FASTeTEN - RSS feed
FASTeTEN FASTeTEN
  FAST Fully Automated Secured Transactions services
European Commission, Information Society and Media e-Ten
     

Project Description

Characteristics and Project Results

FASTeTEN, which is supported by the European Commission’s eTEN programme, is a project to examine how a secure electronic document exchange system, developed in France, can be deployed for the benefit of administrations and citizens across Europe.
Summary:

CHARACTERISTICS

PROGRESS AND RESULTS

CHARACTERISTICS


1. Target users addressed:

- UK

Services for children within the UK are currently undergoing a massive reorganisation. These changes were partially instigated by a recent case, where, through lack of information sharing and interoperable services, a ‘child at risk’ was tragically killed. The result has been the joining together of the Education Department and Children’s Social Services within a Local Authority to form ‘Children and Young Peoples Service’. The UK Government is financing several initiatives within this new service. Some of the aims of these initiatives are to:

  • Improve attendance at school
  • Improve attainment
  • Encourage parental/guardian participation
  • Target use of resources
  • Ensure child safety

One of these initiatives is ‘Building Schools for the Future’. Sheffield City Council (SCC) is one of 4 ‘Pathfinder’ Authorities in this initiative, with a specific remit of leading in ICT. There are to be 7 new schools built in Sheffield, the first one will open in September 2007. It is envisaged that as a Pathfinder Authority, Sheffield will develop a blue print of systems and processes within these new schools that can be used by, and rolled out to, other Authorities within the UK.

A second initiative is ‘Managed Learning Environment’, the Government has given money to each school in the UK to develop an online learning space for each child. SCC is running a pilot that will not only give access to a virtual learning environment and online working space for both teachers and pupils, but will also give parents a portal from which they can access real time information about their children.

The Education Authority has a duty of care to give parents information within a specific timeframe. This includes

  • notifying parents/guardians immediately of any unauthorised absence from school;
  • giving a specific amount of notice to parents/guardians before a child can be kept late at school for detention;
  • notifying parents/guardians that children are away from school premises on authorised activities

A third initiative is ‘Safety Net’. This system aims to bring together Health, Education and Social Services. It allows confidentiality and data protection by division of duties and only allowing particular job roles access to specific pertinent information. However, if someone in any of these service areas accesses a child’s record, it raises a ‘flag’. When an individual child’s record has been accessed 3 times by anyone across all the services a warning is issued that this child may be at risk.

- SPAIN

The targeted service in the Region of Valencia will be the electronic public procurement system that is being implemented in compliance with the new EU directives. This system follows the guidelines provided by the European Commission under the Interchange of Data between Administrations programme (IDA) “Functional Requirements for conducting electronic public procurement under the EU Framework” (European Communities, 2005) .

Following these guidelines, security mechanisms are needed to provide a secure communication interface, mainly for the exchange of documents between procurement authorities and Economic Operators. Standards constituting adequate and acceptable security need to be provided for the implementation of services during each stage of the procurement process. The required specifications need to be provided for ensuring adequate authentication, digital signature, non-repudiation, data integrity and encryption.

The main objectives considered for the creation of a secure environment are the following:

  • Authentication: guarantees that the service is only accessible to users with a verified identity.
  • Authorisation: guarantees that authenticated users can only access services or data matching their role and access rights.
  • Confidentiality: guarantees that the data exchanged between the person requesting it and the provider cannot be intercepted or accessed by a third non-authorised party.
  • Integrity: guarantees that data exchanged between the person requesting it and the provider has not been modified or tampered with by a third non-authorised party.
  • Non-repudiation: guarantees that the sender of the message cannot deny, at a later point in time, that s/he sent it.

Provided that FAST platform addresses all these security issues, this tool will be used to implement the security framework to support the needs of the GVA eProcurement system. FAST will be in turn, supported by the GVA PKI infrastructure to manage the Public Key certificates for identifying the user and for securing the communication between the users of the application and the servers that host the application environment (Web Server), and the corresponding business logic (Application Server).


