Government SOA Scenario: Immigration and Border Management

Martin Keen
Allen Dreibelbis
HungTack Kwan
Redpaper John LaLone
Paul McKeown
Rashmi Kaushik
Robert Spory
Marilza Maia
Vinod Chavan

Government SOA Scenario:
Immigration and Border Management

This IBM® Redpaper™ describes a service-oriented architecture (SOA) industry
solution for immigration and border management using the IBM Government
Industry Framework. It describes how the IBM Government Industry Framework
can be used to implement two scenarios:
Advanced Passenger Analysis
Registered Traveler

© Copyright IBM Corp. 2009. All rights reserved. ibm.com/redbooks 1

Introducing the IBM Government Industry Framework
The IBM Government Industry Framework is a government-focused software
platform that allows the customer to build out their capabilities over time. The IBM
Government Industry Framework helps customers:
Build on an SOA-based platform and open standards.
Make use of technology investments across multiple solutions and projects.
Reduce implementation risk, and deploy solutions faster by using hardened
platform elements and government specific extensions, such as industry
models, templates, portlets, reference implementations, and government
specific resources such as this paper.
Make use of a broad ecosystem of business partners with strong government
capabilities.

The IBM Government Industry Framework supports a broad integrated set of
government solutions across the following domains (Figure 1 on page 3):
Social services and social security
Safety and security
Tax and revenue management
Metropolitan transportation and roads
Integrated urban infrastructure

2 Government SOA Scenario: Immigration and Border Management

IBM Government Services Solutions

Social Tax and Metropolitan Integrated
Safety and
Services and Revenue Transportation Urban
Security
Social Security Management and Roads Infrastructure

IBM Global Business Services
IBM Global Technology Services

Partner Ecosystem

IBM Government Industry Framework
Government Extensions and Accelerators
Interfaces and Data, Process Templates Reference Delivery
Tools
Adapters and Risk Models and Portlets Architectures Guides

Key IBM Software Group Products

IBM Systems and Technology Group

Figure 1 IBM Government Industry Framework supports integrated government solutions

This paper discusses scenarios in the safety and security domain to illustrate
leading practices and how to adopt the IBM Government Industry Framework
components.

New challenges at the border
Around the world, the threat of terrorism and the promise of globalization are
reshaping the fundamental nature of borders and how they are managed.
Borders must be open for business and closed to unwanted guests. The desire to
improve speed and convenience is constantly held in check by the responsibility
for security and safety

In many nations, control operations are now executed beyond the physical border
and before arrival at a nation's official points of entry. The result is a much
broader and more complicated scope of operation for border management, and a
greater need for collaboration between nations.

Government SOA Scenario: Immigration and Border Management 3

Border management duties are shared between a wide range of government
agencies such as customs, border protection, immigration, police, and
intelligence. Each of these agencies have individual priorities in support of the
common goal. There must be a constant flow of information between these
agencies to coordinate their activities effectively.

The need for international and inter-agency collaboration to achieve the twin
objective of security and facilitation means that government leaders responsible
for border integrity face rising complexity in accomplishing their missions.

Governments realize that the increase in international air travel and imposition of
rigorous security checks mean more queues and more inconvenience for
passengers. This can result in further disruption to airline schedules and
increased safety and security risks because crowded airports can become
terrorist targets.

Recognizing identity has never been more important to ensure homeland
security, travel, and public safety. If immigration and border agencies know with
whom they are dealing, they can treat them appropriately. The faster the process,
the less the disruption, making identity management technologies key. Some of
these analytical tools are shown in Figure 2.

Screening Alerting
• Assess Risk Profile • Manage Cases
• Passenger Data Load • Generate Alert
and Score • Notification
• Name Recognition
• Record Results
• Alerts against Watch
Lists Auditing
• Passenger Profile
• Ticket
Watch Lists • Case & Alert History

• Manage Lists
• Passenger Records
Reprocessed Biometrics
• Stored in eDocuments
• Local verification of ID
Secondary Analysis • Identifying unknown
people
• Workflow for Manual • Uses face, fingerprints
Expertise iris scans for
• Intelligence Resolution identification

Figure 2 Analytical tools to identify and assess passengers

These tools will be referred to in more detail in the rest of the paper.


What is being done to meet the twin challenges of security and
facilitation?
Airports, airlines, and governments are aware of the problem and are
considering a range of options to address this challenge. There are primarily two
ranges of options:
Resource management
This option looks to increase capacity. Examples include adding more
airports, adding more security gates, and adding more staff. These solutions
are typically expensive to implement, and are subject to environmental
constraints.
Technology
This option looks to increase throughput by early identification of passengers,
early risk assessment, and speeding low risk passengers through automated
checks wherever possible. These options include, either singly or in
combination:
– Advanced Passenger Analysis
– Registered Traveler programs
– Automated border gates
– Self check-in through the Web and kiosks

This paper focuses on Advanced Passenger Analysis and Registered Traveler
programs.

Advanced Passenger Analysis is the process of comparing passenger data with
watchlists and profiles before and during flights. Sending information from airline
to government prior to travel provides cost effective facilitation and security
because background checks on more passengers earlier in the process means
fewer delays due to manifest checks by the destination country prior to take-off.
After high risk passengers are identified, border agents can focus their attentions
on reducing their risk through detailed questioning. Focused checks are more
effective than random checks of everyone who attempts to board a plane.


Benefits of Advanced Passenger Analysis
The following benefits are derived from a Advanced Passenger Analysis solution:
Advanced Passenger Analysis reduces cost of both the arrest of serious
criminals and the denial of boarding to certain passengers.
Border security is tightened because an early warning system allows more
time for the authorities to develop plans for intervention.
Passengers enjoy an easier, quicker travel experience because they are
treated sensitively according to the risk they present and by having sent
information in advance. Background checks that would normally cause a
queue at the border can be done before they arrive.
Airports benefit because they are less likely to incur fines for poor
performance due to long queues.
Airlines benefit because they are less likely to carry unwelcome passengers,
which could cost the airlines both large fines and the fee of returning
unwelcome passengers to their departure point.

Registered Traveler programs
In a Registered Traveler program, registered travelers use a token to access
automated or fast-service security and border checkpoints. The enrollment
process generally involves the traveler providing a detailed biography for risk
assessment, and providing biometric information. Tokens are issued to travelers
meeting the credentials. The Registered Traveler program continues to perform
ongoing checks to ensure that the traveler's behavior remains consistent with
their trusted status.

The Registered Traveler program can be a commercial or government program:
As a commercial program it is a fee paying card-based program combined
with other services such as car parking and business lounges.
As a government program it uses electronic passports or ID cards to access
automated gates.


