1. 1
15TH GCC eGOVERNMENT
AND eSERVICES FORUM
May 23-27, 2009 - Al a secured eGovernment case study:
Bustan Rotana Hotel - Judicial and Law enforcement cooperation between EU Member States and EU agencies
Dubai, UAE
2. Abdelkrim Boujraf
2
¨ More than 10 years implementing/studying
exchange of judicial and police information
¨ President of non-profit organisation
¨ Master in Business administration (Minor IT and
Human Resources)
¨ Graduate in Computer Sciences
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
3. Agenda
p.3
¨ The EU political background
¤ Some facts (EU, International)
¤ The need to cooperate efficiently
¨ The case study
¤ The Interoperability issues
¤ The Service Oriented Architecture vision
¤ Imaginary screenshots
¨ The conclusions
May 23-27, 2009 - Al Bustan Rotana Hotel - 15th GCC eGovernment and eServices
Dubai, UAE Forum
4. The reality
4
¨ Public administrations must
¤ Provide efficient services to their citizens and businesses
¤ reduce their operational costs
¤ communicate efficiently with foreign public administrations
and organisations
¨ How do they achieve their goals starting from their
political programmes to end with the software code?
¨ The case study’s focus on the judicial and law
enforcement real life
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
5. 5
The European Union
Political background
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
6. 6
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
7. The European Union
7
¨ Member States: 27
¨ Political centres: Brussels, Luxembourg, Strasbourg
¨ Official languages: 23
¨ Formation
¤ ParisTreaty (18 April 1951)
¤ Rome Treaty (25 March 1957)
¤ Maastricht Treaty (7 February 1992)
¤ Lisbon Treaty (?)
¨ Population: 500 Million
¨ GDP: Total $19.195 trillion
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
8. What are the threats to the security of
8
a “western lifestyle”
The climate
The migration
The agriculture
The terrorism
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
9. Three pillars (main political areas)
9
• Customs Union and Single • Foreign policy: • Drug trafficking and weapons
market • Human rights smuggling
• Common Agricultural Policy • Democracy • Terrorism
• Common Fisheries Policy • Foreign aid • Trafficking in human beings
• EU competition law • Security policy: • Organized crime
• Economic and monetary union • European Security and • Bribery and fraud
• EU-Citizenship Defense Policy
• Education and Culture • EU battle groups
• Trans-European Networks • Helsinki Headline Goal Force
• Consumer protection Catalogue
• Healthcare • Peacekeeping
• Research (e.g. Sixth Framework
Programme)
• Environmental law
• Social policy
• Asylum policy
• Schengen treaty
• Immigration policy
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
10. Pillar III: The political programmes
10
¨ Feb 1992: The establishment of Europol (The Hague, The Netherlands) was agreed
in the Maastricht Treaty on European Union of 7 February 1992
¨ The “Tampere Program”, terminated in 1999 under the Finnish Presidency, was
primarily a “management of migration flows”
¨ The Europol Convention was ratified by all Member States and came into force on
1 October 1998.
¨ Eurojust is established in 2002 by a Decision
¨ The “Hague Program” in 2004, it has been agreed upon for the creation of an
“area of freedom, security and justice”. Again it was decided on intensification of
migration policy, including the construction of the Border Agency “Frontex” and the
interception of refugees already in their home countries. “The Hague Program” puts
the “defence of terrorism” in the centre. At the level of information exchange and
cooperation we can now count on the “principle of availability”
¨ Autumn 2009, To adopt the new “Stockholm program”, containing a wish-list for
"police cooperation, the fight against terrorism, management of missions in third
countries, migration, asylum and border management, civil protection, new
technologies and information networks ".
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
11. 26 July 1995:
Council Act drawing up the Convention on the
establishment of a European Police Office
(Europol Convention).
1992 1995
07 Feb 1992:
The establishment of Europol
(The Hague, The Netherlands)
was agreed in the Maastricht
Treaty on European Union
12. 29 June 1998:
Objective of the European 15/16 Oct 1999:
Judicial Network (EJN) in criminal Set up a unit called Eurojust, with the
matters is to facilitate mutual objective of coordinating the activities
judicial assistance in the fight carried out by the national authorities
against transnational crime. It responsible for prosecution
originates in a Joint Action
adopted by the Council
1998 1999 2000
1 July 1999:
Europol commenced its full activities.
