic Signature and Encryption in the Administration] The Handlungsleitfaden für die Einführung der elektronischen Signatur und Verschlüsselung in der Verwaltung [Guideline for the Introduction of the Electronic Signature and Encryption in the Administration] issued by the KoopA ADV186 is designed to facilitate solutions to cryptographic problems for selected projects in the public administration, and is hence primarily devised as a working aid for public agencies. Typical problems and tasks are defined in the form of scenarios for which potential solutions are identified and described. 184 OCSP = Online Certificate Status Protocol 185 Refer to http://www.bsi.de/gshb/deutsch/ 186 Refer to http://www.koopa.de/projekte/pki.html SAGA 4.0 95 Recommended: BSI, E-Government-Handbuch [eGovernment manual] The BSI E-Government-Handbuch187 [eGovernment manual] contains organizational and technical recommendations concerning the use of IT in eGovernment applications. When it comes to developing an eGovernment application within the meaning of SAGA, the security-related recommendations contained in the manual are particularly relevant188. The chapter on "IT und IT-Sicherheit" [IT and IT security] contains security recommendations in the following modules: 1. General information on secure eGovernment applications 2. Authentication in eGovernment 3. Optimization of web content retrieval 4. Secure integration of eGovernment applications 5. Secure payment methods for eGovernment 6. Secure communication in eGovernment 7. Secure client-server architectures for eGovernment 8. eGovernment without active content The recommendations of the E-Government-Handbuch [eGovernment manual] should always be taken into consideration especially when a protection requirement category is "high" or "very high"189 – i.e. when the requirements for IT security go beyond the scope of IT baseline security. The E-Government-Handbuch [eGovernment manual] provides recommendations here for the design and implementation of a corresponding level of IT security. 8.2 Process models 8.2.1 Technologies for process modelling Mandatory: Role models and flow charts Role models and flow charts should be used to define simple processes. All the roles and systems related to a process must be identified, and the process steps must be described in the form of flow charts. In a broader sense, flow charts should be orientated towards DIN 66001: "Informationsverarbeitung, Sinnbilder und ihre Anwendung" [Information processing, symbols and their use]. 187 Refer to http://www.bsi.bund.de/fachthem/egov/3.htm 188 Refer to http://www.bsi.bund.de/fachthem/egov/6.htm#Kapitel_IV, sub-chapter IV B: "IT and IT security" 189 Refer to section 8.1 "IT security concept" on page 91 96 SAGA 4.0 Mandatory: Unified Modeling Language (UML) v. 2.0 The Unified Modeling Language (UML)190 should be used for object-orientated modelling in the preparation and documentation of large projects. Use cases and activity diagrams are a particularly tried-and-tested way of creating and co-ordinating transparent specifications. These specifications can be reused with the respective tools. 8.2.2 Interchange formats for process models Recommended: XML Metadata Interchange (XMI) v2.x XML Metadata Interchange (XMI)191 is a standard of the Object Management Group (OMG) which should be used in XML for the notation and interchange of Meta Object Facility (MOF)-based models (example: UML). This format is open and manufacturer-independent. UML 2.0192 can be transformed to XMI 2.0 and XMI 2.1. XMI v2.0.1 was standardized as ISO/IEC 19503:2005193 . 8.3 Data models 8.3.1 Technologies for data modelling Mandatory: Entity Relationship Diagram (ERD) Entity Relationship Diagrams should be used when developing relational database schemas. Functional data models for a special rough concept should also be presented using ER diagrams. Mandatory: Unified Modeling Language (UML) v. 2.0 UML should be used in data modelling for object-orientated applications. Class diagrams, for instance, are the approach of choice and can also be used in other applications or by other tools. XML data structures can be directly generated from the corresponding specifications. 8.3.2 Interchange formats for data models Mandatory: XML Schema Definition (XSD) v1.0 XML schemas according to the World Wide Web Consortium (W3C)194 should be generated using the XML Schema Definition (XSD) for the structured description of data. 190 191 192 193 194 Refer to http://www.uml.org/ Refer to http://omg.org/technology/documents/formal/xmi.htm Refer to section 8.2.1 "Technologies for process modelling" on page 95 Refer to http://www.iso.org/ Refer to http://www.w3.org/XML/Schema SAGA 4.0 97 Recommended: Regular Language Description for XML New Generation (Relax NG) The ISO standard (ISO/IEC 19757-2:2003195) Relax NG196 can, just like the XML Schema Defini tion (XSD), be used for the structured description of data. Relax NG is less widespread than XSD and has less tool support. However, it is simpler, easier to read and yet more expressive. Although XSD is mandatory for the structured description of data, the use of Relax NG is still possible because Relax-NG schemas can be transformed to XML schemas using (Open Source) tools197. Recommended: XML Metadata Interchange (XMI) v2.x Analogous to section 8.2.2 "Interchange formats for process models" on page 96. 8.3.3 Description language for metadata of files Recommended: Resource Description Framework (RDF) Resource Description Framework (RDF)198 is a language for presenting information about resources on the web that was developed by W3C. RDF is designed to describe metadata and ontologies and hence forms an important part of Semantic Web. RDF makes it possible to declare vocabulary, i.e. to define terms, so that the relevant information about resources is described in such a manner that it can be gathered, integrated and reused. Simple vocabulary, such as Dublin Core, can also be used in RDF. RDF should be used to describe metadata for web resources. Recommended: Dublin Core (DC) Dublin Core (DCMI Metadata Terms)199 is a widely used standard which was standardized by ISO200 and NISO201. The standard is a development of the Dublin Core Metadata Initiative (DCMI). The latest version was standardized by NISO in May 2007 – the revision is still based on the ISO 15836-2003 standard from February 2003. This standard should be used for the metadata description of websites, digital objects and documents. The second chapter of the specification ("The Dublin Core Metadata Element Set") contains the 15 core elements of the standard: contributor, coverage, creator, date, description, format, identifier, language, publisher, relation, rights, source, subject, title and type. Each element corresponds to a property and a certain value can be assigned to each property. They are optional and can be used as often as required to describe an object. Other sub195 196 197 198 199 200 201 Refer to http://www.iso.org/ Refer to http://www.relaxng.org/ Refer to http://www.thaiopensource.com/relaxng/trang.html Refer to http://www.w3.org/TR/rdf-primer/ Refer to http://dublincore.org/documents/dcmi-terms/ Published as ISO 15836:2003, refer to http://www.iso.org/ Published as ANSI/NISO Z39.85 - 2007, refer to http://www.niso.org/standards/index.html 98 SAGA 4.0 elements – called "refinements" or "qualifiers" – are available for certain elements, and enable a more precise description of resources. The elements of Dublin Core can be used in HTML/XHTML and RDF/XML documents. In HTML documents, Dublin-Core metadata can be stated with the META element in the document header. 8.4 Application architecture This section defines programming languages and technologies for implementing the application architecture. The first part defines standards for the middleware of the eGovernment architecture module with special emphasis on the aspect of application integration. This is followed by an extension of the standards to cover applications without middleware or with a low middleware share, respectively, so that the middleware standards can also be used for simpler applications. The specifications and recommendations are based on the design principles of operatingsystem neutrality, interoperability and portability. Middleware services – such as replication, distributed transaction management, personalization, internationalization, messaging, etc. – are referenced in the current version to a certain extent. Deviations from preferred technologies (i.e. mandatory, recommended technologies) are acceptable in justified cases, for example, in the case of significant economic advantages. 8.4.1 Application architecture with middleware Mandatory: Java Platform, Enterprise Edition (Java EE) v5 Technologies of the Java Platform, Enterprise Edition (JavaEE)202 should be used to develop and integrate the following applications (integrated applications) on the middle tier: a. one-for-all offers (OFA offers)203, b. applications which directly integrate basic components or libraries provided for this purpose, and c. applications designed, as a whole or in part (components), for re-use (porting). Java EE is a specification which defines several programming interfaces and a development process. Java EE in its entirety constitutes an architecture that considers and supports major aspects of business-critical applications. Java EE already offers important function modules which can be used to develop applications. Since version 1.4204, these also include standard programming interfaces (APIs) and technologies as so-called core libraries: Java Authentication and Authorization Service (JAAS), Java API for XML Parsing (JAXP) and Java Naming and Directory Interface (JNDI). All the core libraries should be given preference over alternative technologies. 202 Refer to http://java.sun.com/javase/ 203 Refer to section 6.3.6 "Reuse and integration of OFA offers" on page 76 204 Published as JSR-000151, refer to http://www.jcp.org/en/jsr/detail?id=151 SAGA 4.0 99 The difference between Java EE v5205, which was finalized in May 2006, and its predecessor J2EE v1.4 can be found especially in the upgrading capacity of applications and the simplification of the programming model. Enhancements were also made, for instance, to the definition and use of web services and the mapping of Java classes to XML and databases. Compared to Java SE v5, Java EE v5 offers the following APIs and technologies as so-called optional libraries: a. Java Message Service (JMS) v1.1 b. J2EE Connector Architecture (JCA) v1.5 c. Java Transaction API (JTA), d. JavaMail API v1.4, e. Java Management Extensions (JMX) v1.2, f. Enterprise JavaBeans (EJB) v3.0206, g. Java Server Faces (JSF) v1.2207, h. Java Server Pages (JSP) v2.1, and i. Java Servlet API v2.5. Thanks to the Java Community Process208, more and more application-near elements will increase the diversity of Java EE in the near future. New elements are defined via so-called Java Specification Requests (JSR). Mandatory: Java Platform, Standard Edition (Java SE) v5 If an application does not require full Java EE functionality, neither initially nor on a permanent basis, Java EE technologies should be used individually as an alternative solution. The basis for this is the Java 2 platform as the Standard Edition (Java SE)209. The individual technologies should be used in accordance with Java EE specification 5210 in order to create a compatible migration path to Java EE. Under observation: C# Language Specification/ Common Language Infrastructure (CLI) The ECMA-334211 "C# Language Specification" standard (ISO/IEC 23270:2006212) specifies the form and the interpretation of programmes which were written in C# language. 205 Published as JSR-000244, refer to http://www.jcp.org/en/jsr/detail?id=244 and http://java.sun.com/javaee/ 206 Instead of using EJB, another application framework can also be used, such as the Spring Application Framework, refer to http://www.springframework.org/ 207 Published as JSR-000252, refer to http://www.jcp.org/en/jsr/detail?id=252 208 Refer to http://www.jcp.org/ 209 Refer to http://java.sun.com/javase/ 210 Published as JSR-000176, refer to http://www.jcp.org/en/jsr/detail?id=176 211 Refer to http://www.ecma-international.org/publications/standards/Ecma-334.htm 212 Refer to http://www.iso.org/ 100 SAGA 4.0 The ECMA-335213 "Common Language Infrastructure (CLI)" standard (ISO/IEC 23271:2006 and ISO/IEC TR 23272:2006214) defines an infrastructure for different system environments in which applications can be executed which were written in different programming languages. The infrastructure abstracts from specific properties of the system environments so that applications do not have to be changed in order to run them on different systems. There are two implementations of the ECMA standard. .NET-Framework from Microsoft runs under Windows only. The two ECMA standards are based on .NET v2.0 and are hence also part of .NET v3.0. A further implementation, called Mono215, ensures availability for further operating systems. The two ECMA standards do not form a complete development framework because they do not support, for instance, the implementation of clients and presentation layers. Under observation: Business Process Execution Language for Web Services (BPEL4WS) v1.1 BPEL4WS216 can be used to compose business processes on the basis of web services. BPEL4WS, which is under the patronage of OASIS, is an XML-based description language which supplements web services and the related standards (SOAP, WSDL, UDDI) with business transactions. Major infrastructure and application suppliers support the specification. Furthermore, tools, including Open-Source solution217, are provided. BPEL4WS was developed further to the OASIS standard WS-BPEL 2.0. Under observation: Web Services Business Process Execution Language (WS-BPEL) v2.0 WS-BPEL218 v2.0 was adopted by OASIS in April 2007 as the standard. The standard is used to compose business processed based on web services. Tools for WS-BPEL v2.0 are commercially available. WS-BPEL v2.0 is not compatible with its predecessor BPEL4WS v1.1. 8.4.2 Application architecture without middleware In addition to the standards discussed in the previous section, the following technology is also available for simple eGovernment applications without middleware. Recommended: PHP Hypertext Preprocessor (PHP) v5.x PHP219 (recursive acronym for "PHP: Hypertext Preprocessor") can be used for applications without an integration requirement, i.e. non-distributed, stand-alone applications which 213 214 215 216 217 218 219 Refer to http://www.ecma-international.org/publications/standards/Ecma-335.htm Refer to http://www.iso.org/ Refer to http://www.mono-project.de/ Refer to http://www-128.ibm.com/developerworks/library/specification/ws-bpel/ Refer to http://www.bpelsource.com/products/ Refer to http://www.oasis-open.org/specs/index.php#wsbpelv2.0 Refer to http://www.php.net/ SAGA 4.0 101 do not communicate with one-for-all offers (OFA offers)220 with legacy systems or with other eGovernment special applications. PHP is developed as an open-source project by the PHP Group and represents a script language embedded in HTML for developing web applications. Version 5 features comprehensive support for object-orientated programming concepts. Procedures for data encapsulation, referencing of variables and exception handling mark important progress within the scope of further development. 8.5 Client The client is a software on a terminal device which makes use of a service offered by middleware. The client tier includes both the classical user site with all the options state-ofthe-art technology has to offer in order to interact with public administrations, with access to information possible via different media. In Germany, the following media are currently the most popular, so that optimum conditions for the widespread use of eGovernment applications will exist if the information on offer is tailored to these devices: a. Computers (PCs, notebooks) b. Mobile phones / personal digital assistants (PDAs) c. External systems (e.g. ERP systems of industrial companies) Standardization efforts for game consoles and, in particular, for digital interactive TV have not yet resulted in uniform recommendations. The so-called "thin client" seems to be the most promising device in terms of public acceptance. Thin clients come with very lowprofile hardware and software and require the server to provide as much functionality as possible. 8.5.1 Access to information with computers Two different clients are generally available on computers221 in order to access or receive information: web browser and specific client applications (e.g. Java clients, also Applets). The latter, for instance, permit direct access to Internet-based services, e-mail servers and – depending on authorization – to the operating system in order to use local resources, such as local data volumes. Whenever active contents are used, no client technologies other than those permitted in SAGA may be used. The use of Active-X-Controls is generally not permitted. When active contents are used, a parallel offer without active contents should also be available, if possible; refer also to section 1.5 "Basic principles for eGovernment applications" on page 13. 220 Refer to section 6.3.6 "Reuse and integration of OFA offers" on page 76 221 A device is referred to as a computer in this context if the device does not have a small display, has no low bandwidth and has a keyboard. 102 SAGA 4.0 Mandatory: Java Network Launching Protocol (JNLP) v1.5 Java client applications should be delivered via the Internet using the Java Network Launching Protocol (JNLP)222. In this case, the "Java Web Start"223 reference implementation can be used. The use of JNLP enables the simple, platform-independent distribution of Java applications and avoids version conflicts with Java Runtime Environments (JREs). 8.5.1.1 Web browsers In order to enable wide-spread use of the eGovernment applications on offer, web browsers should be used as the front-end device and these should be capable of processing and presenting the presentation-tier formats (refer to section 8.6). The following browser-based client technologies are permitted in this context: a. The use of cookies is permitted on condition that i. these are not persistent, and ii. websites of a domain do not include contents of other domains which set cookies. The recommendations for the HTTP protocol according to section 8.7.5 must be taken into consideration in this context. b. The use of Javascript is permitted, however, it must be ensured that the websites can still be used even if Javascript was deactivated. This demand corresponds to BITV224 which is classified as mandatory. This ensures that the user is not forced to lower his/her security settings due to eGovernment applications. Section 8.6.4 "Active contents" on page 108 must be taken into consideration when Javascript is used. c. The use of Java Applets is permitted if these are signed by the server and can hence be identified by the client as authentic and non-corrupted. Manufacturers of Java Applets must subject their products to quality assurance, preferably by an independent software company, or must at least warrant the quality of their products in a declaration of quality.225 d. Plug-ins are used exclusively according to the requirements listed on the website: http://www.kbst.bund.de/saga-plugins. e. Configuration examples are prepared for customary browser types and made available by BSI on the Internet. f. The confidentiality of form data must be ensured by the use of TLS-encrypted channels and the pertinent server certificates. 