Benefits of a Registered Traveler program
Registered Traveler programs offer benefits to a range of stakeholders:
For passengers it means more convenience and consistent and reasonable
times for security checks. These can be significant because Registered
Travelers are normally through the border in a few minutes. Commercial
Registered Traveler programs provide a full service offering, including access
to private lounges, preferential car parking, and loyalty schemes in the airport.
Airlines benefit indirectly. If fewer people are delayed due to queues at the
border and security they are likely to view air travel more positively. It could
also mean less disruption to their timetables because of late boarders.
Airports profit from their commercial Registered Traveler programs. They
might also enjoy an improved image because the automation has reduced
queue times for all. There could be more repeat business as travelers are less
likely to avoid airports in the future due to previous negative experiences.
Governments could see an improvement in national security because they
can process people more thoroughly using automated gates. It allows for
better assessment of security risks because international schemes can
enable multi-background checks.
Governments also have a biometric records of entry and exit. They know who
is in or out of the country.


Capability model for a new and improved border management
process
Figure 3 shows the capability model for a new and improved border management
process. This border management process needs to support collaboration
between agencies, secure and timely exchange of critical information, ability to
meet increased demand, and the ability to respond quickly to changing
regulations and policies.
Offering

Enhanced Advanced Passenger Analysis (APA) New Registered Traveler (RT) Program
Initiatives
Business

Enhanced Border Management Processes
Proposition

Boost national Improved
Improved convenience
Value

Tighten national Improved mgmt of effectiveness and efficiency
economy through more for air/sea/land
security crisis and alerts of border control
travel and trade travelers resources
Capabilities

Rapid response to new Ability to process more Ability to increase
Ability to be sure of
government regulations passengers using collaboration
and security policies passenger identity with other agencies
Automated borders

Figure 3 Capability model for a new and improved border management process

The result of this enhanced border management process are two offerings:
Enhanced Advanced Passenger Analysis
A new Registered Traveler program

These two offerings are the subject of the remainder of this paper.

This section describes how to model a Advanced Passenger Analysis process,
perform business service modeling, and illustrates a solution architecture with
IBM product mappings.


Modeling the Advanced Passenger Analysis process
This section describes an Advanced Passenger Analysis process for an
international air travel example. This solution can be applied to a broader range
of border agency/immigration departments that might already have a basic
Advanced Passenger Analysis solution or no Advanced Passenger Analysis
solution at all.

What is the Advanced Passenger Analysis System?
Advanced Passenger Analysis (APA) is an early warning system that allows
governments to collect and analyze Advance Passenger Information (API) and
Passenger Name Record (PNR) data from airlines before and during their
journey. By comparing API and PNR data with watchlists and profiles,
governments can be alerted if named persons of interest, or unnamed individuals
who fit the profile of high risk passengers are attempting to cross their borders.

Some countries believe that the use and storage of API/PNR Data intrudes on
passenger privacy and are seeking compromises on the amount of data that is
processed and stored.

Countries are reaching consensus on a standard way of collecting information
from airlines.

Advance Passenger Information:
Concerns data that air/sea carriers did not store previously but which they
now have to collect separately for the benefit of border authorities.
Includes all the data elements that travelers have to present at the border
control at the travel destination.
Transmission resembles a pre-arrival manifest sent to the border authorities
of the travel destination.
Consists of data that can be directly taken from the machine-readable part of
a passport plus the general flight-related data that exist in the airline
computers.


Advanced Passenger Analysis business process
Figure 4 shows the high level activities in an Advanced Passenger Analysis
business process.

Figure 4 Advanced Passenger Analysis process (tier 1)

The high level process operations are as follows:
1. An individual makes travel reservations using a travel request system (using
an online reservation system, kiosk, mobile device, or in person).
2. An e-ticket is generated.
3. API is routed from airline reservation system to border control operations
center (BCOC).
4. BCOC normalizes the data and matches against a number of watch lists.
5. The system generates hits if there is a match.
6. A person intervenes to decide if a hit should be an alert.
7. Authorities are alerted to possible travel of person of interest.
8. Instructions on passenger handling are issued (such as deny, accept, or
arrest on arrival).

We now look at each activity in this process in turn.


Activity 1.1: Travel request
The travel reservation process is as shown in Figure 5.

Figure 5 Activity 1.1: Travel Request (tier 2)

1. An individual makes travel reservations using a travel request system (using
an online reservation system, kiosk, mobile device, or in person).
2. The individual enters all required information for the reservation.
3. Upon travel request submission, a travel reference number (ticket number) is
generated.
4. The individual receives an e-ticket (which they can print online copy, get a
hardcopy from the kiosk, or save a softcopy on a mobile device).


Activity 1.2: Government agency review
After the travel reservation is made, pre-travel verification if performed as shown
in Figure 6.

Figure 6 Activity 1.2: Government Agency Review (tier 2)

1. Based on the ePassport number taken from the reservation, the passport
validity is checked.
2. That person’s name is checked against watch lists for immigration, crime, and
other possible interested stakeholders.
3. If there is a match the operators decide what action to take.


Activity 1.3: Day of travel
On the day of travel the events detailed in Figure 7 occur.

Figure 7 Activity 1.3: Day of Travel (tier 2)

1. A passenger checks-in using appropriate travel documents (such as a valid
photo id, and an e-ticket) and continues with travel to a destination if
background security checks are passed.
2. For international travel, additional checks are conducted at the port of arrival.

Next, we take a closer look at the two activities that make up this part of the
process.


Activity 1.3.1: Check-in
For countries where real time authority is desired, the events detail in Figure 8 on
page 15 occur.


Figure 8 Activity 1.3.1: Check-in (tier 3)

1. A traveler checks-in using the appropriate travel documents (such as a valid
photo ID, and an e-ticket).
2. Personal information and travel details are validated.
3. Information is submitted real-time for checks and screening against
government databases (see “Activity 1.2: Government agency review” on
page 12 for government agency checks)
4. The traveler is either approved or rejected for travel.
5. If the traveler is approved, their bags are checked-in and travel continues.
6. If the traveler is declined, they are notified. Carrier and border management
systems are updated with the travel decline information.

Activity 1.3.2: Arrival clearance
For international travel, identity is monitored at the travel destination for fraud or
abuse to ensure the trustworthiness of the identity. This process to perform this is
as shown in Figure 9.

Figure 9 Activity 1.3.2: Arrival Clearance


1. Validation of the ePassport or eVisa to ensure it is generated from a
competent authority.
2. Verification and validation of the biometric or biographic information of the
traveler.
3. Validation of the traveler using random second factor identification (including
random questions, fingerprints, or iris identification).
4. Verification of the health, quarantine form, or reason of travel.

