SECURE DATA INTERCHANGING IN E-GOVERNMENT A MODEL FOR TURKEY

(1)

SECURE DATA INTERCHANGING IN E-GOVERNMENT A MODEL FOR TURKEY

A MASTER’S THESIS in Computer Engineering Atılım University by ÖZGÜR ÖZTÜRK

(2)

SECURE DATA INTERCHANGING IN E-GOVERNMENT A MODEL FOR TURKEY

A THESIS SUBMITTED TO

THE GRADUATE SCHOOL OF NATURAL AND APPLIED SCIENCES OF

ATILIM UNIVERSITY BY

ÖZGÜR ÖZTÜRK

IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF

MASTER OF SCIENCE IN

(3)

Approval of the Graduate School of Natural and Applied Sciences

_____________________

Prof. Dr. İbrahim Akman Director

I hereby certify that this thesis satisfies all the requirements as a thesis for the degree of Master of Science.

_____________________

Prof. Dr. İbrahim Akman Head of Department

This is to certify that we have read this thesis and that in our opinion it is fully adequate, in scope and quality, as a thesis for the degree of Master of Science.

____________________ _____________________

Prof. Dr. Ali Yazıcı Instructor Ziya Karakaya

Co-Supervisor Supervisor

Examining Committee Members

Prof. Dr. İbrahim Akman _____________________

Prof. Dr. Ali Yazıcı _____________________

Asst. Prof. Dr. Çiğdem Turhan _____________________

Dr. Ali Arifoğlu _____________________

(4)

ABSTRACT

SECURE DATA INTERCHANGE IN E-GOVERNMENT: A MODEL FOR TURKEY

Öztürk, Özgür

M.S., Computer Engineering Department

Supervisor: Instructor Ziya Karakaya

Co-Supervisor: Prof. Dr. Ali Yazıcı April 2005, 80 pages

The developments in internet technologies provide opportunities for secure, fast and effective data interchange through the Internet. The efficient use of these technologies such as electronic government services contributes to the welfare of individuals, companies and agencies in several aspects. Since many of the currently used government architectures do not provide effective data interchange between the agencies and individuals, important problems occurred across the e-government network upon start of the new internet based technologies used as international standards; the proposed model provides an effective and secure data interchange in e-government. This thesis proposes a secure data interchange model in e-government for Turkey.

Keywords: Interoperability, Interoperability Framework, Agency, E-Citizen, Portal, E-Company, E-government

(5)

ÖZ

E-DEVLET İÇİNDE GÜVENLİ VERİ DEĞİŞİMİ TÜRKİYE İÇİN BİR MODEL

Öztürk, Özgür

Yüksek Lisans, Bilgisayar Mühendisliği Bölümü Tez Yöneticisi: Instructor Ziya Karakaya

Ortak Tez Yöneticisi: Prof. Dr. Ali Yazıcı Nisan 2005, 80 sayfa

İnternet dünyasındaki gelişmeler güvenli, hızlı ve etkili bir veri iletimine imkan sağlamaktadır. Bu teknolojilerin yerinde kullanımı insanların, kamu kurumlarının ve şirketlerin refahını etkileyen bir çok faktörden biri olan devletin elektronik ortamdaki hizmetlerine önemli katkılarda bulunabilecektir. Devlet kurumlarının kendi aralarında yada bu kurumlar ile bireyler veya şirketler arasında elektronik ortamda yapılmaya çalışılan veri iletiminin standart, güvenli ve hızlı olamaması önemli sorunlar yaratmaktadır. Bu model internet tabanlı yeni teknolojilerindeki gelişmeleri kullanarak e-devlet yapısı içerisinde ve e-devleti oluşturan unsurlar arasında güvenli, dünya standartlarına uygun, etkili ve hızlı bir veri iletimini hedeflemektedir. Bu tez, Türkiye için güvenli ve etkili bir e-devlet modeli önermektedir.

Anahtar Kelimeler: Birlikte çalışabilirlik, Birlikte çalışabilirlik çerçeve yapısı, Kurum, E-Vatandaş, Portal, E-Şirket, E-Devlet

(6)

To my dear family

(7)

ACKNOWLEDGMENTS

First, I would like to thank my thesis supervisor Ziya KARAKAYA for his guidance, insight and encouragement throughout the study. Thanks also go to my co-supervisor Prof. Dr. Ali YAZICI.

I should also grateful to examination committee members Prof. Dr. İbrahim AKMAN, Dr. Ali Arifoğlu, Asst. Prof. Dr. Çiğdem Turhan for their valuable suggestions and comments.

I would like to express my love to all the members of my family for their patience, sympathy and support during the study.

(8)

LIST OF FIGURES

FIGURE

3.1 Model Outline ...21

4.1 Client-Agency Interactions………...30

4.2 SSL and Certification Mechanism……...31

4.3 Authentication Mechanism………...33

4.4 Portal Usage...36

4.5 E-service Registry Usage...36

4.6 Message Flow between Client, Registry and Provider...38

4.7 User-Agency Interactions ……...39

4.8 Agency-Agency Interaction...41

4.9 Data Substitution………....…...43

4.10 Demographic Data Recording ...45

4.11 TCKIMLIKNO Searching………... 46

4.12 VERGINO Searching and Recording ...47

4.13 Web Service Introduction Page ...48

4.14 Web Method of the Web Service Maliye ...49

4.15 Web Methods of the Web Service Mernis ...50

4.16 The web method GetMernisData ...51

4.17 The output of GetMernisData ...52

4.18 The web method SearchMernisData ...53

4.19 The Output of SearchMernisData ...54

4.20 Soap Request ...55 4.21 Soap Response ...55

LIST OF TABLES

TABLE 2.1 XML document …...12 2.2 SOAP Request ………...13 2.3 SOAP Response………... ……...13 4.1 Metadata Example …………..………...25 4.2 XML Document (shiporder.xml)………...27

4.3 XML Schema Document (shiporder.xsd) ……...28

4.4 SOAP Request ………...34

(11)

LIST OF ABBREVIATIONS

IF Interoperability Framework XML eXtensible Markup Language SOAP Simple Object Access Protocol

UDDI Universal Description, Discovery, and Integration WSDL Web Services Description Language

MS Metadata Standard

DBMS Database Management System SSL Secured Socket Layer

(12)

CHAPTER I

INTRODUCTION

We live in an increasingly interconnected society, where the Internet has spawned tremendous improvements in efficiency and customer service. People use the telephone and the internet to get service 24 hours a day, seven days a week. In such a growing world, governments should transform themselves to give better services for citizens. In governments’ side, internet technologies become a key for new, technological government services. This approach, “offering better government services using internet”, created the concept of “e-government” [1].

