Agenda - 18 February 04

advertisement
Agenda - 18 February 04
•
•
•
•
Welcome
Round Table - Who? Where? What?
Introduction to FAME
Fame Generic Framework
– Overview
– Technical components
• Round table discussion
• Next actions
FAME Generic Framework
Objectives
• To explore and understand the work of
FAME pilot streams.
• To synthesise views of a deliverable
overall generic framework with
appropriate (vendor neutral) technical
and social/organisational elements.
• It is NOT about individual stream level
service or software design.
Objectives
• The generic framework will be the
accumulation of ideas and experience
from the individual streams together
with relevant research input.
• It will act as a guide to other LAs in
their sourcing and implementation of
systems and service development.
Headings
•
•
•
•
•
•
•
•
•
High level scoping statement
Legal powers and responsibilities
Governance
Information sharing
Identity management
Infrastructure
Messaging, events and transactions
Sustainability
Federation
High level scoping statement
•
•
•
•
What services are we exploring?
What are the aspirations for outcomes?
How will these outcomes be evaluated?
Takes account of the different
requirements of the contexts of:
–
–
–
–
citizens/communities,
service providers,
service commissioning and
national governance.
• Defines the ‘business case’.
Legal powers and responsibilities
• Defines the multi agency services to be
provided (e.g. practice, assessment,
care planning and delivery).
• Identifies the legislative/guidance
framework covering these services.
• Identifies the legal powers, statutory
duties and responsibilities of the
agencies and organisations providing the
service.
Governance
• The organisation of multi agency services
and practice.
• Information sharing.
• The infrastructure- relationships, hard
and soft assets.
• Procurement and ownership.
• Participation of stakeholders in the
evaluation of outcomes.
• The links to the duties and legal powers
available is clearly identified.
Information sharing
• A multi agency hub facilitates a variety
of information sharing modes.
• Information sharing may apply in all
contexts- amongst citizens, services,
commissioning and policy making.
• The information sharing protocol will
explicitly define the limits information
sharing enabled.
Identity Management
• Identity is more than a personal
dataset.
• Identity is context dependent and must
be defined in terms of relationships.
• Statements about identity have a
provenance associated with the
trustworthiness of their sources.
• Extends ideas of identity and consent.
Infrastructure
• Communication within a multi agency
community requires shared resources
and capabilities.
• The infrastructure must respect
appropriate diversity and autonomy as
well as commonality and uniformity.
• Its use is defined by the user
community.
Messaging, events, transactions
• Process maps, workflows and catalogues
may be shared.
• The infrastructure will support
broadcast, narrowcast publication and
may automatically generate:
– Notifications
– Updates of shared data items,
documents and content.
Sustainability
• A capability for continuous adaptation.
• Identifies the scale, scope and context of
change.
• Links systems and organisational change
processes.
• Sustains on-going processes for training,
review and further development.
• Recognises the required skill-sets, project
resources, cultural sensitivity and people.
Federation
• Co-operative working evolves between
multi agency communities of service.
• Local shared infrastructures can interwork with other local and national
infrastructures.
• These processes are facilitated by
Internet technologies e.g. portals and
hubs/spokes.
Headings
•
•
•
•
•
•
•
•
•
High level scoping statement
Legal powers and responsibilities
Governance
Information sharing
Identity management
Infrastructure
Messaging, events and transactions
Sustainability
Federation
Project
Sponsor
Practitioner
High level scoping
statements
IT Manager
High level scoping
statements
High level scoping
statements
Governance
Governance
Infrastructure
Legal Powers
Information
sharing
Information
sharing
Legal Powers
Identity
Identity
Events, Messages
& Transactions
Identity
Events, Messages
& Transactions
Governance
Infrastructure
Sustainability
Information
sharing
Legal Powers
Sustainability
Federation
Events, Messages
& Transactions
Sustainability
Federation
Federation
Possible paths through the framework
Headings
•
•
•
•
•
•
•
•
•
High level scoping statement
Legal powers and responsibilities
Governance
Information sharing
Identity management The areas with a strong
Infrastructure
technical component.
