Swebarchitecturefinal
Upcoming SlideShare
Loading in...5
×
 

Swebarchitecturefinal

on

  • 344 views

 

Statistics

Views

Total Views
344
Views on SlideShare
344
Embed Views
0

Actions

Likes
1
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Swebarchitecturefinal Swebarchitecturefinal Document Transcript

  • ........................................................................................................................................................................ Austria Hungary Slovenia Zagreb Romania Ljubljana Croatia Bosnia and Bucarest Belgrade Herzegovina Sarajevo Serbia Bulgaria Montenegro Adriatic Sea Sofia Podgorica Skopje The former Yugoslav Tirana Republic of Macedonia Italy Albania Greece Western Balkans Athens SWEB – Architecture and Platform Secure, interoperable, cross border m-services contributing towards a trustful European cooperation with the non-EU member Western Balkan countries SWEB is an EU IST cooperation project that develops a secure, open and affordable government platform upon which secure, cross-border, mobile government services can be built. These services support the exchange of administrative documents between governmental organizations, citizens and companies. To ensure interoperability the platform is designed according to SOA concepts and implemented with Web services. Introducing the SWEB Platform The SWEB platform addresses the interoperability needs of Small and The international cooperation project Medium Governmental Organi- SWEB develops an innovative secure zations (SMGOs) by implementing platform for the interoperable, se- main components as atomic, self- cure and mobile electronic exchange contained Web Services, orchestra- of public sector documents. SWEB is ted with BPEL into business proces- funded by the European Comm- ses, and realizing a Service Oriented ission under its Sixth Framework Architecture (SOA). Since security Programme (FP6) as part of the and trust are key enablers in govern- Information Society Technologies mental systems, various security (IST) initiative (044979). standards and technologies were applied to achieve authentication, Fraunhofer Institute for Design Goals authorization and secure communi- Open Communication Systems FOKUS cation between the communicating Competence Center ELAN One design goal was to make the stakeholders. Advanced XML tech- Petra Hoepner (Coordinator SWEB) platform easily applicable in less- nologies, PKI, XML security stan- Kaiserin-Augusta-Allee 31 10589 Berlin, Germany advanced technological infrastructu- dards, and mobile device security res. To demonstrate the platform, its enhancements provide the technical Tel +49 (0)30 3463 7185 services and the cross-border trial infrastructure of the SWEB platform. Fax +49 (0)30 3463 8000 scenario, Western Balkan municipali- Thus administrative services can be Mail petra.hoepner@fokus.fraunhofer.de ties were chosen to collaborate with built easily, focussing development EU-municipalities. Dissemination to purely on business logic by using the ........................................ other municipalities for potential security components available on the redeployment is intended. Given that SWEB platform. University of Piraeus Research Centre mobile devices are widely available in Department of Informatics the Western Balkan countries, the Dr. Nineta Polemi (Technical Manager SWEB) Disclaimer This document has been produced with the SWEB platform and its administrative Karaoli & Dimitriou 80 financial assistance of the European Community. The views services can be accessed using mo- expressed herein are those of Fraunhofer FOKUS and can the- Pireaus 18534, Greece refore in no way be taken to reflect the official opinion of the bile devices. In this context a mobile European Commission. The information in this document is Tel +30 210 4142 270 provided as is and no guarantee or warranty is given that the framework will be introduced with Mail dpolemi@unipi.gr information is fit for any particular purpose. The user thereof special emphasis on security. Web www.unipi.gr uses the information at its sole risk and liability.
  • ........................................................................................................................................................................ Austria Hungary Slovenia Zagreb Romania Ljubljana Croatia Bosnia and Bucarest Belgrade Herzegovina Sarajevo Serbia Bulgaria Montenegro Adriatic Sea Sofia Podgorica Skopje The former Yugoslav Tirana Republic of Macedonia Italy Albania Greece Western Balkans Athens Since the overall SWEB platform is tion/authorization mechanisms, noti- based upon several tiers and a few fication and storage. This basic func- external services, it can be deployed tionality itself is separated from the as a distributed system to provide a actual business services that repre- maximum of reliability, system stability sent an orchestration of such basic and enhanced ease of maintenance. functionality. Thus in the event of system failure at business service To deploy the SWEB system, either level, basic services like platform mobile or stationary clients are used access, document retrieval and mes- to communicate with an interaction saging are still assured. Actual han- layer which functions as a primary dling and approval of all official doc- access point. Once a message passes uments is carried out by the legacy validation, it is delivered to the SWEB system of the specific municipality platform core, represented as a dedi- which is connected to the SWEB plat- cated tier, holding the services that form in a well-defined manner. An architectural overview are necessary to provide basic of the SWEB platform functionality like various authentica- Security Token UDDI Repository Service (STS) Public Key »interface« »interface« Infrastructure (PKI) Node A1 Client Tier (Mobile) Operation