It should be clear that, e-government is about transformation; technology is a tool. E-government is about transformation that helps citizens and businesses to find new opportunities in the world’s knowledge economy. In addition, it can be considered that, e-government is a powerful tool for improving the internal efficiency of government and the quality of service delivery as well as enhancing public participation [2].

E-government is the use of the expertise, technology, and partnerships to integrate government services for the public by using power of the internet; it is not just a web page, which is simple HTML document on the web [3]. Until recent times, government, in general, has approached the task of providing services from an agency centric perspective. However, e-government views the world from a customer-centered perspective, a paradigm that precludes stovepipe services in which citizens must go to multiple agencies (and often multiple offices within an

(13)

agency) to do business with government. Providing services from a customer centered perspective means developing a single service interface regardless of what agency actually provides the service. By the E-government initiative, the primary goals for the governments are to:

• Make it easy for citizens to obtain service and interact with the government; • Improve government efficiency and effectiveness; and

• Improve government’s responsiveness to citizens [3, 4].

These three main targets can be explained in detail as the following outcomes that the e-government program seeks:

Convenience and Satisfaction: Services provided anytime, anyhow, anywhere. People can have a choice of channels to government information and services that are convenient, easy to use and deliver what is wanted [5].

Integration and Efficiency: Services those are integrated, customer centered, and efficient. Information and services are to be integrated, packaged, and presented to minimize cost and improve results for people, businesses, and providers [6]. As an example, according to an IRS news release of April 26, 2002, 39.5 million Americans filed their 2001 income taxes electronically in 2002, 6.6 million of these used home computers—a one-third jump from the previous year. People apply for passports and various licenses (for example, many states allow driver’s license renewals via the Internet), and businesses apply for patents and permits, and supply wage reports and other required information to government agencies [7].

Participation: Participation in government. People and organizations are to be better informed and able to participate in government. The following approaches can be included in the meaning of participation:

• Aligning organization strategy and activities with the e-government strategy. • Working with customers and stakeholders to learn how they can benefit

(14)

• Ensuring business plans (outputs, services, budgets) cater to the required activities.

• Integrating common foundations of e-government into the organization's business environment.

Not all of these outcomes can be gained without the well-structured agencies that are responsible for giving customer centered services in e-government. Even if the government agencies can have their own infrastructures and specifications, the data/information should flow from an agency to another. This scenario is possible if the agencies can speak in the same language and understand each other. In e-government, this concept called as “interoperability”. By interoperating, agencies can:

• provide services and information electronically in the way that people want (convenience and satisfaction)

• work together electronically acting more like a single enterprise than a collection of individual agencies (integration and efficiency)

• make information available to people in ways that help them to participate in the processes of governance (participation) [8, 9]

1.1 Background of Problem

E-government initiatives focus attention on a number of issues: how to collaborate more effectively across agencies to address complex, shared problems; how to enhance customer focus; and how to build relationships with private sector partners. Public administrations must address these issues if they are to remain responsive. These problems can be classified as follow.

• Citizens need to access government services or data/information at any time, anywhere, and by use of different types of technologies.

• Agencies need to work/understand with each other and prevent extra economic loads of storing same data/information in number of different places (agencies).

(15)

• Businesses need to make efficient transactions with government using government web services and create new markets on the internet.

Government agencies use old and technology dependent infrastructures. In this structure, interchanging data between two systems is difficult to realize. Inconsistent data definitions such as address, date, unique identifiers are the real problems for data interchanging. For instance, the government agencies and many of hospitals identify their clients or patients by use of different unique identifiers. Although Turkish people have unique identifier (TCKIMLIKNO), many of the government agencies do not use this number for identifying their clients. Shared data/information should have the same meaning for communicated agencies. It means that, there should be a consistency of semantics and syntax in data/information interchanging. In order to solve these types of technical problems, purchasing new systems, that are compatible with each other, is not a solution. Because, this type of approach requires lots of money and creates big economical load for the government agencies and government itself.

These problems are caused by not only technological aspects but also legal difficulties and governmental procedures. In most cases, one of the most important problems is the absence of legal decisions for interchanging data between agencies. Agencies do not know how to share data/information with other agencies, and do not know what the sharing criteria in interchanging data/information are, which is the common opinion mentioned by the agencies, which participated into TBD meetings in Fall 2004.

The e-government logic provides a solution for these problems providing a platform that has extensible, reusable, easy accessible, standardized, and secure structures at technological level and requires efficient managerial approaches.

1.2 Purpose of the Study

Purpose of this study is to examine current approaches to e-government and develop an applicable data interchange model for Turkey based on current and

(16)

innovated technologies. This study also examines the advantages of the e-government project and the benefits of secure, layered, and integrated e-e-government infrastructures that make the adoption of e-government structure possible by other countries.

1.3 Definitions of Terms

E-government: E-government is the use of electronic processes by citizens,

businesses, and the government to communicate, to disseminate and collect

information, to facilitate payments, and to carry out permitting in an online environment [10].

