1 / 82

Government Gateway Caribbean Islands Delegation November 20 2002 Version 1.1

Government Gateway Caribbean Islands Delegation November 20 2002 Version 1.1. “A secure, resilient hub which guarantees delivery and supports single sign-on for all online government services – enabling the delivery of joined-up e-government”. Strategy. Skills

juank
Télécharger la présentation

Government Gateway Caribbean Islands Delegation November 20 2002 Version 1.1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Government Gateway Caribbean Islands Delegation November 20 2002 Version 1.1 “A secure, resilient hub which guarantees delivery and supports single sign-on for all online government services – enabling the delivery of joined-up e-government”

  2. Strategy • Skills • IT specific education in schools & colleges… • Access • Internet & PC penetration • kiosks in the community • Single entry point to your organisation? • Consistent look and feel • Common components e.g. search, Gateway, hosting, content management etc • Third party/intermediaries

  3. Key Issues • Do you have the right legal structure to transact online • Find out what your citizens want! • You need to prioritise services by take-up • cross fertilisation • Design your services so that there are incentives to go online • pre-population • virtual/vertical services • specific benefits • higher levels of service • Marketing • Internal business processes • Test Strategy

  4. eDt has built a structure for routing to any government system for use by central and local departments at a fraction of the cost, time and effort if done by each department individually Overview Summary of offering The e-Delivery Team (eDt) is building a set of reusable ‘products’: simple components that can be quickly and easily assembled to allow joined-up e-services Products Services Approach • R&E SOAP Interface • DIS Functions • Level Zero Transactions • Auto-enrolment • Dept. Activation Token • Personalisation • Agent Assignment • Helpdesk • Secure Mail • Reference Test Site • Vendor Test Site • Support • A modular approach to application implementation, means that the functionality provided accurately supports your immediate business objectives • Rather than implementing application features that your department doesn't need, you pay for and integrate the right solution • As your department decides to add or remove functionality, features, or even complimentary applications, we can easily and rapidly accommodate those business needs

  5. The offering will significantly reduce the cost of development and ownership of a joined-up government service. It will allow departments to be more responsive in developing e-services and improve the customer experience Business Benefits Business Benefits To Departments: To Citizens: To Government: • ‘Joined-up’ interaction with government departments in a logical sequence • Easy to use • Timely and accurate response from departments • Intuitive and familiar experience • Ability to ‘join-up’ online services • Ability to reduce costs with shared application development • Rapid deployment • Greater efficiency • Accurate & timely interaction between government departments and citizens • Technological benefits built once, funded centrally • Less disruptive implementation • Lower costs & greater efficiency • Rapid deployment • Ability to focus on customer needs rather than infrastructure maintenance Better understanding of citizen’s needs = a closer relationship between citizen and government and drives uptake of services Reduced cost of development, access to tried & tested best-of-breed technologies resulting in better customer experience and increased customer satisfaction Meeting 2005 commitments at lower cost and more efficiently

  6. The tools and services will be built using best of breed technologies and approaches on a secure and robust platform Architecture Cost effective Multi-channel Easy access / translation Rapid deployment Upgradeable Working with existing systems Standardised asset mgt Industry Standards Trained User Resource Base Scalable How it looks Flexible, Scalable Architecture The product is: • Designed using industry standards to ensure compatibility with other applications • Scalable to grow with the requirements of the department • Upgradeable as new technologies become available Modular development enables re-use of applications, dramatically reducing the cost of development Attributes of the Solution

  7. … the Gateway … • Proves user identity (authentication/authorisation) • Ensures single sign-on across online government services • One account per person • Guarantees legal, reliable delivery of services (transactions) – non-repudiation • Is secure – and fully accredited • Connects disparate IT systems across multiple organisations using both Government Secure Intranet and the Internet

  8. History • Gateway 1.0 went live in January 2001 • New release – 1.5 – went live on 4 July 2002 • developed the federated, web services model built around open interoperability standards • 1.6 in development • 1.7 to follow…

  9. Major Milestones • Gateway 1.5 • Hub & Spoke • R&E SOAP interface • Helpdesk improvements • EMC date Storage • Ghost Agents • Level zero • Dept Activation Token • MOM 2002 Quarter 3 Quarter 1 Quarter 4 Quarter 2 • DWP - Child Benefit • NI - Land Registry • HMCE - Rebated Oils • BT Trustwise • RPA Equafax certs • HMCE - Tied Oils • IR - New Tax Credits • HMCE - New Exports • IR - PAYE (P9, P11D, SL1, SL2, P38, P46) • IR - CT liabilities & Payments • DTI - Export License • IR - PAYE (p12, p37)