Europol’ objective is to improve the
effectiveness of, and cooperation
between, the competent authorities in
the Member States in preventing and
combating international organised
crime
13. 4/5 Nov 2004:
The “Hague Program” has been agreed upon for the
creation of an “area of freedom, security and justice”.
It was decided on intensification of migration policy,
including the construction of the Border Agency “Frontex”
and the interception of refugees already in their home
countries.
“The Hague Program” puts the “defence of terrorism” in the
centre. At the level of information exchange and
cooperation we can now count on the “principle of
availability”
2002 2004
28 February 2002:
Council Decision setting up Eurojust with a
view to reinforcing the fight against serious
crime 26 October 2004:
Council Regulation establishing a European
Agency for the Management of
Operational Cooperation at the External
Borders of the Member States of the
European Union (Frontex)
14. Autumn 2009:
To adopt the new “Stockholm program”,
containing a wish-list for "police
cooperation, the fight against terrorism,
management of missions in third countries,
migration, asylum and border
management, civil protection, new
technologies and information networks ".
2005 2009
20 Sept 2005:
European Police College (CEPOL) is created.
Its objective is to step up cooperation
between national police schools in order to
promote a joint approach to the major
problems encountered in fighting crime,
preventing delinquency and maintaining law
and order.
15. Institutions & Authorities
15
¨ European Union’s Judicial Cooperation Unit Eurojust
¨ European Judicial Network in civil and commercial
matters
¨ European Police Office Europol
¨ Police academy CEPOL
¨ Border agency Frontex, committee for the
Management of Operational Cooperation of all
police agencies of the EU within its intelligence
operation assessment centre.
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
16. 16 Facts
Riots, Terrorist attacks, cross-border serious
crimes
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
17. Frontex: Illegal Border Crossing by
17
Member States in 2007
By Land By Air
*This table is provisional and contains the data provided by Member States until February 2008 The consolidated collected data will be presented in the Annual Risk Assessment to be distributed in June 2008
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
18. Frontex: Illegal Border Crossing
18
by Member States in 2007
By Sea Total
*This table is provisional and contains the data provided by Member States until February 2008 The consolidated collected data will be presented in the Annual Risk Assessment to be distributed in June 2008
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
19. Europol: # of operational
19
projects (between ‘06 and ‘07)
4
3.5
3
2.5
2
1.5
1
0.5 2006
0
2007
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
20. Europol: Progression of info.
20
exchange from 2000 until 2007
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
21. Eurojust: Requested countries vs.
21
Requesting countries
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
22. Terrorist attacks in Europe
22
(between 2002 and 2009)
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
23. Riots in Europe
23
(between Dec 2008 and Feb 2009)
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
24. 24 The case study
Judicial and Law enforcement cooperation
between EU Member States and EU agencies
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
25. EU Interagency Collaboration - The reality….
25
¨ During a routine check Spanish customs intercept a
shipment of coffee containing cocaine in the harbour of
Malaga.
¨ The container came from Caracas, Venezuela and was
supposed to be transported by road to Antwerp and to be
delivered to a trade company called BE.
¨ A number of persons are taken into custody, whilst
investigations start…..
¤ The involved authorities (Europol and Eurojust) need to
collaborate in a quick and efficient manner.
n European Arrest Warrant
n Rogatory Letter
n Joint Investigation Teams
n ….
¤ They need to remain in control of their systems
¤ They need to follow local as well as EU-wide laws,
agreements and policies
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
26. High level exchange of information
between National Judicial & Law Enforcement authorities, Europol and Eurojust
Page 26
27. The European interoperability
27
framework
Pan-European eGovernment Services (PEGS)
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
29. Scope / Area of validity
Page 29
Member States A Member States B
Administration
Businesses
A
A2B
Citizens A2A Citizens
A2C
A2C
Administration Administration A2C
Businesses
A A2A B
A2B
A2A A2B
European administration
30. Software architecture
30
Bilateral architecture Multilateral architecture
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
31. Basics of software strategy
Page 31
¨ Interoperability based on
¤ open standards
¤ open interfaces
¨ Goals …
¤ Create the lowest possible obstacles for adoption
¤ Independence from specific software vendors
¤ Long-term sustainability of software (moderate costs,
reusability, etc.)