SOAP (Simple Object Access Protocol): SOAP is a lightweight XML-based protocol for exchanging structured and typed information. SOAP is the ingredient that provides functionality on remote machines without needing to know anything specific about those machines. (See section 2.2.3 for details)

WSDL (Web Services Description Language): When it comes to building a Web service, the Web Services Description Language (WSDL) is the most popular option for describing Web services. WSDL is the XML-based language for describing Web services [11]. (See section 2.2.3 for details)

UDDI (Universal Description, Discovery, and Integration): UDDI is a Web Service itself, and it allows businesses and individuals to publish information about themselves and the Web Services they are offering. It is conceived as a global directory service, open to everybody, simple to use, and comprehensive in its scope [12]. (See section 2.2.3 for details)

Web Service: A Web service is a unit of application logic providing data and services to other applications. Applications access Web services via ubiquitous Web protocols and data formats such as HTTP, XML, and SOAP, with no need to worry about how each Web service is implemented. Web services combine the best aspects of component-based development and the Web [13]. (See section 2.2.3 for details)

(17)

Web Page: A HTML document on the web. Server: A machine that offers internet services.

Client: A machine that operates on the user site. This term, sometimes can indicate the “user” or a “computer program” running on the user machine.

Internet: A global network that includes the huge collection of computer networks on the world [14].

(18)

CHAPTER 2 REVIEW OF LITERATURE

Today we expect information and services to be online and available all times in our homes, schools, libraries, and work places. We have been quick to adopt the new ways of communicating both in business and in our personal life. Government is responding to these new demands [15].

E-government is all about government agencies that are working together to use technology so that they can better provide individuals and businesses with government services and information. E-Government is not a massive Information Technology (IT) project or a web page on the internet. Much of it is about establishing common standards across government agencies, delivering services more effectively, and providing ways for agencies to work together using technology [16]. E-government covers enhanced services for individuals and provides a better environment to build a knowledge-based economy and sustained prosperity. In addition, e-government makes it easier and cheaper to do business with government.

Information systems have the potential to transform government and the services it provides to the public. However, it is not possible to work together to deliver ‘joined up’ services without consistent policies and standards to underpin those systems. The well-defined web services make possible to achieve fast and efficient interaction of e-government components. There are main components that shape the e-government initiative and principles of data flow across the government sector. These main components are

(19)

• Agency • E-Citizen • Portal • E-Company

Agency: Agency is the association in the government. Agency has its own services and shares these services with other agencies, companies and citizens.

E-citizen: E-citizen is an individual. In e-government structure, citizens want to access any type of data/information about the government and try to make their government related works by using government agencies web services [17].

Portal: Portal is the place where people or companies find the ways to access other agencies web sites. In other words, portal provides a single point access to other part of the e-government structures [17]. It is a convenient way of finding out about government information and services from one place, without having to understand how government is structured and therefore which sites you need to use. In addition, government web site use is an important indicator proving whether government in general fulfills citizen expectations [18].

E-company: E-Company is the commercial institution that wants to offer its government related works via the internet and e-government structure.

All of these components have great roles in the e-government initiative. Mainly, agency, e-citizen and e-company should be able to communicate with each other in secure ways and portal should provide a single point access to other agencies’ web sites. All agencies should be able to share data/information with other parties by using internet-based solutions.

Agencies in e-government should be able to make data/information interchanging between each other and citizens by using common and consistent standards. This is one of the most important goals of an e-government project. In order to achieve seamless flow of data interchanging between agencies and other

(20)

government components, shared data/information should be same for all e-government parties. In order to achieve this goal, the special structure or platform is needed.

At this point, the concept of “interchanging data between e-government agencies” becomes a problem that is absolutely needed to solve in E-government initiative. Transferring data from one agency to another, understanding the meaning of transferred data, processing this and producing other valuable information require interoperable, secure, adoptable and layered platform and all government agencies must have this “framework“ structure for “interoperability” [19].

From now on, this platform will be called as Interoperability Framework (IF). The interoperability framework sets out the government’s technical policies and standards for achieving interoperability [20, 21]. Clearly defined policies and specifications for interoperability and information management are also keys for staying connected to the outside world and aligned to the global information revolution. The IF provides all of these conditions. It is a fundamental framework policy for the e-government strategy [21].

The concept of “interoperability” is the core of the e-government initiative with respect to government. Interoperability can be explained as “the ability of government organizations to share information and integrate information and businesses by use of common standards” [22].

This ability, more precisely capability, clearly shows that the IF is a core and collective public sector asset, providing one of the common foundations of the e-government environment. It is critical to achievement of e-e-government goals, providing the capability for any agency to join with other electronically using known and agreed approaches to do so. This capability underpins several e-government objectives. In particular, use of the IF enhances the capability of agencies to

• integrate information and services across agency boundaries; and

(21)

Governments should have interoperability framework to have better public services tailored to the needs of the citizen and business. If it is assumed that the legal and politic difficulties are overcome, main steps about producing government interoperability framework can be generalized as:

• determination of main policies and targets • determination of standards and

• specifying core elements of interoperability framework 2.1 Determination of Main Policies and Targets

IF, as a cornerstone of the e-government strategy, enables individuals to address the challenges of today’s diverse systems and position themselves for new opportunities in the future.

Adherence to the IF specifications and policies is mandatory. They set the underlying infrastructure, freeing up public sector organizations so that they can concentrate on serving the customer through building value added information and services. It should be for the organizations themselves to consider how their business processes can be changed to be more effective by taking advantage of the opportunities provided by increased interoperability.

For governments, IF should be considered so that the data/information can be easily and securely accessible. In addition, IF should enable data/information flow between government agencies that have their own infrastructures and legacy systems. The legacy systems should not be the problem for data interchanging between government agencies. Agencies and other components of e-government should understand with each other independently from their technologies and legacy systems.

2.2 Determination of Standards

In e-government structure, data/information should flow from one agency to another in the same meaning. All government components should talk in the same language. Otherwise, inconsistent dialogs, data/information redundancy problems

(22)

may occur. In order to overcome such problems “common data dictionary” should be created by taking opinions of all government agencies. With common data dictionary, providing secure, easy, standard, and fast data integration may be succeeded.

