Cybernetica

Menu

UXP and the European Interoperability Framework

Government requires a mix of policy, management, and technology capabilities to create interoperability (Pardo & Burke, 2008a, pg.3).

According to academic literature about e-Government, interoperability is the key concept for achieving fully integrated public sector services (see Layne & Lee, 2001; Kubicek, 2011; Pardo, Nam, Burke, 2008; et al.). While that’s an established fact, its meaning certainly varies and needs further clarification. In 2004, the European Commission introduced its first attempt to provide specific guidance on how the issue of interoperability can be addressed in order to build integrated public sector services. The European Interoperability Framework (EIF) has been updated several times since then and introduces four interoperability layers required for integrated public service governance: legal, organisational, semantic, and technical interoperability.

Figure 1: EIF Interoperability Model (NIFO, 2020)

Legal interoperability addresses the questions of how organisations operating under different legal frameworks, policies, and strategies can work together (see NIFO, 2020).
Organisational interoperability concerns the definition of business goals, modelling of business processes, and bringing about the collaboration of administrations (ibid.).
Semantic interoperability deals with the precise format and meaning of exchanged data and information. It attempts to guarantee that information and data are understood throughout exchanges between parties (ibid).
Technical Interoperability covers the technical issues of connecting computer systems and services. It addresses key aspects such as open interfaces, interconnection services, data integration and middleware, data presentation and exchange, accessibility, and security services (ibid.)

Compatibility of Cybernetica’s UXP and the EIF
Cybernetica’s Unified eXchange Platform (UXP), deeply rooted in the development of the e-Government and integrated public services in Estonia and abroad, considers and complies with all of these layers, still remaining flexible enough for it to be adjusted to respective local needs. A great example of UXP’s EIF compatibility is the work Cybernetica has been doing together with the e-Governance Academy (eGA) in Benin. Advised by eGA, Benin’s rapid adoption of the Code Numerique provided a solid legal basis for the exchange of data, the storage and evidentiary value of digital data, and personal data protection in general. On the organisational and semantic layer, an emphasis was put on the coordination of work between governmental institutions and the compatibility of information in their databases. On the technical interoperability layer, UXP allows for the secure technical integration and transport of data managed by different authorities for a streamlined public sector e-service user experience, triggered by citizens making use of e-services via the Cybernetica-built Benin State Portal.

Let’s take a look at how the UXP software conceptually pays respect to the four different layers.

In terms of legal interoperability, it’s crucial that UXP is built on the premise of keeping exchanged information private and secure. Private, as in only authorised parties can query data, and secure, as in querying parties are repeatedly and mutually authenticated to make sure that it’s, in fact, the authorised party that is querying and processing respective data. Moreover, UXP doesn’t process the information itself, as information is exchanged peer-to-peer and never meddled with. Thus, UXP is easy to implement in legal environments that hold data privacy and protection dearly. On a related note, the once-only principle, i.e. citizens and businesses providing data to an authority only once, is gaining momentum in the European Union and certainly applicable with UXP.

In regard to organisational interoperability, UXP does not discriminate per se against any party or amount of parties that want to become a member of the data exchange layer. It’s distributed and scalable per definition and really depends on how the client makes use of it. Governance of the data exchange layer is up to the Governing Authority and what kind of data is exchanged is up to its members. UXP does not put any obstacles on what kind of business processes are aligned and what kind of data is exchanged. Conceptually, it facilitates the exchange of data in line with the so-called Four-Corner-Model, eliminating the risk of a single point of failure and allowing independently developed IT systems to work in sync.

Central to semantic interoperability is that UXP is payload agnostic, allowing e.g. structured XML files and unstructured documents, such as bills, to be exchanged via UXP. In UXP, the communication is organised as synchronous service calls where the service providers design services and make them available for service clients. UXP system provides service providers with the technical means to manage the access rights of services via the Security Servers. The queries are written in SOAP or REST. In terms of usability, it is crucial that administrators using UXP for building services don’t necessarily need to know how to write SOAP-queries, as the UXP Connector converts SOAP requests to SQL statements and vice versa. Thus, it mediates between UXP Components and Member Databases. Moreover, the UXP Directory keeps track of service providers, clients, services themselves, and more.

The core of UXP technology consists of Registry, Security and Monitoring Server(s), and Trust Services, and they fully address the need for technical interoperability. The UXP software, installed on designated servers, makes sure that communication between different information systems is safe. UXP uses the TLS (Transport Layer Security) protocol to establish a secure channel between the security servers. The security channel uses mutual certificate-based authentication (both the server and client must present a valid certificate), whereas the authentication certificates are registered at the governing authority and connected to specific security servers. All exchanged messages are digitally signed, logged, and time-stamped, guaranteeing non-repudiation.

We are certainly ready to take a closer look at your project and help you design your underlying interoperability framework. Feel free to reach out to us and discuss in further detail: info@cyber.ee

Written by Tobias Koch

References:
Kubicek, H., Cimander, R. and Scholl, H.J., 2011. Organizational interoperability in e-government: lessons from 77 European good-practice cases. Springer Science & Business Media.
Layne, K., & Lee, J., 2001. Developing fully functional e-government: A four stage model. Government Information Quarterly, 18, 122–136.
Pardo, T. A., & Burke, G. B., 2008a. Government worth having: A briefing on interoperability for government leaders. [Online]. Albany: Center for Technology in Government, Research Foundation of State University of New York. Retrieved from http://www.ctg.albany.edu/publications/reports/government_worth_having, 29.07.2020.
NIFO – National Interoperability Framework Observatory, 2020. Interoperability layers. [Online]. Retrieved from https://joinup.ec.europa.eu/collection/nifo-national-interoperability-framework-observatory/3-interoperability-layers, 29.07.2020.