Benefits of Advanced Passenger Analysis
The Advanced Passenger Analysis process described in this section offers the
following benefits:
Ensures border protection from undocumented or undesirable passengers at
departure time. This is achieved by:
– Providing a mechanism to anticipate threats and alerts reported for the
traveler
– Obscure and anonymous relationship resolution
– Risk assessment
Checks can be done prior to a passenger commencing their journey. This
reduces time for screening passengers on the day of travel or upon reaching
their destination.
The security check is more thorough and completed within minutes as
compared to manual procedures of interviews and secondary random checks.
Adding a new government agency check or making changes to policies in the
future is easy, without having to alter the entire business process.
Ensures compliant measures for international identity standards, treaties, and
conventions
– Updates ePassport information across the border management systems
after the person crosses the border. This provides tracking information.
– Border security violation information is forwarded to alert border guards
promptly.
Handles exceptional situations, and initiates a remedy procedure. Exceptional
situations include:
– Diverted travel due to bad whether, technical problems, or medical
emergencies
– Other emergencies where travelers reached the wrong country without
any bad intention but without the appropriate visa


Business service modeling
After performing business process modeling, the next task is to delineate the
services that comprise the business processes. This can be achieved using the
service-oriented modeling and architecture (SOMA) approach from IBM,
illustrated in Figure 10.

Domain Goal-service Existing asset
Identification
decomposition modeling analysis

component flow Subsystem service flow
specification specification
analysis Service
Specification
Component specification
information message & event
specification specification specification

Service realization decision
Realization service allocation
component layer
to components

Figure 10 Service-oriented modeling and architecture (SOMA)

SOMA provides an approach to building a SOA that aligns to business goals and
ties the business processes directly to underlying applications through services.
The process of SOMA consists of three general steps:
Identification
Specification
Realization of services, components, and flows

The service identification step of SOMA consists of three techniques that can
help identify services for the Advanced Passenger Analysis business process:
Domain decomposition
This is a top-down view of the business process. It consists of process
decomposition where processes are broken up into sub-processes and
high-level business use cases. In this top-down decomposition, business
processes are represented hierarchically.
For example, the Government Registered Traveler Program process can be
decomposed into sub-processes such as:
– Advanced Passenger Analysis
– Registered Travel Program


Each sub-process can in turn be decomposed further, ultimately leading to a
list of business use cases. For example, the Advanced Passenger Analysis
sub-process can be decomposed as follows:
– Advanced Passenger Analysis Travel Request,
– Advanced Passenger Analysis Passenger Screening
– Advanced Passenger Analysis Day of Travel
The Advanced Passenger Analysis Travel Request sub-process ultimately
leads to the business use cases such as:
– Complete Online Travel Request
– E-Ticket is Generated for Traveler
These business use cases are typically good candidates for business
services.
Goal-service modeling
In this phase, business services are identified based on goals and metrics.
For example, goals can be defined such as:
– Reduce Traveler Time
– Increase Collaboration with Other Government Agencies
These goals might consist of sub-goals, such as Reduce Traveler’s Time by
30% (the percentage value will, of course, vary dependant on the project).
Business services can be identified and grouped under these goals.
Existing asset analysis
In contrast to domain decomposition, this is a bottom-up approach. Existing
systems are analyzed according to their suitability for inclusion in business
processes. For example, the Complete Online Travel Request process can be
analyzed to determine if any of the services used in this existing process
meet the needs of the new business processes. Typically, reuse of existing
systems and assets provides a lower cost solution to implementing service
functionality than creating new assets.

IBM provides service offerings for working with SOMA. The IBM SOA Integration
Framework service offering is shown in Figure 11 on page 19.


Figure 11 Using the IBM SOA Integration Framework to perform SOMA decomposition

Note: For more information about applying SOMA, refer to the
developerWorks® article, Service-oriented modeling and architecture,
available at the following Web page:
http://www.ibm.com/developerworks/library/ws-soa-design1/


Technical solution
This section describes the technical solution that was designed and built for the
Advanced Passenger Analysis process. It includes a description of the IBM
product offerings that were used in the implementation.

Technical challenges, solution design, and system context
The following technical challenges should be considered when designing an
Advanced Passenger Analysis process:
There is point-to-point integration between several applications as well as
applications and data sources.
Scaling the existing architecture to accommodate new data sources such as
international watch lists and criminal data is complex and time consuming.
There is a high level of complexity in effectively supporting multicultural
names and personal identity information that comes from a variety of data
sources.
The traveler’s data has to be consolidated from several different sources to
verify identities, match against watch lists, and support detection of fraud and
threat.
SOA-based projects are not planned at an enterprise level, causing
governance, service management, and service security concepts to be
implemented only in pocket.

To meet these technical challenges, the following architectural principles should
be used in the solution design:
The solution should provide an enterprise integration framework, components
and reusable services that make use of existing systems that span multiple
hardware and software platforms.
The solution should be designed to provide the flexibility to incorporate future
technology and accommodate changes to business and performance
requirements, changes to laws and regulations, trade volumes, and security
threats.
The solution should provide a common programming model based upon
industry-accepted computing standards to improve reuse within the
architecture.
The solution should support the use of multiple technologies and techniques
for interoperability with external systems and for the integration of systems
and applications within the Integrated Border Management solution.


The solution should be based upon an architecture approach and
technologies using industry-accepted open computing standards,
Government, World Customs Organization (WCO), and international
standards.
The solution should be built upon the concept of tiers and layers, which
requires the separation of presentation, application, and data to develop a
resilient, secure, and end-to-end solution architecture.
The location and internal working and implementation details of a service
should be isolated from the service consumers to provide a dynamically
reconfigurable architectural style.

The system context diagram for the Advanced Passenger Analysis process is
shown in Figure 12.

Figure 12 System context diagram for Advanced Passenger Analysis


Solution architecture
The solution architecture for the Advanced Passenger Analysis process is shown
in Figure 13.

Presentation Tier Integration Tier Application Tier Data Tier

Messaging, Web Services Enterprise Application
Service Bus Logic
Advanced Analytics
Passenger Data
External Systems Transaction Screening
System Portal Services
• Government
• Commercial Rules
• Passenger data Targeting
from Carriers
Carrier Web Passenger
Help Services Case Mgmt Data
Desk

Message Alert Generation and Case Mgmt
Mediation Mgmt Data
Customs & Immigration
Border Control HTML Complex
HTML
Law Enforcement Events Advanced Passenger
Commercial Information System
Public Information
Integration NORA
Services Data
XML
XML Content Mgmt
Process
Services

SOA Governance, Security and Management

Figure 13 Solution architecture for Advanced Passenger Analysis

Understanding the solution architecture
Note some of the highlights of this architecture:
An Advanced Passenger Analysis Portal has been introduced to allow
standardized access to APIs by authorized carriers, government agencies,
and border agencies in other countries.
In the Integration layer, an enterprise services bus (ESB) has been introduced
to make applications and information available within and outside the
enterprise in a flexible, agile and secure manner.
Process services in the integration layer denote the business processes and
workflows in execution (such as the APA and case management processes)


In the application tier, two separate applications are introduced:
– Screening passengers using PNR data against watch-lists, crime
databases, no-fly lists, public records, and so forth.
– Targeting by using analytics capabilities to analyze behaviors of risky
travelers to develop risk-based profiles that can be used for screening
against the passenger lists.
In the integration tier, Information Integration Services provides support for
data consolidation from several government sources and criminal databases,
along with cleansing as needed.
The case management database contains case details for the processing and
evaluation of passengers that have been flagged for further investigation.

