government soa scenario: immigration and border management

Redpaper

Government SOA Scenario: Immigration and Border Management

This IBM® Redpaper™ describes a service-oriented architecture (SOA) industry solution for immigration and border management using the IBM Government Industry Framework. It describes how the IBM Government Industry Framework can be used to implement two scenarios:

� Advanced Passenger Analysis � Registered Traveler

Martin KeenAllen DreibelbisHungTack Kwan

John LaLonePaul McKeown

Rashmi KaushikRobert SporyMarilza Maia

Vinod Chavan

© Copyright IBM Corp. 2009. All rights reserved. ibm.com/redbooks 1

http://www.redbooks.ibm.com/


Introducing the IBM Government Industry Framework

The IBM Government Industry Framework is a government-focused software platform that allows the customer to build out their capabilities over time. The IBM Government Industry Framework helps customers:

� Build on an SOA-based platform and open standards.

� Make use of technology investments across multiple solutions and projects.

� Reduce implementation risk, and deploy solutions faster by using hardened platform elements and government specific extensions, such as industry models, templates, portlets, reference implementations, and government specific resources such as this paper.

� Make use of a broad ecosystem of business partners with strong government capabilities.

The IBM Government Industry Framework supports a broad integrated set of government solutions across the following domains (Figure 1 on page 3):

� Social services and social security� Safety and security� Tax and revenue management� Metropolitan transportation and roads� Integrated urban infrastructure

2 Government SOA Scenario: Immigration and Border Management

Figure 1 IBM Government Industry Framework supports integrated government solutions

This paper discusses scenarios in the safety and security domain to illustrate leading practices and how to adopt the IBM Government Industry Framework components.

New challenges at the border

Around the world, the threat of terrorism and the promise of globalization are reshaping the fundamental nature of borders and how they are managed. Borders must be open for business and closed to unwanted guests. The desire to improve speed and convenience is constantly held in check by the responsibility for security and safety

In many nations, control operations are now executed beyond the physical border and before arrival at a nation's official points of entry. The result is a much broader and more complicated scope of operation for border management, and a greater need for collaboration between nations.

IBM Systems and Technology Group

IBM Government Industry Framework

Key IBM Software Group Products

Government Extensions and AcceleratorsData, Process

and Risk ModelsInterfaces and

AdaptersTemplates

and PortletsReference

Architectures Tools DeliveryGuides

IBM Global Business ServicesIBM Global Technology Services

Partner Ecosystem

IBM Government Services Solutions

Tax andRevenue

Management

SocialServices and

Social SecuritySafety andSecurity

MetropolitanTransportation

and Roads

IntegratedUrban

Infrastructure

Government SOA Scenario: Immigration and Border Management 3

Border management duties are shared between a wide range of government agencies such as customs, border protection, immigration, police, and intelligence. Each of these agencies have individual priorities in support of the common goal. There must be a constant flow of information between these agencies to coordinate their activities effectively.

The need for international and inter-agency collaboration to achieve the twin objective of security and facilitation means that government leaders responsible for border integrity face rising complexity in accomplishing their missions.

Governments realize that the increase in international air travel and imposition of rigorous security checks mean more queues and more inconvenience for passengers. This can result in further disruption to airline schedules and increased safety and security risks because crowded airports can become terrorist targets.

Recognizing identity has never been more important to ensure homeland security, travel, and public safety. If immigration and border agencies know with whom they are dealing, they can treat them appropriately. The faster the process, the less the disruption, making identity management technologies key. Some of these analytical tools are shown in Figure 2.

Figure 2 Analytical tools to identify and assess passengers

These tools will be referred to in more detail in the rest of the paper.

Screening

• Assess Risk Profile• Passenger Data Load

and Score• Name Recognition• Record Results• Alerts against Watch

Lists

Watch Lists

• Manage Lists• Passenger Records

Reprocessed

Secondary Analysis

• Workflow for ManualExpertise

• Intelligence Resolution

Alerting

• Manage Cases• Generate Alert• Notification

Auditing

• Passenger Profile• Ticket• Case & Alert History

Biometrics

• Stored in eDocuments• Local verification of ID• Identifying unknown

people• Uses face, fingerprints

iris scans for identification


What is being done to meet the twin challenges of security and facilitation?

Airports, airlines, and governments are aware of the problem and are considering a range of options to address this challenge. There are primarily two ranges of options:

� Resource management

This option looks to increase capacity. Examples include adding more airports, adding more security gates, and adding more staff. These solutions are typically expensive to implement, and are subject to environmental constraints.