Messaging, events and transactions
Federation
Sustainability
Systems and infrastructure
An historical perspective
Local
interaction
Local
interaction
Application layer
Application layer with local
event handling and workflow
Persistent data layer
Preserves and manages
data over space and time
Transaction
Management
Middleware
Hardware and Operating System Layer
Integrates platforms within
an enterprise: our
computers and networks
become a unified resource
Each of these “integration
products” has its own
Modes
means of of
originsand
in concepts
access
resource management or
process management.
Channels
Knowledge
Portals
CRM
Shared
Workflow
Local
interaction
eCommunity
Applications are WEB
enabled
Local
interaction
Application layer
Application layer with local
event handling and workflow
Persistent data layer
Preserves and manages
data over space and time
Transaction
Management
Middleware
Hardware and Operating System Layer
Integrates platforms within
an enterprise: our
computers and networks
become a unified resource
Domain of Integration
Channels
Modes and means of
access
Integration layer
Resource Integration
Portal
Master Index
Shared Workflow
and Message Hub
Local
interaction
Identifiers and identities
Process Integration
Application Adapters
Local
interaction
Application layer
Application layer with local
event handling and workflow
Persistent data layer
Preserves and manages
data over space and time
Middleware
Hardware and Operating System Layer
Integrates platforms within
an enterprise: our
computers and networks
become a unified resource
Structure and infrastructure
Domain of Integration
Channels
Commodity products and
services
Integration layer
Portal
Master Index
Shared Workflow
and Message Hub
Local
interaction
Support for users to shape
and govern their information
environment.
Local
interaction
Application layer
Persistent data layer
The information systems and
communications utility.
Middleware
Hardware and Operating System Layer
Provision value chains
Integration layer
Portal
Master Index
Shared Workflow
and Message Hub
Local
interaction
Local
interaction
Integration Engines:
CRM, BPR,
media/content,
Knowledge/document
Management
Software
development
and support
Application layer
Software
technology
licensing
Persistent data layer
Middleware
Hardware and Operating System Layer
Box
shifting
Applications service provision / In-house
Commodity devices
and services
Systems Integration and change management.
Channels
Outsource: we do it all for you…
Integration layer
Portal
Master Index
Shared Workflow
and Message Hub
Local
interaction
Local
interaction
Integration Engines:
CRM, BPR,
media/content,
Knowledge/document
Management
Software
development
and support
Application layer
Software
technology
licensing
Persistent data layer
Middleware
Hardware and Operating System Layer
Box
shifting
Applications service provision / In-house
Commodity devices
and services
Systems Integration and change management.
Channels
“Best of breed”: The IT department in control
Integration layer
Portal
Master Index
Shared Workflow
and Message Hub
Local
interaction
Local
interaction
Integration Engines:
CRM, BPR,
media/content,
Knowledge/document
Management
Software
development
and support
Application layer
Software
technology
licensing
Persistent data layer
Middleware
Hardware and Operating System Layer
Box
shifting
Applications service provision / In-house
Commodity devices
and services
Systems Integration and change management.
Channels
Government Gateway: Fit a DIS Box and
London will do the rest
Integration layer
Portal
Master Index
Shared Workflow
and Message Hub
Local
interaction
Local
interaction
Integration Engines:
CRM, BPR,
media/content,
Knowledge/document
Management
Software
development
and support
Application layer
Software
technology
licensing
Persistent data layer
Middleware
Hardware and Operating System Layer
Box
shifting
Applications service provision / In-house
Commodity devices
and services
Systems Integration and change management.
Channels
Strategic integration:
Integration layer
Portal
Master Index
Shared Workflow
and Message Hub
Local
interaction
Local
interaction
Integration Engines:
CRM, BPR,
media/content,
Knowledge/document
Management
Software
development
and support
Application layer
Software
technology
licensing
Persistent data layer
Middleware
Hardware and Operating System Layer
Box
shifting
Applications service provision / In-house
Commodity devices
and services
Systems Integration and change management.