In an e-government project, government aims to serve citizens, businesses and other government components by using well-defined web services. At this point, defining web services, registering these services and making agencies to speak in the same language are important issues. In most cases, to achieve these goals, new technologies, and international standards such as Web Services, XML, UDDI, SOAP, and WSDL are preferred.

2.2.1 Web Services

To facilitate business processes, enterprise applications must communicate with one another and share data. Historically, is accomplished through proprietary specifications and data formats. However, the emergence of the World Wide Web and XML (eXtensible Markup Language)—an open technology for data exchange— has increased the possibility for interoperable system-to-system communication [24].

Web services are applications that communicate over open protocols such as HTTP using structured forms of XML such as the Simple Object Access Protocol or Remote Procedure Calls for XML. The success of web services is largely based on the continuous development of standards that ensure interoperability [25]. Web services are software programs that use XML to exchange information with other software via common Internet protocols.

2.2.2 XML (eXtensible Markup Language)

XML is a widely supported, open (i.e., non-proprietary) technology initially released in 1996 by the World Wide Web consortium to facilitate data exchange. As the popularity of the Web exploded in the 1990s, the limitations of HTML (Hypertext Markup Language) became apparent. HTML’s lack of extensibility (the ability to change or add features) and its inability to describe the data it formatted frustrated developers. XML is a complement of HTML. It is important to understand

(23)

that XML is not a replacement for HTML. In future Web development it is most likely that XML used to describe and carry data and focus on what data is, while HTML is used to format and display the same data and focus on how data looks [26]. XML is a cross-platform, software and hardware independent tool for transmitting information. The table 2.1 illustrates the basic example of the XML document, which can be used to define “note” data.

Table 2.1 XML document 2.2.3 SOAP (Simple Object Access Protocol)

SOAP is an XML-based protocol for exchanging information between computers. Although SOAP can be used in a variety of messaging systems and can be delivered via a variety of transport protocols, the initial focus of SOAP is remote procedure calls transported via HTTP. SOAP therefore enables client applications to easily connect to remote services and invoke remote methods. For example (as we shall soon see), a client application can immediately add language translation to its feature set by locating the correct SOAP service and invoking the correct method [27].

The purpose of SOAP is to enable data transfer between systems distributed over a network. When an application communicates with a web service, SOAP messages are the means through which the service is requested and provided. A SOAP message sent to a Web service invokes a method provided by the service, meaning that the message requests the service to perform a particular task. The service then uses information contained in the SOAP message to perform its function and return the results via another SOAP message. As an XML-based communication protocol, SOAP consists of a set of standardized XML schemas. The schemas define a format for transmitting XML messages over a network, including the types of data

<note>

<heading>Reminder</heading> <body>Don't forget dinner!</body> </note>

(24)

that the message can include and the precise way in which the message must be structured so that the server on the other end can interpret it correctly. (e-GIF UK, 2004) In the example below, a GetStockPrice request is sent to a server. The request has a StockName parameter, and a Price parameter returned in the response. The namespace for the function is defined in "http://www.stock.org/stock" address. The tables 2.2 and 2.3 illustrate the basic example of the SOAP request and response.

<?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2001/12/soap-envelope" soap:encodingStyle="http://www.w3.org/2001/12/soap-encoding"> <soap:Body xmlns:m="http://www.stock.org/stock"> <m:GetStockPrice> <m:StockName>IBM</m:StockName> </m:GetStockPrice> </soap:Body> </soap:Envelope>

Table 2.2 SOAP Request

HTTP/1.1 200 OK

Content-Type: application/soap; charset=utf-8 Content-Length: nnn <?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2001/12/soap-envelope" soap:encodingStyle="http://www.w3.org/2001/12/soap-encoding"> <soap:Body xmlns:m="http://www.stock.org/stock"> <m:GetStockPriceResponse> <m:Price>34.5</m:Price> </m:GetStockPriceResponse> </soap:Body> </soap:Envelope>

Table 2.3 SOAP Response 2.2.4 WSDL (Web Services Description Language)

Another standard that plays a crucial role in enabling Web services is WSDL. It is an XML format to describe how a particular Web Service can be called, what arguments it takes, and so on [12]. Every Web service published on the Internet accompanied by an associated WSDL file, which lists the service’s capabilities, states its location on the Web, and provides instructions regarding its use. A WSDL file defines the kinds of messages a Web service can send and receive, as well as

(25)

specifying the data that a calling application must provide for the Web service to perform its task.

2.2.5 UDDI (Universal Description, Discovery and Integration)

The third major Web services standard, UDDI, enables developers and businesses to publish and locate UDDI defines an XML-based format in which companies can describe their electronic capabilities and business processes; the specification also provides a standardized method of registering and locating the descriptions via the Internet. Part of the information that companies can supply is data regarding available Web services. Companies can store their information either in private UDDI registries, which are accessible only to approved business partners, or in public UDDI registries, which any interested party can access.

2.2.6 XML Schema

XML Schema Published as a W3C Recommendation. XML Schemas define shared markup vocabularies, the structure of XML documents, which use those vocabularies, and provide hooks to associate semantics with them. XML Schema provides an essential piece for XML to reach its full potential.

2.3 Interoperability Framework

The IF is a critical component of the e-government strategy, which implies development of a framework of policies and standards for achieving the capability for agencies to electronically interoperate on a consistent basis. IF is the key for many of the countries that try to create/design interoperable, easily accessible and secure government systems (Denmark, New Zealand). In all of these countries, the framework considered so that it covers the high-level policy statements, technical policies and management, implementation and compliance regimes.

Standards and architectures for e-government applications contain technical directives and specifications for the development of e-government in the countries that work on the development of IF. The directives and standards aim at ensuring interoperability among the different IT systems of the public administration, thereby

(26)

enabling seamless communications and data sharing between all levels of government. In addition, this standardisation generates savings by reducing overall development costs and dramatically cutting the financial costs associated with non-interoperability of public sector systems.