222 Published as JSR-000056 (Final Release), refer to http://www.jcp.org/en/jsr/detail?id=56 223 Refer to http://java.sun.com/products/javawebstart/ 224 Refer to BITV, section 6.3 "It must be ensured that documents created using markup languages can be used if scripts, applets or other programmed objects are deactivated." (http://bundesrecht.juris.de/bitv/) 225 Further information on this subject can be found on the web at: http://www.kbst.bund.de/saga-applets. SAGA 4.0 103 g. The statutory instrument (ordinance) on barrier-freedom remains fully applicable to the use of permitted client technologies. 8.5.1.2 Client applications The web browser is the standard client for applications with direct access to web servers. Client applications can be used if direct access to Internet-based services is not necessary, or if the functionality of a web browser must be reasonably seen to be inadequate, for example, in the case of complex business transactions with direct file system access or use of legacy software. These applications are installed on the client computer and must be updated as required by technical progress. Updates can be made available on CD-ROM or as signed applications for downloading226 from a website. The use of Java applications is recommended (advantage: platform independence). Client applications must meet with the following requirements: a. Any personal and security-critical data is stored in encrypted form on the local data medium. b. In the case of direct access to Internet-based services, secure data transmission to the server is supported, refer to section 8.7.5 "Application protocols" on page 126. No protocols other than those defined in section 8.7.1 "Middleware communication" on page 121 are permitted for other client/server communications. c. The formats documented in SAGA for exchanging user data with other applications should be supported. d. A manufacturer-independent software company assures the quality of the application. e. The application is supplied along with a software certificate which is verified during the course of the installation. f. Besides an option to download the application from the Internet, distribution on CDROM is also offered. g. The statutory instrument (ordinance) on barrier-freedom must be taken into consideration. 8.5.1.3 E-mail client The e-mail clients used to receive, send and process e-mails must at least ensure technical support for the e-mail standards referred to in section 8.7.3 "E-mail communication". Note that communication of these clients is standardized with regard to communication with public administrations only and/or restricted to the above. With regard to the use of external mail servers not connected to federal institutions, the client is not subject to any restrictions whatsoever in terms of the standards and protocols used. 8.5.2 Access to information with mobile devices Contrary to the computer, mobile phones, PDAs and other mobile devices feature either 226 Refer also to "Java Network Launching Protocol (JNLP) v1.5" on page 102 104 SAGA 4.0 a. a small display, b. low bandwidth, or c. no standard keyboard and must support the standards offered by servers for mobile devices of the presentation tier227. Furthermore, the standards, which are generally described for the presentation of contents by computers, should also be fulfilled as comprehensively as possible by the mobile devices228. The requirements concerning active contents described in section 8.5.1 "Access to information with computers" on page 101 must be observed. 8.5.3 Access to information via external systems Communication and interaction between external and internal systems should be handled via a subset of the standards defined for communication and interaction between internal systems. In this respect, XML via SOAP is considered to be equivalent to RMI with regard to server-to-server communication229. 8.5.4 Technologies for authentication In order to ensure that the protection aims of confidentiality and integrity are achieved, certain eGovernment applications require the identification and authentication of communication partners. Mandatory: BSI, E-Government-Handbuch, module: "Authentisierung im eGovernment" [eGovernment manual, module: Authentication in eGovernment] Different authentication mechanisms can be adopted in this context, e.g. user identification / password, PIN / TAN or certificates. The "Authentisierung im eGovernment"230 [Authentication in eGovernment] module of the E-GovernmentHandbuch [eGovernment manual] issued by BSI addresses different authentication methods with a view to aspects of technical security. Recommended: Security Assertion Markup Language (SAML) v2.0 SAML231 is an XML-based format for exchanging authentication information. The exchange of data in a uniform format especially supports interoperability between eGovernment applications. Version 2.0 was published in March 2005. 227 Refer to section 8.6.13 "Technologies for presentation on mobile devices" on page 119 228 Refer to section 8.6 "Presentation" on page 105 229 Refer to section 8.6.6 "Interchange formats for data " on page 109, section 8.4 "Application architecture" on page 98, section 8.7 "Communication" on page 121 and section 8.8 "Backend" on page 130 230 Refer to the eGovernment manual (http://www.bsi.bund.de/fachthem/egov/6.htm), chapter IV B, module "Authentication in eGovernment" 231 Refer to http://www.oasis-open.org/specs/index.php#samlv2.0 SAGA 4.0 105 Under observation: Kerberos v5 Kerberos232 is a protocol for authentication in computer networks that was developed by the Massachusetts Institute of Technology (MIT). Interoperability is supported through the uniform exchange of authentication data. However, operating-system dependent expansions do sometimes lead to incompatibilities between different implementations. 8.6 Presentation The presentation tier provides information to the clients. Depending on the given application, different formats must be made available. These are listed in the following sections. The use of open interchange formats which offer a sufficient number of functions and which are available on different platforms is generally required. It is permitted to offer the information in addition - or, if so agreed to by all the parties involved, even as an alternative - to the mandatory and recommended formats using formats not considered within the scope of SAGA. 8.6.1 Barrier-free presentation Mandatory: Barrierefreie Informationstechnik Verordnung (BITV) [Barrier-free information technology ordinance] In order to make the Internet accessible as a source of information to disabled people too, the avoidance of barriers for people with disabilities is requested. In order to ensure this kind of barrier-free presentation, the requirements of the "Verordnung zur Schaffung barrierefreier Informationstechnik nach dem Behindertengleichstellungsgesetz (Barrierefreie Informationstechnik Verordnung – BITV)"233 [Ordinance on the creation of barrier-free information technology pursuant to the law on equal opportunities for the disabled (barrier-free information technology ordinance – BITV)] are to be adhered to. This statutory instrument implements section 11 of the "Behindertengleichstellungsgesetz" [Equal Opportunities for Individuals with Disabilities Act] and, in particular, considers the Web Content Accessibility Guidelines234 of W3C, version 1.0. Concerning the barrier freedom issue, refer also to section 5.4.3 on page 62. 232 Published as RFC 1510, refer to http://www.ietf.org/rfc/rfc1510.txt und http://web.mit.edu/kerberos/ 233 Refer to http://bundesrecht.juris.de/bitv/ 234 Refer to http://www.w3.org/TR/WCAG10/ 106 SAGA 4.0 8.6.2 Character sets Mandatory: Unicode v4.x UTF-8 In order to provide a sufficient number of characters for the different letters, numbers and symbols used world-wide, the character set used for documents should be ISO 10646:2003235 (also known as Unicode v4.x) in UTF-8 encoding236. Recommended: Unicode v4.x UTF-16 If documents are written in a non-west European language (e.g. Greek, Bulgarian), ISO 10646:2003237, also known as Unicode v4.x, in UTF-16 encoding238 can be used. 8.6.3 Technologies for information processing Mandatory: Hypertext Markup Language (HTML) v4.01 HTML is the established language for publishing hypertext on the World Wide Web. In addition to the text, multimedia and hyperlink functions of earlier HTML versions, HTML v4.01239 supports more multimedia options, script languages and improved forms and print functions. The use of HTML v4.01 is necessary for the technical implementation of barrierfree access in line with the Web Content Accessibility Guidelines, version 1.0. The separation of the document structure and presentation has been improved. In this respect, the use of stylesheets instead of HTML presentation elements and attributes is actively encouraged. HTML 4 is also making great progress with regard to the internationalization of documents in an effort to make the World Wide Web truly world-wide. Mandatory: Multipurpose Internet Mail Extensions (MIME) v1.0 The Multipurpose Internet Mail Extensions (MIME) format should be used for the standardized definition of the format of a file or any part thereof. It enables the e-mail client or the web browser to unambiguously identify the file type, refer to RFC 2045 to RFC 2049240. The official list of possible manifestations of MIME types can be found at the Internet Assigned Numbers Authority (IANA)241. 235 236 237 238 239 Refer to http://www.iso.org/ This specification is available at http://www.unicode.org/ Refer to http://www.iso.org/ This specification is available at http://www.unicode.org/. Refer to http://www.w3.org/TR/html401/, standardized as ISO/IEC 15445:2000, refer to http://www.iso.org/ 240 Refer to http://www.ietf.org/rfc.html 241 Refer to http://www.iana.org/assignments/media-types/ SAGA 4.0 107 Mandatory: Java Servlet v2.5 Servlet v2.5242 should be used for the dynamic generation of web contents. Servlet v2.5 makes it possible for application servers to accept and send a dynamic response to client queries on the basis of Java EE 5. Mandatory: Java Server Pages (JSP) v2.1 JSP v2.1243 should be used for the dynamic, server-based generation of web contents. JSP v2.1 contains an Expression Language (EL) which is used to separate the Java Code from the JSP Code and to embed it in statistical fragments (e.g. HTML). JSP v2.1 is based on Java Servlet v2.5 technology. Recommended: Extensible Hypertext Markup Language (XHTML) v1.0 XHTML v1.0 Second Edition, a W3C recommendation244 from August 2002, is an exchange format (reformulation of HTML v4.0 whilst maintaining conformance to XML) which meets with a host of requirements concerning interoperability and barrier freedom. The use of XHTML v1.0 speeds up the development of websites because, in contrast to HTML v4.01, many previously required browser optimizations are no longer necessary. Furthermore, clear, syntactical specifications (lower case for elements and attributes, well-formed according to XML) significantly boost the readability of the source code and hence the cost of its maintenance and further development. XHTML 1.0 is supported by all customary browsers. Recommended: Cascading Style Sheets Language Level 2 (CSS2) Cascading Style Sheets Language Level 2 (CSS2)245 should be used to design HTML pages. Recommended: Extensible Stylesheet Language (XSL) v1.0 Extensible Stylesheet Language (XSL)246, version 1.0, should be used for the server-based, dynamic transformation and presentation of XML documents, for instance, in HTML files. Recommended: Extensible Stylesheet Language Transformations (XSLT) v1.0 If applications use different XML schemas, conversion from one format to another can become necessary for data interchanging purposes. This format conversion operation should be carried out using the XSLT247 language defined by W3C as part of XSL (Extensible Stylesheet Language). 242 Published as JSR-000154 (Maintenance Release), refer to http://www.jcp.org/en/jsr/detail? id=154 243 Published as JSR-000245, refer to http://www.jcp.org/en/jsr/detail?id=245 244 Refer to http://www.w3c.org/TR/xhtml1 245 Refer to http://www.w3.org/TR/REC-CSS2/ 246 Refer to http://www.w3.org/TR/xsl/ 247 Refer to http://www.w3.org/TR/xslt 108 SAGA 4.0 Under observation: Extensible Stylesheet Language (XSL) v1.1 XSL v1.1 has been a W3C recommendation since 5 December 2006248. A number of new features were introduced with this version, for instance, the referencing of page numbers, bookmarks as well as change marks. Compared to its predecessor version, XSL v1.0, tool support and the relevance of the practical application of the standard are not as advanced. Under observation: Extensible Stylesheet Language Transformations (XSLT) v2.0 Extensible Stylesheet Language v2.0 was adopted in January 2007 as a W3C recommendation249. It offers many new features, such as the use of XPath 2.0. Other enhancements include the output methods, as well as sorting and grouping options. XSLT v2.0 does not come with full downward compatibility. Moreover, few processors are available up to now. 8.6.4 Active contents Active contents are computer programs which are contained on websites (e.g. JavaScript) or which are automatically reloaded when a page is viewed (e.g. Java Applets, ActiveX Controls or flash animations) and which are executed on the client (by the browser or by the operating system). When active contents are used, the restrictions described in section 8.5 must be taken into consideration. Mandatory: ECMAScript Language Specification In as far as Javascript is used within HTML pages according to section 8.5.1.1 "Web browsers" on page 102, this must conform to the ECMA-262 specification, 3rd Edition250 dated December 1999. This specification was also adopted by ISO/IEC as a standard under the name ISO/IEC 16262251. 8.6.5 Forms Under observation: XForms v1.0 XForms is a specification252 for web forms. The aim of this specification is to replace the forms implemented in HTML or XHTML. XForms offers a wider range of functions and in the case of client-end processing leads to a reduction in the amount of server access. Although implementations and also plug-ins are available, not all browsers support XForms by default. 248 249 250 251 252 Refer to http://www.w3.org/TR/xsl11/ Refer to http://www.w3c.org/TR/xslt20/ Refer to http://www.ecma-international.org/publications/standards/Ecma-262.htm Refer to http://www.iso.org/ Refer to http://www.w3.org/TR/xforms/ SAGA 4.0 109 8.6.6 Interchange formats for data Mandatory: Extensible Markup Language (XML) v1.0 XML v1.0253 is a language derived from the Standard Generalized Markup Language (SGML) which should be used for structured data description. The language enables extension and the addition of tags. The data shown is presented in Extensible Stylesheet Language (XSL)254. XML should serve as the universal and primary standard for the interchange of data between all the information systems relevant for administrative purposes. New systems to be installed should be capable of exchanging data using XML. Existing systems do not necessarily have to be XML-enabled, however, they should aim to be able to exchange XML data using adapters (integration components). Under observation: Election Markup Language (EML) v4.0 Standard Election Markup Language (EML)255 can be used especially in order to exchange data in the environment of eVoting processes. EML v4.0 was adopted in February 2006 as the OASIS standard. This language defines a series of XML schemas which are suitable and which implement a generic election process. These election processes can include public elections (general elections, municipal elections) or private elections (works council elections, secret ballots). EML can be adapted to all scenarios and also supplies security functions for data backup. Under observation: Extensible Markup Language (XML) v1.1 XML v1.1256 is a revised version of XML v1.0 and was published on 4 February 2004 in "Recommended" status and amended on 15 April 2004. Its Unicode capabilities have been improved and inconsistencies in line end markings have been eliminated. There are currently almost no parsers for XML v1.1. 8.6.7 Exchange formats for documents 8.6.7.1 Formats for text documents for exchanging information Text documents used to exchange information should only be read by the target group and should not be changed. This is why no further editing is foreseen. 253 254 255 256 Refer to http://www.w3.org/XML/ Refer to "Extensible Stylesheet Language (XSL) v1.0" on page 107 Refer to http://www.oasis-open.org/specs/index.php#eml4.0 Refer to http://www.w3.org/TR/xml11/ 110 SAGA 4.0 Mandatory: Portable Document Format (PDF) v1.4 Adobe's platform-independent Portable Document Format should be used for text documents where no further editing is foreseen and to support forms and barrier-free text documents. PDF version 1.4257 is supported by Acrobat Reader258 , version 5 and higher. If this format is used, the recommendations of the "Sicherer Internet-Auftritt im E-Government" [Secure Internet Presence] module of the eGovernment manual must be considered with regard to active content259. Especially when it comes to converting (partially) blackened text to PDF format, it must be ensured that the text can in fact no longer be copied / searched for in PDF. Similarly, the PDF password function, irrespective of the key strength of encoding, is not a sufficient security measure for documents with content that needs to be protected, because this function can be bypassed using the appropriate tools. Mandatory: Hypertext Markup Language (HTML) Hypertext documents used to exchange information, e.g. newsletters, should be used in HTML260 format, refer to section 8.6.3 "Technologies for information processing" on page 106. Recommended: Portable Document Format (PDF) v1.5 PDF version 1.5261 is the successor to PDF v1.4, which was classified as "Mandatory". For older versions of Windows and MacOS, there are at times no distributions of Acrobat Reader for PDF v1.5 available. PDF version 1.5 is supported by Acrobat Reader262, version 6 and higher. This version also features extensions in the areas of cryptography, compression and content-related tagging. If this format is used, the recommendations of the "Sicherer Internet-Auftritt im E-Government" [Secure Internet Presence] module of the eGovernment manual must be considered with regard to active contents263. Under observation: Portable Document Format (PDF) v1.6 PDF version 1.6264 is currently used to a very limited extent only. This version is the successor to version 1.4, which was classified as "Mandatory" and to version 1.5, which was classified as "Recommended". It features enhancements in the areas of cryptography and the embedding of file attachments. PDF version 1.6 is supported by Acrobat Reader265, version 7 and higher. If this format is used, the recommendations of the "Sicherer Internet-Auftritt im 257 258 259 260 261 262 263 264 265 Refer to http://www.adobe.com/devnet/pdf/pdfs/PDFReference.pdf Refer to http://www.adobe.de/products/acrobat/readermain.html Refer to http://www.bsi.bund.de/fachthem/egov/download/4_IntAuf.pdf Standardized as ISO/IEC 15445:2000, refer to http://www.iso.org/ Refer to http://www.adobe.com/devnet/pdf/pdfs/PDFReference15_v6.pdf Refer to http://www.adobe.de/products/acrobat/readermain.html Refer to http://www.bsi.bund.de/fachthem/egov/download/4_IntAuf.pdf Refer to http://www.adobe.com/devnet/pdf/pdfs/PDFReference16.pdf Refer to http://www.adobe.de/products/acrobat/readermain.html SAGA 4.0 111 E-Government" [Secure Internet Presence] module of the eGovernment manual must be considered with regard to active contents266. 