� Technology

This option looks to increase throughput by early identification of passengers, early risk assessment, and speeding low risk passengers through automated checks wherever possible. These options include, either singly or in combination:

– Advanced Passenger Analysis– Registered Traveler programs– Automated border gates– Self check-in through the Web and kiosks

This paper focuses on Advanced Passenger Analysis and Registered Traveler programs.

Advanced Passenger Analysis

Advanced Passenger Analysis is the process of comparing passenger data with watchlists and profiles before and during flights. Sending information from airline to government prior to travel provides cost effective facilitation and security because background checks on more passengers earlier in the process means fewer delays due to manifest checks by the destination country prior to take-off. After high risk passengers are identified, border agents can focus their attentions on reducing their risk through detailed questioning. Focused checks are more effective than random checks of everyone who attempts to board a plane.


Benefits of Advanced Passenger AnalysisThe following benefits are derived from a Advanced Passenger Analysis solution:

� Advanced Passenger Analysis reduces cost of both the arrest of serious criminals and the denial of boarding to certain passengers.

� Border security is tightened because an early warning system allows more time for the authorities to develop plans for intervention.

� Passengers enjoy an easier, quicker travel experience because they are treated sensitively according to the risk they present and by having sent information in advance. Background checks that would normally cause a queue at the border can be done before they arrive.

� Airports benefit because they are less likely to incur fines for poor performance due to long queues.

� Airlines benefit because they are less likely to carry unwelcome passengers, which could cost the airlines both large fines and the fee of returning unwelcome passengers to their departure point.

Registered Traveler programs

In a Registered Traveler program, registered travelers use a token to access automated or fast-service security and border checkpoints. The enrollment process generally involves the traveler providing a detailed biography for risk assessment, and providing biometric information. Tokens are issued to travelers meeting the credentials. The Registered Traveler program continues to perform ongoing checks to ensure that the traveler's behavior remains consistent with their trusted status.

The Registered Traveler program can be a commercial or government program:

� As a commercial program it is a fee paying card-based program combined with other services such as car parking and business lounges.

� As a government program it uses electronic passports or ID cards to access automated gates.


Benefits of a Registered Traveler programRegistered Traveler programs offer benefits to a range of stakeholders:

� For passengers it means more convenience and consistent and reasonable times for security checks. These can be significant because Registered Travelers are normally through the border in a few minutes. Commercial Registered Traveler programs provide a full service offering, including access to private lounges, preferential car parking, and loyalty schemes in the airport.

� Airlines benefit indirectly. If fewer people are delayed due to queues at the border and security they are likely to view air travel more positively. It could also mean less disruption to their timetables because of late boarders.

� Airports profit from their commercial Registered Traveler programs. They might also enjoy an improved image because the automation has reduced queue times for all. There could be more repeat business as travelers are less likely to avoid airports in the future due to previous negative experiences.

� Governments could see an improvement in national security because they can process people more thoroughly using automated gates. It allows for better assessment of security risks because international schemes can enable multi-background checks.

� Governments also have a biometric records of entry and exit. They know who is in or out of the country.


Capability model for a new and improved border management process

Figure 3 shows the capability model for a new and improved border management process. This border management process needs to support collaboration between agencies, secure and timely exchange of critical information, ability to meet increased demand, and the ability to respond quickly to changing regulations and policies.

Figure 3 Capability model for a new and improved border management process

The result of this enhanced border management process are two offerings:

� Enhanced Advanced Passenger Analysis

� A new Registered Traveler program

These two offerings are the subject of the remainder of this paper.

Advanced Passenger Analysis

This section describes how to model a Advanced Passenger Analysis process, perform business service modeling, and illustrates a solution architecture with IBM product mappings.

Busi

ness

Initi

ativ

esV

alue

Prop

ositi

onC

apab

ilitie

sO

fferin

g

Enhanced Advanced Passenger Analysis (APA) New Registered Traveler (RT) Program

Boost national economy through more

travel and trade

Improved mgmt of crisis and alerts

Tighten national security

Improved convenience for air/sea/land

travelers

Improved effectiveness and efficiency

of border control resources

Enhanced Border Management Processes

Rapid response to new government regulations

and security policies

Ability to increase collaboration

with other agencies

Ability to be sure of passenger identity

Ability to process more passengers using Automated borders


Modeling the Advanced Passenger Analysis process

This section describes an Advanced Passenger Analysis process for an international air travel example. This solution can be applied to a broader range of border agency/immigration departments that might already have a basic Advanced Passenger Analysis solution or no Advanced Passenger Analysis solution at all.