  10. Objectives • Reduce delivery cost for stakeholders • Reduce time to market for all services and transactions • Facilitate service delivery for stakeholders • Transparent to the business process • Flexible approach to R&E • SOAP Interfaces

  11. Implementation Issues • Security • Connectivity • Partner management of service delivery • Strategy • Policy • internal e.g. eGif, Govtalk etc. • external e.g. digital certs, channels etc. • Stakeholder relationship management • Funding • Standards • Submission & Admin protocol • SOAP API interfaces

  12. 1.6 Business Drivers • Enable G2G & G2B transactions between ‘spokes’ • Online Payments • Improved User Experience • Increased Transparency • Separate ‘reference’ (n) and ‘staging’ (n+1) test environments

  13. 1.6 Software Scope • Payment Engine • R&E User Interface Improvements • R&E Business Services Enhancements • Enhanced Agent Assignment • Auto-Service & Multiple Enrolment • R&E Web Service API Extensions • Transaction Engine Enhancements • Hub & Spoke Extension • Helpdesk Enhancements

  14. 1.6 Logistics Scope • Staging & reference environments • Helpdesk over the Internet • REFDIS’s (GSI & Internet) • ISV (relocate) • Payment Spoke • Scheduled downtime per incremental release significantly reduced

  15. 1.6 Delivery Drivers • Payments required by Jan 2003 • Various other functions required around April 2003 • Ensuring no conflict between incremental Gateway releases and stakeholder business peaks

  16. Major Milestones • Gateway 1.6 • Auto & Multiple enrolment • Extension of Hub and Spoke • Extension of R&E SOAP interface • Helpdesk improvements • Payment Engine • Agent Assignment enhancement • Various logistics work • Gateway 1.7 • Notification Engine • Full secure mail solution • EMC Connectrix & True North Migration • TBD 2003 Quarter 3 Quarter 1 Quarter 4 Quarter 2 • Sheep Annual Premium Scheme for SEERAD • VAT on e-commerce • Suckler Cows Premium Scheme for SEERAD • Student Loans • Extensification Payment Scheme for SEERAD • Licensed Veterinary Inspectors for DEFRA • DWP - Level 1 and Secure mail usage for Child benefit • Binding Tariff Info for HMCE • Payments for NI DVLA • Local Authorities pilot • CSO Stakeholder Pensions • CT Filing for IR • European Sales List for HMCE • Liabilities & Paymts for SA • Statements for SA Agents • PAYE Portalisation • Redundancy Paymts for DTI • Invalid Care Allowance for DWP • Plant & Seeds for DEFRA • Criminal Justice Pilot • NTC Phase 2 for IR • NI Company Reg • Rebated Oil Returns for HMCE • ELVIS Part 2 for DTI • DWP Pensions Forecast • Arable Aid Payment scheme for SEERAD • Appeals for DWP • LA Taunton Deane • Endangered Birds for DEFRA • NI e-democracy

  17. Our Approach • Identify common components • Design using open standards • Use industry best practice • Partner with commercial organisations and software vendors through partner support network

  18. Existing Components • Authentication Engine • Transaction Engine • Secure Message Engine • Helpdesk

  19. Standards • TCP/IP • HTTP • HTTP 128 bit SSL vs 3 • HTML • XML (GovTalk) • X509 certificates • W3C XML signing • SOAP • SMTP

  20. Overview HMCE Local Authority Authentication Engine Inland Revenue Private Enterprise Transaction Engine Payment Engine Trusted Intermediaries SM Engine Application Vendors Portals

  21. Overview Dept 2 Portal Dept 3 Portal LA Portal Common Portal Infrastructure Department 2 LA Department 3 Department 1 Legacy System Legacy System Legacy System Legacy System User ID for Government Commercial Portal WEB SERVICES LAYER APPLICATION VENDORS Secure Messaging Transaction Engine Virtual Department Payment Service Authentication

  22. Transaction Engine Inland Revenue Application Vendors Department or Business Interface Application or Portal Interface Transaction Engine GSI or Internet Audit Performance Message size 3KBytes -> 25MBytes Throughput 400 messages per sec Reliable Messaging (Biztalk and others in future) Submission Protocol Authentication Layer Routing Layer Reliable Messaging (Biztalk and others in future) GSI or Internet Department or Business Interface HMCE