8.6.7.2 Formats for text documents for further processing It must be possible to edit text documents which are foreseen for further processing. A distinction is made between simple text documents and complex text documents containing layout information. Mandatory: Text Simple, mostly non-structure text documents which are foreseen for further processing and which have no layout requirements should be exchanged in the widely used text format (e.g. with the .txt file extension) in order to ensure that these are generally readable. The character sets to be used are laid down in section 8.6.2. Recommended: Open Document Format for Office Applications (OpenDocument) v1.0 OpenDocument267 was standardized by OASIS as an XML-based document format for texts, spreadsheets, presentations and other Office documents. The contents of the document are separate from the information about its layout and can be processed independent of each other. OpenDocument can be used to exchange complex documents that are foreseen for further processing. In November 2006, OpenDocument v1.0 was published as a standard under the name ISO/IEC 26300:2006268. OpenDocument is supported, for instance, by the platform-independent, license-free and open Office package from OpenOffice.org269. Under observation: Office Open XML (OOXML) As an XML-based document format for texts, spreadsheets, presentations and other Office documents, Office Open XML270 was published by ECMA in December 2007 as the ECMA-376 standard. It can be used to exchange complex documents which are to be processed further. 8.6.7.3 Formats for spreadsheets for exchanging information Spreadsheets used to exchange information should only be read by the target group and should not be changed. This is why no further editing is foreseen. Mandatory: Portable Document Format (PDF) v1.4 Analogous to section 8.6.7.1 on page 109. 266 Refer to http://www.bsi.bund.de/fachthem/egov/download/4_IntAuf.pdf 267 Refer to http://www.oasis-open.org/committees/download.php/12572/OpenDocument-v1.0os.pdf 268 Refer to http://www.iso.org/ 269 Refer to http://de.openoffice.org/ 270 Refer to http://www.ecma-international.org/publications/standards/Ecma-376.htm 112 SAGA 4.0 Recommended: Portable Document Format (PDF) v1.5 Analogous to section 8.6.7.1 on page 109. Under observation: Portable Document Format (PDF) v1.6 Analogous to section 8.6.7.1 on page 109. 8.6.7.4 Formats for spreadsheets for further processing It must be possible to edit spreadsheets which are foreseen for further processing. A distinction is made between simply structured data and complex documents, even with layout information. Mandatory: Comma Separated Value (CSV) Tables with simple structure data without layout requirements should be exchanged using Comma Separated Values271 (file extension: .csv). Under observation: Open Document Format for Office Applications (OpenDocument) v1.0 Refer to section 8.6.7.2 on page 111. OpenDocument272 supports the referencing of formula languages, however, these do not form part of the standard. An OASIS Technical Committee is working on a suitable specification273. Under observation: Office Open XML (OOXML) Analogous to section 8.6.7.2 on page 111. 8.6.7.5 Formats for presentations for exchanging information Presentations used to exchange information should only be read by the target group and should not be changed. This is why no further editing is foreseen. Mandatory: Portable Document Format (PDF) v1.4 Analogous to section 8.6.7.1 on page 109. 271 Published as RFC 4810, refer to http://www.ietf.org/rfc/rfc4180.txt 272 Standardized as ISO/IEC 26300:2006, refer to http://www.iso.org/ 273 Refer to http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=office-formula SAGA 4.0 113 Mandatory: Hypertext Markup Language (HTML) Presentations that cannot be changed which are available in hypertext document format should be exchanged in HTML274 format, refer to section 8.6.3 "Technologies for information processing" on page 106. Recommended: Portable Document Format (PDF) v1.5 Analogous to section 8.6.7.1 on page 109. Under observation: Portable Document Format (PDF) v1.6 Analogous to section 8.6.7.1 on page 109. Under observation: Synchronized Multimedia Integration Language (SMIL) v2.0 SMIL is an XML-based, standardized language for writing interactive multimedia presentations275. "A typical example of such an application is a multimedia news centre which plays audios and videos to a message whilst background information is displayed at the same time on HTML websites."276 There is a host of free SMIL players. Of the browsers currently available on the market, up to now only the Internet Explorer supports a subset of SMIL277. 8.6.7.6 Formats for presentations for further processing It must be possible to edit presentations which are foreseen for further processing. Under observation: Open Document Format for Office Applications (OpenDocument) v1.0 Analogous to section 8.6.7.2 on page 111. Under observation: Office Open XML (OOXML) Analogous to section 8.6.7.2 on page 111. 8.6.7.7 Secured document exchange The "communication" interaction stage requires the exchange of secure documents. This includes, for example, securing documents as e-mail attachments as well as securing documents for all kinds of communication paths. 274 Standardized as ISO 15445:2000, refer to http://www.iso.org/ 275 Refer to http://www.w3.org/TR/2005/REC-SMIL2-20050107/ 276 Refer to Pauen, Peter: Zukunftsorientierte Ansätze – SMIL [Future-orientated approaches – SMIL] http://www.informatik.fernuni-hagen.de/pi3/PDFs/SMIL.pdf 277 Refer to http://www.w3.org/AudioVideo/#SMIL 114 SAGA 4.0 The ISIS-MTT v1.1 standard is relevant with regard to securing e-mail attachments whilst XML Signature and XML Encryption as XML-specific standards are relevant for the secure exchange of XML documents (e.g. for forms designed for further processing). Mandatory: Industrial Signature Interoperability Specification – MailTrust (ISIS-MTT) v1.1., Part 3 ISIS-MTT v1.1 defines an interoperable data interchange format for signed and encrypted data. It also considers the securing of binary data (in particular, Part 3: Message Formats), so that secured transmission of all kinds of files as e-mail attachments is possible. Mandatory: XML Signature The joint W3C and IETF standard XML Signature (XML Signature Syntax and Processing, W3C Recommendation and IETF RFC 3275)278 describes digital signatures for all kinds of data (however, usually XML) by providing an XML schema and a set of processing rules (for generating and validating the signature). The signature can cover one or more documents and/or different kinds of data (pictures, text, etc.). One central feature of XML Signature is that it is possible to sign specific parts of an XML document only rather than the entire document. Thanks to this flexibility, it is, for example, possible to secure the integrity of certain elements of an XML document whilst other parts can be edited. For instance, a user can fill in certain parts of a signed XML form without violating the integrity of the document. This was not possible with conventional signatures because the complete document was always signed, so that any change / addition would have meant a violation of its integrity. Mandatory: XML Encryption The W3C standard XML Encryption (XML Encryption Syntax and Processing, W3C Recom mendation)279 provides an XML schema and a set of processing rules which support the encryption/decryption of entire documents, including XML documents, XML elements and contents of XML elements. Together with XML Signature, XML Encryption is the foundation for several standards accepted in the industry for secure XML-based document exchange (Web Services Security, SAML, ISIS MTT, ebXML-Messaging, FinTS, OSCI-Transport). Under observation: XML Advanced Electronic Signatures (XAdES) v1.2 The "XML Advanced Electronic Signatures (XAdES)"280 standard was developed by the European Telecommunications Standard Institute (ETSI). XAdES signatures not only fulfil the requirements of the advanced electronic signature under the EU Directive, they also warrant additional non-repudiation and long-term validity. XAdES is an extension of XML Signature. 278 Refer to http://www.w3.org/TR/xmldsig-core/ 279 Refer to http://www.w3.org/TR/xmlenc-core/ 280 Refer to http://www.w3.org/TR/XAdES/ SAGA 4.0 115 In Germany, XAdES is used, for instance, by Deutsche Post's Signtrust. There are several commercial suppliers of programs which process documents for storage on the basis of XAdES. 8.6.8 Interchange formats for graphics Mandatory: Graphics Interchange Format (GIF) v89a In view of its widespread use, Graphics Interchange Format (GIF)281 should be used to exchange graphics and diagrams. GIF graphic files are compressed with a colour depth of 256 colours (8 bits per pixel. Mandatory: Joint Photographic Experts Group (JPEG) The Joint Photographic Experts Group282 (JPEG) format should be used to exchange photographs. This format supports changes in the compression factor and the definition of density, so that a compromise between file size, quality and use is facilitated. JPEG can be used to store colour and grey-value images with 16.7 million colours (24-bit colour information). This format is supported by a host of graphic and presentation programs. Conventional compression in JPEG results in losses, however, it does achieve high compression rates. JPEG is not suitable for graphics with similar colour surfaces and strongly contrasting colour transitions (example: characters). Recommended: Portable Network Graphics (PNG) v1.2 The Portable Network Graphics283 (PNG) format can be used. This format is license-free. It supports 16 million colours, transparency, loss-free compression, incremental display of graphics (beginning with the gross structure until the file is completely transmitted) and the identification of damaged files. The format was standardized by ISO (ISO/IEC 15948:2003284). Recommended: Tagged Image File Format (TIFF) v6.0 TIFF285 can be used for saving bit-mapped graphics. TIFF is supported by all conventional graphic and presentation programs. In order to achieve maximum interoperability, the properties of the "Baseline TIFF"286 must be used exclusively. TIFF can be used when the format must be capable of presenting documents consisting of several pages. TIFF is 281 Refer to http://www.w3.org/Graphics/GIF/spec-gif89a.txt 282 Refer to http://www.jpeg.org/index.html?langsel=de, standardized as ISO/IEC 10918-1:1994, refer to http://www.iso.org/, standardized as ITU-T.81, refer to http://www.itu.int/rec/T-RECT.81/en 283 Refer to http://www.w3.org/TR/PNG/ 284 Refer to http://www.iso.org/ 285 Refer to http://partners.adobe.com/public/developer/en/tiff/TIFF6.pdf 286 "Baseline TIFF" compiles the properties of TIFF files which should support each program with TIFF capability. For instance, the two compression methods "Huffmann" and "Packbits" belong exclusively to "Baseline TIFF" whilst "LZW", "JPEG", "ZIP" and "CCITT" are optional extensions which are not implemented in every program with TIFF capability. 116 SAGA 4.0 particularly suitable for scanned text documents (b/w graphics or graphics with grey shades). Recommended: Geo Tagged Image File Format (GeoTIFF) GeoTIFF287 is an extension of TIFF v6.0. A geo-reference is additionally featured in the file header so that contrary to conventional TIFF, the geo-reference file *.tfw does not have to be created. The GeoTIFF format is supported by established geo-information systems. Under observation: Joint Photographic Experts Group 2000 (JPEG2000) / Part 1 JPEG 2000288 is the successor to JPEG and is not yet widely used. Offering the same quality, it features higher compression than JPEG. Together with the use of metadata, JPEG 2000 is suitable for recording geo-data289. Browser support for JPEG 2000 is only available using plug-ins. Classification of JPEG 2000 is limited to the first part of the ISO standard290 because this contains the core functionality and is the most useful standard. 8.6.9 Animation Mandatory: Animated Graphics Interchange Format (Animated GIF) v89a Animation means moving features in graphics displayed on a website. Animated GIF, a variant of GIF graphic format291 should be the product of choice here. With this format, several individual GIF images are stored in a file, with the possibility to define their sequence, display time and number of repetitions. 8.6.10 Audio and video data 8.6.10.1 Interchange formats for audio and video files Recommended: Quicktime The customary Quicktime format292 should be used to exchange video sequences. A suitable plug-in enables a web browser to "play" such files. Recommended: MPEG-4 Part 14 (MP4) MP4 is the official container format for MPEG-4 which was developed by the Moving Picture Experts Group and standardized as ISO/IEC-14496293. MP4 is known as part 14 of the MPEG-4 287 Refer to http://www.remotesensing.org/geotiff/ 288 Refer to http://www.jpeg.org/jpeg2000/ 289 Refer to OGC: "GML in JPEG 2000 Interoperability Experiment (GMLJP2)", http://www.opengeospatial.org/standards/gmljp2 290 Standardized as ISO/IEC 15444-1:2004, refer to http://www.iso.org/ 291 Refer to http://www.w3.org/Graphics/GIF/spec-gif89a.txt 292 Refer to http://quicktime.apple.com/ 293 Refer to http://www.iso.org/ SAGA 4.0 117 standard. MP4 is an open, manufacturer-independent standard and this format is supported by many tools and products on different platforms. MP4 can be used to exchange video files although MPEG-4 should be used as codec. Recommended: Ogg Encapsulation Format (Ogg) Ogg294 is an open, manufacturer-independent container format for audio and video files. It is developed by the Xiph.org Foundation295 and is supported by many media players. With the Ogg container format, different codes can be used depending on the application in question. Theora296 can be used for video data. Speex297 is suitable for audio files with low quality requirements, for example, voice recordings. Vorbis298, which features a quality that is equivalent to MP3, can be used for audio files with normal quality requirements. Loss-free Audio-Codec FLAC299 can be used for cases where maximum quality is required. Under observation: Windows Media Video (WMV) v9 The quality of Windows Media Video (WMV) format is better than that of Quicktime format. However, patents make the use of WMV format difficult for open source developers. Under observation: RealMedia v10 RealMedia from RealNetworks300 is the container format for the RealAudio audio format and the RealVideo video format. All these formats are proprietary. The quality of RealVideo exceeds that of the Quicktime format. The free player is available for all conventional platforms as well as some mobile devices. RealMedia should only be used if the audio-video data is not to be archived. It is ensured that the files can be played today, however, with a view to the future, it must be feared that no more players will be available for what will be then old RealMedia formats. 8.6.10.2 Interchange formats for audio and video streaming In contrast to "normal" audio and video sequences, audio and video streaming offers a format that enables playing already during transmission. This enables live transmission of videos, whereas "normal" audio and video files must be completely transmitted first before they can be started. This area is occasionally characterized by a slightly confusing mix of suppliers, products, container and content formats. Since SAGA does not intend to recommend products, recommendations will be given for the container format only. What is important here is that the recommendations should be compatible - to the maximum extent possible – with customary streaming servers and client products. Due to 294 Published as RFC 3533, refer to http://www.ietf.org/rfc/rfc3533.txt 295 Refer to http://www.xiph.org/ogg/ 296 Refer to http://www.theora.org/ 297 Refer to http://www.speex.org/ 298 Refer to http://www.vorbis.com/ 299 Refer to http://flac.sourceforge.net/ 300 Refer to http://www.realnetworks.com/ 118 SAGA 4.0 the fact that this area has been a field of strong competition for several years, the different products are currently highly compatible in terms of the formats supported. Mandatory: Hypertext Transfer Protocol (HTTP) v1.1 In order to reach as many citizens as possible, the server product selected should enable the transport of streaming data via HTTP301. Recommended: Quicktime In order to achieve the maximum possible degree of compatibility between the streaming signal and commonly used web browsers and video clients and/or plug-ins, Quicktime format302 should be used, refer to section 8.6.10.1 on page 116. Recommended: MPEG-4 Part 14 (MP4) MP4 can be used to stream video sequences. In this case, MPEG-4 should be used as the codec, refer to section 8.6.10.1 on page 116. Recommended: Ogg Encapsulation Format (Ogg) Ogg303 is an open, manufacturer-independent container format that can be used to stream audio and video. For information concerning suitable audio and video codecs, refer to section 8.6.10.1 "Interchange formats for audio and video files" on page 116. Under observation: Windows Media Video (WMV) v9 Analogous to section 8.6.10.1 on page 116. Under observation: RealMedia v10 Analogous to section 8.6.10.1 on page 116. When RealMedia is used to stream applications, it must also be considered that the prices for the RealMedia servers, called Helix servers, are high compared to Windows Media Quicktime. However, the Helix Universal servers also support Windows Media and Quicktime. 8.6.11 Interchange formats for geo-information The standards listed below for exchanging geo-information are used in the geo-services in section 8.7.6 on page 128. 301 Published as RFC 2616, refer to http://www.ietf.org/rfc/rfc2616.txt, further information available under "HTTP" in section 8.7.5 "Application protocols" on page 126 302 Refer to http://quicktime.apple.com/ 303 Published as RFC 3533, refer to http://www.ietf.org/rfc/rfc3533.txt SAGA 4.0 119 Recommended: Geography Markup Language (GML) v3.1.1 GML304 is a markup language used to interchange and save geographical information in vector format which considers spatial and non-spatial properties. This specification was carried out by the Open Geospatial Consortium (OGC)305. GML does not contain any information concerning presentation on the screen or in a map. GML v3.1.1 should be used especially in conjunction with the use of Web Feature Service (WFS), v1.1, refer to section 8.7.6 "Geo-services" on page 128. Recommended: Geography Markup Language (GML) v2.1.2 GML v2.1.2 should be used especially in conjunction with the use of Web Feature Service (WFS), v1.0, refer to section 8.7.6 "Geo-services" on page 128. 8.6.12 Data compression Compression systems should be used in order to enable the interchange of large files and minimize network load. Mandatory: ZIP v2.0 Compressed data should be exchanged in the internationally used ZIP306 version 2.0 format. Recommended: Gnu ZIP (GZIP) v4.3 / Tape ARchive (TAR) In order to compress large file archives, the formats GZIP (file extension: .gz), version 4.3, specified in RFC 1952307, and TAR can be used. The TAR header file is part of POSIX.1-2001 that is included in ISO/IEC standard 9945308. In order to create a file archive, all the files must first be compiled with TAR to form an archive file. The archive file can then be compressed with GZIP (file extension: .tgz or .tar.gz). In contrast to file archives compressed with ZIP, this so-called solid compression leads to smaller file sizes because redundant information is compressed across file borders. 8.6.13 Technologies for presentation on mobile devices In the event that an information offering for mobile phones and PDAs is to be developed, preference should be given to SMS services because these are widely accepted by citizens. The presentation of websites for mobile communications is not yet widely used in Germany. 304 Refer to http://www.opengeospatial.org/specs/, published as ISO/PRF 19136, refer to http://www.iso.org/ 305 Refer to http://www.opengeospatial.org/ 306 Refer to http://www.pkware.com/business_and_developers/developer/popups/appnote.txt 307 Refer to http://www.ietf.org/rfc/rfc1952.txt 308 Refer to http://www.iso.org/ 120 SAGA 4.0 In addition to the following technologies, the standards which were generally described for presenting contents on computers should also be used for mobile devices, refer to sections 8.6.1 to 8.6.12. Mandatory: Short Message Services (SMS) The Short Message Service (SMS)309 is part of the GSM mobile communication standard (Global System for Mobile communication) which is being prepared by the 3rd Generation Partnership Project (3GPP). 