Note: This paper uses a patterns-based approach in arriving at the
architecture described here. To read more about the patterns associated
with this architecture, see “Applying business and infrastructure patterns”
on page 40.

Triton
Several components of the solution design can use a framework component
called Triton. This is a SOA Foundation Accelerator that helps realize the
business value of SOA faster and with less risk than typical custom
implementations. Triton addresses the following business and IT pain points:
Business pain points:
– “We bought all of this software months ago and I still have not seen any
benefit.”
– “All I wanted to do was to integrate these existing information systems, and
now I have more software and still no integration.”
IT pain-points:
– “We are having a difficult time putting all these software products together.”
– “We are having a hard time locating all of the skill sets necessary to
integrate all of these products.”
– “We need a common platform across our enterprise to lower total cost of
ownership, to improve interoperability, and to share more information.”


Triton can help address these pain points in the following ways:
Triton uses the IBM investment in SOA implementations worldwide and
harvested leading practices to provide an advantage over competitors who
are still building every business solution for the first time, every time.
Triton removes the focus on integrating middleware.
Triton is the core of the IBM Government Industry Framework, which means
that many independent software vendors are integrating their
business/mission applications to this same stack, providing a built-in path for
enabling additional functionality.

The benefits of Triton are as follows:
Lower maintenance cost and effort.
Improved time-to-value and return on investment.
Improved quality of implementation through the use of harvested leading
practices from worldwide SOA engagements.
Lowered risk of failed engagements due to the inability to install and configure
the SOA infrastructure.

IBM Government Industry Framework components recommended to
implement the solution architecture

This section describes the IBM Government Industry Framework components
recommended to implement the solution design:
Component options products used to implement the Advanced Passenger
System Portal in the presentation tier:
– IBM WebSphere® Portal Server
– Triton (SOA Foundation Accelerator)
Connectivity infrastructure products used to implement the ESB in the
integration tier:
– ESB runtime, such as one or more of the following:
• IBM WebSphere Enterprise Service Bus
• IBM WebSphere Message Broker
• IBM WebSphere DataPower®
– IBM WebSphere Service Registry and Repository


Business process management products used to implement process services
in the integration tier:
– IBM WebSphere Dynamic Process Edition
– IBM WebSphere iLOG JRules
Information integration services products used to consolidate and cleanse
data from various sources in the integration tier:
– IBM InfoSphere™ Information Server
• IBM InfoSphere DataStage®
• IBM InfoSphere QualityStage
– IBM InfoSphere Global Name Recognition
Analytics data product used to implement Analytics Data and Rules in the
data tier:
IBM Cognos®
Risk products used to implement NORA data in the data tier:
– IBM Entity Analytic Solutions
• IBM Relationship Resolution
• IBM Identity Resolution
• IBM Anonymous Resolution
– IBM Cognos
Infrastructure products used to implement SOA Security:
– IBM Tivoli® Access Manager
– IBM Federated Identity Manager
– IBM Tivoli Identity Manager
– IBM Tivoli Directory Server
Rapid deployment (for service creation and service reuse) products:
– IBM Rational® Software Architect
– IBM InfoSphere Data Architect
Infrastructure products used to implement SOA Management:
– IBM Tivoli Performance Analyzer
– IBM Tivoli Composite Application Manager for SOA
– IBM Tivoli Composite Application Manager for WebSphere


Products used to implement SOA Governance:
– IBM Rational Asset Manager
– IBM Tivoli Change and Configuration Management Database
– IBM Rational Method Composer

Registered Traveler program
Registered Traveler provides a secure, fast, and robust solution for both
governments and travelers. This section describes how to model a Registered
Traveler process, and perform business service modeling. It illustrates a solution
architecture with IBM product mappings.

Modeling the Registered Traveler process
This section describes a typical Registered Traveler process that could be offered
by a government agency or through a commercial program. The border
agency/immigration department might have an Advanced Passenger Analysis
process in place before undertaking this solution.

Business challenges and pain points
The business challenges and pain points experienced in a typical border
management process are as follows:
Immigration and border agencies
– There is a heavy burden of analysis of travelers (name and identity,
possible relationship to wanted individuals, unobvious threats, and so
forth) with limited resources and ever increasing demands on homeland
security.
– Relying purely on Advanced Passenger Information (API) data provides
limited details for risk assessment.
– There is often limited information sharing across immigration agencies and
government bodies, with poor means of electronic notification and alerts.
Travelers
– Travelers face lengthy security checks and lines at airports.
– Frequent travelers, especially, need faster and more convenient means to
reduce travel time.


Government IT systems
– Response to changing security requirements, with new checks and
addition of new data sources, is slow and turns into lengthy projects.
– Inflexible enterprise architecture limits building new services (online, self
service, real-time automated checks) from existing silo systems.
Airports and travel carriers (airlines, sea, and land carriers)
– Travel carriers are constantly improving the end-to-end passenger
experience, but many factors are outside of their control.
– Lengthy queues at security and the border and restrictive processes are
rarely the travel carrier’s fault, but they lead to a feeling of dissatisfaction
with their product and service.

Authenticating trusted users with biometric technology
A Registered Traveler solution uses biometric technology to authenticate trusted
users. Biometrics is the science of identifying or verifying the identity of a person
based on physiological or behavioral characteristics. Physiological
characteristics include fingerprints, retinal pattern, iris, and facial appearance.
Behavioral characteristics are actions carried out by a person in a unique way.
They include signatures, voiceprints, and gait, although these are naturally
dependent on physical characteristics as well.

Biometrics have several advantages over conventional password and PIN-based
systems. Three primary advantages of biometrics are noted in a security
environment are as follows:
Biometrics does not need to be remembered and cannot be easily lost. This
makes it much easier for the user.
Biometrics cannot be easily stolen or loaned to a friend. This makes it more
secure from a system point of view.
Biometrics typically has higher information content than a password, making it
harder for a hacker to crack such a system.

Immigration and border agencies can use a combination of biometrics and
biographics information for enrollment and proofing, based upon which an
applicant is issued Registered Traveler credentials.


Registered Traveler business process
The overall flow of the Registered Traveler contains the stages detailed in
Figure 14.

