1. ........................................................................................................................................................................ Austria
Hungary
Slovenia Zagreb
Romania
Ljubljana Croatia
Bosnia and
Bucarest
Belgrade
Herzegovina
Sarajevo
Serbia
Bulgaria
Montenegro
Adriatic
Sea Sofia
Podgorica
Skopje
The former Yugoslav
Tirana Republic of Macedonia
Italy
Albania
Greece
Western Balkans
Athens
SWEB – Architecture and Platform
Secure, interoperable, cross border m-services contributing towards a trustful
European cooperation with the non-EU member Western Balkan countries
SWEB is an EU IST cooperation project that develops a secure, open
and affordable government platform upon which secure, cross-border,
mobile government services can be built. These services support the
exchange of administrative documents between governmental
organizations, citizens and companies. To ensure interoperability the
platform is designed according to SOA concepts and implemented
with Web services.
Introducing the SWEB Platform The SWEB platform addresses the
interoperability needs of Small and
The international cooperation project Medium Governmental Organi-
SWEB develops an innovative secure zations (SMGOs) by implementing
platform for the interoperable, se- main components as atomic, self-
cure and mobile electronic exchange contained Web Services, orchestra-
of public sector documents. SWEB is ted with BPEL into business proces-
funded by the European Comm- ses, and realizing a Service Oriented
ission under its Sixth Framework Architecture (SOA). Since security
Programme (FP6) as part of the and trust are key enablers in govern-
Information Society Technologies mental systems, various security
(IST) initiative (044979). standards and technologies were
applied to achieve authentication,
Fraunhofer Institute for
Design Goals authorization and secure communi-
Open Communication Systems FOKUS
cation between the communicating
Competence Center ELAN
One design goal was to make the stakeholders. Advanced XML tech-
Petra Hoepner (Coordinator SWEB)
platform easily applicable in less- nologies, PKI, XML security stan-
Kaiserin-Augusta-Allee 31
10589 Berlin, Germany advanced technological infrastructu- dards, and mobile device security
res. To demonstrate the platform, its enhancements provide the technical
Tel +49 (0)30 3463 7185
services and the cross-border trial infrastructure of the SWEB platform.
Fax +49 (0)30 3463 8000
scenario, Western Balkan municipali- Thus administrative services can be
Mail petra.hoepner@fokus.fraunhofer.de
ties were chosen to collaborate with built easily, focussing development
EU-municipalities. Dissemination to purely on business logic by using the
........................................
other municipalities for potential security components available on the
redeployment is intended. Given that SWEB platform.
University of Piraeus Research Centre
mobile devices are widely available in
Department of Informatics
the Western Balkan countries, the
Dr. Nineta Polemi (Technical Manager SWEB)
Disclaimer This document has been produced with the
SWEB platform and its administrative
Karaoli & Dimitriou 80 financial assistance of the European Community. The views
services can be accessed using mo- expressed herein are those of Fraunhofer FOKUS and can the-
Pireaus 18534, Greece
refore in no way be taken to reflect the official opinion of the
bile devices. In this context a mobile European Commission. The information in this document is
Tel +30 210 4142 270 provided as is and no guarantee or warranty is given that the
framework will be introduced with
Mail dpolemi@unipi.gr information is fit for any particular purpose. The user thereof
special emphasis on security.
Web www.unipi.gr uses the information at its sole risk and liability.
2. ........................................................................................................................................................................
Austria
Hungary
Slovenia Zagreb
Romania
Ljubljana Croatia
Bosnia and
Bucarest
Belgrade
Herzegovina
Sarajevo
Serbia
Bulgaria
Montenegro
Adriatic
Sea Sofia
Podgorica
Skopje
The former Yugoslav
Tirana Republic of Macedonia
Italy
Albania
Greece
Western Balkans
Athens
Since the overall SWEB platform is tion/authorization mechanisms, noti-
based upon several tiers and a few fication and storage. This basic func-
external services, it can be deployed tionality itself is separated from the
as a distributed system to provide a actual business services that repre-
maximum of reliability, system stability sent an orchestration of such basic
and enhanced ease of maintenance. functionality. Thus in the event of
system failure at business service
To deploy the SWEB system, either level, basic services like platform
mobile or stationary clients are used access, document retrieval and mes-
to communicate with an interaction saging are still assured. Actual han-
layer which functions as a primary dling and approval of all official doc-
access point. Once a message passes uments is carried out by the legacy
validation, it is delivered to the SWEB system of the specific municipality
platform core, represented as a dedi- which is connected to the SWEB plat-
cated tier, holding the services that form in a well-defined manner.
An architectural overview are necessary to provide basic
of the SWEB platform functionality like various authentica-
Security Token UDDI Repository
Service (STS)
Public Key
»interface« »interface«
Infrastructure (PKI)
Node A1 Client Tier (Mobile) Operation Operation
»interface«
Operation
»interface« Timestamping
User Interface
Operation
XKMS
»interface«
Operation
Security Components
Node E
Node C First Enterprise Tier
Integration
Tier
Policy Enforcement
Node B Interaction Tier »interface«
Adaptation Layer
Operation
Message Security Manager
Gateway
»interface«
»interface«
»interface«
Operation
Operation Notification
Service Handling Operation
»interface«
Operation
XML Database
»interface« »interface«
Mobile Tier Manager Task Manager
Storage
Operation Operation
»interface« »interface« »interface« »interface« »interface« »interface«
Web Tier Manager
Operation Operation Operation Operation Operation Operation
»interface« »interface«
HTTP
Operation
Operation
Node A2 Node D
Client Tier »interface«
Web Services
(Stationary) Operation
Browser Buisness Workflow
Enterprise
Second Enterprise Tier »interface«
Operation Java Bean
»interface«
Other
Operation
3. ........................................................................................................................................................................
The SWEB platform consists of 5 tiers Several external servers are used
Client Tier (Node A) comprises the • Task Manager for managing all • STS (Secure Token Services) server
components a user needs to access tasks and service related docu- for user authentication and author-
the system, including mobile device ments ization by issuing a corresponding
clients (Node A1) and stationary SAML (Security Assertion Markup
clients for civil servants (Node A2). • Notification for creating and send- Language) token which is required
ing notification messages via SMS for users to be authenticated and
Interaction Tier (Node B) hosts the or eMail authorized to the SWEB platform.
communication components such as
the Mobile Tier Manager for access- • Storage for permanently storing • Time Stamping server (TSA) for
ing the SWEB platform using mobile requests (like e/m-Invoices) using time stamping official documents.
devices and Web Tier Manager for the XML-database
accessing the SWEB platform using a • PKI services exposed through
browser and smartcards. The • Adaptation Layer for communica- XKMS (XML Key Management
Message Security Manager is respon- tion with the existing systems of Service) which outsources compli-
sible for implementation of security the municipality cated PKI functions like certificate
features on the platform as well as validation from the mobile device.
for user authentication. Second Enterprise Tier (Node D)
contains the business services using • A UDDI repository storing the URLs
First Enterprise Tier (Node C) con- Business Process Execution Language of the SWEB-enabled municipali-
tains basic services and the platform (BPEL) for service orchestration. ties.
core such as
Integration Tier (Node E) provides Several types of interfaces are used in
• Service Handling for communica- binding to the legacy components. the SWEB platform: HTTP/HTTPS for
tion between the Interaction Tier web-based system access and TSA
and other components at the First communications, Web Services (SOAP)
Enterprise Tier for communication between the dif-
ferent tiers and EJBs (Enterprise Java
• Policy Enforcement for user autho- Beans) – mostly used for inner-tier
rization on the SWEB platform component communication.