3GPP combines several standardization committees (including ETSI) and aims to draft technical specifications which precisely describe all aspects of mobile communication technology. Under observation: Wireless Application Protocol (WAP) v2.0 The Wireless Application Protocol (WAP)310 v2.0 is a specification for the development of applications that use wireless communication networks. Its main application is mobile communications. WAP includes the Wireless Markup Language (WML) v2.0. Compared to its predecessor version, the presentation possibilities of WAP v2.0 have become much more similar to those on the World Wide Web. With conventional web browsers, it is not possible to read WML pages. This means that offers which are to be provided for mobile Internet applications and for the normal Internet have to be published twice. WAP v2.0 also contains XHTML Mobile Profile (XHTMLMP)311 which is based on XHTML Basic. This means that documents which were written in XHTML Basic can be read with WAP-2.0 browsers. XHTMLMP supports various script languages, for example ECMAScript Mobile Profile (ESMP), a subset of ECMA262312 without extensive computing and memory script functions. The majority of mobile devices meanwhile feature WAP 2.0 browsers. However, in the case of mobiles phones, in general, and PDAs, in particular, there is a growing trend towards web browsers with full functionality. Under observation: Extensible Hypertext Markup Language (XHTML) Basic v1.0 XHTML Basic v1.0313 is a standard for presenting HTML pages converted to XML for applications which do not support the full presentation functionality of HTML (e.g. mobile phone or PDAs). XHTML Basic was expanded to XHTML Mobile Profile (XHTMLMP)314 which is contained in WAP v2.0. This means that documents which were written in XHTML Basic can be read with WAP-2.0 browsers. 309 Published as 3GPP TS 23.040, refer to http://www.3gpp.org/ftp/Specs/html-info/23040.htm , and published as ETSI TS 123 040 V7.0.1, refer to http://www.etsi.org/ 310 Refer to http://www.openmobilealliance.org/tech/affiliates/wap/wapindex.html 311 Refer to http://www.openmobilealliance.org/tech/affiliates/wap/wap-277-xhtmlmp20011029-a.pdf 312 Refer to section 8.6.4 "Active contents" on page 108 313 Refer to http://www.w3.org/TR/2000/REC-xhtml-basic-20001219/ 314 Refer to http://www.openmobilealliance.org/tech/affiliates/wap/wap-277-xhtmlmp20011029-a.pdf SAGA 4.0 8.7 121 Communication Within the "communication" element, a distinction is made between application, middleware and network protocols as well as directory services. 8.7.1 Middleware communication In the case of middleware communication, a distinction is made between server applications that communicate within an administration, refer to section 8.7.1.1, and client applications outside the administration which communicate with an administration server, refer to section 8.7.1.2. The data elements to be transmitted should be specified using the technologies described in section 8.3 "Data models" on page 96 and section 8.6.6 "Interchange formats for data " on page 109. 8.7.1.1 Middleware communication within the administration Mandatory: Remote Method Invocation (RMI) Java RMI315 is particularly suitable for internal communications between Java objects. Via RMI, an object on a Java Virtual Machine (VM), can trigger methods of an object that runs on another Java VM. Java Remote Method Invocation is part of the Java 2 Standard Edition (Java SE) and hence also part of the Enterprise Edition (Java EE). Mandatory: Simple Object Access Protocol (SOAP) v1.1 SOAP316 should be used for communications between the party supplying the server and the user of a server within the meaning of the SOA reference model317. SOAP can be used to exchange structured data as XML objects between applications or their components via an Internet protocol (e.g. via HTTP). Mandatory: Web Services Description Language (WSDL) v1.1 The Web Services Description Language (WSDL) should be used for service definition purposes. WSDL is a standardized language318 that describes web services in such a manner that they can be used by other applications without the need to know further details of the implementation or to use the same programming language. Mandatory: Java Message Service (JMS) v1.1 JMS319 is used to generate, send, receive and read messages. JMS API defines a uniform interface that enables Java programs to communicate messages to other massaging 315 316 317 318 319 Refer to http://java.sun.com/rmi/ Refer to http://www.w3.org/TR/soap11/ Refer to Fig. 6-2 on page 69 Refer to http://www.w3.org/TR/wsdl Published as JSR-000914, refer to http://www.jcp.org/en/jsr/detail?id=914 122 SAGA 4.0 systems. The advantage of communication with messages is the loose link. JMS ensures that the messages are sent in an asynchronous and reliable manner. JMS should then be used when components communicating with each other are not to be disclosed with a view to their interfaces (easier exchangeability) and when communication between the components is to be generally asynchronous and error-tolerant. Mandatory: J2EE Connector Architecture (JCA) v1.5 JCA320 should be used to integrate existing systems into Java applications and/or to communicate with them. This means that the systems must provide so-called resource adapters. A resource adapter must be created just once for each legacy system and can then be reused in all environments for Java Enterprise Editions (Java EE). The JCA resource adapter frequently uses messages, such as JMS, in order to communicate with legacy systems. Recommended: Java Language Mapping to OMG IDL The most well-known implementation of the Java Language Mapping to OMG IDL321 specification, which was published by OMG, is Remote Method Invocation over Internet Inter ORB Protocol (RMI-IIOP) from Sun. Java RMI-IIOP322 is an integral part of Java Standard Edition (Java SE) and hence also part of the Enterprise Edition (Java EE). Distributed Java applications can communicate via RMIIIOP with remote applications via CORBA. RMI-IIOP communication can be carried out with all Object Request Brokers which conform to the latest CORBA specification 2.3.1323. The remote applications are hence not limited to the Java language. Recommended: Web Services (WS) Security v1.1 WS-Security324 is an OASIS standard for secure web services. It defines upgrades of the SOAP protocol in order to provide and ensure confidentiality, integrity and the binding effect of SOAP messages for securing web services. WS-Security supports the signing and encryption of SOAP messages based on XML Signature and XML Encryption. The use of different security models and different cryptographic method must be possible. WS-Security also enables different "security tokens", i.e. data formats which warrant specific identities or properties, e.g. X.509 certificates, Kerberos Tickets, SAML tokens or encrypted keys. The specification of WS-Security consists of the "WS-Security Core Specification 1.1" and the following profiles: a. Username Token Profile 1.1 b. X.509 Token Profile 1.1 320 321 322 323 324 Published as JSR-000112, refer to http://www.jcp.org/en/jsr/detail?id=112 Refer to http://www.omg.org/docs/ptc/00-01-06.pdf Refer to http://java.sun.com/products/rmi-iiop/ Refer to http://omg.org/cgi-bin/doc?formal/99-10-07 Refer to http://www.oasis-open.org/specs/index.php#wssv1.1 SAGA 4.0 123 c. SAML Token profile 1.1 d. Kerberos Token Profile 1.1 e. Rights Expression Language (REL) Token Profile 1.1 f. SOAP with Attachments (SWA) Profile 1.1 The token profiles specify how the different tokens can be used in SOAP. Under observation: Universal Description, Discovery and Integration (UDDI) v2.0 The UDDI protocol is the basis for designing a standardized, interoperable platform that permits the simple, fast and dynamic search for web services. The further development of UDDI is being promoted within the scope of OASIS325. UDDI is based on standards issued by the W3C and the Internet Engineering Task Force (IETF), such as XML, HTTP, DNS and SOAP. 8.7.1.2 Middleware communication with applications outside the administration Web services should be used for access by client applications via the Internet to server applications at administrations. By providing a web service layer for an existing server application, client systems are enabled to trigger the functions of the applications via the Hypertext Transfer Protocol (HTTP). A web service is a service which can be made up of components and which uses SOAP to communicate with other components via the HTTP standard protocol. XML is used for the message content itself. XML was already described in section 8.3 "Data models" on page 96 as a universal and primary standard for exchanging data between all the information systems relevant for administrative purposes. The Web Service Interoperability Organization (WS-I) defines profiles of existing standards in order to facilitate the compilation of the required standards. The profile to be applied is WS-I-Basic v1.1326 and includes XML Schema v1.0, SOAP v1.1, WSDL v1.1 and UDDI v2.0. Mandatory: Simple Object Access Protocol (SOAP) v1.1 Analogous to section 8.7.1.1 on page 121. Mandatory: Web Services Description Language (WSDL) v1.1 Analogous to section 8.7.1.1 on page 121. Recommended: Web Services (WS) Security v1.1 Analogous to section 8.7.1.1 on page 121. 325 Refer to http://www.uddi.org/ 326 Refer to http://www.ws-i.org/Profiles/BasicProfile-1.1.html 124 SAGA 4.0 Under observation: Universal Description, Discovery and Integration (UDDI) v2.0 Analogous to section 8.7.1.1 on page 121. 8.7.2 Network protocols Mandatory: Internet Protocol (IP) v4 The federal administration's IT environment currently uses IP v4 (RFC 791327, RFC 1700328) in conjunction with TCP (Transmission Control Protocol, RFC 793329) and UDP (User Datagram Protocol, RFC 768330). When new components of a system are to be introduced, these new components should support both IP v4 and IP v6 in order to enable future migration. Mandatory: Domain Name System (DNS) Since the mid-1980s, the Domain Name System (DNS, RFC 1034331, RFC 1035332) has been the standard on the Internet. DNS refers to a hierarchical name server service at central points of the Internet. This is where a server name entered is converted to the pertinent IP address. Under observation: Internet Protocol (IP) v6 IP v6333 is the next version of the IP protocol which up to now has not been very widely used. One of the changes compared to the current version 4 is the extension of the IP address to 128 bits in order to permit addressing of multi-embedded and mobile IP-based systems in future. IP v6 includes IPsec (IP-Security Protocol) which is chiefly used in the VPN (Virtual Private Network) area and which can also be used independent of IP v6. Thanks to the use of VPNs with secure encryption methods, the transport channel and the authentication of terminal systems is ensured in the manner required, for instance, for wireless networks (Wireless Local Area Network – WLAN) and also for home offices or in site networking. Information on IPsec and VPN is available, for instance, from the German Federal Office for Information Security334. 327 328 329 330 331 332 333 334 Refer to http://www.ietf.org/rfc/rfc791.txt Refer to http://www.ietf.org/rfc/rfc1700.txt Refer to http://www.ietf.org/rfc/rfc793.txt Refer to http://www.ietf.org/rfc/rfc768.txt Refer to http://www.ietf.org/rfc/rfc1034.txt Refer to http://www.ietf.org/rfc/rfc1035.txt Refer to http://www.ietf.org/rfc/rfc2460.txt und http://www.ietf.org/rfc/rfc3041.txt Refer to http://www.bsi.de/, e.g. "Aufbau von Virtual Private Networks (VPN) und Integration in Sicherheitsgateways" [Establishment of Virtual Private Networks (VPNs) and integration into security gateways] at http://www.bsi.de/fachthem/sinet/loesungen_transport/VPN.pdf SAGA 4.0 8.7.3 125 E-mail communication Mandatory: Simple Mail Transfer Protocol (SMTP) / Multipurpose Internet Mail Exten sions (MIME) v1.0 E-mail protocols that comply with the SMTP / MIME335 specifications for exchanging messages (RFC 2821, RFC 2045 to RFC 2049)336 are required for e-mail transport. E-mail attachments should correspond to the file formats defined in section 8.6 on page 105. Mandatory: Post Office Protocol (POP) v3 / Internet Message Access Protocol (IMAP) v4rev1 In exceptional cases, it may be necessary to offer electronic mailboxes. In this case, POP3337 or IMAP338 should be used as the commonly used standards. Mandatory: Industrial Signature Interoperability Specification – MailTrust (ISIS-MTT) v1.1., Part 1 to Part 6 The secure exchange of e-mails is one possible application for the "communication" interaction stage. Secure e-mail communication includes securing e-mails during their transmission from a sender to a recipient. This application looks at e-mails in their entirety. Section 8.6.7.7 "Secured document exchange" on page 113 discusses the procedures for securing documents, including e-mail attachments. Taking the basic functions of the electronic signature, encryption and authentication, the ISIS-MTT specification considers a host of applications for processes to secure electronic business (for example, file, mail, transaction and time "protection"), refer to section 8.1.4 "Implementation of the security concept" on page 93. Parts 1 to 6 are especially relevant for securing e-mail communications. 8.7.4 IP telephony Voice or telephony is an important and established channel of communication for citizens, business and public agencies. Public agencies are also already running call centres and sometimes make use of telephone systems with Voice-over-IP (VoIP). With this form of communication, the interfaces in the field of presentation must be offered to the outside world and the interfaces in the backend with eGovernment applications must be made available (Computer Telephony Integration – CTI). This means that context-related VoIP connections to the respective specialized officers or call-centre employees can be offered to customers on websites and data received is displayed to the employee without media inconsistencies. 335 336 337 338 Refer to section 8.6.3 "Technologies for information processing" on page 106 Refer to http://www.ietf.org/rfc.html Published as RFC 1939, refer to http://www.ietf.org/rfc/rfc1939.txt Published as RFC 3501, refer to http://www.ietf.org/rfc/rfc3501.txt 126 SAGA 4.0 Recommended: H.323 The protocol for signalling according to the ITU-T's standard H.323339 together with the protocols that belong to this family should be used to transport data for IP telephony. Under observation: Session Initiation Protocol (SIP) v2.0 SIP is a standard for signalling with IP telephony (RFC 3261340) which was drawn up by IETF. It can be used together with the supplementary protocols for data transmission as an alternative to H.323. 8.7.5 Application protocols Section 8.1.4 "Implementation of the security concept" on page 93 deals with the connection of security-related infrastructures (e.g. directory services for certificates, revocation lists, etc). Mandatory: File Transfer Protocol (FTP) File Transfer Protocol (FTP, RFC 959341) is considered the standard for file transfer. FTP is one of the oldest Internet services. FTP enables the shared use of files, it offers users standardized user interfaces for different file system types, and transfers data in an efficient and reliable manner. FTP is typically somewhat faster than HTTP when larger files are to be downloaded. Since FTP does not encrypt any data, including passwords, before sending, it should not be used for applications with a high security requirement. In such cases, secured methods, such as SSH-2 and TLS, which are also described in this section, must be used. Mandatory: Hypertext Transfer Protocol (HTTP) v1.1 HTTP v1.1 (RFC 2616342) should be used for communications between the client and web server. However, web servers should also support HTTP v1.0 (RFC 1945343) in addition to version 1.1. The HTTP State Management Mechanism (RFC 2965344) standard should be adopted when HTTP Session Management and cookies are used. In contrast to version 1.0, the upload and download functionality of HTTP v1.1 offers the option of so-called "web folders" (refer to WebDAV on page 128). Chat systems can initiate the reloading of websites via HTTP v1.1. 339 340 341 342 343 344 Refer to http://www.itu.int/rec/T-REC-H.323/en Refer to http://www.ietf.org/rfc/rfc3261.txt Refer to http://www.ietf.org/rfc/rfc959.txt Refer to http://www.ietf.org/rfc/rfc2616.txt Refer to http://www.ietf.org/rfc/rfc1945.txt Refer to http://www.ietf.org/rfc/rfc2965.txt SAGA 4.0 127 Mandatory: Online Service Computer Interface (OSCI) Transport v1.2 The Online Service Computer Interface (OSCI)345 is the result of the MEDIA@Komm competition. OSCI covers a host of protocols which are suitable for eGovernment requirements and which are implemented by the OSCI steering group. The aim is to support transactions in the form of web services and their complete handling via the Internet. OSCI Transport 1.2 is that part of "OSCI" which is responsible for the cross-section tasks in the security area. The existence of a central intermediary which can perform added-value services without jeopardizing confidentiality at the business case data level is a characteristic feature of the secure implementation of eGovernment processes using OSCI. As a secure transmission protocol, it enables binding online transactions (even in conformance to the German Act on Digital Signature). OSCI Transport supports asynchronous communication via an intermediary as well as endto-end encryption for the confidential transmission of data. OSCI Transport standardizes both message contents as well as transport and security functions and is based on international standards (including, for instance, XML Signature, DES, AES, RSA and X.509) for which suitable, concrete contents are developed as required. Central design criteria for OSCI Transport, version 1.2, were the following. a. Reference to open standards (SOAP, XML Signature, XML Encryption) b. Technical independence, i.e. transmission using any technical communication protocol without any specific requirements regarding platforms or programming languages c. Scalability of security levels (advanced signatures or qualified and/or accredited electronic signatures as required by the specific application). Mandatory: Transport Layer Security (TLS) v1.0 TLS346 is a cryptographic protocol that ensures the integrity and confidentiality of a communication connection on the World Wide Web. It was developed from the Secure Sockets Layer (SSL) protocol. The SSL v3 standard, which was still mandatory in SAGA version 2.1, is listed in the Right of Continuance List. For security reasons, older SSL standards should no longer be used for existing applications. TLS is based on TCP/IP and secure communication protocols for applications, such as HTTP, IIOP, RMI, etc., in a transparent manner. TLS-secured web pages are addressed with https:// rather than http://. TLS also supports the single-ended authentication of the public agency's server in relation to the client of the communication partner in order to confirm to the latter that it is really connected to the public agency's server. Double-ended authentication of client and server can also be supported by TLS. TLS offers the following cryptographic mechanisms. 