What is the Advanced Passenger Analysis System?Advanced Passenger Analysis (APA) is an early warning system that allows governments to collect and analyze Advance Passenger Information (API) and Passenger Name Record (PNR) data from airlines before and during their journey. By comparing API and PNR data with watchlists and profiles, governments can be alerted if named persons of interest, or unnamed individuals who fit the profile of high risk passengers are attempting to cross their borders.

Some countries believe that the use and storage of API/PNR Data intrudes on passenger privacy and are seeking compromises on the amount of data that is processed and stored.

Countries are reaching consensus on a standard way of collecting information from airlines.

Advance Passenger Information:

� Concerns data that air/sea carriers did not store previously but which they now have to collect separately for the benefit of border authorities.

� Includes all the data elements that travelers have to present at the border control at the travel destination.

� Transmission resembles a pre-arrival manifest sent to the border authorities of the travel destination.

� Consists of data that can be directly taken from the machine-readable part of a passport plus the general flight-related data that exist in the airline computers.


Advanced Passenger Analysis business processFigure 4 shows the high level activities in an Advanced Passenger Analysis business process.

Figure 4 Advanced Passenger Analysis process (tier 1)

The high level process operations are as follows:

1. An individual makes travel reservations using a travel request system (using an online reservation system, kiosk, mobile device, or in person).

2. An e-ticket is generated.

3. API is routed from airline reservation system to border control operations center (BCOC).

4. BCOC normalizes the data and matches against a number of watch lists.

5. The system generates hits if there is a match.

6. A person intervenes to decide if a hit should be an alert.

7. Authorities are alerted to possible travel of person of interest.

8. Instructions on passenger handling are issued (such as deny, accept, or arrest on arrival).

We now look at each activity in this process in turn.


Activity 1.1: Travel requestThe travel reservation process is as shown in Figure 5.

Figure 5 Activity 1.1: Travel Request (tier 2)

1. An individual makes travel reservations using a travel request system (using an online reservation system, kiosk, mobile device, or in person).

2. The individual enters all required information for the reservation.

3. Upon travel request submission, a travel reference number (ticket number) is generated.

4. The individual receives an e-ticket (which they can print online copy, get a hardcopy from the kiosk, or save a softcopy on a mobile device).


Activity 1.2: Government agency reviewAfter the travel reservation is made, pre-travel verification if performed as shown in Figure 6.

Figure 6 Activity 1.2: Government Agency Review (tier 2)

1. Based on the ePassport number taken from the reservation, the passport validity is checked.

2. That person’s name is checked against watch lists for immigration, crime, and other possible interested stakeholders.

3. If there is a match the operators decide what action to take.


Activity 1.3: Day of travelOn the day of travel the events detailed in Figure 7 occur.

Figure 7 Activity 1.3: Day of Travel (tier 2)

1. A passenger checks-in using appropriate travel documents (such as a valid photo id, and an e-ticket) and continues with travel to a destination if background security checks are passed.

2. For international travel, additional checks are conducted at the port of arrival.

Next, we take a closer look at the two activities that make up this part of the process.


Activity 1.3.1: Check-inFor countries where real time authority is desired, the events detail in Figure 8 on page 15 occur.


Figure 8 Activity 1.3.1: Check-in (tier 3)

1. A traveler checks-in using the appropriate travel documents (such as a valid photo ID, and an e-ticket).

2. Personal information and travel details are validated.

3. Information is submitted real-time for checks and screening against government databases (see “Activity 1.2: Government agency review” on page 12 for government agency checks)

4. The traveler is either approved or rejected for travel.

5. If the traveler is approved, their bags are checked-in and travel continues.

6. If the traveler is declined, they are notified. Carrier and border management systems are updated with the travel decline information.

Activity 1.3.2: Arrival clearanceFor international travel, identity is monitored at the travel destination for fraud or abuse to ensure the trustworthiness of the identity. This process to perform this is as shown in Figure 9.

Figure 9 Activity 1.3.2: Arrival Clearance


1. Validation of the ePassport or eVisa to ensure it is generated from a competent authority.

2. Verification and validation of the biometric or biographic information of the traveler.

3. Validation of the traveler using random second factor identification (including random questions, fingerprints, or iris identification).