Pre- Enrollment Credential Credential Credential Identity Identity
Enrollment Proofing
Enrollment Approval Provisioning Issuance Activation Usage Monitoring

Figure 14 Overall flow of the Registered Traveler process

Pre-enrollment
Collect biographic data that is used to initiate the enrollment process.
Enrollment
The enrollment process drives the identity proofing and results in the approval
or rejection of an application.
Proofing
Validate all of the identity information that is provided by an applicant.
Enrollment approval
If there are no issues during enrollment and proofing, then approve the
enrollment application.
Credential provisioning
Create the credential that will be used when issuing an identity token (such as
a national ID card).
Credential issuance
Issue the credential using the required physical token (such as a smart card).
Credential activation
Activate the issued credential so that it can be used to validate an individual’s
identity.
Identity usage
Use the credential in a high assurance transaction where it is required to
validate a person’s identity.
Identity monitoring
Monitor identity usage for fraud or abuse to ensure the trustworthiness of the
identity.


Figure 15 shows the two high-level steps in a Registered Traveler process.

Figure 15 Registered Traveler process (tier 1)

Obtain a Registered Traveler credential through a domestic application
process (includes pre-enrollment, enrollment, proofing, enrollment approval,
credential provisioning, and credential issuance).
Use the credentials on the day of travel at the airport (includes credential
activation, identity usage and identity monitoring).

We now look at each activity in the process in turn.

Activity 1.1: Registered Traveler Domestic Application Process
The domestic application process involves the steps shown in Figure 16.

Figure 16 Activity 1.1: Registered Traveler Domestic Application Process (tier 2)

An individual applies for Registered Traveler credentials or identification (this
is pre-enrollment).
Enrollment into the program requires capture of biometrics. In some
Registered Traveler programs, up to 10 fingerprints, iris patterns of both eyes
for recognition, and a digital photograph are required.
A proofing system verifies fingerprints and irises as part of the scan against
watch lists.

Next, we take a closer look at the two activities that make up this part of the
process.


Activity 1.1.1: Registered Traveler Application
The online application process involves the steps shown in Figure 17.

Figure 17 Activity 1.1.1: Registered Traveler Application (tier 3)

1. The applicant submits an online application with requested biographic
information, along with appropriate processing fees.
2. The information is sent to government agencies for identity checks.
3. The applicant is either approved for further Registered Traveler processing or
declined.


Note: A variation to this process is also valid, where biographic and biometrics
information are accepted up front with the application. In this case,
government checks are completed in parallel with biometrics proofing, instead
of a two-step process.

The Review Other Travel and Government Agency Checks process shown in
Figure 17 on page 30 is implemented as a sub-process (Figure 18). In this
sub-process the identity checks are performed against e-Identity tracking
systems, border clearance systems, e-Passport/e-Visa systems, and e-Identity
management systems to ensure the applicant is a low risk applicant.

Figure 18 Sub-process: Review Other Travel and Government Agency Checks


Activity 1.1.2: Registered Traveler Enrollment and Proofing
After the biographical data is vetted against watch lists, the applicant is approved
for further processing as shown in Figure 19.

Figure 19 Activity 1.1.2: Registered Traveler Enrollment and Proofing (tier 3)

Up to 10 fingerprints are captured, iris patterns of both eyes are recorded for
recognition, and a digital photograph is taken.
During the manual interview stage, the interviewer decides whether or not to
grant the Registered Traveler privilege.
A physical identification card or logical credentials based on biometrics
matches (where the biometrics is stored in a government repository) might be
provided to approved applicants.


For cross country Registered Traveler programs, the threat analysis process
is repeated at individual locations. Therefore, the enrollment system needs to
have the capability to aggregate results from systems other than its own.
The enrollment system contacts agencies and cross country enrollment
systems through the card interfacing system.
The program is typically offered to only citizens or permanent residents of the
country.
At the time of enrollment, applicants decide the duration for enrollment in the
program (a minimum of one year) and pay the corresponding fee.
The enrollment procedure is same for re-enrollment upon expiry.


Activity 1.2: Day of Travel
On the day of travel, the traveler’s identity is checked and monitored as shown in
Figure 20.

Figure 20 Activity 1.2: Day of Travel (tier 2)

The traveler proceeds through a dedicated Registered Traveler lane (if
applicable) for security checks.
The traveler uses the Registered Traveler identification card.
Upon approval, a receipt is printed with a photograph of the traveler.


It is possible that the Registered Traveler lanes have automated security
scanners to make the physical security screening faster.
The Registered Traveler program maintains its own watch list (cached) that
contains information about travelers that should not travel due to various
reasons (such as criminal, law enforcement, invalid Registered Traveler
traveler credentials, and so forth).
The Registered Traveler systems continuously update the watch list for
invalid, expired, revoked, or profiled travelers.

Business service modeling
After performing business process modeling, the next task is to delineate the
services that comprise the business processes. This can be achieved using the
SOMA approach from IBM. The service identification step of SOMA consists of
three techniques that can help identify services for the Registered Traveler
business process.

The use of SOMA is outlined in “Business service modeling” on page 17.

Technical solution
This section describes the technical solution that was designed and built for the
Registered Traveler process. It includes a description of the IBM product
offerings that were used in the implementation.

Technical challenges, solution design, and system context
The technical challenges and architecture principles of design for building a
Registered Traveler process are essentially the same as those described for
Advanced Passenger Analysis. For more information about these challenges and
principles, refer to “Technical challenges, solution design, and system context” on
page 20.

In addition to the architecture design principles for Advanced Passenger
Analysis, a Registered Traveler solution requires the management of registered
traveler data. The solution design should provide the enterprise with an
authoritative source for Master Data such as registered traveler data that
manages information integrity and controls the distribution of master data across
the enterprise in a standardized way that enables reuse.


The system context diagram for the Registered Traveler process is shown in
Figure 21.

Figure 21 System context diagram for Registered Traveler


Solution architecture
The solution architecture for the Registered Traveler process is shown in
Figure 22.

Presentation Tier Integration Tier Application Tier Data Tier

Messaging, Web Services Enterprise Application
Service Bus Logic
Advanced Analytics
Passenger Data
External Systems Transaction Screening
System Portal Services
• Government
• Commercial Rules
• Passenger data
Targeting
from Carriers
Carrier Web Case Mgmt Passenger
Help Services Data
Desk Alert Generation and
Mgmt
Message Case Mgmt
Mediation Advanced Passenger Data
Customs & Immigration Information System
HTML
Border Control HTML Complex
Law Enforcement Events Registered Traveler NORA
Commercial Mgmt Data
Public
Process
Services Biometrics System RT Registry
XML
XML
Client Data
Integration Content Mgmt
RT Content


Figure 22 Solution design for Registered Traveler

Understanding the solution architecture
Note some of the highlights of this architecture:
A master data repository containing a single, accurate view of registered
traveler data has been created.
The data tier contains a registered traveler registry and registered traveler
content.