Operation »interface« Operation »interface« Timestamping User Interface Operation XKMS »interface« Operation Security Components Node E Node C First Enterprise Tier Integration Tier Policy Enforcement Node B Interaction Tier »interface« Adaptation Layer Operation Message Security Manager Gateway »interface« »interface« »interface« Operation Operation Notification Service Handling Operation »interface« Operation XML Database »interface« »interface« Mobile Tier Manager Task Manager Storage Operation Operation »interface« »interface« »interface« »interface« »interface« »interface« Web Tier Manager Operation Operation Operation Operation Operation Operation »interface« »interface« HTTP Operation Operation Node A2 Node D Client Tier »interface« Web Services (Stationary) Operation Browser Buisness Workflow Enterprise Second Enterprise Tier »interface« Operation Java Bean »interface« Other Operation
  • ........................................................................................................................................................................ The SWEB platform consists of 5 tiers Several external servers are used Client Tier (Node A) comprises the • Task Manager for managing all • STS (Secure Token Services) server components a user needs to access tasks and service related docu- for user authentication and author- the system, including mobile device ments ization by issuing a corresponding clients (Node A1) and stationary SAML (Security Assertion Markup clients for civil servants (Node A2). • Notification for creating and send- Language) token which is required ing notification messages via SMS for users to be authenticated and Interaction Tier (Node B) hosts the or eMail authorized to the SWEB platform. communication components such as the Mobile Tier Manager for access- • Storage for permanently storing • Time Stamping server (TSA) for ing the SWEB platform using mobile requests (like e/m-Invoices) using time stamping official documents. devices and Web Tier Manager for the XML-database accessing the SWEB platform using a • PKI services exposed through browser and smartcards. The • Adaptation Layer for communica- XKMS (XML Key Management Message Security Manager is respon- tion with the existing systems of Service) which outsources compli- sible for implementation of security the municipality cated PKI functions like certificate features on the platform as well as validation from the mobile device. for user authentication. Second Enterprise Tier (Node D) contains the business services using • A UDDI repository storing the URLs First Enterprise Tier (Node C) con- Business Process Execution Language of the SWEB-enabled municipali- tains basic services and the platform (BPEL) for service orchestration. ties. core such as Integration Tier (Node E) provides Several types of interfaces are used in • Service Handling for communica- binding to the legacy components. the SWEB platform: HTTP/HTTPS for tion between the Interaction Tier web-based system access and TSA and other components at the First communications, Web Services (SOAP) Enterprise Tier for communication between the dif- ferent tiers and EJBs (Enterprise Java • Policy Enforcement for user autho- Beans) – mostly used for inner-tier rization on the SWEB platform component communication.
  • ........................................................................................................................................................................ Signed Request Form Signed Certificate Civil Servant Civil Servant SWEB Platform Functionality Mobile Residence Certification Service – Scenario To test and run the SWEB platform The SWEB platform meets the challenges of interoperability, mobility, security, two specific municipal services are user-friendliness and multiple language support. Illustrating how these implemented demands can be met, the ‘Mobile Residence Certification Service’ scenario shows an Albanian citizen in Berlin, Germany, who electronically requests a Mobile Residence Certification residence certificate from his home town, Tirana, Albania. Both municipalities Service, as a specific example of a operate a SWEB platform. The citizen communicates with the local platform secure municipal document ex- with a mobile device as access channel. He fills out a request form, and change service in which a public authenticates and submits the signed request which is then forwarded from organization and individual citizens the local to the Albanian municipality. The issued certificate is signed by the can securely communicate e/m- administrative clerk there and returned to the local municipality. The citizen municipal documents. then receives notification that his residence certificate is ready for retrieval and downloads it to the mobile device. Electronic/Mobile Invoicing, which has a critical role in all the stages of Partners handling Value Added Tax (VAT) pro- • Fraunhofer Institute for Open • The Municipality of Tirana, Albania cedures for EU Member States. Communication Systems FOKUS, Through e/m-invoicing, tax admini- • The Trade Information Promotion System Germany (Project Manager) strators will be able to implement at the Albanian National Bureau, Albania • University of Piraeus Research Centre, new tools and procedures to carry • The City of Skopje, The Former Yugoslav out alternative controls. Greece (Technical Manager) Republic of Macedonia • Institute of Communication • T&P CONSULTING D.O.O.E.L., The Former and Computer Systems, Greece Yugoslav Republic of Macedonia (Advisory Committee Chair) • Autonomous Province of Vojvodina, Serbia • The Mathematical Institute of the Serbian • Prozone, Serbia Academy of Sciences and Arts, Serbia (Quality Assurance Manager) • The Municipality of Stari Grad, Serbia • The Municipality of Siena, Italy www.sweb-project.org © Fraunhofer FOKUS, Berlin 2008