• No results found

The IDA Catalogue. of GENERIC SERVICES. Interchange of Data between Administrations

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "The IDA Catalogue. of GENERIC SERVICES. Interchange of Data between Administrations"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

EUROPEAN COMMISSION E N T E R P R I S E D I R E C T O R AT E-G E N E R A L I N T E R C H A N G E O F D A T A B E T W E E N A D M I N I S T R A T I O N S P R O G R A M M E

The IDA Catalogue

(2)

between Administrations

2

The IDA

Catalogue

of

Generic Services

Currently, IDA provides three generic services (TESTA, CIRCA and PKICUG), together with an inter-operability framework - the ‘Architecture Guidelines’ to support the implementation of projects of common interest that involve the generalised exchange of information at the trans-European level, with transport provided by TESTA, information handling by CIRCA and secu-rity by PKICUG.

TESTA is an IP-based backbone that provides telecommunications services at the transnational level. CIRCA provides a document repository and group-work tool to manage the information holdings of IDA projects, and PKICUG ensures secure access to web repositories (i.e. authenti-cation of clients and servers, and confidentiality of exchanged information). The Architectural Guidelines offer a framework for the establish-ment of these services, a structure for users who wish to interoperate with IDA projects, and gen-eral advice on issues related to interoperability between these services and with the national

applications of the Member States. Further information on IDA and the

services described in this catalogue may be found at the following

address:

http://europa.eu.int/ISPO/ida/

1. Decision No 1720/1999/EC of the European Parliament and of the Council of 12 July 1999 adopting a series of actions and meas-ures in order to ensure interoperability of and access to trans-European networks for the electronic interchange of data between administrations (IDA).

This document describes the current catalogue of IDA generic services. These services follow the model of the ‘IDA interoperability pyramid’, which illustrates the IDA approach:

IDA Interoperability pyramid

Generic services are defined as ‘telematic network functionali-ties which meet common user requirements, such as data col-lection, data dissemination, data exchange, and security. The characteristics of each service shall be clearly specified and associated with a guaranteed level of quality.’1

(3)

TESTA

What is TESTA ?

TESTA offers European administrations a tele-communications interconnection platform. It sim-plifies data exchanges while guaranteeing per-formance, availability and security to a degree not available through other communication networks. TESTA follows the model of domains defined in the IDA architecture Guidelines: each actor is respon-sible for the part of the network in his domain. IDA provides the EuroDomain, which interconnects national, regional and local networks.

What services can TESTA provide ?

TESTA provides telecommunication services for administrative data exchanges. These are built around a European backbone network main-tained by a telecommunications operator. This is the so-called EuroDomain, which is sep-arate and protected from the public Internet. The EuroDomain:

is dedicated to trans-European communica-tions of the public sector and provides access to the highest number of European administra-tions of any private network;

 operates at speeds that make it capable of accommodating real-time applications;

protects local domain security by systematical-ly using network address translation at each access point;

operates on a clear IP addressing plan struc-tured by geography and operates on a dedicat-ed range of addresses that are not Internet-routable;

has in-built redundant routing and is governed by availability guarantees, network monitoring and security incident intervention capabilities are in place;

provides information confidentiality through the introduction of encryption and other pro-tective measures, both on the level of the back-bone network and at local levels;

encourages network service integration with other IDA services, such as IDA's public key infrastructure (PKI) and workgroup support tool (CIRCA);

it is managed by one contractual responsibil-ity: IDA.

Access to the EuroDomain can be established at bandwidths of 64 Kbits to 34 Mbits.

TESTA also provides network-related application services, such as:

Domain Name Services;

E-mail relay;

Information gateways;

Network Time Protocol services (NTP);

File Transfer Protocol services (FTP);

Web hosting services.

How to request TESTA services ?

Further information

For additional information on TESTA, please consult the IDA website at: http://europa.eu.int/ISPO/ida/

How to request TESTA services ?