4. Verification of the health, quarantine form, or reason of travel.

Benefits of Advanced Passenger AnalysisThe Advanced Passenger Analysis process described in this section offers the following benefits:

� Ensures border protection from undocumented or undesirable passengers at departure time. This is achieved by:

– Providing a mechanism to anticipate threats and alerts reported for the traveler

– Obscure and anonymous relationship resolution

– Risk assessment

� Checks can be done prior to a passenger commencing their journey. This reduces time for screening passengers on the day of travel or upon reaching their destination.

� The security check is more thorough and completed within minutes as compared to manual procedures of interviews and secondary random checks.

� Adding a new government agency check or making changes to policies in the future is easy, without having to alter the entire business process.

� Ensures compliant measures for international identity standards, treaties, and conventions

– Updates ePassport information across the border management systems after the person crosses the border. This provides tracking information.

– Border security violation information is forwarded to alert border guards promptly.

� Handles exceptional situations, and initiates a remedy procedure. Exceptional situations include:

– Diverted travel due to bad whether, technical problems, or medical emergencies

– Other emergencies where travelers reached the wrong country without any bad intention but without the appropriate visa


Business service modeling

After performing business process modeling, the next task is to delineate the services that comprise the business processes. This can be achieved using the service-oriented modeling and architecture (SOMA) approach from IBM, illustrated in Figure 10.

Figure 10 Service-oriented modeling and architecture (SOMA)

SOMA provides an approach to building a SOA that aligns to business goals and ties the business processes directly to underlying applications through services. The process of SOMA consists of three general steps:

� Identification� Specification� Realization of services, components, and flows

The service identification step of SOMA consists of three techniques that can help identify services for the Advanced Passenger Analysis business process:

� Domain decomposition

This is a top-down view of the business process. It consists of process decomposition where processes are broken up into sub-processes and high-level business use cases. In this top-down decomposition, business processes are represented hierarchically.

For example, the Government Registered Traveler Program process can be decomposed into sub-processes such as:

– Advanced Passenger Analysis – Registered Travel Program

service allocationto components component layer

Service realization decision

Subsystemanalysis

Componentspecification

Servicespecification

component flowspecification

informationspecification

service flowspecification

message & eventspecification

Identification

Specification

Realization

Domaindecomposition

Goal-servicemodeling

Existing assetanalysis


Each sub-process can in turn be decomposed further, ultimately leading to a list of business use cases. For example, the Advanced Passenger Analysis sub-process can be decomposed as follows:

– Advanced Passenger Analysis Travel Request, – Advanced Passenger Analysis Passenger Screening – Advanced Passenger Analysis Day of Travel

The Advanced Passenger Analysis Travel Request sub-process ultimately leads to the business use cases such as:

– Complete Online Travel Request– E-Ticket is Generated for Traveler

These business use cases are typically good candidates for business services.

� Goal-service modeling

In this phase, business services are identified based on goals and metrics. For example, goals can be defined such as:

– Reduce Traveler Time – Increase Collaboration with Other Government Agencies

These goals might consist of sub-goals, such as Reduce Traveler’s Time by 30% (the percentage value will, of course, vary dependant on the project). Business services can be identified and grouped under these goals.

� Existing asset analysis

In contrast to domain decomposition, this is a bottom-up approach. Existing systems are analyzed according to their suitability for inclusion in business processes. For example, the Complete Online Travel Request process can be analyzed to determine if any of the services used in this existing process meet the needs of the new business processes. Typically, reuse of existing systems and assets provides a lower cost solution to implementing service functionality than creating new assets.

IBM provides service offerings for working with SOMA. The IBM SOA Integration Framework service offering is shown in Figure 11 on page 19.


Figure 11 Using the IBM SOA Integration Framework to perform SOMA decomposition

Note: For more information about applying SOMA, refer to the developerWorks® article, Service-oriented modeling and architecture, available at the following Web page:

http://www.ibm.com/developerworks/library/ws-soa-design1/


http://www.ibm.com/developerworks/library/ws-soa-design1/

Technical solution

This section describes the technical solution that was designed and built for the Advanced Passenger Analysis process. It includes a description of the IBM product offerings that were used in the implementation.

Technical challenges, solution design, and system contextThe following technical challenges should be considered when designing an Advanced Passenger Analysis process:

� There is point-to-point integration between several applications as well as applications and data sources.

� Scaling the existing architecture to accommodate new data sources such as international watch lists and criminal data is complex and time consuming.

� There is a high level of complexity in effectively supporting multicultural names and personal identity information that comes from a variety of data sources.