345 Refer to http://www.osci.de/ 346 Published as RFC 2246, refer to http://www.ietf.org/rfc/rfc2246.txt 128 SAGA 4.0 a. Asymmetric authentication of the communication partners (via X.509 certificates) b. Secure exchange of session keys (via RSA encryption or Diffie-Hellman key agreement) c. Symmetric encryption of communication contents d. Symmetric message authentication (via MACs) and protection against reply attacks The principles of operation of TLS are described in detail in section 5.2.2 of the Guideline for the Introduction of the Electronic Signature and Encryption in the Administration issued by the Co-operation Committee for Automatic Data Processing for the Federal-government, Federal-state Government and Municipal Administration Sector (KoopA ADV)347. In TLS, the combination of different methods is referred to as a "cipher suite". A TLS cipher suite always contains four cryptographic algorithms: a signature method, a key exchange method, a symmetric encryption method as well as a hash function. Recommended: Secure Shell v2 (SSH-2) The SSH-2348 protocol is an enhanced version of the SSH which has existed since 1995. Using a standardized authentication procedure, it enables the opening of an encrypted tunnel between the client and server system and then permits encrypted user data to be sent and received via the transport layer. The different open-source and commercial implementations of this protocol enable strong encryption of user data and allow, for instance, remote control of remote computers and file transfer (SSH-FTP). This means that there is a secure alternative to FTP. Recommended: WWW Distributed Authoring and Versioning (WebDAV) WebDAV349 is a standard drafted by the Internet Engineering Task Force (IETF) which can be used as an extension of HTTP for writing and changing files in networks. It is hence an alternative to FTP. In contrast to FTP, when data is transmitted with WebDAV, no additional port has to be released because WebDAV uses the HTTP port 80. Write access based on passwords should be encrypted, e.g. via HTTPS or TLS. However, not all applications that support WebDAV also support so-called encryption mechanisms. Under observation: Transport Layer Security (TLS) v1.1 Adopted in April 2006, TLS v1.1350 is a further development of TLS v1.0 that features improved security. Support of TLS v1.1 is planned for the next generation of web browsers. 8.7.6 Geo-services All standards in this section are either specifications of the Open Geospatial Consortium (OGC)351 or are based on these specifications. The classifications were agreed to with Geo 347 Refer to http://www.koopa.de/projekte/pki.html 348 Published under RFC 4251 - 4256, refer to http://www.ietf.org/rfc.html 349 Published as RFC 2518, refer to http://www.ietf.org/rfc/rfc2518.txt and http://www.webdav.org/ 350 Published as RFC 4346, refer to http://www.ietf.org/rfc/rfc4346.txt 351 Refer to http://www.opengeospatial.org/ SAGA 4.0 129 dateninfrastruktur Deutschland [Geo-data infrastructure Germany] (GDI-DE)352 and are orientated towards [GDI-DE 2007]. The definition of formats for exchanging geoinformation can be found in section 8.6.11 on page 118. Recommended: Catalogue Services Specification v2.0 – ISO Metadata Application Profile v1.0 The Catalogue Services Specification v2.0 – ISO Metadata Application Profile353 is an application profile for catalogue services which was adopted by the OGC. The profile refers to the CSW base specification of OGC and the metadata specifications of ISO (ISO 19115, ISO 19119). It should be used to implement standard-compliant metadata searches. Recommended: Web Map Service Deutschland (WMS-DE) v1.0 The aim of the WMS-DE354 profile is to define in a binding manner the requirements of Geodateninfrastruktur Deutschland (GDI-DE) for a Web Map Service (WMS). With WMS services which use this profile, the user can achieve a nation-wide presentation by combining the digital maps and data of various WMS services. The binding parameters within the scope of GDI-DE should benefit both suppliers during the establishment of services as well as users during queries. Recommended: Web Coverage Service (WCS) v1.0.0 WCS355 enables access to multi-dimensional grid data. This service is particularly suitable for submitting grid data, e.g. in shop solutions, for providing measured values in the form of time series, and for supplying digital terrain models. Recommended: Web Feature Service (WFS) v1.0 WFS v1.0.0356 enables access to geo-data objects (features), usually in the form of vector data. Data is exchanged in the Geography Markup Language (GML) v2.1.2, refer to section 8.6.11 "Interchange formats for geo-information" on page 118. Recommended: Web Feature Service (WFS) v1.1 Compared to its predecessor version 1.0.0, WFS v1.1.0357 is not yet so widely used. Data is exchanged in the Geography Markup Language (GML) v3.1.1, refer to section 8.6.11 "Interchange formats for geo-information" on page 118. 352 353 354 355 356 357 Refer to http://www.gdi-de.org/ Refer to http://www.opengeospatial.org/standards/cat Refer to http://www.gdi-de.org/de/download/WMS_DE_Profil_V1.pdf Refer to http://www.opengeospatial.org/specs/ Refer to http://www.opengeospatial.org/specs/ Refer to http://www.opengeospatial.org/specs/ 130 SAGA 4.0 Recommended: Simple Feature Access – Part 2: SQL option (SFA-2) v1.1.0 SFA-2358 defines interfaces for accessing geo-data objects (features). Along with OGC, this standard was standardized by ISO and is hence also called ISO 19125-2359. 8.8 Backend The German administration uses several legacy systems which are very likely to remain in use even in the future (e.g. ERP, mainframe transaction processing, database systems and other legacy applications). Depending on the operating modes supported, these legacy systems can be divided into three categories as follows: a. Transaction-secured processing by end users via existing dialogue systems, b. asynchronous data batch processing (bulk data processing) and c. program-to-program communication on the basis of proprietary protocols. Two options are generally available for integrating legacy systems: a. Direct integration via so-called "legacy interfaces" or b. integration via a separate integration tier, with modular encapsulation of real access to the legacy systems. Detailed solution concepts must be evaluated and compared with a view to the aims to be achieved, the time and budget available, as well as the functions to be supported during the integration of the legacy system. The following sections discuss different solution concepts which have proven to be suitable with the three above-mentioned operating modes. The data elements to be transmitted should be specified using the technologies described in section 8.3 "Data models" on page 96 AND section 8.6.6 "Interchange formats for data " on page 109. 8.8.1 Directory services and registries Mandatory: Lightweight Directory Access Protocol (LDAP) v3 LDAP v3 (RFC 4510 - 4519360) is an X.500-based Internet protocol which is optimized with regard to hierarchically structured information and which is used for directory service access. Under observation: Universal Description, Discovery and Integration (UDDI) v2.0 Analogous to section 8.7.1.2 "Middleware communication with applications outside the administration" on page 123. 358 Refer to http://www.opengeospatial.org/specs/ 359 Refer to http://www.iso.org/ 360 Refer to http://www.ietf.org/rfc/rfc4510.txt SAGA 4.0 131 Under observation: Directory Services Markup Language (DSML) v2 DSML361 is an XML-based language which is used to exchange data with directory services – e.g. during the course of queries and updates. Use of the specification makes it easy to access the directory services. DSML v2 was published in 2001 as an OASIS standard. Under observation: ebXML Registry Services and Protocols (ebXML RS) v3.0/ ebXML Registry Information Model (ebXML RIM) v3.0 ebXML RS describes the services and protocols offered by an ebXML-compliant registry. An ebXML registry is a system that safely administers any particular content and the related, standardized metadata. ebXML RIM describes the pertinent information model. The technologies should be used together. ebXML RS v3.0362 and ebXML RIM v3.0363 were adopted by OASIS364 on 1 May 2005 as OASIS standards. Compared to version 2.0, version 3.0 adds many useful features, such as versioning repository contents. 8.8.2 Access to databases Mandatory: Java Database Connectivity (JDBC) v3.0 JDBC365 should be used for access to databases. 8.8.3 Access to legacy systems Mandatory: Remote Method Invocation (RMI) Analogous to section 8.7.1.1 "Middleware communication within the administration" on page 121. Mandatory: Simple Object Access Protocol (SOAP) v1.1 Analogous to section 8.7.1.1 "Middleware communication within the administration" on page 121. Mandatory: Web Services Description Language (WSDL) v1.1 Analogous to section 8.7.1.1 "Middleware communication within the administration" on page 121. 361 362 363 364 365 Refer to http://www.oasis-open.org/specs/index.php#dsmlv2 Refer to http://www.oasis-open.org/specs/index.php#ebxmlrsv3.0 Refer to http://www.oasis-open.org/specs/index.php#ebxmlrimv3.0 Refer to http://www.oasis-open.org/ Published as JSR-000054, refer to http://www.jcp.org/en/jsr/detail?id=54 132 SAGA 4.0 Mandatory: Java Message Service (JMS) v1.1 Analogous to section 8.7.1.1 "Middleware communication within the administration" on page 121. Mandatory: J2EE Connector Architecture (JCA) v1.5 Analogous to section 8.7.1.1 "Middleware communication within the administration" on page 121. Recommended: Java Language Mapping to OMG IDL Analogous to section 8.7.1.1 "Middleware communication within the administration" on page 121. Recommended: Web Services (WS) Security v1.1 Analogous to section 8.7.1.1 "Middleware communication within the administration" on page 121. 8.9 Encryption Cryptographic algorithms for encryption can be applied to data and/or keys in order to ensure their confidential transmission. 8.9.1 Asymmetric encryption methods Asymmetric encryption methods are required, for example, in order to exchange a socalled session key between communication partners. A session key is a symmetric key, refer to section 8.9.2 on page 132. Mandatory: RSA The RSA method366 is the most important asymmetric method; it is also referred to as the public key method. During encryption, the bit sequence is encrypted using the public key of the communication partner. After this, the resultant encrypted secret text can only be decrypted to plain text by the holder of the private key. The security of this method is based on the difficulty to factorize large natural numbers. Normal key lengths are 2048 and 4096 bits. The Federal Network Agency no longer recommends 1024-bit keys. RSA is used during encryption just like signing, refer to section 8.10.2 on page 134. 8.9.2 Symmetric encryption methods Symmetric methods, when applied, use the same private key for encryption and decryption. These methods usually feature very high performance. 366 RSA was named after its inventors: Ronald L. Rivest, Adi Shamir and Leonard Adleman SAGA 4.0 133 Mandatory: Advanced Encryption Standard (AES) AES367 is a symmetric block cipher with a fixed block length of 128 bits and a key length that can be either 128, 192 or 256 bits long. AES was published in October 2000 by the National Institute of Standards and Technology (NIST)368. The Triple Data Encryption Standard (Triple-DES, also called 3DES), which was still recommended in SAGA version 2.1, is now on the Right of Continuance List. 8.10 Electronic signature The security of an electronic signature is primarily dependent upon the strength of the underlying cryptographic algorithms. With regard to the "electronic signature" issue, refer also to section 4.5.1 on page 45. Mandatory: Cryptographic algorithms for the electronic signature according to the Federal Network Agency Every year, the Federal Network Agency publishes in the Federal Gazette those cryptographic algorithms which can be considered to be suitable for at least the next six years with a view to the requirements of the Act on Digital Signature (SigG) and the Digital Signature Ordinance (SigV)369. To this effect, the minimum dimensions of parameters, such as block sizes and key lengths, are stated which are needed to ensure sufficient security. The German Federal Office for Information Security (BSI) can classify further methods as suitable. An electronic signature for the purposes of the Act includes the following cryptographic algorithms. 8.10.1 Hashing data A hash function reduces the data to be signed to a hash value, i.e. a bit sequence with a fixed length. This then means that the hash value rather than the data itself is signed. Mandatory: Secure Hash Algorithm (SHA)-256 SHA-256 (Secure Hash Algorithm)370, as a further development of SHA-1 (160-bit long hash value), is a cryptographic hash function that generates a 256-bit long hash value. 367 Refer to http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf, published as FIPS 197 368 Refer to http://csrc.nist.gov/ 369 Refer to http://www.bundesnetzagentur.de/enid/Veroeffentlichungen/Algorithmen_sw.html 370 Published as FIPS PUBS 180-2, refer to http://csrc.nist.gov/publications/fips/fips180-2/fips1802.pdf 134 SAGA 4.0 Recommended: Secure Hash Algorithm (SHA)-224 / Secure Hash Algorithm (SHA)-384 / Secure Hash Algorithm (SHA)-512 SHA-224, SHA-384 und SHA-512 (Secure Hash Algorithm)371 are further developments of SHA-1 (160-bit long hash value) and constitute cryptographic hash functions that generate longer hash values (the length corresponds to the number stated). 8.10.2 Asymmetric signature methods An asymmetric signature method consists of a signing and a verification algorithm. The signature method is dependent on a key pair which consists of a private (i.e. secret) key for signing (generating) and the pertinent public key for verifying (checking) the signature. Mandatory: RSA Analogous to section 8.9.1 "Asymmetric encryption methods" on page 132, RSA should be used for the asymmetric signature method. Recommended: Digital Signature Algorithm (DSA) The Digital Signature Algorithm (DSA)372 is the signature method that was specified in the US Digital Signature Standard (DSS) in 1991. DSA is a pure signature algorithm. Although the US government has obtained a patent for DSS, its use is free. DSA is less widespread than RSA. The Federal Network Agency's algorithm catalogue foresees qualified electronic signatures starting in 2008 as opposed to the standard with bigger parameter lengths. Normal key lengths are 2048 and 4096 bits. The Federal Network Agency no longer recommends 1024-bit keys. 8.10.3 Key management As a precondition for applications to use electronic signatures, it must be possible to assign public electronic keys (public keys) to real individuals or institutions. In order to achieve interoperability between different applications, identical data formats must be in place, and standardized mechanisms must be used to read and write data. Recommended: XML Key Management Specification (XKMS) v2 XKMS373 specifies protocols for the registration and distribution of public keys. The protocols were designed for interaction with XML Signature and XML Encryption and are hence used for XML-based communications, e.g. web services. The specification consists of two parts, i.e. the XML Key Registration Service Specification (X-KRSS) and the XML Key Information Service Specification (X-KISS). 371 Published as FIPS PUBS 180-2, refer to http://csrc.nist.gov/publications/fips/fips180-2/fips1802.pdf 372 Published as FIPS 186-2, refer to http://csrc.nist.gov/publications/fips/fips186-2/fips186-2change1.pdf 373 Refer to http://www.w3.org/TR/xkms2/ SAGA 4.0 135 Clients can use relatively simple XKMS queries to find and validate public keys, with relay servers accessing existing LDAP and OCSP infrastructures in order to answer these queries. This means that parallel use of different directory services is possible with just one protocol. 8.11 Smartcards Smartcards are chip cards with an integrated processor; they are also referred to as microprocessor cards. In contrast to chip cards which are used to only save data (memory cards), smartcards can also process data. Smartcards can serve as a Personal Security Environment (PSE), in order to safely store trustworthy certificates and keys, and also as a (secure) signature generation unit.374 A distinction is made between contact smartcards and contactless smartcards. Whilst contact smartcards feature a visible, exterior contact surface, contactless smartcards establish contact with the reader devices by wireless communication (Radio Frequency IDentification – RFID). 8.11.1 Contact smartcards Mandatory: Identification Cards - Integrated circuit cards Contact smartcards should conform to the ISO/IEC 7816375 standard. The standard describes, for instance, dimensions, positioning contacts and labelling, electrical properties as well as transmission protocols. 8.11.2 Contactless smartcards Mandatory: Identification Cards - Contactless integrated circuit cards Contactless smartcards with a transmission rate of up to approx. 847 kbps – corresponding to a range of up to 0.1m – should conform to the ISO/IEC 14443376 standard. The standard describes in four parts the design, function and operation of these smartcards. The electronic passport377 is based on this standard. The electronic ID card, which is currently in the planning phase, is also to be based on this standard. 374 Refer to the German Federal Office for Information Security (BSI): "Grundlagen der elektronischen Signatur – Recht, Technik, Anwendung" [Fundamentals of the electronic signature - law, technology, application], 2006, http://www.bsi.de/esig/esig.pdf 375 Refer to http://www.iso.org/ 376 Refer to http://www.iso.org/ 377 Refer to http://www.epass.de/ 136 SAGA 4.0 8.11.3 Reader units and interfaces for smartcards Mandatory: Technical guideline for federal-government eCard projects (BSI TR-03116) v1.0 Smartcard applications which use cryptographic methods should consider the security requirements for the use of cryptographic methods in federal-government eCard projects described in technical guideline BSI TR-03116378 from the Federal Office for Information Security (BSI) . Mandatory: Industrial Signature Interoperability Specification – MailTrust (ISIS-MTT) v1.1., Part 7 Components which support the universal "Cryptographic Token Interface" (Cryptoki) should conform to ISIS-MTT379 v1.1, Part 7 (Cryptographic Token Interface). Under observation: Interoperability Specification for ICCs and Personal Computer Sys tems (PC/SC) v2.0 PC/SC380 specifies an interface between card reader units and the applications. Under observation: OpenCard Framework (OCF) v1.2 OCF381 specifies an interface between card reader units and the applications. Under observation: Secure Interoperable ChipCard Terminal (SICCT) v1.10 SICCT382 describes a basic concept for application-independent terminals for smartcards based on ISO/IEC 7816 and ISO/IEC 14443383. Applications with high or very high security requirements can attempt to conform to SICCT. 8.12 Long-term archiving With electronic documents becoming increasingly widespread in administrations, sustainable and long-term storage calls for standards for storage which warrant the authenticity and completeness of the documents. 