2. Technical perspective:

FAST is a TRUST PLAT-FORM available on internet as a web portal or through web services. FAST components (Timestamp / Validation / Archiving) are running in a Java environment and installed on a Sun Solaris server. It is coupled with a workflow system, Oracle databases and digital certificates system. FAST also provides software editors digital signature & ciphering APIs (C or Java form) to allow developers to connect their software to the web services.

Network/s and technology used, standards, integration/interoperation.

In order to allow any fields of activity to be dematerialized, the FAST platform addresses the following major security issues.

  • Strong authentication and right managements: every user who tries to get access to the FAST platform must provide a digital certificate for formal identification. Once he has been identified, the platform checks that he is allowed to access the service and has been granted authorization to perform the requested operations.
  • Integrity and non-repudiation of the exchanges: for each transaction, the FAST platform checks the integrity of the exchanged data. This requires that all of the transmissions be signed by the subscribers. As a consequence, the platform validates the identity of the signers and associates the exchanged data with them.
  • Data confidentiality: when dealing with some fields of activities, the system ensures the strict confidentiality of exchanged data from end to end. In this case, this protection is performed through the encryption, by the source, of business data that are transmitted to the recipient.
  • Status tracking and proof generation: using various monitoring and notification tools, the FAST platform users and administrators are able to follow precisely the advancement state of the processing. The aggregation of trust services such as timestamping, validation, and data archiving results in a system capable of generating digital proofs of each exchange.
  • Availability and quality: in addition to the means to transmit data 24 hours a day, 7 days a week, a suite of business and technical tools (monitoring, notification, and auditing) provides the subscribers with a real-time view of the platform status. This feature’s goal is of course to enable the immediate processing of possible business-related or technical anomalies.


3. Trans-European coverage:

The project will be followed by a group of « potential deployers » that will follow the results of each work package. The objective of the "monitoring " group is to access directly to the work achieved in the work packages in order for participant to evaluate interest for them, evaluate efforts to be done for a transfer in their environment, evaluate budgets and time frame, check possible partnerships with the partners involved in the projects

The potential deployers group, will validate the used methodology and act as a Quality controller during the different phase of the Deployment. This group will be coordinated by the City of Prato and will be involved in the different steps of the deployment and the milestones of the project; we have potential deployers from Italy, Belgium, Hungary, Bulgaria, We may summarize the work in 4 steps:

  • Validate the methodology,
  • Follow-up and comments amongst the forecasted tasks and work packages,
  • Contribute to the analysis and synthesis of the assessment
  • Assess the project after three experimentation years

During the life cycle of this project we will invite other Administration to join, such as: Germany which is using OSCI protocol and Sweden which is using SHS in order to work on interoperability between these protocols. Other Administration interested in the results of the work


4. Expected benefits:

FAST provides openness and transparency in information access for communications between citizens and their administrations.

Through FAST, public administrations can streamline their operations by switching their document management systems onto an electronic platform. Documents can be exchanged securely and efficiently in electronic format, between different agencies and different levels of the administration. FAST streamlines back office processes and makes document exchange easier. It thus lightens the load of administration officials. Authorities are required to exchange notifications on the occasion of marriages, deaths and other life events requiring certification, and are also required to exchange data and information concerning local authorities decisions with the Ministry of Interior. All of this documentation is easily exchangeable through FAST. Furthermore, procedural burdens are lessened for citizens – for example, they will no longer have to ask for a copy of a birth certificate where it is required for a benefit application.

By reducing the time required for dealing with administrative demands and the associated costs, FAST thus makes a contribution to improving government efficiency in Europe. By deploying FAST in different administrations across Europe, citizens throughout the European Union can share in these benefits.


5. Contribution to EU policies:

The Sheffield application will provide a solution to the current fragmentation of the education sector as a whole, enabling the development of a whole raft of services both for the administrations and for the citizens. These will be potentially replicable from one country to the other and could be potentially interoperable across boundaries, for children who need to move from one country to the other and go to school accordingly.