¤ Security of communication and systems
32. Definition of an Open Standard
32
¨ The standard is adopted and will be maintained by a not-
for-profit organisation, and its ongoing development occurs
on the basis of an open decision-making procedure
available to all interested parties (consensus or majority
decision etc.).
¨ The standard has been published and the standard
specification document is available either freely or at a
nominal charge. It must be permissible to all to copy,
distribute and use it for no fee or at a nominal fee.
¨ Intellectual property – i.e. patents possibly present – of
(parts of) the standard is irrevocably made available on a
royalty-free basis.
¨ There are no constraints on the re-use of the standard.
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
33. 33 Software architecture
From the technical requirements to the code
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
34. Principles vs. Technical requirements
34
Technical Software
Privacy Subsidiarity
Architecture Architecture
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
35. Enforcement of Steps – Levels of
Enforcement
Optimistic strategy Confidence
Confirmation
Controlling by Process Design
Agreements and policies
Monitoring and Controlling
Dual Control
Pessimistic strategy Direct control
36. Security analysis
36
Security and Organisational
Control Requirements Cross-Organisational
Workflow
private public
- Collaboration A
B
public private
- Transactions A B
A
- Basic Security Services
public
- Rights Management B
- Privacy private
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
37. Security analysis
37
Security and Organisational
ACID-Properties
Control Requirements
- Collaboration Advanced Transaction Models
- Transactions Coordination
Pivot, Compensate, Retry
- Basic Security Services
Enforcement (of steps)
- Rights Management
- Privacy Mixed/Atomic Outcome
Time constraints
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
38. Security analysis
38
Security and Organisational
Control Requirements Confidentiality
- Collaboration Data Integrity
- Transactions Authentication
Non-Repudiation
- Basic Security Services
Time Stamping
- Rights Management
- Privacy Traceability / ‘Structured Proof’
Assurance
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
39. Security analysis
39
Security and Organisational
Control Requirements
Access Control
- Collaboration
- Transactions Delegation
- Basic Security Services Revocation
- Rights Management
Separation of Duties
- Privacy
Obligation of Duties
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
40. Security analysis
40
Security and Organisational
Control Requirements
Anonymity / Pseudonymity
- Collaboration
- Transactions Data Control / Obligation Management
- Basic Security Services
- Rights Management
Unlinkability / Unobservability
- Privacy
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
41. Unisys SOA reference architecture
41
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
42. Service Oriented Architecture
42
Security Security
Audit Control … Audit Control …
policy policy
Enterprise Service Bus Enterprise Service Bus
Web Web
Workflow Management Services Services Workflow Management
System Contracts Contracts System
Legacy Application Legacy Application
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
43. Privacy Preservation in distributed Role
43
Based Access Control
Organisation A’s Org-to-Org Confidentiality and End-to-EndDistributed role based access Organisation B’s
domain of trust Authenticity protection domain with subject privacy protection domain domain of trust
Privacy Srv. Oblig. Srv. PAP PDP Application PEP IOP GW IOP GW PEP PDP PAP Oblig. Srv. Service
load policies request
autorisation request load policies
auth. decision
role mapping request
identity protection request
attribute cert. Organis
ation A
request with attribute certificate holding distributed roles and user pseudonym
Prosecutor
send OUT
REQUEST .
request
Request with
attribute
User X.Y..
certificate attribute certificate and request validation
holding auth. request
distributed roles authorisation decision
and user
obligation service invocation
pseudonym,
signed by Root request with distributed roles
CA of target service invocation
Organisation A
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
45. WS-Choreography Description
Slide 45
Language
• W3C recommendation
• Describes the global view
Web
service Web
service
process flow
collaboration
Web Web Web Web
service service service service
The BPEL view The CDL view
BPEL: Business Process Execution Language
CDL: Choreography Description Language
Monitoring of Service Choreographies 07/08/12
46. 46 Imaginary screenshots
Cross organisation exchange of information
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
47. Imaginary screenshots
Request for information
47
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
48. Imaginary screenshots
Controlling the Choreography
48
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
50. Imaginary screenshots
50
Retrieve data & Send response
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
51. Imaginary screenshots
51
Controlling the Choreography (final step)
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
52. 52 conclusions
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
53. Conclusions
53
¨ You need to incorporate the … constraints
¤ Political
¤ Business
¤ Organisational
¤ Technical
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
54. Conclusions
54
¨ Do you have … understanding each other?