The procedure for requesting services is simple. Interested parties should notify the IDA unit of their interest, indicating which sites require access to TESTA and who they need to communicate with, as well as what type of services is requested. Information about the legal basis of their exchange of data should also be provided so that IDA can check eligibility. The e-mail address is: [email protected]. IDA will consult national network co-ordinators on implementa-tion opimplementa-tions. Unless reasonable justificaimplementa-tion is given, preference will be given to establishing connections through national administrative networks. In exceptional circumstances, direct links to TESTA can be made available, but these can be paid only for the duration of one year.

(4)

between Administrations

4

What is CIRCA?

CIRCA (Communication and Information Resource Centre Administrator)

is a WWW-based environment providing on-line-services that offer a common virtual space for work-groups and networks, enabling the effective and secure sharing of resources and documents.

The CIRCA service is available for users from Public Administrations. It is accessible via the Internet and also via TESTA.

It is organised around interest groups, i.e. a private workspace for a group of people that need to col-laborate to achieve common objectives and tasks. Although all groups have access to the same set of functionalities, the environment is fully customisable for a given interest group and the information is restricted to the members of that specific group.

What services can CIRCA provide?

CIRCA provides management, group-work and customer support services.

M A N A G E M E N T S E R V I C E S

I N T E R E S T G R O U P S :

CIRCA is organised around Interest Groups (I/G) i.e. a private workspace for a group of people that need to collaborate to achieve common objectives and tasks. The environ-ment is fully customisable for a given I/G and information access is restricted to the ‘mem-bers’ of that specific I/G.

A C C E S S C L A S S :

Members of a working group usually play different roles, such as chairman, contribu-tor, secretary or member. CIRCA offers the possibility to replicate such roles by providing for different access classes, thus customising users’ access rights to specific data elements, functionalities and operations in the I/G. A specific access class, the Leader, is granted extra privileges to administrate, manage and customise the I/G.

A D M I N I S T R A T I O N :

CIRCA provides full remote control on access rights assignment, configuration and cus-tomisation of the interest groups.

GROUP-WORK SERVICES

L I B R A R Y :

Documents are stored in fully-customisable sections and sub-sections; multi-lingualism, version control and e-mail notification of document availability are supported. Docu-ments can be uploaded, viewed and down-loaded on-line or sent by e-mail.

D I R E C T O R Y :

Management of list of Members and Contacts.

M E E T I N G S P A C E :

For announcements, venue, agenda and par-ticipants list as well as a virtual forum func-tionality (i.e. a chat room).

N E W S G R O U P S :

Forum for discussion among members of interest groups.

E - M A I L :

Interface to e-mail, including a notification by e-mail function.

S E C U R I T Y :

Can be set in addition to the classic login/ password i.e. use of SSL encryption and/or certificates (see the IDA PKI services).

S E A R C H :

Multilingual search for any document accom-modated within an Interest Group space.

C U S T O M E R S U P P O R T S E R V I C E S

CIRCA also provides customer support services. These include:

Demonstration and customer-specific con-sulting services;

Training and documentation;

Helpdesk.

How to request CIRCA services?

Requests may be sent to the following address: [email protected].

Further information

Additional information on CIRCA is available at: http://europa.eu.int/ISPO/ida/

(5)

What is PKICUG ?

PKI stands for Public Key Infrastructure for Closed User Groups. It consists of organisational measures and technical tools that contribute to establishing and maintaining a secure and trustworthy envi-ronment for the exchange of information over computer networks.

PKI CUG was launched in 1999. It provides a Certification Authority (CA) available to the members of IDA projects of common interest to securely exchange information by electronic means between the Member States and with the European Institutions.

The IDA PKI currently provides electronic cer-tificates to servers and to users for their mutual recognition. It is designed for closed user groups and allows participants to authenticate their identity and protect the confidentiality and integrity of the informa-tion exchanged. All applicainforma-tions using an infrastructure able to exploit X.509 certifi-cates can potentially use the IDA PKI. Certificates issued by the IDA PKI for use in a closed user group can also be used in other sectoral projects provided that the adminis-trator of the other network agrees.

