Agenda - 18 February 04 • • • • Welcome Round Table - Who? Where? What? Introduction to FAME Fame Generic Framework – Overview – Technical components • Round table discussion • Next actions FAME Generic Framework Objectives • To explore and understand the work of FAME pilot streams. • To synthesise views of a deliverable overall generic framework with appropriate (vendor neutral) technical and social/organisational elements. • It is NOT about individual stream level service or software design. Objectives • The generic framework will be the accumulation of ideas and experience from the individual streams together with relevant research input. • It will act as a guide to other LAs in their sourcing and implementation of systems and service development. Headings • • • • • • • • • High level scoping statement Legal powers and responsibilities Governance Information sharing Identity management Infrastructure Messaging, events and transactions Sustainability Federation High level scoping statement • • • • What services are we exploring? What are the aspirations for outcomes? How will these outcomes be evaluated? Takes account of the different requirements of the contexts of: – – – – citizens/communities, service providers, service commissioning and national governance. • Defines the ‘business case’. Legal powers and responsibilities • Defines the multi agency services to be provided (e.g. practice, assessment, care planning and delivery). • Identifies the legislative/guidance framework covering these services. • Identifies the legal powers, statutory duties and responsibilities of the agencies and organisations providing the service. Governance • The organisation of multi agency services and practice. • Information sharing. • The infrastructure- relationships, hard and soft assets. • Procurement and ownership. • Participation of stakeholders in the evaluation of outcomes. • The links to the duties and legal powers available is clearly identified. Information sharing • A multi agency hub facilitates a variety of information sharing modes. • Information sharing may apply in all contexts- amongst citizens, services, commissioning and policy making. • The information sharing protocol will explicitly define the limits information sharing enabled. Identity Management • Identity is more than a personal dataset. • Identity is context dependent and must be defined in terms of relationships. • Statements about identity have a provenance associated with the trustworthiness of their sources. • Extends ideas of identity and consent. Infrastructure • Communication within a multi agency community requires shared resources and capabilities. • The infrastructure must respect appropriate diversity and autonomy as well as commonality and uniformity. • Its use is defined by the user community. Messaging, events, transactions • Process maps, workflows and catalogues may be shared. • The infrastructure will support broadcast, narrowcast publication and may automatically generate: – Notifications – Updates of shared data items, documents and content. Sustainability • A capability for continuous adaptation. • Identifies the scale, scope and context of change. • Links systems and organisational change processes. • Sustains on-going processes for training, review and further development. • Recognises the required skill-sets, project resources, cultural sensitivity and people. Federation • Co-operative working evolves between multi agency communities of service. • Local shared infrastructures can interwork with other local and national infrastructures. • These processes are facilitated by Internet technologies e.g. portals and hubs/spokes. Headings • • • • • • • • • High level scoping statement Legal powers and responsibilities Governance Information sharing Identity management Infrastructure Messaging, events and transactions Sustainability Federation Project Sponsor Practitioner High level scoping statements IT Manager High level scoping statements High level scoping statements Governance Governance Infrastructure Legal Powers Information sharing Information sharing Legal Powers Identity Identity Events, Messages & Transactions Identity Events, Messages & Transactions Governance Infrastructure Sustainability Information sharing Legal Powers Sustainability Federation Events, Messages & Transactions Sustainability Federation Federation Possible paths through the framework Headings • • • • • • • • • High level scoping statement Legal powers and responsibilities Governance Information sharing Identity management The areas with a strong Infrastructure technical component. Messaging, events and transactions Federation Sustainability Systems and infrastructure An historical perspective Local interaction Local interaction Application layer Application layer with local event handling and workflow Persistent data layer Preserves and manages data over space and time Transaction Management Middleware Hardware and Operating System Layer Integrates platforms within an enterprise: our computers and networks become a unified resource Each of these “integration products” has its own Modes means of of originsand in concepts access resource management or process management. Channels Knowledge Portals CRM Shared Workflow Local interaction eCommunity Applications are WEB enabled Local interaction Application layer Application layer with local event handling and workflow Persistent data layer Preserves and manages data over space and time Transaction Management Middleware Hardware and Operating System Layer Integrates platforms within an enterprise: our computers and networks become a unified resource Domain of Integration Channels Modes and means of access Integration layer Resource Integration Portal Master Index Shared Workflow and Message Hub Local interaction Identifiers and identities Process Integration Application Adapters Local interaction Application layer Application layer with local event handling and workflow Persistent data layer Preserves and manages data over space