¤ Lawyers
¤ Economists
¤ Linguists
¤ Business Architects
¤ Project managers
¤ Software Architects
¤ Software developers
¤ Testers
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
55. Conclusions
55
¨ Where can you find software developers knowing so
much concepts?
¨ Do you use one methodology for each software
development steps?
¨ COTS vs. Do-it-yourself?
¨ Have you developed a proof of concept using a
complex use case running under the selected
software architecture?
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
56. 56 Miscellaneous
Resources, references, contact details
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
57. R4eGov
Page 57
¨ Funded by: the European Commission through the Framework Programme 6
– Integrated Project
¨ Contract duration: from March 2006 to March 2009
¨ Budget: €11.4 millions (€7.4 millions financed by EC)
¨ Partners: 20 partners in 7 countries (BE, FR, IT, UK, NL, DE, AT)
¨ Tasks: 11 Work packages (Coordination, Dissemination, User Group /
Case studies, Interoperability, Security, Integration, Training, Development
of 2 Demonstrators)
http://www.r4egov.eu
58. Resources available
Page 58
¨ Website:
¤ http://www.r4egov.eu
¨ Three Video presentations
¤ http://www.dailymotion.com/group/r4egov
n Business Presentation
n Technical components
n Architecture mechanisms
¨ Tools
¤ eGovCube: http://www.uni-koblenz.de/~regov/
¨ European Commission
¤ Framework Programme 6: http://ec.europa.eu/research/fp6/index_en.cfm
¤ Information Society Technologies: http://cordis.europa.eu/ist/about/about.htm
59. References
59
¨ Eurojust: http://europa.eu/scadplus/leg/en/lvb/l33188.htm
¤ http://www.eurojust.europa.eu/press_releases/annual_reports/2006/Annual_Report_2006_EN.pdf
¤ http://www.eurojust.europa.eu/press_releases/annual_reports/2007/Annual_Report_2007_EN.pdf
¨ Europol: http://europa.eu/scadplus/leg/en/lvb/l14005b.htm
¤ http://www.europol.europa.eu/publications/Annual_Reports/EuropolAnnualReport2006.pdf
¤ http://www.europol.europa.eu/publications/Annual_Reports/Annual%20Report%202007.pdf
¨ European Judicial Network: http://ec.europa.eu/civiljustice/index_en.htm
¨ CEPOL: http://europa.eu/scadplus/leg/en/lvb/l14006.htm
¨ Frontex: http://europa.eu/scadplus/leg/en/lvb/l33216.htm
¤ http://www.frontex.europa.eu/gfx/frontex/files/justyna/annual_report_2006%5B1%5D.pdf
¤ http://www.frontex.europa.eu/gfx/frontex/files/justyna/frontex_general_report_2007_final.pdf
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
60. Riots / Strikes in Europe
60
¨ Greece (Dec 2008) http://en.wikipedia.org/wiki/2008_Greek_riots
¨ Iceland (Jan 2009) http://en.wikipedia.org/wiki/2009_Icelandic_financial_crisis_protests
¨ Sweden (Dec 2008)
¨ Lithuania (Jan 2009) http://www.nytimes.com/2009/01/17/world/europe/17lithuania.html
¨ Latvia (Jan 2009) http://en.wikipedia.org/wiki/2009_Riga_riot
¨ Bulgaria (Jan 2009) http://www.reuters.com/article/latestCrisis/idUSLE473019
¨ France (Feb 2009)
http://www.heralddeparis.com/rage-and-violence-anti-nato-march-in-strasbourg-started-
peacefully/29960
¨ Guadeloupe (16 Feb 2009)
http://www.kuwaittimes.net/read_news.php?newsid=OTcwMjc3MzQ3
¨ Lampedusa – Italy (Feb 2009)
http://www.timesofmalta.com/articles/view/20090219/world-news/illegal-immigrants-start-
fires-clashes-at-lampedusa
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE
61. References
61
¨ Pictures from http://www.flickr.com
¨ Maps generated by http://gunn.co.nz/map/
¨ Definitions from http://www.wikipedia.org
May 23-27, 2009 - Al Bustan
15th GCC eGovernment and eServices Forum
Rotana Hotel - Dubai, UAE