378 379 380 381 382 Refer to http://www.bsi.bund.de/literat/tr/tr03116/BSI-TR-03116.pdf Refer to http://www.isis-mtt.org/ Refer to http://www.pcscworkgroup.com/specifications/specdownload.php Refer to http://www.opencard.org/index-downloads.shtml Refer to http://www.teletrust.de/fileadmin/files/publikationen/Spezifikationen/SICCT_Spezifikation _1.10.pdf 383 Refer to http://www.iso.org/ SAGA 4.0 137 Recommended: Tagged Image File Format (TIFF) v6.0 TIFF v6.0 should be used for the long-term archiving of graphics and b/w images. Maximum interoperability is particularly important in this area of application. This is why only properties from "Baseline TIFF" are to be used here, refer also to section 8.6.8 on page 115. Recommended: Joint Photographic Experts Group (JPEG) In analogy to section 8.6.8 "Interchange formats for graphics" on page 115, JPEG should be used for long-term archiving of images, in particular, for photos. Recommended: Extensible Markup Language (XML) v1.0 XML is suitable for long-term archiving, however, the related schemas and XSL files must also be archived, refer to section 8.6.6 "Interchange formats for data " on page 109. Examples of XML-based languages for long-term archiving include Encoded Archival Description (EAD)384, Encoded Archival Context (EAC)385 and the Metadata Encoding and Transmission Standard (METS)386. Recommended: ArchiSig, Grundsätze für die beweiskräftige und sichere Langzeitarchivierung digital signierter Dokumente [principles for conclusive and secure long-term archiving of electronically signed documents] The ArchiSig387 project was carried out by various participants from the worlds of science and industry as well as with users under the leadership of Informatikzentrum Niedersachsen [Lower Saxon Computer Science Centre] and Staatliche Archivverwaltung Niedersachsen [Lower Saxon state archive administration]. It defines principles388 that should be observed for the long-term archiving of electronically signed documents.389 Recommended: Portable Document Format Archive - 1 (PDF/A-1) The PDF/A-1390 standard (ISO 19005-1:2005391) is based on PDF v1.4, refer to section 8.6.7.1, with the restrictions that scripts are embedded and metadata is captured and no passwords, executable code or audio or video data are used. Conformance to ISO 19005-1:2005 can be described on two different levels: 1. 384 385 386 387 388 389 PDF/A-1b (also referred to as Level B Conformance) represents minimum conformance to the requirement that the generated appearance of the PDF file must be reproducible on a long-term basis. Refer to http://www.loc.gov/ead/ Refer to http://jefferson.village.virginia.edu/eac/ Refer to http://www.loc.gov/standards/mets/ Refer to http://www.archisig.de/ Refer to http://www.archisig.de/grundsaetze.pdf ArchiSig is used, for instance, within the scope of the "ArchiSafe" project, refer to http://www.archisafe.de/ 390 Refer to http://www.adobe.de/products/acrobat/pdfs/pdfarchiving.pdf 391 Refer to http://www.iso.org/ 138 SAGA 4.0 2. PDF/A-1a (also referred to as Level A Conformance) is based on Level B and additionally requires that the PDF file can be searched (text extraction). PDF/A-1a fully complies with the requirements of the ISO standard (full conformance). The standard should be used for the long-term archiving of text and presentations. This standard recognized by ISO can be used to save the document contents, the document form and the metadata of the document in one archived file. The file can also be displayed without the original application. A barrier-free presentation of contents is also provided. Under observation: Extensible Markup Language (XML) v1.1 Analogous to section 8.6.6 "Interchange formats for data " on page 109. SAGA 4.0 Appendix A References [APEC] National Office for the Information Economy / CSIRO: APEC e-Business: What do Users need?, 2002 http://nla.gov.au/nla.arc-25067 http://www1.cmis.csiro.au/Reports/APEC_E-commerce.pdf [BOL] Federal Ministry of the Interior (editor): BundOnline 2005: Umsetzungsplan 2004 – Status und Ausblick, Dresden 2004 http://www.kbst.bund.de/ (in the area of > eGovernment > Initiatives > BundOnline 2005 > Implementation plan and final report > 2004 – implementation plan) [BSI 2005] German Federal Office for Information Security: ITIL und Informationssicherheit – Möglichkeiten und Chancen des Zusammenwirkens von IT-Sicherheit und IT-ServiceManagement, Berlin, 2005 http://www.bsi.de/literat/studien/ITinf/itil.pdf [e-GIF] Office of the e-Envoy: e-Government Interoperability Framework Version 6.0, 2004 http://www.govtalk.gov.uk/schemasstandards/egif.asp http://www.govtalk.gov.uk/documents/e-gif-v6-0(1).pdf Office of the e_Envoy: Technical Standards Catalogue Version 6.1, 2004 http://www.govtalk.gov.uk/documents/TSCv6-1_2004-11-15.pdf [FIPS-PUBS] National Institute of Standards and Technology (NIST), Information Technology Laboratory (ITL): Federal Information Processing Standards Publications, 2005 http://www.itl.nist.gov/fipspubs/ [GDI-DE 2007] Geo-data infrastructure Germany: Architektur der Geodateninfrastruktur Deutschland, concept for the universal provision of geodata within the scope of eGovernment in Germany, version 1.0, 2007 http://www.gdi-de.org/de/download/GDI_ArchitekturKonzept_V1.pdf [IDABC] European Commission: Interoperable Delivery of European eGovernment Services to public Administrations, Businesses and Citizens, 2005 http://europa.eu.int/idabc/ 139 140 SAGA 4.0 [IEEE 2000] Institute of Electrical and Electronics Engineers (IEEE): IEEE-Standard 1471-2000: Recommended Practice for Architectural Description of Software-Intensive Systems, 2000 [ISO 1996] ISO/IEC 10746-3: Information technology – Open Distributed Processing – Reference Model: Architecture, Geneva 1996 [ITG 2000] Informationstechnische Gesellschaft (ITG) im VDE: Electronic Government als Schlüssel der Modernisierung von Staat und Verwaltung. A memorandum by the specialist committee for administrative IT of Gesellschaft für Informatik e.V. (GI) and special unit 1 of Informationstechnische Gesellschaft (ITG) at the Association for Electrical, Electronic and Information Technologies (VDE), Bonn / Frankfurt 2000 http://mediakomm.difu.de/documents/memorandum.pdf [KBSt 2007] KBSt: IT-Architekturkonzept für die Bundesverwaltung, 2007 http://www.kbst.bund.de/architekturkonzept [Kudraß 1999] Kudraß, Thomas: Describing Architectures Using RM-ODP, online publication, 1999 http://www.imn.htwk-leipzig.de/~kudrass/Publikationen/OOPSLA99.pdf [Lenk et al. 2000] Lenk, Klaus / Klee-Kruse, Gudrun: Multifunktionale Serviceläden, Berlin 2000 [Lenk 2001] Lenk, Klaus: Über Electronic Government hinaus Verwaltungspolitik mit neuen Konturen, paper at the 4th conference on administrative IT at the Federal University of Applied Administrative Sciences on 5 September 2001 [v. Lucke et al. 2000] Lucke, Jörn von / Reinermann, Heinrich: Speyerer Definition von Electronic Government. Results of the research project "government and administration in the information age", online publication, 2000 http://foev.dhv-speyer.de/ruvii/Sp-EGov.pdf [New Zealand] State Services Commission, New Zealand: E-government in New Zealand, 2007 http://www.e-government.govt.nz/ [Schedler et al. 2001] Schedler, Kuno / Proeller, Isabella: NPM, Berne / Stuttgart / Vienna 2001 SAGA 4.0 [Schreiber 2000] Schreiber, Lutz: Verwaltung going digit@l. Ausgewählte Rechtsfragen der OnlineVerwaltung, in: Digitale Signaturen, in: Kommunikation & Recht, supplement 2 in edition 10/2000 [Switzerland] Swiss Federal Chancellery: Sektion elektronischer Behördenverkehr, homepage of Beratungs-, Dienstleistungs- und Betriebsorganisation für den elektronischen Behördenverkehr [the advisory, service and provider organization for electronic communications with public agencies] (E-Government), 2007 http://www.bk.admin.ch/org/bk/00346/00348/index.html?lang=de [SIGA] eGovernment project group at the German Federal Office for Information Security (BSI): Sichere Integration von E-Government-Anwendungen, module of the eGovernment manual, 2003 http://www.bsi.bund.de/fachthem/egov/4_siga.htm 141 SAGA 4.0 143 Appendix B Overview of Classified Standards .NET-Framework...............................................................................................................................100 A Advanced Encryption Standard (AES)...........................................................................................133 AES......................................................................................................................................................133 Animated GIF.....................................................................................................................................116 Animated Graphics Interchange Format (Animated GIF) v89a................................................116 ANSI/NISO Z39.85...............................................................................................................................97 ArchiSig, Grundsätze für die beweiskräftige und sichere Langzeitarchivierung digital signierter Dokumente [principles for conclusive and secure long-term archiving of electronically signed documents]..................................................................................................137 B Barrierefreie Informationstechnik Verordnung (BITV) [Barrier-free information technology ordinance].........................................................................................................................................105 BITV....................................................................................................................................................105 BPEL4WS............................................................................................................................................100 BSI, E-Government-Handbuch [eGovernment manual]......................................................95, 104 BSI, IT-Grundschutz-Kataloge [IT Baseline Protection Catalogues]...........................................94 BSI TR-03116.......................................................................................................................................136 BSI standard 100-1: Management systems for Information Security..........................................91 BSI standard 100-2: IT baseline protection approach...................................................................92 BSI-Standard 100-3: Risk analysis on the basis of IT baseline protection...................................93 Business Process Execution Language for Web Services (BPEL4WS) v1.1...............................100 C C# Language Specification..............................................................................................................99 Cascading Style Sheets Language Level 2 (CSS2)..........................................................................107 Catalogue Services Specification v2.0 – ISO Metadata Application Profile v1.0....................129 CLI.........................................................................................................................................................99 Comma Separated Value (CSV).......................................................................................................112 Common Language Infrastructure (CLI)........................................................................................99 Cryptographic algorithms for the electronic signature according to the Federal Network Agency................................................................................................................................................133 CSS2.....................................................................................................................................................107 144 SAGA 4.0 CSV.......................................................................................................................................................112 D DC.........................................................................................................................................................97 DCMI Metadata Terms.......................................................................................................................97 Digital Signature Algorithm (DSA).................................................................................................134 DIN 66001............................................................................................................................................95 Directory Services Markup Language (DSML) v2..........................................................................131 DNS......................................................................................................................................................124 Domain Name System (DNS)...........................................................................................................124 DSA......................................................................................................................................................134 DSML....................................................................................................................................................131 Dublin Core (DC).................................................................................................................................97 E ebXML Registry Information Model (ebXML RIM) v3.0.............................................................131 ebXML Registry Services and Protocols (ebXML RS) v3.0.............................................................131 ebXML RIM.........................................................................................................................................131 ebXML RS............................................................................................................................................131 ECMA-262..........................................................................................................................................108 ECMA-334............................................................................................................................................99 ECMA-335..........................................................................................................................................100 ECMA-376..............................................................................................................................111, 112, 113 ECMAScript Language Specification.............................................................................................108 eGovernment manual.......................................................................................................................95 Election Markup Language (EML) v4.0.........................................................................................109 EML.....................................................................................................................................................109 Entity Relationship Diagram (ERD).................................................................................................96 ERD.......................................................................................................................................................96 Extensible Hypertext Markup Language (XHTML) Basic v1.0....................................................120 Extensible Hypertext Markup Language (XHTML) v1.0..............................................................107 Extensible Markup Language (XML) v1.0...............................................................................109, 137 Extensible Markup Language (XML) v1.1...............................................................................109, 138 Extensible Stylesheet Language (XSL) v1.0....................................................................................107 Extensible Stylesheet Language (XSL) v1.1....................................................................................108 Extensible Stylesheet Language Transformations (XSLT) v1.0...................................................107 Extensible Stylesheet Language Transformations (XSLT) v2.0...................................................108 SAGA 4.0 145 F File Transfer Protocol (FTP)..............................................................................................................126 FIPS 186-2............................................................................................................................................134 FIPS 197...............................................................................................................................................133 FIPS PUBS 180-2..................................................................................................................................133 FTP.......................................................................................................................................................126 G Geo Tagged Image File Format (GeoTIFF).....................................................................................116 Geography Markup Language (GML) v2.1.2..................................................................................119 Geography Markup Language (GML) v3.1.1...................................................................................119 GeoTIFF...............................................................................................................................................116 GIF v89a..............................................................................................................................................115 GML v2.1.2...........................................................................................................................................119 GML v3.1.1............................................................................................................................................119 Gnu ZIP (GZIP) v4.3............................................................................................................................119 Graphics Interchange Format (GIF) v89a......................................................................................115 H H.323...................................................................................................................................................126 Handlungsleitfaden für die Einführung der elektronischen Signatur und Verschlüsselung in der Verwaltung v1.1 [Guideline for the Introduction of the Electronic Signature and Encryption in the Administration]..................................................................................................94 HTML............................................................................................................................................110, 113 HTML v4.01........................................................................................................................................106 HTTP v1.1......................................................................................................................................118, 126 Hypertext Markup Language (HTML) v4.01...................................................................106, 110, 113 Hypertext Transfer Protocol (HTTP) v1.1.................................................................................118, 126 I Identification Cards - Contactless integrated circuit cards.......................................................135 Identification Cards - Integrated circuit cards.............................................................................135 IMAP v4rev1.......................................................................................................................................125 Industrial Signature Interoperability Specification – MailTrusT (ISIS-MTT) v1.1.....................93 Industrial Signature Interoperability Specification – MailTrust (ISIS-MTT) v1.1., Part 1 to Part 6...........................................................................................................................................................125 Industrial Signature Interoperability Specification – MailTrust (ISIS-MTT) v1.1., Part 3........114 Industrial Signature Interoperability Specification – MailTrust (ISIS-MTT) v1.1., Part 7........136 Internet Message Access Protocol (IMAP) v4rev1........................................................................125 Internet Protocol (IP) v4...................................................................................................................124 146 SAGA 4.0 Internet Protocol (IP) v6...................................................................................................................124 