Channels
Other
Domains
Domain of Integration
Channels
Integration layer
Portal
Portal
Master Index
Shared Workflow
and Message Hub
Local
interaction
Index
Hub
Local
interaction
Application layer
Persistent data layer
Middleware
Hardware and Operating System Layer
We are not alone:
There are other
domains around us.
Other
Domains
Domain of Integration
Channels
Integration layer
Portal
Portal
Master Index
Shared Workflow
and Message Hub
Local
interaction
Index
Hub
Local
interaction
Application layer
Persistent data layer
Middleware
Hardware and Operating System Layer
We are not alone:
There are other
domains around us.
Universal point of Access
Portal
Portal
• Is offer X in your catalogue the same as offer Y in mine?
• How do we support and nurture brokers and
intermediaries?
• Sometimes we need to be able to “google” the whole
federation…
• This universal service enables signaling for an
information economy.
– Financial cost and value
– Social value
– Political value
Universal point of Publication
and Recourse
Shared Workflow
and Message Hub
Hub
• The audit trail may lead to a boundary: where do you go
then?
• Escalation has to stop somewhere.
• Can you deliver my scripts and can I deliver yours?
• How do I tell the people who need to know?
–
–
–
–
–
Individually addressed messages,
Role and workflow based structured messages,
Narrow-cast,
Universal broadcast,
Publication.
Identity Management
Master
Index X
Domain id XA
Domain id XB
Domain id XC
Domain id XD
Master
Index Y
Domain id YA
Domain id YB
Domain id YC
Domain id YD
Index
Index
I have identifier B in domain X
and identifier C in domain Y.
If application xb needs to talk to
application ym about me, then it
must do so via a hub to hub
message.
This requires that the identity
management service, at the
federation level, must confirm
that XB ≡ YC ≡ “Me”.
Who gives the identity management service the right to do this and how?
Other
Domains
Domain of Integration
Federation
Services
Channels
Integration layer
Federal points of
access: the catalogue
of catalogues
Portal
Portal
Master Index
Shared Workflow
and Message Hub
Local
interaction
Index
Federated Identity
Management Services
Hub
Universal point of
publication, recourse
and resolution.
Local
interaction
Application layer
Persistent data layer
Middleware
Hardware and Operating System Layer
We are not alone:
There are other
domains around us.
Domain of Integration
Accepting
networks
Channels
Integration layer
Identity tokens
and keys
Portal
Shared Workflow
and Message Hub
Portal
Federated Identity
Management Services
Hub
Universal point of
publication, recourse
and resolution.
Local
interaction
Brand Apps
Application layer
Persistent data layer
Federation
Services
Federal points of
access: the catalogue
of catalogues
Index
Master Index
Local
interaction
Other
Domains
Pocketable data
Middleware
Hardware and Operating System Layer
Smart Cards:
Integrating the
integration
technologies
Headings
•
•
•
•
•
•
•
•
•
High level scoping statement
Legal powers and responsibilities
Governance
Information sharing
Identity management The areas with a strong
Infrastructure
technical component.
Messaging, events and transactions
Federation
Sustainability
Certification authorities
Trust anchors must link
root and end entities.
Hierarchical model
A business anchor
linking end entities.
Trust anchors
must be local.
Distributed model
Hierarchical model
Bridge model
A CA acting as facilitator
between CA domains.
Distributed model
Hierarchical model
www.projectliberty.org
Other
Domains
Domain of Integration
Federation
Services
Channels
Federal points of
access:
Integration layer
Shared Workflow
and Message Hub
Portal
Portal
Master Index
Index
Federated Identity
Services
Hub
Universal point
of publication.
Application layer
Persistent data layer
Middleware
Hardware and Operating System Layer
Views of
federation
Safe & secure public service infrastructure:
• What does Liberty Alliance do?
– Best practice PKI to protect the channels and the
messages.
– Authentication enrolment mechanisms.
– A set of mutual and community based trust
creation and implementation mechanisms.
– Open, progressive and federable approach.
But multi-agency public service delivery,
particularly the caring services, present more
demanding requirements than does commerce.
The requirements:
• Governance.