  23. Transaction Engine • Validates, authenticates and routes XML (GovTalk) messages between connected parties (C2G, B2G, G2G) • Calls authentication for authentication and authorisation checks • Provides audit, message tracking • All interfaces use open interoperability standards – XML, HTTP, SOAP

  24. Authentication Engine Public Restricted Public Restricted Public Public SOAP Authentication HTML UI SOAP R&E Legacy portal Authentication A&A Business Logic Known Facts Databases A&A Database XML Admin Interface Txe Interface Helpdesk Interface Private Restricted Private Restricted Private Restricted

  25. Authentication Engine • user registration (citizen, business, intermediary) • support for both password/userID combinations and digital certificates • service enrolment (eg. self-assessment) • user authentication and authorisation • access via user interface and SOAP

  26. Secure Message Engine • SOAP interface for portals to use • Web based UI for message retrieval • Secure two-way communication between government and its customers

  27. Helpdesk • Provides management interface for key components. • HTML interface to allow call centre agents to support their clients.

  28. Sample sites and applications

  29. Government Gateway Use of features in 1.5 release

  30. Gateway 1.5 Summary • Moved to GSO codebase • Introduced the departmental activation token (DAT) • Implemented full W3C XSD support and Version 2 GovTalk schema • Resolved Ghost Agents issues • Implemented Authentication Web Services (A&A SOAP Interface) • Introduced support for Level 0 transactions • Enhanced browser support

  31. DepartmentalActivation Token (DAT) Departmental Activation Token (DAT) • designed to lower one of the potential barriers to take-up – the delay between registering/enrolling and being able to use a service • enables users to activate their online service immediately rather than waiting 7-10 days for an activation letter to arrive • enables a government organisation to pre-mail a user with an activation token, inviting them to come and use a new service

  32. Departmental Activation Token 3. The user goes to register/enrol on the Gateway. They provide their known facts and are also requested to input the DAT. Provided their known facts and the DAT successfully match, they are then enabled to use the service immediately. A letter is sent in confirmation 2. Department mailshots potential user, selling benefits of using online services and enclosing a DAT confirmation Activation PIN register/enrol confirmation Department Government Gateway 1. Known Facts upload – includes activation PIN

  33. DAT Use by LA 3. The user goes to register/enrol on the Gateway. They provide their known facts and are also requested to input the DAT. Provided their known facts and the DAT successfully match, they are then enabled to use the online council services immediately. A letter is sent in confirmation 2. LA mailshots local citizens, selling benefits of using online council services and enclosing a DAT confirmation Activation PIN register/enrol confirmation Local Authority Government Gateway (via LA portal) 1. LA submits Known Facts upload – including activation PIN – for its citizen services

  34. SOAP Interfaces • Provides application and portal access to- • Register and Enrol users • Authenticate users • Collect secure mail • Uses web services (SOAP, XML)

  35. A&A Web Service • R&E increasingly available through web services interface • 12 methods available: • 7 secure • 5 public • Web service methods overview: • Register a new user • Enrol a user for a service • Logon • Logoff • Activate • Unenrol a user from a service • Change Password • Get a login document

  36. A&A SOAP Overview Trusted Portals Commercial Portals & Application software HTTP HTTPS - mutual 128-bit SSL authentication Public WS Secure WS Gateway

  37. A&A Secure Methods • GsoRegister&Enrol • This SOAP API allows a user to be registered according the <UserDetails> and <Credential> information supplied • GsoEnrolOnly • This SOAP API enrols an authenticated user in one or more services • GsoActivate • Activates a service a user has previously enrolled into. • GsoDeEnrol • De-enrols a user from one or more services • GsoGetUserDetails • used to retrieve a user’s name, email address and registration category • GsoSetUserDetails • used to change a user’s name and / or email address • GsoSetPassword • allows a user to change his / her password

  38. A&A Public Methods • GsoAuthenticate • Authenticates a user • GsoValidate • simulate the authentication of a user that has previously been authenticated and issued an A-Ticket • GsoRefresh • used to refresh the expiry time of an A-Ticket • GsoGetLoginDocument • receives <Base64Encode> that indicates whether the SOAP API consumer requires the LoginDocument and SignedInfoBlock to be base64 encoded or in clear text • GsoLogOut • Allows for the removal of A-tickets from the TicketBook