The policies and standards in the IF cover three key areas of technical policy, which are essential for interoperability. These are Interconnectivity, Data Integration, and Information Access. In all of these areas, the main trust of the specification has been to adopt the Internet and World Wide Web standards for all government systems. In most cases, to achieve this goal, some common technical approaches, listed below, are applied in the current interoperability frameworks that different governments designed/created for themselves.

• Metadata Standard (MS)

MS defines the structure and rules governing metadata used by the public sector [28].

• XML Schema Structure

XML Schemas may be used to support an environment in which data is always in same meaning [29].

• Data Standard Catalogue

Sets out the rationale, approach and rules for setting and agreeing the set of Government Data Standards [30].

• E-Service Registry

E-Service registry considered as a structure that is responsible for storing e-government web services [31].

All of these technical approaches applied in many of the e-government systems for similar purposes [33, 34]. Even if these technical standards are used for the same purposes in current systems, some differences are observed. For example, the New Zealand uses the layered model and common technical standards for IF, while the UK uses the e-GIF Registry approach for IF, but both countries uses XML, metadata standards, XML Schema standards, data standards catalogue architecture and other international open standards.

(27)

Even if the e-government initiatives have some differences in technical meanings, the main purpose of IF, for all governments, is to identify significant technology standards that have been deployed on a large scale across the e-government initiatives so as to ensure overall technical consistency. As such, it provides a guideline for public agencies as they develop new ICT projects. In this case, all government agencies are encouraged to adhere to the framework in order to avoid a multitude of bilateral interoperability agreements and to allow for a seamless flow of data exchange between administrations.

In addition, the general framework recommendations should include the use of open standards and the redesign of administrative processes taking advantage of available technology. The policies and specifications, placed in IF, should be focused on the following high-level principles [35]:

• Effectiveness: e-government should not be limited to put existing services online, it should also enable the delivery of entirely new services.

• Efficiency: integrating local, regional, and national administrations should cut costs and improve access to information.

• Flexibility: citizens and companies should have multi-channel access to e-government services 24 hours a day, 7 days a week [35].

2.3 Legacy Systems

The concept of "legacy systems" is the critical point of the e-government project. The legacy systems are the systems that used by the agencies or other associations. For example, currently used database management system in a certain agency can be called legacy system. It is possible that the different agencies will use different legacy systems. Therefore, the IF should offer a medium in which all of these different types of systems can talk with each other.

The associations or agencies may made big investments for these legacy systems and their currently used systems in the past. For the success of the e-government project, dropping these legacy systems and purchasing new structures for all agencies requires lots of money. This type of approach is a big economical

(28)

load for the governments. Therefore, The IF and other e-government systems should be independent of the legacy systems.

(29)

CHAPTER 3 METHODS OF THE STUDY

This chapter reveals the main question of the study and related sub-questions. The methods of the study and research design are also discussed in this chapter. In addition, the proposed data interchange model for Turkey, the appropriate components of this model and the workflow are also presented.

3.1 Main Problem and Sub – Problems 3.1.1 Main Research Question

The main purpose of this study was to offer e-government data interchange model for Turkey and to investigate the advantages of this model across the government.

3.1.2 Sub-Questions

In this research, answers to the following questions were sought.

Question 1. What is the e-government concept?

Question 2. What are the main advantages of the e-government?

Question 3. What are the main components of e-government data interchange Model?

Question 4. What are the main technologies that can be used for e-government Data Interchange Model?

Question 5. What is the current state of data interchange between government agencies in Turkey?

(30)

Question 6. What should be the key strategies for developing a data interchange model for Turkey?

Question 7. Is the proposed model different from other models? If yes, what are the advantages that shared with other models, and the additional advantages?

Question 8. Is there any international approach about the e-government initiative and the information society that is taken into consideration by Turkish Government? (See the answers of these questions in section 5.1 on page 57)

3.2 Design of the Study

In this research, a data interchange model is offered for Turkey. In addition, the mechanisms for the concept of “secure data interchanging” are considered. For the purposes of the study, firstly, the concept of “e-government” investigated. Then, the current approaches in the world for e-government initiative were taken into consideration and studied. Afterwards, the new technologies used in current e-government models were investigated and studied.

The specific agencies in Turkish government shared their opinions and approaches regarding e-government in meetings (TBD, Fall 2004). During the discussions, predefined the agencies were asked questions to find out limitations, technical deficiencies, and legal difficulties. In these discussions, agencies explained their current structures, workflows, technical infrastructures, and legacy systems.

After these meetings across the government, the technical components of the e-government model were considered and necessary elements of the model were specified based on the standards. Finally, all of the agencies’ feedbacks, recommendations, limitations and technical deficiencies were taken into consideration and a “data interchange model” was developed for Turkey by use of international standards and new technologies (Section 3.4.1). After that, small application software was produced for demonstration of the data interchanging in government model.

(31)

3.3 The Current Situation

The government includes many agencies. These agencies have their own policies and legacy systems. At a technical level, they have different types of operating systems, network infrastructures, data formats, and database management systems. In the current architecture, generally, the same data/information is stored by the agencies in different semantics. Because of this problem, generally, the agencies may not understand each other even if they try to share the same data/information.

The concept of legacy system is the other important point for e-government initiative. Agencies have made big investments for their systems and storage areas (database systems) and set up their network infrastructures and database architectures. Therefore, dropping the current structures, legacy systems creates big economical loads for both government and its agencies. Because of this, the data interchange model for e-government agencies should be designed so that the legacy systems and current technologies can still be utilized within the new structure.

3.4 The Data Interchange Model in E-government

The main purpose of this research was to offer a secure data interchange model in e-government for Turkey (Figure 3.1). This section presents an overview of the data interchange model and infrastructure of this model.