Interoperability Specification for ICCs and Personal Computer Systems (PC/SC) v2.0..........136 IP v4.....................................................................................................................................................124 IP v6.....................................................................................................................................................124 ISIS-MTT v1.1........................................................................................................................................93 ISIS-MTT v1.1., Part 1 to Part 6...........................................................................................................125 ISIS-MTT v1.1., Part 3..........................................................................................................................114 ISIS-MTT379 v1.1, Part 7....................................................................................................................136 ISO 10646:2003..................................................................................................................................106 ISO 15836-2003....................................................................................................................................97 ISO 19005-1:2005...............................................................................................................................137 ISO 19125-2.........................................................................................................................................130 ISO/IEC 10746-3:1996..........................................................................................................................31 ISO/IEC 10918-1:1994...................................................................................................................115, 137 ISO/IEC 14443.....................................................................................................................................135 ISO/IEC-14496..............................................................................................................................116, 118 ISO/IEC 15444-1...................................................................................................................................116 ISO/IEC 15445.......................................................................................................................106, 110, 113 ISO/IEC 15948:2003...........................................................................................................................115 ISO/IEC 16262.....................................................................................................................................108 ISO/IEC 19503:2005......................................................................................................................96, 97 ISO/IEC 19757-2:2003..........................................................................................................................97 ISO/IEC 23270:2006............................................................................................................................99 ISO/IEC 23271:2006...........................................................................................................................100 ISO/IEC 26300:2006..............................................................................................................111, 112, 113 ISO/IEC 279001....................................................................................................................................83 ISO/IEC 7816.......................................................................................................................................135 ISO/IEC TR 23272:2006.....................................................................................................................100 ISO/PRF 19136......................................................................................................................................119 IT-Grundschutz-Vorgehensweise v1.0 [BSI standard 100-2: IT baseline protection approach] ...............................................................................................................................................................92 IT-Grundschutzkataloge [IT Baseline Protection catalogues].....................................................83 ITU-T.81........................................................................................................................................115, 137 J J2EE Connector Architecture (JCA) v1.5.................................................................................122, 132 Java Database Connectivity (JDBC) v3.0.........................................................................................131 Java EE v5.............................................................................................................................................98 Java Language Mapping to OMG IDL.....................................................................................122, 132 SAGA 4.0 147 Java Message Service (JMS) v1.1.................................................................................................121, 132 Java Network Launching Protocol (JNLP) v1.5..............................................................................102 Java Platform, Enterprise Edition (Java EE) v5...............................................................................98 Java Platform, Standard Edition (Java SE) v5..................................................................................99 Java SE..................................................................................................................................................99 Java Server Pages (JSP) v2.1...............................................................................................................107 Java Servlet v2.5.................................................................................................................................107 JCA...............................................................................................................................................122, 132 JDBC.....................................................................................................................................................131 JMS................................................................................................................................................121, 132 JNLP.....................................................................................................................................................102 Joint Photographic Experts Group (JPEG)...............................................................................115, 137 Joint Photographic Experts Group 2000 (JPEG2000) / Part 1.......................................................116 JPEG..............................................................................................................................................115, 137 JPEG2000............................................................................................................................................116 JSP v2.1.................................................................................................................................................107 JSR-000054.........................................................................................................................................131 JSR-000056 (Final Release)..............................................................................................................102 JSR-000112...................................................................................................................................122, 132 JSR-000154 (Maintenance Release)................................................................................................107 JSR-000176...........................................................................................................................................99 JSR-000244..........................................................................................................................................99 JSR-000245.........................................................................................................................................107 JSR-000914...................................................................................................................................121, 132 K Kerberos v5........................................................................................................................................105 KoopA ADV, Handlungsleitfaden für die Einführung der elektronischen Signatur und Verschlüsselung in der Verwaltung v1.1 [Guideline for the Introduction of the Electronic Signature and Encryption in the Administration]........................................................................94 L LDAP v3...............................................................................................................................................130 Lightweight Directory Access Protocol (LDAP) v3.......................................................................130 M Management systems for Information Security............................................................................91 Microsoft Windows .NET-Framework...........................................................................................100 MIME v1.0...................................................................................................................................106, 125 MP4...............................................................................................................................................116, 118 148 SAGA 4.0 MPEG-4 Part 14 (MP4).................................................................................................................116, 118 Multipurpose Internet Mail Extensions (MIME) v1.0...........................................................106, 125 O OCF v1.2..............................................................................................................................................136 Office Open XML (OOXML)..................................................................................................111, 112, 113 Ogg...............................................................................................................................................117, 118 Ogg Encapsulation Format (Ogg)............................................................................................117, 118 Online Service Computer Interface (OSCI) Transport v1.2..........................................................127 OOXML...................................................................................................................................111, 112, 113 Open Document Format for Office Applications (OpenDocument) v1.0.....................111, 112, 113 OpenCard Framework (OCF) v1.2...................................................................................................136 OpenDocument v1.0............................................................................................................111, 112, 113 OSCI Transport 1.2.............................................................................................................................127 P PC/SC...................................................................................................................................................136 PDF version 1.4......................................................................................................................110, 111, 112 PDF version 1.5......................................................................................................................110, 112, 113 PDF version 1.6......................................................................................................................110, 112, 113 PDF/A-1................................................................................................................................................137 PHP......................................................................................................................................................100 PHP Hypertext Preprocessor (PHP) v5.x........................................................................................100 PNG......................................................................................................................................................115 POP3....................................................................................................................................................125 Portable Document Format (PDF) v1.4..............................................................................110, 111, 112 Portable Document Format (PDF) v1.5.............................................................................110, 112, 113 Portable Document Format (PDF) v1.6.............................................................................110, 112, 113 Portable Document Format Archive - 1 (PDF/A-1).........................................................................137 Portable Network Graphics (PNG) v1.2...........................................................................................115 Post Office Protocol (POP) v3...........................................................................................................125 Q Quicktime....................................................................................................................................116, 118 R RDF.......................................................................................................................................................97 RealMedia v10.............................................................................................................................117, 118 Reference Model for Open Distributed Processing (RM-ODP69)................................................31 SAGA 4.0 149 Regular Language Description for XML New Generation (Relax NG)........................................97 Relax NG..............................................................................................................................................97 Remote Method Invocation (RMI)............................................................................................121, 131 Remote Method Invocation over Internet Inter ORB Protocol (RMI-IIOP) ..............................122 Resource Description Framework (RDF).........................................................................................97 RFC 1034/RFC 1035............................................................................................................................124 RFC 1510..............................................................................................................................................105 RFC 1700.............................................................................................................................................124 RFC 1939.............................................................................................................................................125 RFC 1945.............................................................................................................................................126 RFC 1952..............................................................................................................................................119 RFC 2045 to RFC 2049...............................................................................................................106, 125 RFC 2246.............................................................................................................................................127 RFC 2460............................................................................................................................................124 RFC 2518.............................................................................................................................................128 RFC 2616......................................................................................................................................118, 126 RFC 2821.............................................................................................................................................125 RFC 2965............................................................................................................................................126 RFC 3041.............................................................................................................................................124 RFC 3261.............................................................................................................................................126 RFC 3275..............................................................................................................................................114 RFC 3501.............................................................................................................................................125 RFC 3533.......................................................................................................................................117, 118 RFC 4251 - 4256..................................................................................................................................128 RFC 4346.............................................................................................................................................128 RFC 4510 - 4519..................................................................................................................................130 RFC 4810..............................................................................................................................................112 RFC 768...............................................................................................................................................124 RFC 791................................................................................................................................................124 RFC 793...............................................................................................................................................124 RFC 959..............................................................................................................................................126 Risikoanalyse auf der Basis von IT-Grundschutz v2.0 [BSI-Standard 100-3: Risk analysis on the basis of IT baseline protection]..................................................................................................93 RM-ODP................................................................................................................................................31 RMI................................................................................................................................................121, 131 RMI-IIOP.....................................................................................................................................122, 132 Role models and flow charts............................................................................................................95 RSA...............................................................................................................................................132, 134 150 SAGA 4.0 S SAML...................................................................................................................................................104 Secure Hash Algorithm (SHA)-224.................................................................................................134 