� The traveler’s data has to be consolidated from several different sources to verify identities, match against watch lists, and support detection of fraud and threat.

� SOA-based projects are not planned at an enterprise level, causing governance, service management, and service security concepts to be implemented only in pocket.

To meet these technical challenges, the following architectural principles should be used in the solution design:

� The solution should provide an enterprise integration framework, components and reusable services that make use of existing systems that span multiple hardware and software platforms.

� The solution should be designed to provide the flexibility to incorporate future technology and accommodate changes to business and performance requirements, changes to laws and regulations, trade volumes, and security threats.

� The solution should provide a common programming model based upon industry-accepted computing standards to improve reuse within the architecture.

� The solution should support the use of multiple technologies and techniques for interoperability with external systems and for the integration of systems and applications within the Integrated Border Management solution.


� The solution should be based upon an architecture approach and technologies using industry-accepted open computing standards, Government, World Customs Organization (WCO), and international standards.

� The solution should be built upon the concept of tiers and layers, which requires the separation of presentation, application, and data to develop a resilient, secure, and end-to-end solution architecture.

� The location and internal working and implementation details of a service should be isolated from the service consumers to provide a dynamically reconfigurable architectural style.

The system context diagram for the Advanced Passenger Analysis process is shown in Figure 12.

Figure 12 System context diagram for Advanced Passenger Analysis


Solution architectureThe solution architecture for the Advanced Passenger Analysis process is shown in Figure 13.

Figure 13 Solution architecture for Advanced Passenger Analysis

Understanding the solution architectureNote some of the highlights of this architecture:

� An Advanced Passenger Analysis Portal has been introduced to allow standardized access to APIs by authorized carriers, government agencies, and border agencies in other countries.

� In the Integration layer, an enterprise services bus (ESB) has been introduced to make applications and information available within and outside the enterprise in a flexible, agile and secure manner.

� Process services in the integration layer denote the business processes and workflows in execution (such as the APA and case management processes)

AdvancedPassenger

System Portal

EnterpriseService Bus

ApplicationLogic

Presentation Tier Data TierIntegration Tier

External Systems• Government• Commercial• Passenger data

from Carriers

Application Tier

CarrierHelp Desk

Customs & ImmigrationBorder ControlLaw EnforcementCommercialPublic

Messaging, Web Services

SOA Governance, Security and Management

HTMLHTML

XML XML

Case Mgmt

Targeting

Screening

Alert Generation andMgmt

Advanced PassengerInformation System

Content Mgmt

TransactionServices

WebServices

MessageMediation

ComplexEvents

InformationIntegrationServices

ProcessServices

AnalyticsData

Rules

PassengerData

Case MgmtData

NORAData



� In the application tier, two separate applications are introduced:

– Screening passengers using PNR data against watch-lists, crime databases, no-fly lists, public records, and so forth.

– Targeting by using analytics capabilities to analyze behaviors of risky travelers to develop risk-based profiles that can be used for screening against the passenger lists.

� In the integration tier, Information Integration Services provides support for data consolidation from several government sources and criminal databases, along with cleansing as needed.

� The case management database contains case details for the processing and evaluation of passengers that have been flagged for further investigation.

TritonSeveral components of the solution design can use a framework component called Triton. This is a SOA Foundation Accelerator that helps realize the business value of SOA faster and with less risk than typical custom implementations. Triton addresses the following business and IT pain points:

� Business pain points:

– “We bought all of this software months ago and I still have not seen any benefit.”

– “All I wanted to do was to integrate these existing information systems, and now I have more software and still no integration.”

� IT pain-points:

– “We are having a difficult time putting all these software products together.”

– “We are having a hard time locating all of the skill sets necessary to integrate all of these products.”

– “We need a common platform across our enterprise to lower total cost of ownership, to improve interoperability, and to share more information.”

Note: This paper uses a patterns-based approach in arriving at the architecture described here. To read more about the patterns associated with this architecture, see “Applying business and infrastructure patterns” on page 40.


Triton can help address these pain points in the following ways:

� Triton uses the IBM investment in SOA implementations worldwide and harvested leading practices to provide an advantage over competitors who are still building every business solution for the first time, every time.

� Triton removes the focus on integrating middleware.

� Triton is the core of the IBM Government Industry Framework, which means that many independent software vendors are integrating their business/mission applications to this same stack, providing a built-in path for enabling additional functionality.