What services

can PKICUG provide ?

For a web application, a PKI enables the following services:

Server authentication, i.e. a guarantee to the user that they are accessing the correct serv-er, not to a false one (that kind of situation is called a "masquerade");

Client authentication, i.e. a guarantee that the server is able to authenticate the identi-ty of the user, not someone masquerading as the user;

Confidentiality, i.e. encryption of exchanged data with a key that only the user and the server know.

These services are provided by using products that comply with the SSL protocol. SSL stands for

Secure Socket Layer; it is used in conjunction with the TCP (Transport Control Protocol) to establish secure point-to-point dialogues. Most common web servers and clients (browsers) use SSL to introduce security into web connections through the use of asymmetric cryptography techniques.

To request and get a certificate, all that is required is a computer with access to the Internet or the TESTA net-work and an e-mail access.

The IDA PKI will work with most common products such as Netscape and Internet Explorer. The most recent versions of browsers, preferably the 128 bit enabled versions, are recommended as they are more user friendly concerning security management.

The general procedure to obtain a certificate is as follows:

1.The user generates a key pair and the associated certificate request with the help of a downloadable applet (programme);

2.The Registration Authority (RA) and the requestor exchange the necessary information to verify the user’s identity and the legitimacy of the certifi-cate request; alternatively, a Local Registration Authority (LRA) is called on to testify that the requestor actually is entitled to receive a certifi-cate. The information exchanged is to establish the requestor’s identity and this can vary between sectoral projects;

3.The RA accepts or rejects the request. If accepted the RA registers this with the CA server;

4.If the request was accepted, the CA creates the pub-lic certificate of the user (certificate holder) and informs the user where and how they may get it (usu-ally by downloading it from the CA server). The requestor downloads his/her public key certificate and saves it securely together with the private key. The security module (e.g. encryption, electronic signa-ture) of the application (e.g. e-mail programme) can now use the certificate and associated key pair;

5.Relying parties download public key certificates from the CA directory according to their needs.

Certificate storage

The above procedure is for so-called “soft certificates” stored on the computer disk. The IDA PKI can also deliver certificates stored on smart cards.

(6)

between Administrations

6

User requirements

Users are, of course, responsible for assessing if and how the IDA PKI meets their require-ments for authentication, integrity, non-repudiation and confidentiality. Consequently, before certifi-cates are issued to a sector a user requirements study is carried out to determine user needs for security and to ensure that the IDA PKI is suitable for providing the required security services. This short study also identifies any requirements spe-cific to the sectoral project that might require additional services (e.g. in the area of registration of users) not covered by the generic PKI service.

Standards

As required by Decision 1720/1999/EC (the IDA Interoperability Decision) the IDA PKI complies with the relevant standards and publicly avail-able specifications (e.g. open Internet stan-dards and specifications) for electronic certifi-cates and for security services (such as confi-dentiality) as provided by the SSL and S/MIME protocols. As the PKI evolves to meet new busi-ness requirements (e.g. electronic signatures, secure mail-enabled applications,

interoper-ability with national PKIs, etc.) future new serv-ices will also be compliant with the relevant standards and publicly available specifications. It is intended that implementations for secure e-mail and electronic signature will comply, where required, with the requirements of Directive 1999/93/EC. (This is currently the subject of a pilot project. When the results of this project are known the IDA PKI will be modified, if required, to support such requirements.) It is also intended that the IDA PKI will satisfy the requirements for the communication of information classified as EU-restricted now being considered by the Council Secretariat and the Commission Services.

How to request PKICUG services

Potential users of the PKICUG should contact IDA directly. The e-mail address is:

[email protected].