Secure Hash Algorithm (SHA)-256.................................................................................................133 Secure Hash Algorithm (SHA)-384.................................................................................................134 Secure Hash Algorithm (SHA)-512..................................................................................................134 Secure Interoperable ChipCard Terminal (SICCT) v1.10..............................................................136 Secure Shell v2 (SSH-2)......................................................................................................................128 Security Assertion Markup Language (SAML) v2.0......................................................................104 Session Initiation Protocol (SIP) v2.0..............................................................................................126 SFA-2...................................................................................................................................................130 SHA-224..............................................................................................................................................134 SHA-256..............................................................................................................................................133 SHA-384..............................................................................................................................................134 SHA-512...............................................................................................................................................134 Short Message Services (SMS)..........................................................................................................120 SICCT..................................................................................................................................................136 Simple Feature Access – Part 2: SQL option (SFA-2) v1.1.0............................................................130 Simple Mail Transfer Protocol (SMTP)............................................................................................125 Simple Object Access Protocol (SOAP) v1.1.......................................................................121, 123, 131 SIP........................................................................................................................................................126 SMIL.....................................................................................................................................................113 SMS......................................................................................................................................................120 SMTP...................................................................................................................................................125 SOAP......................................................................................................................................121, 123, 131 SSH-2...................................................................................................................................................128 Synchronized Multimedia Integration Language (SMIL) v2.0...................................................113 T Tagged Image File Format (TIFF) v6.0....................................................................................115, 137 Tape ARchive (TAR)...........................................................................................................................119 TAR.......................................................................................................................................................119 Technical guideline for federal-government eCard projects (BSI TR-03116) v1.0...................136 Text.......................................................................................................................................................111 TIFF...............................................................................................................................................115, 137 TLS v1.0................................................................................................................................................127 TLS v1.1................................................................................................................................................128 Transport Layer Security (TLS) v1.0.................................................................................................127 Transport Layer Security (TLS) v1.1..................................................................................................128 SAGA 4.0 151 U UDDI....................................................................................................................................123, 124, 130 UML......................................................................................................................................................96 Unicode v4.x UTF-16.........................................................................................................................106 Unicode v4.x UTF-8...........................................................................................................................106 Unified Modeling Language (UML) v. 2.0.......................................................................................96 Universal Description, Discovery and Integration (UDDI) v2.0..................................123, 124, 130 UTF-16.................................................................................................................................................106 UTF-8..................................................................................................................................................106 W WAP v2.0............................................................................................................................................120 WCS v1.0.............................................................................................................................................129 Web Coverage Service (WCS) v1.0.0...............................................................................................129 Web Feature Service (WFS) v1.0......................................................................................................129 Web Feature Service (WFS) v1.1.......................................................................................................129 Web Map Service Deutschland (WMS-DE) v1.0............................................................................129 Web Services (WS) Security v1.1.......................................................................................122, 123, 132 Web Services Business Process Execution Language (WS-BPEL) v2.0......................................100 Web Services Description Language (WSDL) v1.1...........................................................121, 123, 131 WebDAV.............................................................................................................................................128 WFS v1.0.0..........................................................................................................................................129 WFS v1.1.0...........................................................................................................................................129 Windows Media Video (WMV) v9............................................................................................117, 118 Wireless Application Protocol (WAP) v2.0....................................................................................120 WMS-DE.............................................................................................................................................129 WMV.............................................................................................................................................117, 118 WS-BPEL v2.0.....................................................................................................................................100 WS-Security........................................................................................................................122, 123, 132 WSDL.....................................................................................................................................121, 123, 131 WWW Distributed Authoring and Versioning (WebDAV)........................................................128 X XAdES..................................................................................................................................................114 XForms v1.0........................................................................................................................................108 XHTML Basic v1.0..............................................................................................................................120 XHTML v1.0........................................................................................................................................107 XKMS...................................................................................................................................................134 XMI.................................................................................................................................................96, 97 152 SAGA 4.0 XML Advanced Electronic Signatures (XAdES) v1.2......................................................................114 XML Encryption.................................................................................................................................114 XML Key Management Specification (XKMS) v2..........................................................................134 XML Metadata Interchange (XMI) v2.x.....................................................................................96, 97 XML Schema Definition (XSD) v1.0...................................................................................................96 XML Signature...................................................................................................................................114 XML v1.0......................................................................................................................................109, 137 XML v1.1.......................................................................................................................................109, 138 XSD.......................................................................................................................................................96 XSL v1.0...............................................................................................................................................107 XSL v1.1................................................................................................................................................108 XSLT v1.0.............................................................................................................................................107 XSLT v2.0............................................................................................................................................108 Z ZIP v2.0................................................................................................................................................119 SAGA 4.0 153 Appendix C Abbreviations 3DES Triple Data Encryption Standard AES Advanced Encryption Standard AG Public limited company in Germany APEC Asia-Pacific Economic Cooperation API Application Programming Interface ArchiSig Conclusive and secure long-term archiving of electronically signed documents BGG Law on equal opportunities for the disabled BIT Federal Office for Information Technology BITV Barrier-free information technology ordinance BMI Federal Ministry of the Interior BMP Windows Bitmap BNetzA Federal Network Agency for electricity, gas, telecommunications, post and railways BOL 2005 BundOnline Initiative BPEL4WS Business Process Execution Language for Web Services BSI German Federal Office for Information Security CA Certification Authority CC VBPO The "workflow management, processes and organization" competence centre CEN Comité Européen de Normalisation CMS Content Management System CORBA Common Object Request Broker Architecture CSIRO Commonwealth Scientific and Industrial Research Organisation CSS Cascading Style Sheets Language CSV Character Separated Value CSW Web Catalogue Service CTI Computer Telephony Integration DCMI Dublin Core Metadata Initiative DES Data Encryption Standard DIN The German Institute for Standardization 154 SAGA 4.0 DNS Domain Name System DOMEA Document management and electronic archiving in IT-based workflows DRV German Federal Pension Insurance DSA Digital Signature Algorithm DSML Directory Services Markup Language DSS Digital Signature Standard DV Data processing DVDV German Directory of Administrative Services ebXML Electronic Business using XML ECMA European Computer Manufacturers Association OFA One-for-all e-GIF E-Government Interoperability Framework EJB Enterprise JavaBeans EML Election Markup Language ER Entity Relationship ERP Enterprise Resource Planning ETSI European Telecommunications Standards Institute EU European Union FinTS Financial Transaction Services FIPS-PUBS Federal Information Processing Standards Publications FLAC Free Lossless Audio Codec FMS Formular Management System FTP File Transfer Protocol G2B Government to Business G2C Government to Citizen G2E Government to Employee G2G Government to Government GDI-DE Geo-data infrastructure Germany GI Gesellschaft für Informatik e.V. GIF Graphics Interchange Format GML Geography Markup Language GSM Global System for Mobile Communications HTML Hypertext Markup Language SAGA 4.0 155 HTTP Hypertext Transfer Protocol HTTPS Secure Hypertext Transfer Protocol IANA Internet Assigned Numbers Authority IDABC Interoperable Delivery of European eGovernment Services to public Admin istrations, Businesses and Citizens IEC International Electrotechnical Commission IETF Internet Engineering Task Force IIOP Internet Inter-ORB Protocol IMAP Internet Message Access Protocol IP Internet Protocol IPsec Internet Protocol Security ISIS Industrial Signature Interoperability Specification ISIS-MTT Industrial Signature Interoperability Specification - MailTrusT ISMS Information Security Management System ISO International Organization for Standardization IT Information technology ITG Informationstechnische Gesellschaft im VDE ITIL IT Infrastructure Library ITU International Telecommunication Union ITU-T ITU Telecommunication Standardization Sector IVBB Berlin-Bonn Information Network IVBV Federal Administration Information Network J2EE Java 2 Platform, Enterprise Edition JAAS Java Authentication and Authorization Service Java EE Java Platform, Enterprise Edition Java SE Java Platform, Standard Edition JAXP Java API for XML Parsing JCA J2EE Connector Architecture JDBC Java Database Connectivity JMS Java Message Service JMX Java Management Extensions JNDI Java Naming and Directory Interface JNLP Java Network Launching Protocol 156 SAGA 4.0 JPEG Joint Photographic Experts Group JRE Java Runtime Environment JSP Java Server Pages JSR Java Specification Requests JTA Java Transaction API KBSt Co-ordinating and Advisory Agency of the Federal Government for Information Technology in the Federal Administration at the Federal Ministry of the Interior KoopA ADV Co-operation Committee for Automatic Data Processing for the Federalgovernment, Federal-state Government and Municipal Administration Sector LDAP Lightweight Directory Access Protocol MAC Message Authentication Code MIME Multipurpose Internet Mail Extensions MIT Massachusetts Institute of Technology MOF Meta Object Facility MPEG Moving Picture Experts Group MTT MailTrusT NAT Network Address Translation NISO National Information Standards Organization NIST National Institute of Standards and Technology OASIS Organization for the Advancement of Structured Information Standards OCSP Online Certificate Status Protocol ODF OpenDocument Format OGC Open Geospatial Consortium OMG Object Management Group OOXML Office Open XML OSCI Online Services Computer Interface OSS Open Source Software PC Personal Computer PDA Personal Digital Assistant PDF Portable Document Format PDF/A PDF Archive PHP PHP: Hypertext Preprocessor SAGA 4.0 PIN Personal identification number PKCS Public Key Cryptography Standards PKI Public Key Infrastructure PKIX IETF Working Group "Public-Key Infrastructure (X.509)" PNG Portable Network Graphics POP Post Office Protocol PSE Personal Security Environment RDF Resource Description Framework Relax NG Regular Language Description for XML New Generation REL Rights Expression Language RFC Request for Comments RFP Request for Proposals RFID Radio Frequency Identification RIPE RACE Integrity Primitives Evaluation RIPEMD RIPE (RACE Integrity Primitives Evaluation) Message Digest RMI Remote Method Invocation RMI-IIOP Remote Method Invocation over Internet Inter-ORB Protocol RM-ODP Reference Model of Open Distributed Processing RSA Rivest, Shamir, Adleman Public Key Encryption SAGA Standards and Architectures for eGovernment Applications SAML Security Assertion Markup Language SC Service Center SFA Simple Feature Access SGML Standard Generalized Markup Language SHA Secure Hash Algorithm SIGA Secure integration of eGovernment applications SigG German Digital Signature Act SigV Digital Signature Ordinance SIP Session Initiation Protocol SLA Service Level Agreement SMIL Synchronized Multimedia Integration Language S/MIME Secure Multipurpose Internet Mail Extensions SMS Short Message Service 157 158 SAGA 4.0 SMTP Simple Mail Transfer Protocol SOA Service Oriented Architecture SOAP Simple Object Access Protocol SQL Structured Query Language SSH Secure Shell SSL Secure Sockets Layer TAN Transaction number TAR Tape Archive TCP/IP Transmission Control Protocol / Internet Protocol TESTA Trans-European Services for Telematics between Administrations TIFF Tagged Image File Format TLS Transport Layer Security TMS Travel Management System Triple-DES Triple Data Encryption Standard UDDI Universal Description, Discovery and Integration UDP User Datagram Protocol UML Unified Modeling Language UN/CEFACT United Nations Centre for Trade Facilitation and Electronic Business URL Uniform Resource Locator UTF Unicode Transformation Format VDE Association for Electrical, Electronic and Information Technologies VLAN Virtual Local Area Network VM Virtual Machine VoIP Voice over IP (IP telephony) V-PKI Administration Public Key Infrastructure (Administration PKI) VPN Virtual Private Network W3C World Wide Web Consortium WAP Wireless Application Protocol WCAG Web Content Accessibility Guidelines WCS Web Coverage Service WebDAV WWW Distributed Authoring and Versioning WFS Web Feature Service WML Wireless Markup Language SAGA 4.0 WMS Web Map Service WMV Windows Media Video WS Web Service WS-BPEL Web Services Business Process Execution Language WSDL Web Services Description Language WS-I Web Service Interoperability Organization WS-Security Web Services Security WWW World Wide Web XadES XML Advanced Electronic Signatures XHTML Extensible Hypertext Markup Language X-KISS XML Key Information Service Specification XKMS XML Key Management Specification X-KRSS XML Key Registration Service Specification XMI XML Metadata Interchange XML Extensible Markup Language XÖV XML-based technical standards for electronic data exchange within and with the public administration. XSD Extensible Markup Language Schema Definition XSL Extensible Stylesheet Language XSLT Extensible Stylesheet Language Transformations 159