Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- D4.1: Structured account of approaches on interoperability.
- D4.2: Set of requirements for interoperability of Identity Management Systems.
- D4.4: Survey on Citizen's trust in ID systems and authorities.
- D4.5: A Survey on Citizen’s trust in ID systems and authorities.
- D4.6: Draft best practice guidelines.
- D4.7: Review and classification for a FIDIS identity management model.
- D4.8: Creating the method to incorporate FIDIS research for generic application.
- D4.9: An application of the management method to interoperability within e-Health.
- D4.10: Specification of a portal for interoperability of identity management systems.
- D4.11: eHealth identity management in several types of welfare states in Europe.
- Profiling.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
Interoperability
Institutions function by means of human and automated systems communicating with each other, but always by means of sharing or exchanging information. Internal communication takes place between information systems and people within the same institution. External communication takes place between institutions and their business partners. Increasingly, external communications will be critical in assuring the future success of FIDIS. The right technologies, including the communication network, need to be put in place and
Interoperability in e-business may be defined as the communication, using standards, between several information technology systems held by various institutions or institutions.
The important benefits of interoperability include: increased cost-efficiency for the data exchanges, reduction of costs and more efficient retrieval of the needed data. An entity model for interoperability of systems between stakeholders, is illustrated in Figure 7.
Figure 7
The model shows the particular areas of interest concerning interoperability and their relationships with one another. The reader should bear in mind that the model is not a flow diagram; it is in the form of an entity-relation diagram or concept model and represents the structure of interoperability activities.
The model breaks down the overall scope of interoperability into its essential components and associates each with related components. Experience in using similar concept models has shown that it is a good basis for organising and controlling operations. It also provides a means for an institution to monitor and control changes in its operations. It thus provides a focus for specifying technical and business activities with regard to standards, sources of network services and contractual requirements.
The following sections briefly describe the areas of interest within the model. The first paragraph explains the meaning of the terms used; the remaining paragraphs make comments about the elements of the model.
International Community
The sector of government, business or industry, such as e-health, which is being addressed for the subject of interoperability.
Several industries have set up user groups so that experience and development of interoperability and related technologies can be shared between the members of the groups. This avoids duplication of effort and divergence of interests.
Institution
The institution that is concerned with interoperability.
Currently many institutions are only involved with interoperability for a small part of their activities. The full potential of e-commerce and the benefits of interoperability will only be realised when the institution is using these techniques throughout the institution as a whole and with its trading partners. The institution’s strategies for its business applications, electronic commerce, information technologies and information systems should include interoperability.
Legal Framework and Agreement
The relevant laws and regulations governing operations.
These may include laws covering legal practices, contract agreements, taxes, financial exchanges, customs and excise conditions within and between countries, and the obligations of personnel dealing with the transfer of information. Personnel need to be aware of the legal implications and should ensure that appropriate procedures are followed.
Standard
The defined standard being used for performing interoperability activities.
The importance of standards is being highlighted more and more by the application of Internet, Intranet and Extranet technologies. The subsequent effect of these technologies has meant that information, that has been originated, for example, in Microsoft Office may be published internally on a corporate intranet, viewed externally by business partners on an extranet, or published on an external web server to be viewed by the general public.
The role of the standardisation authorities in their unification is extremely important and should be closely monitored. Interoperability may be achieved by using more than one data standard since the adoption of a single standard may not be always possible.
Business Processes
A business process furthers the work of an institution. In this model, it is the highest level view of what is done within a business. A business process may or may not be supported by interoperability.
Potentially all business processes performed by the institution should be reviewed and studied to determine if benefits are to be gained by applying interoperability techniques. The concept of "business process" is fundamentally important to the proper analysis of interoperability in business. Increasingly, identity management systems are becoming critical to the proper functioning of many business processes.
Business Transactions
One or more activities make up the detail of business processes within institutions and between institutions.
Where institutions are working with each other an agreement should be reached between the parties concerned on the activities being carried out by interoperability, before transactions are performed.
The business transaction will involve either transmitting or receiving documents, images or other forms of communication such as voice mail or video conferencing sessions. These various kinds of messages may include text, numeric, graphic, voice or video files or any combination of them. Therefore an institution needs to be able to handle (i.e. receive and transmit) a range of message types, and to have procedures and relevant standards agreed with its trading or interacting partners, which apply for each of these.
Value
The value of the data or information being processed or transacted.
Value is a key issue for developing the risk management and security aspects of interoperability.
Trust Model
The mutual trust between two or more institutions
In today’s world, institutions must be nimble and fast. The electronic foundation must permit people and computers to transparently, and quickly search, locate, and access information to make effective business decisions quickly. This, therefore, requires a high level of trust and reliability.
Institutions should not only have trust in their own systems. Electronic messaging is an important tool for inter-institution communication, and allows institutions increased accessibility to each other’s information. For business partners, there must be trust in each other’s messaging systems too. For trust to develop in an institution’s electronic messaging system, security is a minimal requirement. achieved through a guarantee that the institution’s systems meet a recognised security standard that addresses their security threats.
It is important to distinguish between:
Trust – the relationship between social actors and entities or systems
Trustworthiness – an attribute of an entity or system
Sender / Publisher
The sender/publisher of the information, document, image or other form of communication.
The sender/publisher may be an institution, a part of an institution such as a business unit, a department, or an individual. The notion of "sender/publisher" introduces the question of authority to send messages and the legality of doing so.
Receiver/Accessor
The receiver/accessor of the information document, image or other form of communication.
It is important that the receipt of the information, document, image or other form of communication is recorded by the recipient. It may be preferable to send an acknowledgement message back to the sender/publisher. Once the message is received it should be understood and the necessary action taken.
Authorisation
The authorisation of the transaction
Institutions need to establish a chain of accountability and assign responsibility for activities involving interoperability at all levels. This will establish a pattern of supervision and control.
Date
The date and time when a transaction is carried out.
Procedures for demonstrating the integrity and authenticity of a time stamp and its binding to a particular piece of information should be documented.
Technology
The enabling technology which performed the transaction.
The enabling technology which performed the transaction.
Communication Network
The network is the communication’s medium used for transmitting and receiving messages.
A network may be an internal one, set up and managed by an institution for its own use, or it may be one operated by an institution whose business is to provide a communication facility specifically for the transmission of information, documents, images and standardised electronic messages.
Security
The technical and non-technical security of the system
In this world of increasing interconnectivity and reliance, security is critical to ensure institutions can trust their own systems, and that of their business partners, to deal with security threats and ensure the continuation of business. Through a programme of trustworthiness development, evaluation and certification to a recognised standard, an institution can guarantee their electronic message handling systems to a demonstrable level of security.
A secure technical infrastructure is only one of the elements required for securing electronic commerce. Institutions must also consider the non-technical security of their systems, defined by policies, which may include cultural aspects, perceptions, and the roles, responsibilities and behaviour of personnel. Institutions are however always driven to balance security risks against commercial costs.
Authentication, Integrity and Confidentiality
Authentication – the assurance to one entity that another entity is who he/she/it claims to be.
Integrity – the assurance to an entity that data has not been altered between transmission.
Confidentiality – the assurance to an entity that no one can read a particular piece of data except the receiver(s) explicitly intended.
14 / 16 |