The Valencian application will provide a standard solution for eProcurement that could be replicated for its use at local, regional or national level.

The goals and objectives of the Sheffield pilot are not only important to the rest of the UK, but will be of interest across Europe. The pilot will allow services to be added on an incremental basis across all the services of Local Government.

It will build an implementation plan that will be replicable and interoperable across the UK. It will also show that the technology and processes are interoperable. It must be noted that not all Local Authorities within the UK have the same technical infrastructure or level of technology.

This will then give a starting point for other regions within the EU to address any legal interoperability issues. Deployment in 3 countries will allow test on exchange of Electronic signatures as well as cross boarder queries on non repudiation lists.

At a longer term, many other FAST applications could be implemented, within or across countries, to create major economies of scale and technological synergies.

At a time when cross-countries collaborative initiatives appear within the E.U., in various domains (customs, human traffic prevention, driving license harmonization, common public research programs, cross boarders road police, educational student exchanges, etc.), cross-boundaries needs for interoperability or secured data exchanges are more than likely to arise. Therefore, FAST would be contributing to the global harmonization of administrative processes across the EU.


1 2 Next

CHARACTERISTICS


1. Target users addressed:

- UK

Services for children within the UK are currently undergoing a massive reorganisation. These changes were partially instigated by a recent case, where, through lack of information sharing and interoperable services, a ‘child at risk’ was tragically killed. The result has been the joining together of the Education Department and Children’s Social Services within a Local Authority to form ‘Children and Young Peoples Service’. The UK Government is financing several initiatives within this new service. Some of the aims of these initiatives are to:

  • Improve attendance at school
  • Improve attainment
  • Encourage parental/guardian participation
  • Target use of resources
  • Ensure child safety

One of these initiatives is ‘Building Schools for the Future’. Sheffield City Council (SCC) is one of 4 ‘Pathfinder’ Authorities in this initiative, with a specific remit of leading in ICT. There are to be 7 new schools built in Sheffield, the first one will open in September 2007. It is envisaged that as a Pathfinder Authority, Sheffield will develop a blue print of systems and processes within these new schools that can be used by, and rolled out to, other Authorities within the UK.

A second initiative is ‘Managed Learning Environment’, the Government has given money to each school in the UK to develop an online learning space for each child. SCC is running a pilot that will not only give access to a virtual learning environment and online working space for both teachers and pupils, but will also give parents a portal from which they can access real time information about their children.

The Education Authority has a duty of care to give parents information within a specific timeframe. This includes

  • notifying parents/guardians immediately of any unauthorised absence from school;
  • giving a specific amount of notice to parents/guardians before a child can be kept late at school for detention;
  • notifying parents/guardians that children are away from school premises on authorised activities

A third initiative is ‘Safety Net’. This system aims to bring together Health, Education and Social Services. It allows confidentiality and data protection by division of duties and only allowing particular job roles access to specific pertinent information. However, if someone in any of these service areas accesses a child’s record, it raises a ‘flag’. When an individual child’s record has been accessed 3 times by anyone across all the services a warning is issued that this child may be at risk.

- SPAIN

The targeted service in the Region of Valencia will be the electronic public procurement system that is being implemented in compliance with the new EU directives. This system follows the guidelines provided by the European Commission under the Interchange of Data between Administrations programme (IDA) “Functional Requirements for conducting electronic public procurement under the EU Framework” (European Communities, 2005) .

Following these guidelines, security mechanisms are needed to provide a secure communication interface, mainly for the exchange of documents between procurement authorities and Economic Operators. Standards constituting adequate and acceptable security need to be provided for the implementation of services during each stage of the procurement process. The required specifications need to be provided for ensuring adequate authentication, digital signature, non-repudiation, data integrity and encryption.

The main objectives considered for the creation of a secure environment are the following:

  • Authentication: guarantees that the service is only accessible to users with a verified identity.
  • Authorisation: guarantees that authenticated users can only access services or data matching their role and access rights.
  • Confidentiality: guarantees that the data exchanged between the person requesting it and the provider cannot be intercepted or accessed by a third non-authorised party.
  • Integrity: guarantees that data exchanged between the person requesting it and the provider has not been modified or tampered with by a third non-authorised party.
  • Non-repudiation: guarantees that the sender of the message cannot deny, at a later point in time, that s/he sent it.