– who participates in defining the rules and
processes?
– how is their engagement informed and made
effective?
• Flexibility.
– The process to be supported is the one that
reengineers processes and creates new structures.
• Trust.
– New demarcations between structure and
infrastructure.
Ideas of identity and of relationship seem to be
very significant in addressing these requirements.
Events,
Messages and
Transactions.
Some definitions…
….but not just a
glossary.
We need to be clear
about the terms and
concepts we use.
Information
A state of affairs that could
be one way or another.
• News of a contingency that has significance.
It is communicated, - moving
in space and or time.
It causes something and
so makes a difference.
Events→Individuals→Transactions
• An event: an occasion when information is generated.
• Unique birth and death events delimit the existence
of an individual, (also known as a principal or a party).
• An event becomes a transaction when:
– It involves 2 or more individuals and…
– Produces intended changes in the distribution of resources
and responsibilities among them
Transactions→Relationships→Identities
• If information from a previous transaction is used, by
the same parties, in subsequent ones then this is a
relationship.
–
–
–
–
Multiple encounters
Recognition
Persistence
More and different transactions.
• An identity is the information used by parties to
recognise each other.
• An identifier links an identity to a history.
• These definitions lead to two implementation concepts:
– A register
– An index.
Register 1
An identity
An Individual
A local identifier
Identity attributes
Sets of records
of the same
individual with
different
relationships.
Profile and history
Relationship Rc.
Relationship Ra.
Register 1
An identity
A relationship type +
A provider identity
An Individual
An index
correlating
identifiers
Associated
identifiers
Domain of Integration
Channels
Integration layer
Shared Workflow
and Message Hub
Sets of records
of the same
individual with
different
relationships.
Local
interactio
n
Portal
Master Index
Local
interactio
n
Application layer
Persistent data layer
Middleware
Relationship Rc.
Relationship Ra.
Hardware and Operating System Layer
A relationship type +
A provider identity
Index based,
narrowcast
publications:
Associated
identifiers
• I, <Na>, having relationship w with individual I know
as <Nb>, am willing to enter transactions q, r or s
with anyone who has relationships x, y or z with
this individual.
• With whom can I engage in transaction u, regarding
the individual I know as <Nb>?
• These may be subject initiated, permissioned, joint
or independent of the subject.
Registers which
use different
attribute sets to
indicate
identities.
Register 1
An identity
A relationship type +
A provider identity
An Individual
An index
correlating
identifiers
Associated
identifiers
A domain of
integration…
Relationship Rc.
Relationship Ra.
…but where is
federation?
Registers which
use different
attribute sets to
indicate
identities.
Register 1
Register 2
Register 3
Identity Management
Provider B
Sets of records
of the same
individual with
different
relationships in
two different
domains.
Identity Management
Provider A
Relationship Rb.
Relationship Rc.
Relationship Ra.
Relationship Rk.
Register 1
Register 2
Register 3
Centralisation policies:
•
•
•
•
•
One register
An index of registers and a register of registrars?
One index distributed over the federation.
A universal identity management service.
Multiple registers, indexes and identity management services.
Register 1
Register 2
Register 3
A range of trust models:
A
A
A
Á
C
B
B
C
B
B́
Mapping to Liberty Alliance concepts and terms:
An index row represents the business anchor list for relationship
suppliers who have direct trust respecting a common client.
Identity managers support brokered trust (both direct and indirect)
respecting an individual client.
Registrars deliver Authentication Enrolment Agreements to
Certification Authorities (CAs).
The trusted core services support a federal, mixed model CA network
in which relationship providers (and clients) are authenticatable end
entities.
Headings
•
•
•
•
•
•
•
•
•
High level scoping statement
Legal powers and responsibilities
Governance
Information sharing
Identity management The areas with a strong
Infrastructure
technical component.
Messaging, events and transactions
Federation
Sustainability
Issues
•
•
•
•
How does all this feel to you?
How much of this is available now?
What can I buy today?
Do our IT departments have the skills
and know-how to deliver this vision?
• Some of this has to be bought and
deployed collectively – Who? How?
Download