Further information

Additional information is available on the ‘Reference legal and security practices’ page at the IDA web site:

http://europa.eu.int/ISPO/ida/

DIRECTORY Certification Authority

(Belgacom) Hardware signing unit Cert. Management system Queue 1 4 Certificate request Certificate download (acceptance) Approval of refusal Certification holder (end user) Relying party (end user) 5 3 RA LRA 2 Certificate download (usage)

(7)

Architecture

Guidelines

What are the IDA Architecture Guidelines (AG)?

The IDA architecture guidelines describe concepts and references for the implementation of a Trans-European Service for telematics built on a well-defined common architecture. This architecture is the basis for a Trans-European infrastructure that will enable easy and reliable interchange of data and ensure the achievement of interoperability within and across different administrative sectors and, also, with the private sector and the citizens.

What do the AG provide?

The architecture guidelines offer common descriptions and technical references for a wide spectrum of services, including managed network and transmission services (such as IP services) and application services (such as mes-saging and EDI services) as well as security, support services and directory services. Due to the fast evolution of technology, the architecture guidelines must be updated regu-larly to keep pace with the software and hard-ware developments as well as with the volatile market and trends. Its maintenance is a continuous process: the user requirements of the sectors are continuously collected and compiled. A year-ly review of the technical handbook, combined with an in depth examination of the general concepts used, guarantee that the architecture

guidelines reflect the current technological and market trends and the evolving needs of the administrations.

A wide dissemination of the guidelines in the sectors and the member states promotes wider adoption of good solutions and replicability of application developments.

Further information

The Guidelines are divided into three documents: Part I • General Guidance; Part II • Technical Handbook; Part III • Glossary.

Part I provides general information on architectural principles to be enforced in real life projects. In Part II more detailed guidance is given, by referencing technical specifications for candidate technology to meet the requirements.

Part III consists of a list of references, glossary of terms and a list of abbreviations. The latest version approved (5.3 of 2001) is available at:

(8)

The IDA Catalogue

of GENERIC SERVICES

and communications technology to support rapid electronic exchange of information between Member State administrations. The objective is to improve Community decision-making, facilitate operation of the internal market and accelerate policy implementation.

Contacts for IDA generic services TESTA : Pieter Wellens

[email protected]

CIRCA : Christian Devillers

[email protected]

PKICUG : Fredrik Olsson Hector

[email protected]

Architecture Guidelines :

Gavino Murgia

[email protected]

Further information about IDA may be found on the IDA web site at:

http://europa.eu.int/ISPO/ida

Manuscript revised in October 2002. © European Communities, 2002

While a great deal of care has been taken in drafting this document,

the European Commission does not guarantee the accuracy of the data included in this brochure, nor does it accept responsibility for any use made thereof.

References

Download now ( PDF - 8 Page - 1.25 MB )

Related documents

Actuarial Implications from Pre-kindergarten Education

The projected gains over the years 2000 to 2040 in life and active life expectancies, and expected years of dependency at age 65for males and females, for alternatives I, II, and

Download Download PDF

As such, the surveillance and control of religious belief fell not to the bakufu political institutions, but to religious institutions and those involved in terauke seido..

Multimedia courseware:

This paper presents expert estimation of development effort to learner time ratios found in the literature, before investigating four alternative methods for estimating

What did you see? A study to measure personalization in Google’s search engine

Figure 7 Similarity measure commons for persons: The space which is available for personalization is the difference (delta) between the average result list length and the average

Reducing delay in laboratory reports for outpatients from 16% to

The laboratory consultant was able to do a final verification for 90% of the biochemistry and immunoassay tests within the scheduled time frame.. As

School of Informatics computing review

Obviously in such a large school with a wide spread of computing research being carried out, this platform does not always meet every individual’s research needs and a number of

Protein tyrosine phosphatase PTPN1 modulates cell growth and associates with poor outcome in human neuroblastoma

PTPN1 knock-down, cell proliferation and tyrosine phosphorylation analyses, and RT-qPCR mRNA expression was assessed on SH-SY5Y, SMS-KCNR, and IMR-32 human NB cell lines..