Provided that FAST platform addresses all these security issues, this tool will be used to implement the security framework to support the needs of the GVA eProcurement system. FAST will be in turn, supported by the GVA PKI infrastructure to manage the Public Key certificates for identifying the user and for securing the communication between the users of the application and the servers that host the application environment (Web Server), and the corresponding business logic (Application Server).


2. Technical perspective:

FAST is a TRUST PLAT-FORM available on internet as a web portal or through web services. FAST components (Timestamp / Validation / Archiving) are running in a Java environment and installed on a Sun Solaris server. It is coupled with a workflow system, Oracle databases and digital certificates system. FAST also provides software editors digital signature & ciphering APIs (C or Java form) to allow developers to connect their software to the web services.

Network/s and technology used, standards, integration/interoperation.

In order to allow any fields of activity to be dematerialized, the FAST platform addresses the following major security issues.

  • Strong authentication and right managements: every user who tries to get access to the FAST platform must provide a digital certificate for formal identification. Once he has been identified, the platform checks that he is allowed to access the service and has been granted authorization to perform the requested operations.
  • Integrity and non-repudiation of the exchanges: for each transaction, the FAST platform checks the integrity of the exchanged data. This requires that all of the transmissions be signed by the subscribers. As a consequence, the platform validates the identity of the signers and associates the exchanged data with them.
  • Data confidentiality: when dealing with some fields of activities, the system ensures the strict confidentiality of exchanged data from end to end. In this case, this protection is performed through the encryption, by the source, of business data that are transmitted to the recipient.
  • Status tracking and proof generation: using various monitoring and notification tools, the FAST platform users and administrators are able to follow precisely the advancement state of the processing. The aggregation of trust services such as timestamping, validation, and data archiving results in a system capable of generating digital proofs of each exchange.
  • Availability and quality: in addition to the means to transmit data 24 hours a day, 7 days a week, a suite of business and technical tools (monitoring, notification, and auditing) provides the subscribers with a real-time view of the platform status. This feature’s goal is of course to enable the immediate processing of possible business-related or technical anomalies.


3. Trans-European coverage:

The project will be followed by a group of « potential deployers » that will follow the results of each work package. The objective of the "monitoring " group is to access directly to the work achieved in the work packages in order for participant to evaluate interest for them, evaluate efforts to be done for a transfer in their environment, evaluate budgets and time frame, check possible partnerships with the partners involved in the projects

The potential deployers group, will validate the used methodology and act as a Quality controller during the different phase of the Deployment. This group will be coordinated by the City of Prato and will be involved in the different steps of the deployment and the milestones of the project; we have potential deployers from Italy, Belgium, Hungary, Bulgaria, We may summarize the work in 4 steps:

  • Validate the methodology,
  • Follow-up and comments amongst the forecasted tasks and work packages,
  • Contribute to the analysis and synthesis of the assessment
  • Assess the project after three experimentation years

During the life cycle of this project we will invite other Administration to join, such as: Germany which is using OSCI protocol and Sweden which is using SHS in order to work on interoperability between these protocols. Other Administration interested in the results of the work


4. Expected benefits:

FAST provides openness and transparency in information access for communications between citizens and their administrations.

Through FAST, public administrations can streamline their operations by switching their document management systems onto an electronic platform. Documents can be exchanged securely and efficiently in electronic format, between different agencies and different levels of the administration. FAST streamlines back office processes and makes document exchange easier. It thus lightens the load of administration officials. Authorities are required to exchange notifications on the occasion of marriages, deaths and other life events requiring certification, and are also required to exchange data and information concerning local authorities decisions with the Ministry of Interior. All of this documentation is easily exchangeable through FAST. Furthermore, procedural burdens are lessened for citizens – for example, they will no longer have to ask for a copy of a birth certificate where it is required for a benefit application.