The registered traveler data contains data provided by the registered traveler
applicant (such as biographical information) in addition to data used to
support the approval process for screening of the applicant. The registered
traveler data consists of:
– A consolidated view of privately owned data (such as DMV records,
information from credit agencies, banks, and so forth).
– Biographic data of the individual that holds the registered traveler
identification.
– Biometrics of an individual in the registered traveler content repository
which can drive the unique key in the master data repository.
A registered traveler management application has been created to process
new registered traveler identification applications, as well as handle travel
departure clearance on the day of travel.

Note: This paper uses a patterns-based approach in arriving at the
architecture described here. To read more about the patterns associated
with this architecture, see “Applying business and infrastructure patterns”
on page 40.

IBM Government Industry Framework components recommended to
implement the solution architecture

This section describes the IBM Government Industry Framework components
recommended to implement the solution design:
Component options products used to implement the Advanced Passenger
System Portal in the presentation tier:
– IBM WebSphere Portal Server
Connectivity infrastructure products used to implement the ESB in the
integration tier:
– IBM WebSphere Enterprise Service Bus
– IBM WebSphere Message Broker
– IBM WebSphere DataPower
Business process management products used to implement process services
and client data integration in the integration tier:
– WebSphere Dynamic Process Edition
– IBM WebSphere iLOG JRules


Products used to implement NORA data in the data tier:
– IBM Entity Analytic Solutions
• IBM Relationship Resolution
• IBM Identity Resolution
• IBM Anonymous Resolution
– IBM Cognos
Single View1 of entity master data management products used to implement
the registered traveler registry and registered traveler content in the data tier:
– IBM InfoSphere Master Data Management Server
– IBM InfoSphere Information Server
• IBM InfoSphere DataStage
• IBM InfoSphere QualityStage
– IBM InfoSphere Global Name Recognition
Single View of entity enterprise content management products used to
implement the registered traveler registry and registered traveler content in
the data tier:
– IBM FileNet® Business Process Manager
– IBM FileNet Image Services
– IBM FileNet Records Manager
– IBM FileNet Content Services
Infrastructure products used to implement SOA Security
– IBM Tivoli Access Manager
– IBM Federated Identity Manager
– IBM Tivoli Identity Manager
– IBM Tivoli Directory Server
Rapid deployment (for service creation and service reuse) products:
– IBM Rational Software Architect
– IBM InfoSphere Data Architect
Infrastructure products used to implement SOA Management:
– IBM Tivoli Performance Analyzer
– IBM Tivoli Composite Application Manager for SOA
– IBM Tivoli Composite Application Manager for WebSphere

1
Single View is a middleware solution that supports identity and relationship analytics in addition to
managing the authoritative source of registered traveler master data.


Products used to implement SOA Governance:
– IBM Rational Asset Manager
– IBM Tivoli Change and Configuration Management Database
– IBM Rational Method Composer

Benefits of the Registered Traveler architecture
The solution architecture for Registered Traveler provides the following benefits:
Moving towards an SOA based connectivity architecture allows flexibility,
faster response to changes in government security requirements, legislation
and lower cost development in future projects.
Establishing an enterprise-wide strategy for governance, security, and
management paves the way for:
– Controlled, well-planned rollout of future projects that impact internal
systems and external communication.
– Simplification of troubleshooting of composite applications.
– Confidentiality, integrity, and availability of components to cater to safety of
information processing needs.
Adding on registered traveler requirements to a basic level of Advanced
Passenger Analysis functionality becomes easier by taking a SOA approach.
Establishing a single view of managed, trusted registered traveler data shared
across carriers and government agencies, is a critical factor for faster,
thorough travel security clearance and safety.
Provides identity insight capabilities to discover non-obvious relationships and
perform identity management.

Applying business and infrastructure patterns
This section describes the business and infrastructure patterns associated with
the solution architectures for Advanced Passenger Analysis and Registered
Traveler. By breaking down these solutions into common patterns, it simplifies
the understanding and development of the overall solution.

Table 1 on page 41 shows the business and infrastructures patterns used, and
whether they apply to Advanced Passenger Analysis and Registered Traveler.


Table 1 Business and infrastructure patterns
Pattern name Advanced Registered
Passenger Traveler
Analysis

Business patterns

Information Integration Services - Data Consolidation Yes Yes
and Data Cleansing

Risk Analytics and Relationship Resolution Yes Yes

Business Process Automation and Business Rules Yes Yes
Integration

Interaction and Collaboration Yes Yes

Master Data Management Yes

Enterprise Content Management Yes

Infrastructure patterns

Connectivity Yes Yes

Security Yes Yes

SOA Management Yes Yes

SOA Governance Yes Yes

Business patterns for Advanced Passenger Analysis and Registered
Traveler
This section addresses the business patterns that apply to both Advanced
Passenger Analysis and Registered Traveler.

Applying the data consolidation and data cleansing patterns
Information integration services consists of the data consolidation and data
cleansing patterns. It addresses the following pain points:
Data arrives in many different formats from carriers (such as UN Edifact,
TN3270, proprietary) so it is difficult to compare data.
Supplementary information, such as address, phone number, and routing is
required to be more certain of identity.
Names are entered inconsistently through the process making it hard to
recognize the same individual with different titles.


How this pattern should be applied
Partial extract/transform/load (ETL) is used to consolidate data from several
diverse sources, such as public records and government sources (including
crime databases, no-fly lists, and police records).
Data cleansing and standardization might only be done partially to merge
data properly from multiple data sources leaving critical data elements in their
original state to support screening.
This consolidated data is used for identity screening, targeting and profiling.

Business value of adoption
The key value of this process lies in improving the reliability, quality and
consistency of the data so that decisions that are made based on this information
have higher accuracy.

Recommended IBM Government Industry Framework products
IBM InfoSphere Information Server
– IBM InfoSphere DataStage
– IBM InfoSphere QualityStage
IBM InfoSphere Global Name Recognition

Applying the Risk Analytics and Relationship Resolution
pattern
This pattern addresses the following pain points:
Manual checks and screening is extremely slow and analysis is not simple.
Targeting, if done manually, can be complex and impossible to get through
massive numbers of the PNR data in time.

Profiles of risky travelers with indications of suspicious behavior are created
based on historical data and complex behavioral patterns. Create profiles of
travelers is known as targeting. For this to be executed efficiently we need
analytical tools, rather than human operators manually scrutinizing data to
identify out of the ordinary behaviors.

Personal identity information from the booking records are used to check against
watch lists, crime databases, and publicly available information to make sure
traveler does not pose any risk. In addition, the non-obvious relationships of
travelers with any criminals can also be resolved using identities and passenger
information.


IBM Cognos is used for targeting.
IBM Entity Analytic Solutions is used for screening and identity resolution.
– IBM Relationship Resolution
– IBM Anonymous Resolution
– IBM Identity Resolution
IBM InfoSphere Global Name Recognition provides multi-cultural name
information, analytics, and name matching through a series of flexible,
easy-to-integrate, SOA-enabled interfaces.