3.4.1 Outline of Data Interchange Model for Turkey

In this model, data flow logic between the e-government components is designed based on the international standards. The proposed model for Turkey consists of several components as shown in Figure 3.1

(32)

E-company

Response

Direct Request

Ask

E-government Network Data Access

Data Access Ask Response E-citizen Figure 3.1 Model Outline

The Figure 3.1 shows the interaction of the e-government components with each other. According to this model, the data can flow from/to agency-agency and the client-agency. A client can be an e-company, an e-citizen, or another agency. In this model, the clients are able to request specific data/information from the agencies by use of the e-government portal or by use of agencies’ web sites directly. As seen in Figure 3.1, the agencies may have different types of technologies like database management systems, web services, or network infrastructures. It means that, this model consists of diverse systems, which does not create a communication problem between the e-government units because of the adoptable and extensible

Government Metadata Standard XML Schema Standard

Government Data Standards Catalogue E-service Registry (UDDI Registry)

Interoperability Framework (IF)

S E C U R I T Y Data Agency X Agency Interface Web Service DBMS B Agency Y Data Agency Interface Web Service DBMS A G O V E R N M E N T P O R T A L

(33)

such as XML, web services. There is an extremely important point that must be clear. The web service and the web page are different things technically. A web page is a HTML document on the web or internet just like e-government portal (see in Figure 3.1), but a web service is a software program, which is capable of exchanging information with other software programs over HTTP. The model in Figure 3.1 includes two web services in different agencies. These web services are just software programs that may be written in different programming languages but understand each other, because the entire web services produce data based on the XML document to be exchanged and the XML document is a platform independent. Another important point for this data interchange model is the “agency interface” approach. The one of the most important benefit of this model is saving the currently used systems. As a sample, by “agency-interface” approach, there is no need to make modifications on different databases (diverse systems) in agency X and agency Y in figure 3.1. Instead of making large scale of modifications on all database architectures in the agencies, this model supports an interface mechanism and keeps the legacy systems (Section 2.3). These technologies and the framework structure provide an efficient data communication in e-government network. The technical details of the framework architecture and the workflow of the model presented in sections 4.1 and 4.2

3.4.2 Main Components of Data Interchange Model for Turkey

Agency: The agency is a government association. In this model for Turkey, the agency can have its own web services and legacy systems such as different types of databases. The E-government agencies are able to interact with other agencies, citizens, companies. In addition, agencies can share their data/information by using web services on the WWW.

E-Citizen: The E-Citizen is an individual. E-Citizens can access any permitted data/information about the e-government and make their government related works or processes by using governments web services.

Portal: Portal is the door for e-government services. It is a place where the individuals or companies find the ways to access government agencies’ web sites. In

(34)

other words, portal provides a single point access to other part of the e-government structures or e-government agencies. It is an appropriate way for finding government information and services from one place. For a state government, the web portal serves as the integrated gateway, or main user interface, into the website. It provides both external constituents and internal government personnel with a single point of contact for online access to state information and resources. Through this gateway, millions of web users can access the vast landscape of information, services, and applications available on the state web sites [32].

E-Company: The E-Company is the commercial institution that wants to make its government related works via the internet and e-government structure.

(35)

CHAPTER 4 THE MODEL ARCHITECTURE

In this chapter, the technical architecture of the IF and the workflow in data interchanging model are presented.

4.1 Interoperability Framework

The IF, which includes the high-level policy statements, technical policies, implementation and compliance regimes, covers the exchange of information between government systems and the interactions between:

• Government and e-citizen

• Government and e-company (worldwide) • Government and agency

• Government and other governments

In order to provide these types of interactions, the interoperability framework should consist of important core elements. These elements play key roles for providing secure, seamless, and fast data/information interchanging across the government. The core elements of interoperability framework can be listed as:

• Metadata Standard • XML Schema Structure • Data Standard Catalogue • E-Service Registry

(36)

Metadata Standard (MS)

The metadata is data about data. Search engines can use it when they search the web or an intranet looking for information on a particular subject. The usage of metadata concept is the mandatory for accessing any type of data/information about the government since the other government players like citizens, agencies, e-companies usually want to reach specific government resources. In the data interchange model proposed for Turkey, the metadata descriptions should be defined for all resources that someone might search for via the web.

A metadata record should describe, manage, and catalogue these resources in a consistent and efficient way that makes data/information easily accessible. It also means that people searching government websites are more likely to get relevant and meaningful hits when they search for government information. A metadata record should be made up of a number of separate elements. People should use these elements when they want to search government resources. As a sample, the author, title, and publisher can be elements about the book that is to be searched in government resources. Creator, function and availability can be other elements about the service that is given by the government agencies. The table 4.1 shows the example metadata descriptions and their explanations.

Metadata Meaning

DATE.CREATED: 2002-12-02 ISSUED: 2002-12-03T11:00

For a press release approved and sent to editors on 2nd December 2002 but not available for public viewing until 11:00 a.m. the following day

DATE.ACQUIRED:1997-07-03T15:37 For an e-mail received on 3rd July 1997

CREATOR: Assistant Director;

Technology Strategy Team, Office of the e-Envoy, Cabinet Office

[email protected]

For a resource for which chief responsibility for content rests with the Assistant Director

(37)

Metadata standard should define the structure and rules governing metadata used by the public sector. This standardization is essential since the data/information interchanged in e-government and citizens should be able to find government information and services without having knowledge of the structure of government. In addition, agencies may use the metadata standard for the definition and discovery of government services and resources.

The Metadata standard should be based on the internationally recognized Dublin Core standard, but has additional elements and refinements to meet the specialist needs of the public sector. In the model, the metadata standard should be developed and managed according to following principles:

• It should be independent. It should not be software, application, or project based.

• It should be simple to use by those with widely varying experience of preparing resource descriptions.

• It should be compliant with other government standards and policies, such as the data standards catalogue. It should be compliant with international standards.