By reducing the time required for dealing with administrative demands and the associated costs, FAST thus makes a contribution to improving government efficiency in Europe. By deploying FAST in different administrations across Europe, citizens throughout the European Union can share in these benefits.


5. Contribution to EU policies:

The Sheffield application will provide a solution to the current fragmentation of the education sector as a whole, enabling the development of a whole raft of services both for the administrations and for the citizens. These will be potentially replicable from one country to the other and could be potentially interoperable across boundaries, for children who need to move from one country to the other and go to school accordingly.

The Valencian application will provide a standard solution for eProcurement that could be replicated for its use at local, regional or national level.

The goals and objectives of the Sheffield pilot are not only important to the rest of the UK, but will be of interest across Europe. The pilot will allow services to be added on an incremental basis across all the services of Local Government.

It will build an implementation plan that will be replicable and interoperable across the UK. It will also show that the technology and processes are interoperable. It must be noted that not all Local Authorities within the UK have the same technical infrastructure or level of technology.

This will then give a starting point for other regions within the EU to address any legal interoperability issues. Deployment in 3 countries will allow test on exchange of Electronic signatures as well as cross boarder queries on non repudiation lists.

At a longer term, many other FAST applications could be implemented, within or across countries, to create major economies of scale and technological synergies.

At a time when cross-countries collaborative initiatives appear within the E.U., in various domains (customs, human traffic prevention, driving license harmonization, common public research programs, cross boarders road police, educational student exchanges, etc.), cross-boundaries needs for interoperability or secured data exchanges are more than likely to arise. Therefore, FAST would be contributing to the global harmonization of administrative processes across the EU.

PROGRESS AND RESULTS


1. Expected results:

Overall, the main objective for FAST is to validate the adaptability of FAST infrastructure and technologies for every administrative procedure and constraint, in any country. Up to now, the FAST system has been developed to answer French public issues, and successfully tested accordingly. If FAST system can be easily adapted to the Spanish e-procurement legal process and to one of the few English processes identified, meaning that no specific technology will have been developed, it will show that FAST workflow engine and security tools can match local criteria at a European scale. Indeed, FAST system has been developed to become a standardization tool for IT communication at a large scale.


2. Deployment potential:

The main obstacles to be overcome for deployment, solutions, deployment timetable, broader deployment potential will be analysed through a Legal checklist for replicating FAST in other countries. FAST French experience of dematerialization showed that it was vain to try to build standard implementation rules, even within a single country. Indeed, each new application requires the security needs, the legal environment as well as the IT configuration of every actors involved to be studied carefully, in order to design the appropriate technological answer through FAST. It is fundamental to adopt the right level of security for electronic transactions, to maintain the costs at a reasonable level and to guarantee a massive use of services. Too little security will result in a prohibition of the service by the local public bodies in charge of ethic/IT security/individual rights. On the other hand, over-securizing an application will result in no-one using it. As a consequence, a specific study has to be undertaken every time.

We will assume this statement will remain true for applications in other countries and even more for cross-borders applications. However, some kind of standard “local adaptation” roadmap can be defined for every new application.


3. Reports to be publicly available on the Web:

A) Legal roadmap for adapting FAST in a new country

  • Study the legal requirements related to the considered application and identify the :
    • Signature needs (ex.: official certificates, contracts)
    • Confidentiality needs (ex.: medical files)
    • Legal delays constraints (ex.: e-procurement: limited time to post a commercial proposal) This inventory will help defining a solution with a coherent security level.
  • Define a new e-service adapted to the legal context and to the operational context (seize, number and degree of computerization of the actors; costs; business model, etc.)
  • Identify the local authorities in charge of the process and local regulation authorities (ex.: CNIL in France)
    • Propose the new e-service respecting the legal context and get a validation for an experimentation or a generalisation
    • If impossible, it can be necessary to apply for an adaptation of the law to the e-service defined This step results in a go / no go signal for making the service operational.

B) Public part of the final report

In the same section:
OK