  39. Portal Use of A&AWeb Services Register and Enrol via a Portal 5. Portal informs the user of the outcome of the enrolment 1. User visits the portal web site, enters enrolment details Portal site 3. Gateway validates the request, checks the presented information and then registers and enrols the user into the service … 2. Portal verifies match and makes a “register and enrol” call to the Gateway 4. … and returns success or failure message to the portal Authentication Transaction Engine Gateway

  40. Level O Services • follows the accepted T-scheme as laid down in the UK Government document titled 'Authentication Framework for Information Age Government': • Level 0: no authentication required • Level 1: authentication required to protect against minor inconvenience or loss (user ID and password) • Level 2: authentication required to protect against significant inconvenience or loss (digital certificate) • Level 3: authentication required to protect personal safety and/or to preventsubstantial financial loss • Level 0 enables unauthenticated transactions to be submitted via Gateway

  41. Level 0 Services

  42. Level 0 Services • for Level Zero services certificates, where provided, will be checked by Gateway only to verify that the certificate is still valid as issued by the CA • for Level Zero services username/password, where provided, will be checked by Gateway in order to see that it represents a valid Gateway registration. The sender ID will be replaced by the user’s credential identifier, which is a unique string assigned to a given user that doesn’t change over time or after credential upgrades

  43. Government Gateway New Features in 1.6

  44. Authentication User Interface UI checkbox to accept the terms and conditions before users can assign an agent for some services Improved search engine results Miscellaneous Presentation of multi-page agent client lists Improved handling of incorrectly entered known facts Graceful error handling on register-later with digital certificates Re-design how checkbox data is passed around between pages Organisations, agents and individuals all get the same help pages Once the Confirm button has been clicked the first time it will be disabled (digital certificate use) Back button on Change Details for assistant to perform as expected (previous page) Description on Individual Change Details screen changes to 'No Description Available‘ – to be fixed Blocking all cookies in browser causes a General Error to be output: link to advice page instead Improved handling if a different service is chosen more than 3 times during the registration process Removal of unnecessary instances of service name added to enrolled services description in 'View Assistants' screen Business Services Multiple enrolments to a service with different identifiers rude word filter on gateway-generated user IDs and activation PINs Checking for verification of UTR and Agent ID Activation failure admin message For agents, e-mails confirming successful submission of a form need the specific client identified. Gateway 1.6

  45. Gateway 1.6 Helpdesk • User ID re-send facility Documentation • Documentation of submissions and admin messages Payments Engine • Debit cards, credit cards, direct debits Authentication (continued) • Agent Assignment • Agent rights (de)allocation; resolving ambiguity at the back-end • Auto Service Enrolment • Auto service enrolment by department, to include auto-activation per service • Web Service Extensions • Lost user ID and password methods • Keys needed for de-enrol method • Method accepting a credential and giving a list of services Transaction Engine • Communications problems with DIS can cause all document processing to stall: impact assessment document Hub and Spoke • (DIS spoke and Secure Portal certificate management) • Business submissions via spokes over reliable messaging

  46. Scope - Release 1.6.1 • Full MSIs • R&E Pipeline • Paging Client Lists • Search Engine Meta Tags • Multiple Enrolments • Rude Word Filter • SOAP Multiple Enrolments • SOAP Keys Needed for De-Enrol

  47. Scope - Release 1.6.2 • Incremental MSIs • R&E Pipeline • Administration Protocol Definition • Verification of UTR and AgentID • Agent Rights Ambiguity • Auto-Enrolment • Helpdesk UserID Resend • SOAP Basic Agent • SOAP Password Reset and UserID Resend • SOAP GsoAuthenticate • TxE Pipeline • Hub & Spoke • Submission Email Update • Documentation of Submission Protocol

  48. Scope - Release 1.6.3 • Incremental MSIs • R&E New UI Functions • Terms and Conditions Checkbox • R&E UI Enhancements and Fixes • Entering Incorrect Known Facts • Error Handling with Certificates • Checkbox Data Between Pages • Help page Segmentation • Disable Confirm Button on Click • Back Button on Change Details • Description on Individual Change Details • Cookie Detection • User Thrown Out of Registration for Different Services • View Assistants Screen Clutter • R&E Business Services • Activation Failure Admin Message

  49. Government Gateway Sample Use of Features in 1.6 Release

  50. Hub and Spoke Overview DIS DIS DIS DIS Government Gateway Citizen and Business to Government Government to Government Backend Systems Application (portal/PC etc) Application (portal/PC etc) Backend Systems

More Related