• It should be extensible. XML Schema Structure

Many of operations occurred in e-government initiative require data interchanging. While data/information is flowing from one agency to another across government, the meaning of the data should not be changed. Data should have same meaning for communicated parties. At this point, the “inconsistent data definition” is a critical problem. In order to solve this problem across the government, XML Schema may be used that support an environment in which data is always in the same meaning.

XML Schemas can be used for data integration, validation, and management and may be placed in data standards catalog. With this approach, “data can be defined once and used many”. So, data standards catalog structure may be considered

(38)

as the huge list of data definitions based on XML Schemas. The tables 4.2 and 4.3 illustrate the basic examples of the XML document and its schema definition.

<?xml version="1.0" encoding="ISO-8859-1"?> <shiporder orderid="889923" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="shiporder.xsd"> <orderperson>John Smith</orderperson> <shipto> <name>Ola Nordmann</name> <address>Langgt 23</address> <city>4000 Stavanger</city> <country>Norway</country> </shipto> <item> <title>Empire Burlesque</title> <note>Special Edition</note> <quantity>1</quantity> <price>10.90</price> </item> <item>

<title>Hide your heart</title> <quantity>1</quantity> <price>9.90</price> </item>

</shiporder>

Table 4.2 XML Document (shiporder.xml)

The XML document above consists of a root element, "shiporder" that contains a required attribute called "orderid". The "shiporder" element contains three different child elements: "orderperson", "shipto" and "item". The "item" element appears twice, and it contains a "title", an optional "note" element, a "quantity", and a "price" element. The top line: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" tells the XML parser that this document should be validated against a schema. The line: xsi:noNamespaceSchemaLocation="shiporder.xsd" specifies where the schema resides (here it is in the same folder as "shiporder.xml").

(39)

<?xml version="1.0" encoding="ISO-8859-1" ?>

<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"> <xs:element name="shiporder">

<xs:complexType> <xs:sequence>

<xs:element name="orderperson" type="xs:string"/> <xs:element name="shipto">

<xs:complexType> <xs:sequence>

<xs:element name="name" type="xs:string"/> <xs:element name="address" type="xs:string"/> <xs:element name="city" type="xs:string"/> <xs:element name="country" type="xs:string"/> </xs:sequence>

</xs:complexType> </xs:element>

<xs:element name="item" maxOccurs="unbounded"> <xs:complexType>

<xs:sequence>

<xs:element name="title" type="xs:string"/>

<xs:element name="note" type="xs:string" minOccurs="0"/> <xs:element name="quantity" type="xs:positiveInteger"/> <xs:element name="price" type="xs:decimal"/>

</xs:sequence> </xs:complexType> </xs:element> </xs:sequence>

<xs:attribute name="orderid" type="xs:string" use="required"/> </xs:complexType>

</xs:element> </xs:schema>

Table 4.3 XML Schema Document (shiporder.xsd)

The Table 4.3 shows the schema that is used to describe data, which is in the form of XML document (shiporder.xml). From now on, this data definition (shiporder.xsd) can be used in data standards catalogue, which is used as huge list of data definitions book in the framework. Thus, the usage of the “shiporder” data does not create ambiguities across the government network since it was defined in data standards catalogue once.

(40)

The IF should mandate the adoption of XML and the development of XML Schemas as the cornerstone of the government interoperability and integration strategy. A key element in the development of the XML Schemas is an agreed set of data standards. The data standards catalogue should set out the rationale, approach and rules for setting and agreeing the set of data standards that may be used in the schemas and other interchange processes. In addition, the advantages of the XML Schema Structure for the model can be generalized as:

• It can provide means for defining the structure, content and semantics of XML documents.

• It can be used for data integration.

• By XML Schema, processors receiving data know what to expect, and how to handle it.

• XML Schema can enable data interchange with much–reduced ambiguity. E-Service Registry (UDDI Registry)

E-Service registry may be considered as a structure that is responsible for storing e-government web services. By this approach, classifying, categorizing, integrating web services may become easy and fast. Table 4.3 can be an example record in the e-service registry.

4.2 Workflow in Data Interchange Model

This section explains how e-government units interact with each other. The workflow in e-government architecture also explained in this section. The information request may be started by an agency or another client (citizen, e-company etc.) in this data interchange model. Two scenarios are used for explaining the workflow. In the first scenario, the data/information request started at the client side and the data communication is created between client and agency. In the second scenario, the data/information interchanged between different agencies.

(41)

4.2.1 The Client Side Scenario

In this scenario, a client has three alternative ways to communicate with an agency. The first way is to interact with an agency directly using the web site of this agency and second way is the usage of the e-government portal for finding the web site of an agency. The other alternative solution is the e-service registry use for discovering the web services given by the agency.

In the first way, if the client knows the internet address of an agency then he/she can use the browser based solutions (web page browser) and interact with an agency directly. The Figure 4.1 illustrates this type of interaction.

Client

Security Policies

Figure 4.1 Client-Agency Interactions

In Figure 4.1, client (e-citizen) requests specific type on information like TCKIMLINO or VERGINO from an agency web site using his/her browser and this service offered by a web service in an agency Y. For this operation, the web service needs some demographic information (name, surname, birth date, and birthplace) of e-citizen. After the e-citizen submits his/her demographic information, then the information sent to the data is encrypted using 128-bit SSL encryption procedure. By this approach, data/information becomes unreadable form against the illegal operations like hacking or sniffing attacks.

Data Encryption Authorization / Authentication Firewall AGENCY Y Web Service DBMS i n t e r f a c e B R O W S E R

(42)

SSL Client (e-citizen) SSL Server (agency) I II III IV

Figure 4.2 SSL and Certification Mechanism

Encrypted and compressed

Figure 4.2 illustrates how a security handshake establishes a secure connection between the client and agency. Once the handshake completes, the server and client have a common secret key with which data is encrypted and decrypted. In other words, SSL uses the public key(s) to encrypt exchanges for generating the shared

Handshake Start Client Random

Supported Cipher Suites

Supported Compression Algorithms

Server Random Decided Cipher Suite

Decided Compression Algorithm

Server Certificate and Server Public Key

Client Certificate Client Public Key

Encrypted Premaster Secret Handshake Finished

Handshake Finished

(43)

combines them. It does so because the public key encryption system takes more time to encrypt and decrypt messages than the secret key encryption system. Thus, the combination used by SSL takes advantage of both the easy maintenance of public key encryption and the quicker operating speed of secret key encryption.