Applying the Business Process Automation and Business
Rules Integration patterns
These patterns addresses the need to quickly integrate new technologies and
requirements to ensure that CBP agencies are alerted to unobvious threats and
suspicious behavior, so prompt action can be taken.

How these patterns should be applied
Modeling the entire Advanced Passenger Analysis process provides an
end-to-end view of the actors, operations, and feasibility of the process. The
process can then be documented, simulated, and put into execution, and the
process can refined iteratively.
Due to large volumes of passenger data and data provided for analysis to
develop profiles flowing through the systems, it is almost impossible to
manually develop and manage risk profiles without automation.
Profiling: Rules are created based on the development of profiles to screen
passengers based upon passenger traveler information to ensure that
behavior is not at a high risk.
If the passenger gets flagged as a result of the targeting process, an alert is
sent for further investigation to case management, where a human operator
takes charge of the case to decide if the traveler should or should not
continue the journey.

Integration of business rules with passenger screening makes the Advanced
Passenger Analysis solution robust, fast, and much more secure with
automated pre-built rules that can analyze traveler profiles, instead of
manually studying the behavior.
Addition of new behavioral patterns or modification of existing rules are easy
and does not require the alteration of existing business process.


The following IBM Government Industry Framework products are recommended:
IBM WebSphere Dynamic Process Edition
IBM WebSphere iLOG JRules

Applying the Interaction and Collaboration pattern
Different border agencies have different interfaces and disparate applications
(such as 3270, green screens, and portals) for various users inside and
outside their agency.
A wide range of software manageability and deployment leads to higher
costs.

The following approaches are advised in applying this pattern:
Border agencies should move towards an open interface for exchange of
information and communication with other security agencies and carriers. The
intent is to develop common channel agnostic services and serve them up to
any front end. This decreases maintenance costs and increases flexibility and
customer satisfaction.
CBP agencies could provide an integrated desktop to their border protection
personnel at the ports that allows all disparate applications, communication
from the carriers, security agencies and commercial Registered Traveler
programs to be integrated on the glass into a composite application
This pattern allows information aggregation from multiple diverse sources or
applications (internal and external information required by a user) while also
providing collaborative experience to conduct business more efficiently.

Adoption of this pattern provides business value in the following ways:
Provides increased productivity for users through composite applications and
integration of existing applications on the glass.
Supports enterprise integrated desktops across application types and surface
role based workspaces for given tasks.
Reduces IT and administration costs through remote deployment and
management of software across all customer segments.


Business patterns for Registered Traveler
This section addresses the business patterns that apply to Registered Traveler.

Applying the Master Data Management pattern
Traveler data is redundant, often inconsistent, and not current across multiple
heterogeneous systems that are typically developed in silos.
Point-to-point interfaces are often developed to move updated traveler data
from one system to another, which constrains the ability for IT to make
changes and increases the overall cost of ownership.

The following approaches should be taken in applying this pattern:
An approved registered traveler registry should be established to maintain an
authoritative source of registered traveler master data that is current and of
high quality, and can facilitate the secure sharing of registered traveler data
within the organization and across organizational boundaries (for example
DMV records, credit reports, and financial information from banks).
Registered Traveler could be used to support Advanced Passenger Analysis
screening for international travel and to support domestic travel for security
screening where the traveler would provide their biometrics to match against
their credentials to expedite domestic travel.
From a MDM perspective, registered traveler data can be loaded through
batch, messaging, Web service, or real time through EJB™ calling an MDM
service.
The Registered Traveler system itself would support the business process for
managing the application, vetting (background processing), adjudication and
approval, and payment processing.
A CSR or multiple user roles might be involved in the processing and
management of the application as a case. The Registered Traveler system
should invoke a MDM server transaction to either perform a person look-up to
see if the person applied before or call the MDM Server AddParty Service,
which would find a match and update or add that information to Single View.
This can be done as part of a global transaction with the Registered Traveler
system calling the MDM service, and is XA compliant.
The biometrics stored can drive the unique identification for a person in the
MDM server.


The MDM server publishes changes so that there is a publish/subscribe
model pattern for the synchronization of trusted traveler data. For example, if
a registered traveler updates their address or contact information, the update
is sent to passport and visa immigration systems.
Any time a MDM add/update transaction occurs, there is a pattern of data
quality management (cleansing and standardization) and then suspect
duplicate processing to see if the person already exists.

Adoption of this approach provides business value in the following ways:
The actual passenger data (PNR) for those persons that are traveling can
only be retained for limited time. However, registered traveler data and
content is established for a much longer time. Treating this as master data will
ensure accuracy and consistency with dependent sources of public and
private data.
Establishing a single view of managed, trusted, and registered traveler data
shared across carriers and government agencies is a critical factor for faster,
thorough travel security clearance and safety for frequent travelers.

IBM InfoSphere Master Data Manager Server is recommended for creating a
single view of registered travelers.

Applying the Enterprise Content Management pattern
Inability of the current systems to integrate with a biometric system to capture
fingerprint images.
Inability to capture and store content associated with a person such as a
passport image, birth certificate, and so forth.
Inability to manage and link content distributed over multiple content
management systems with structured data about a person.

The following approaches should be used to apply this pattern:
Use master data management to associate structured data along with
unstructured content through a common key, driven by data cleansing,
standardization, and matching.
Use MDM as a controller to the drive-federated query requests about a
person to retrieve all content and data about a person relevant to a query.


Adoption of this approach provides business value in the following ways:
Ability to access the correct content at the right time quickly, and easily and
accurately associate a traveler’s biographic records from a single content
repository
Ability to manage exposure to litigation, internal policy, external mandatory
regulations, and government compliance
Increased productivity:
– Having the right information captured in a single version and single
location for all unstructured content
– Content-centric processes are automated and integrated as part of the
overall registered traveler business process

IBM FileNet Business Process Manager
IBM FileNet Image Services
IBM FileNet Records Manager
IBM FileNet Content Services

Infrastructure patterns that apply to Advanced Passenger Analysis
and Registered Traveler
This section addresses the infrastructure patterns that apply to both Advanced
Passenger Analysis and Registered Traveler.

Applying the Connectivity pattern
Point-to-point integration between several applications such as screening,
targeting to data sources such as analytics databases, case management
data, and so forth.
Scaling Advanced Passenger Analysis architecture to accommodate new
data sources (such as international watch lists and criminal data) becomes
complex and time consuming.


The following approaches should be taken in applying this pattern:
An ESB architecture behind the firewall enables loose coupling, basic routing
and easy integration and adaptation of their diverse applications inside and
outside the enterprise.
Development of new applications for Registered Traveler along with
corresponding data sources becomes much faster.
The ESB provides support for different protocols and the exchange of
message formats between applications at the channels and within the data
center.