and time Middleware Hardware and Operating System Layer Integrates platforms within an enterprise: our computers and networks become a unified resource Structure and infrastructure Domain of Integration Channels Commodity products and services Integration layer Portal Master Index Shared Workflow and Message Hub Local interaction Support for users to shape and govern their information environment. Local interaction Application layer Persistent data layer The information systems and communications utility. Middleware Hardware and Operating System Layer Provision value chains Integration layer Portal Master Index Shared Workflow and Message Hub Local interaction Local interaction Integration Engines: CRM, BPR, media/content, Knowledge/document Management Software development and support Application layer Software technology licensing Persistent data layer Middleware Hardware and Operating System Layer Box shifting Applications service provision / In-house Commodity devices and services Systems Integration and change management. Channels Outsource: we do it all for you… Integration layer Portal Master Index Shared Workflow and Message Hub Local interaction Local interaction Integration Engines: CRM, BPR, media/content, Knowledge/document Management Software development and support Application layer Software technology licensing Persistent data layer Middleware Hardware and Operating System Layer Box shifting Applications service provision / In-house Commodity devices and services Systems Integration and change management. Channels “Best of breed”: The IT department in control Integration layer Portal Master Index Shared Workflow and Message Hub Local interaction Local interaction Integration Engines: CRM, BPR, media/content, Knowledge/document Management Software development and support Application layer Software technology licensing Persistent data layer Middleware Hardware and Operating System Layer Box shifting Applications service provision / In-house Commodity devices and services Systems Integration and change management. Channels Government Gateway: Fit a DIS Box and London will do the rest Integration layer Portal Master Index Shared Workflow and Message Hub Local interaction Local interaction Integration Engines: CRM, BPR, media/content, Knowledge/document Management Software development and support Application layer Software technology licensing Persistent data layer Middleware Hardware and Operating System Layer Box shifting Applications service provision / In-house Commodity devices and services Systems Integration and change management. Channels Strategic integration: Integration layer Portal Master Index Shared Workflow and Message Hub Local interaction Local interaction Integration Engines: CRM, BPR, media/content, Knowledge/document Management Software development and support Application layer Software technology licensing Persistent data layer Middleware Hardware and Operating System Layer Box shifting Applications service provision / In-house Commodity devices and services Systems Integration and change management. Channels Other Domains Domain of Integration Channels Integration layer Portal Portal Master Index Shared Workflow and Message Hub Local interaction Index Hub Local interaction Application layer Persistent data layer Middleware Hardware and Operating System Layer We are not alone: There are other domains around us. Other Domains Domain of Integration Channels Integration layer Portal Portal Master Index Shared Workflow and Message Hub Local interaction Index Hub Local interaction Application layer Persistent data layer Middleware Hardware and Operating System Layer We are not alone: There are other domains around us. Universal point of Access Portal Portal • Is offer X in your catalogue the same as offer Y in mine? • How do we support and nurture brokers and intermediaries? • Sometimes we need to be able to “google” the whole federation… • This universal service enables signaling for an information economy. – Financial cost and value – Social value – Political value Universal point of Publication and Recourse Shared Workflow and Message Hub Hub • The audit trail may lead to a boundary: where do you go then? • Escalation has to stop somewhere. • Can you deliver my scripts and can I deliver yours? • How do I tell the people who need to know? – – – – – Individually addressed messages, Role and workflow based structured messages, Narrow-cast, Universal broadcast, Publication. Identity Management Master Index X Domain id XA Domain id XB Domain id XC Domain id XD Master Index Y Domain id YA Domain id YB Domain id YC Domain id YD Index Index I have identifier B in domain X and identifier C in domain Y. If application xb needs to talk to application ym about me, then it must do so via a hub to hub message. This requires that the identity management service, at the federation level, must confirm that XB ≡ YC ≡ “Me”. Who gives the identity management service the right to do this and how? Other Domains Domain of Integration Federation Services Channels Integration layer Federal points of access: the catalogue of catalogues Portal Portal Master Index Shared Workflow and Message Hub Local interaction Index Federated Identity Management Services Hub Universal point of publication, recourse and resolution. Local interaction Application layer Persistent data layer Middleware Hardware and Operating System Layer We are not alone: There are other domains around us. Domain of Integration Accepting networks Channels Integration layer Identity tokens and keys Portal Shared Workflow and Message Hub Portal Federated Identity Management Services Hub Universal point of publication, recourse and resolution. Local interaction Brand Apps Application layer Persistent data layer Federation Services Federal points of access: the catalogue of catalogues Index Master Index Local interaction Other Domains Pocketable data Middleware Hardware and Operating System Layer Smart Cards: Integrating the integration technologies Headings • • • • • • • • • High level scoping statement Legal powers and responsibilities Governance Information sharing Identity management The areas with a strong Infrastructure technical component. Messaging, events and transactions Federation Sustainability Certification authorities Trust anchors must link root and end entities. Hierarchical model A business anchor linking end entities. Trust anchors must be local. Distributed model Hierarchical model Bridge model A CA acting as facilitator between CA domains. Distributed model Hierarchical model www.projectliberty.org Other Domains Domain of Integration Federation Services Channels Federal points of access: Integration layer Shared Workflow and Message Hub Portal Portal Master Index Index Federated Identity Services Hub Universal point of publication. Application layer Persistent data layer Middleware Hardware and Operating System Layer Views of federation Safe & secure public service infrastructure: • What does Liberty Alliance do? – Best practice PKI to protect the channels and the messages. – Authentication enrolment mechanisms. – A set of mutual and community based trust creation and implementation mechanisms. – Open, progressive and federable approach. But multi-agency public service delivery, particularly the caring services, present more demanding requirements than does commerce. The requirements: • Governance. – who participates in defining the rules and processes? – how is their engagement informed and made effective? • Flexibility. – The process to be supported is the one that reengineers processes and creates new structures. • Trust. – New demarcations between structure and infrastructure. Ideas of identity and of relationship seem to be very significant in addressing these requirements. Events, Messages and Transactions. Some definitions… ….but not just a glossary. We need to be clear about the terms and concepts we use. Information A state of affairs that could be one way or another. • News of a contingency that has significance. It is communicated, - moving in space and or time. It causes something and so makes a difference. Events→Individuals→Transactions • An event: an occasion when information is generated. • Unique birth and death events delimit the existence of an individual, (also known as a principal or a party). • An event becomes a transaction when: – It involves 2 or more individuals and… – Produces intended changes in the distribution of resources and responsibilities among them Transactions→Relationships→Identities • If information from a previous transaction is used, by the same parties, in subsequent ones then this is a relationship. – – – – Multiple encounters Recognition Persistence More and different transactions. • An identity is the information used by parties to recognise each other. • An identifier links an identity to a history. • These definitions lead to two implementation concepts: – A register – An index. Register 1 An identity An Individual A local identifier Identity attributes Sets of records of the same individual with different relationships. Profile and history Relationship Rc. Relationship Ra. Register 1 An identity A relationship type + A provider identity An Individual An index correlating identifiers Associated identifiers Domain of Integration Channels Integration layer Shared Workflow and Message Hub Sets of records of the same individual with different relationships. Local interactio n Portal Master Index Local interactio n Application layer Persistent data layer Middleware Relationship Rc. Relationship Ra. Hardware and Operating System Layer A relationship type + A provider identity Index based, narrowcast publications: Associated identifiers • I, <Na>, having relationship w with individual I know as <Nb>, am willing to enter transactions q, r or s with anyone who has relationships x, y or z with this individual. • With whom can I engage in transaction u, regarding the individual I know as <Nb>? • These may be subject initiated, permissioned, joint or independent of the subject. Registers which use different attribute sets to indicate identities. Register 1 An identity A relationship type + A provider identity An Individual An index correlating identifiers Associated identifiers A domain of integration… Relationship Rc. Relationship Ra. …but where is federation? Registers which use different attribute sets to indicate identities. Register 1 Register 2 Register 3 Identity Management Provider B Sets of records of the same individual with different relationships in two different domains. Identity Management Provider A Relationship Rb. Relationship Rc. Relationship Ra. Relationship Rk. Register 1 Register 2 Register 3 Centralisation policies: • • • • • One register An index of registers and a register of registrars? One index distributed over the federation. A universal identity management service. Multiple registers, indexes and identity management services. Register 1 Register 2 Register 3 A range of trust models: A A A Á C B B C B B́ Mapping to Liberty Alliance concepts and terms: An index row represents the business anchor list for relationship suppliers who have direct trust respecting a common client. Identity managers support brokered trust (both direct and indirect) respecting an individual client. Registrars deliver Authentication Enrolment Agreements to Certification Authorities (CAs). The trusted core services support a federal, mixed model CA network in which relationship providers (and clients) are authenticatable end entities. Headings • • • • • • • • • High level scoping statement Legal powers and responsibilities Governance Information sharing Identity management The areas with a strong Infrastructure technical component. Messaging, events and transactions Federation Sustainability Issues • • • • How does all this feel to you? How much of this is available now? What can I buy today? Do our IT departments have the skills and know-how to deliver this vision? • Some of this has to be bought and deployed collectively – Who? How?