In Figure 4.3, at phase I, the client starts the handshake, and then sends a random number, a list of supported ciphers, and compression algorithms. At phase II, the server selects a cipher and a compression algorithm and notifies the client. Then it sends another random number and a server certificate (which includes a public key). At phase III, the client sends a pre-master secret to the server, encrypting it with the server public key. Finally, the client might send a client certificate. Now the handshake is completed. The server and the client each generate a master secret key by combining the random number that the server sent, the random number that the client sent, and the pre-master secret. Several secret keys are created from the master secret. For example, one is used for encrypting transmitted data, and another is used for calculating digest value of the date for integrity. SSL ensures authentication (by verifying the certificates), confidentiality (by encrypting the data with a secret key), and integrity (by digesting the data).

Some information or data accessing operations at the agency side can be arranged according to authentication policy. In this case, the e-citizen should need to be authenticated in order to access some specific type of data by using his/her unique identifiers like username/password pair or TCKIMLIKNO (login procedure). Figure 4.4 illustrates the authentication procedure that happens when the e-citizen attempted to access special data/information over the government network.

(44)

Web Browser Web Server

GET /protected/index.html HTTP/1.0

HTTP/1.0 401 Unauthorized WWW-Authenticate:

Basic realm=”Basic Authentication Area”

Input password

GET /protected/index.html HTTP/1.0

Authorization: Basic U2htdkshd7s7s8m2lkhsd8sn3ksns

HTTP/1.0 200 OK

Figure 4.3 Authentication Mechanism

When the web browser sends an HTTP request to access a protected Web resource, the Web server returns an HTTP response, which includes the error code "401 Unauthorized" and the following HTTP header: WWW-Authenticate: Basic realm=”Realm Name”. Realm is a name given to a set of Web resources, and it is a unit to be protected. Basic in front of realm indicates a type of authentication—in this case, BASIC-AUTH. Based on this information, the Web browser shows a login dialog

to the user. Then, the Web browser sends an HTTP request again including the following HTTP header: Authorization: Basic credential. Although the credential looks like encrypted text, it is logically plain text because its format is simply UserName:Password encoded with Base64, for example, U2thdGVib. The Web

(45)

credential. If the given user ID and password are wrong, "401 Unauthorized" is returned. Moreover, the Web server has an access control list that specifies who can access what and checks whether the authenticated user can access the web resource. If the check succeeds, then "200 OK" is returned; otherwise, "401 Unauthorized" is returned.

The agency has also firewall mechanism for preventing the incoming requests from unsecured area. By using the firewall mechanism, agencies can arrange the trusted or not trusted areas by filtering the IP numbers. Thus, agency users or software programs used at the agency side cannot reach the unsecured regions on the web.

The data/information exchanging between the client browser and agency is in the form of XML by means of SOAP request and SOAP response. The client and agency communicated with each other using the SOAP technology. The Table 4.4 and 4.5 illustrate important parts of the client’s SOAP request and the web service’s SOAP response that are produced due to client’s TCKIMLIKNO request from the web service. <soap:Body> <SearchMernisData xmlns=”http://tempuri.org/”> <ad xsi:type="xsd:string>ozgur</ad> <soyad xsi:type="xsd:string>ozturk</soyad > <anaadi xsi:type="xsd:string>minor</anaadi > < babaadi xsi:type="xsd:string>bahattin</babaadi> <dogumyeri xsi:type="xsd:string>uskudar</dogumyeri> <dogumtarihi xsi:type="xsd:string>17.08.1979</dogumtarihi> <SearchMernisData> </soap:Body>

(46)

<soap: Body> <SearchMernisData> <SearchMernisDataResult xsi:type="xsd:string">321321</SearchMernisDataResult> </SearchMernisData> </soap: Body>

Table 4.5 SOAP Response

The SOAP request includes the value of the parameters, which are required by web service function SearchMernisData. It is important that, the data types of these parameters are also included in SOAP request. By this way, the client says that, “I am sending these parameters, their types and their values, so, give me a return value of the function, give me a result”. After that, web service function SearchMernisData (See the implementation of the SearchMernisData in Appendix B) takes these parameters, processing them and produce the result. The type of the return value of the function is string and its value is “321321”. By the SOAP response, server says that, “I received parameters that you sent, and now I am sending the result value 321321 whose type is string”. Both the request and response are in the form of XML, therefore, this information can be exchanged between different platforms. Another security policy is XML encryption that can be applied during this SOAP communication between client and server.

In the second way, a client may not know the exact internet address of the agency. In this case, e-government portal shown in Figure 3.1 can be used. A government web portal should have consistent interfaces that are easy to use. Further, the portal content should be accessible to all state constituents. Unlike private companies, which can develop their web portals to meet the needs of a carefully defined target audience, states must develop their web portals to provide equal access for all state constituents [32]. The e-government portal covers the access points to the agencies web sites. By this approach, client can visit the government portal and find the desired agency. The Figure 3.3 demonstrates the second way.

SECURE DATA INTERCHANGING IN E-GOVERNMENT A MODEL FOR TURKEY

ABSTRACT

ÖZ

ACKNOWLEDGMENTS

TABLE OF CONTENTS

LIST OF FIGURES

LIST OF TABLES

LIST OF ABBREVIATIONS

CHAPTER I

INTRODUCTION

CHAPTER 2

REVIEW OF LITERATURE

CHAPTER 3

METHODS OF THE STUDY

CHAPTER 4

THE MODEL ARCHITECTURE