Adoption of this pattern offers business value in the following ways:
The ESB provides a solution to respond to requests in a channel independent
fashion to support user interface flexibility.
Development and updates to applications to keep up with changing security
mandates becomes considerably faster.

IBM WebSphere Enterprise Service Bus
IBM WebSphere Message Broker
IBM WebSphere DataPower
IBM WebSphere Service Registry and Repository

Applying the security pattern
This pattern addresses security across all tiers of the solution architecture.

Presentation tier security
Consider the following guidelines for presentation tier security.
The Web interface to Advanced Passenger Analysis /Registered Traveler
Portal needs to be covered in aspects of security by employing best practices
such as defense-in-depth. By this, the solution is protected by its layered
placement across security zones.
IBM Tivoli Access Manager for e-business provides an access management
infrastructure that can fulfill the above needs.


Identity management
Consider the following guidelines for identity management.
As the realms within which the solution operates is important (national
security), it is essential that the users who interact with the system, especially
those who can modify the information (such as over presentation tier), are
identified with high levels of assurance.
As per security best practices, the channel for verifying the identity of an
Advanced Passenger Analysis/Registered Traveler critical user should be
multiple. For example the user should provide what they know (user
ID/password over the Web) and provide information about what they have
(token/smart card/biometric information). A combination of the two would
better determine the identity.
To have access to the Advanced Passenger Analysis/Registered Traveler
solution, an infrastructure has to be provided for users to enroll, any
documents to be scanned for approval (and stored), workflow systems to get
required approvals, and for scanning of biometrics.
Determine which internal government employees should have access to
registered traveler identification information.
Upon approvals, a secured credential would be granted and issued to the
user.
The credential (such as a smart card) contains aspects of the user that can
be verified with the user's biometric information. Solution components for this
include an approval engine such as IBM Tivoli Identity Manager.

Integration tier security
Consider the following guidelines for integration tier security.
The integration tier of Advanced Passenger Analysis is primarily performed by
the ESB/Message Queue (MQ) components. The security aspects, such as
integrity of messages and confidentiality (such as who or which application
can write into the queues and read from it), are critical. Similarly for Web
services invocations, it is important that these invocations are performed by
the authorized entities as per the security policies.
To achieve both these requirements, the following security components can
help:
– WebSphere MQ Extended Security Edition
– IBM Tivoli Federated Identity Manager


Application tier security
Consider the following guidelines for application tier security.
Application level security on which roles can perform which actions will be
performed by the application itself. The information about the mapping of
users to roles, roles to actions, and actions to resources is handled by the
application itself.
In the Advanced Passenger Analysis solution, WebSphere Portal Server
(based on WebSphere Application Server) will handle these aspects. The
application components can, however, delegate the responsibility of storing
this data to CIS components (such as IBM Tivoli Directory Server) or
externalize access management to IBM Tivoli Access Manager for
e-business.

Data tier security
Consider the following guidelines for data tier security.
Data storage encryption
– Sensitive information needs to be encrypted and stored in tape drives,
virtualized storage, or disk subsystems. It is important to have a system
that can store this data and manage the set of encryption keys.
– Advanced Passenger Analysis data will come from all over the world, so it
needs to be encrypted during transition and not just during rest in the case
management database. WebSphere MQ Extended Security Edition has
this capability.
– The Registered Traveler data is persistent for the lifetime of the registered
traveler identification. Therefore, encrypting this data is important.
Data access
User access to stored data needs to be controlled both logically and
physically. Information in user repositories (such password information) needs
to be encrypted and stored using security algorithms (for example
SHA1/AES) as per business policy. Information stored in the databases
needs to be encrypted using directory or database provided encryption
mechanisms.

Applying the SOA Management pattern
Advanced Passenger Analysis and Registered Traveler business service level
agreement (SLA) requirements and non-functional requirements are key to
determining exact systems management requirements. This section lists
systems management components and a mapping of IBM solution offerings that
cater to them.


Note that although these solutions and services are positioned for the boundary
of control of a Advanced Passenger Analysis or Registered Traveler project, they
can be expanded to other enterprise class solutions.

Availability of systems and services
Consider the following guidelines for availability of systems and services
To meet the expected throughput and performance SLAs, it is important to
know the availability characteristics of the system where the components run.
It is therefore imperative in real time to:
– Determine the availability of operating system resources (such as
memory, hard disk space, and CPU cycles).
– Determine the availability of applications and services.
Send alerts when critical thresholds are reached for resources or critical
applications are not running.
Take corrective actions where possible by running system commands at
target machines that can be configured to perform remediation steps (For
example, start an application server if it is down).
Report the availability snapshot of the critical systems in a dashboard.
The IBM Tivoli Monitoring suite can help with these requirements.

Capability of predictive alerts
To be better prepared to predict issues, consider the following issues:
Keep historical data (not just real-time data) of systems utilization.
Determine trends of peaking resources.
Determine the time to reach resources limit (for example a hard disk would
reach capacity in 30 days at the current rate).
Provide growth statistics for multiple time periods (such as one week, one
month, 90 days).
Send alerts by integrating with existing e-mail/SMS systems to page the
concerned person.
IBM Tivoli Performance Analyzer can help with these requirements.

Systems troubleshooting
When solution systems are not functioning to the expected levels, information
should be available on where the problem is occurring. This is often a daunting
task with many participants involved.


There is a need to improve operational efficiency by providing visible information
of what is happening in the environment and which components are performing
poorly. This information should show the performance of transactions over
multiple stages. This will help identify where bottlenecks are in a system.

The following products can help:
IBM Tivoli Monitoring
IBM Tivoli Composite Application Manager for Transactions
IBM Tivoli Composite Application Manager for SOA
IBM Tivoli Composite Application Manager for WebSphere

Applying the SOA Governance pattern
This pattern addresses SOA governance concerns.

Consider the following guidelines for how this pattern should be applied:
Plan, develop, and deploy an enterprise level governance strategy, so it is not
done in pockets within each department.
Execution of governance practices need proactive best practices and
enforcement.
Compliance reports need to be stored and retrieved for audits.
When starting SOA-based projects, identify and prioritize new and ideal sets
of service candidates. By following best practices and adopting SOMA, the
highest value business services that will need to be implemented can be
identified easily and accurately.
To regulate the creation of new services with future SOA projects, implement
a centralized registry and repository.
Institutionalize governance best practices with executive sponsorship and
support across departments.
By adopting the SOA Governance and Management Methodology (SGMM),
assign roles and responsibilities for spawning and owning services and put a
funding model in place.


Government SOA Scenario: Immigration and Border Management

Government SOA Scenario: Immigration and Border Management

Recommended

Recommended

More Related Content

Similar to Government SOA Scenario: Immigration and Border Management

Similar to Government SOA Scenario: Immigration and Border Management (20)

More from IBM Government

More from IBM Government (9)

Recently uploaded

Recently uploaded (20)

Government SOA Scenario: Immigration and Border Management