The benefits of Triton are as follows:

� Lower maintenance cost and effort.

� Improved time-to-value and return on investment.

� Improved quality of implementation through the use of harvested leading practices from worldwide SOA engagements.

� Lowered risk of failed engagements due to the inability to install and configure the SOA infrastructure.

IBM Government Industry Framework components recommended to implement the solution architecture

This section describes the IBM Government Industry Framework components recommended to implement the solution design:

� Component options products used to implement the Advanced Passenger System Portal in the presentation tier:

– IBM WebSphere® Portal Server– Triton (SOA Foundation Accelerator)

� Connectivity infrastructure products used to implement the ESB in the integration tier:

– ESB runtime, such as one or more of the following:

• IBM WebSphere Enterprise Service Bus• IBM WebSphere Message Broker• IBM WebSphere DataPower®

– IBM WebSphere Service Registry and Repository

– Triton (SOA Foundation Accelerator)


� Business process management products used to implement process services in the integration tier:

– IBM WebSphere Dynamic Process Edition– Triton (SOA Foundation Accelerator)– IBM WebSphere iLOG JRules

� Information integration services products used to consolidate and cleanse data from various sources in the integration tier:

– IBM InfoSphere™ Information Server

• IBM InfoSphere DataStage®• IBM InfoSphere QualityStage

– IBM InfoSphere Global Name Recognition

� Analytics data product used to implement Analytics Data and Rules in the data tier:

IBM Cognos®

� Risk products used to implement NORA data in the data tier:

– IBM Entity Analytic Solutions

• IBM Relationship Resolution• IBM Identity Resolution• IBM Anonymous Resolution

– IBM Cognos

� Infrastructure products used to implement SOA Security:

– IBM Tivoli® Access Manager– IBM Federated Identity Manager– IBM Tivoli Identity Manager– IBM Tivoli Directory Server– Triton (SOA Foundation Accelerator)

� Rapid deployment (for service creation and service reuse) products:

– IBM Rational® Software Architect– IBM InfoSphere Data Architect

� Infrastructure products used to implement SOA Management:

– IBM Tivoli Performance Analyzer– IBM Tivoli Composite Application Manager for SOA– IBM Tivoli Composite Application Manager for WebSphere– Triton (SOA Foundation Accelerator)


� Products used to implement SOA Governance:

– IBM WebSphere Service Registry and Repository– IBM Rational Asset Manager– IBM Tivoli Change and Configuration Management Database– IBM Rational Method Composer

Registered Traveler program

Registered Traveler provides a secure, fast, and robust solution for both governments and travelers. This section describes how to model a Registered Traveler process, and perform business service modeling. It illustrates a solution architecture with IBM product mappings.

Modeling the Registered Traveler process

This section describes a typical Registered Traveler process that could be offered by a government agency or through a commercial program. The border agency/immigration department might have an Advanced Passenger Analysis process in place before undertaking this solution.

Business challenges and pain pointsThe business challenges and pain points experienced in a typical border management process are as follows:

� Immigration and border agencies

– There is a heavy burden of analysis of travelers (name and identity, possible relationship to wanted individuals, unobvious threats, and so forth) with limited resources and ever increasing demands on homeland security.

– Relying purely on Advanced Passenger Information (API) data provides limited details for risk assessment.

– There is often limited information sharing across immigration agencies and government bodies, with poor means of electronic notification and alerts.

� Travelers

– Travelers face lengthy security checks and lines at airports.

– Frequent travelers, especially, need faster and more convenient means to reduce travel time.


� Government IT systems

– Response to changing security requirements, with new checks and addition of new data sources, is slow and turns into lengthy projects.

– Inflexible enterprise architecture limits building new services (online, self service, real-time automated checks) from existing silo systems.

� Airports and travel carriers (airlines, sea, and land carriers)

– Travel carriers are constantly improving the end-to-end passenger experience, but many factors are outside of their control.

– Lengthy queues at security and the border and restrictive processes are rarely the travel carrier’s fault, but they lead to a feeling of dissatisfaction with their product and service.

Authenticating trusted users with biometric technologyA Registered Traveler solution uses biometric technology to authenticate trusted users. Biometrics is the science of identifying or verifying the identity of a person based on physiological or behavioral characteristics. Physiological characteristics include fingerprints, retinal pattern, iris, and facial appearance. Behavioral characteristics are actions carried out by a person in a unique way. They include signatures, voiceprints, and gait, although these are naturally dependent on physical characteristics as well.

Biometrics have several advantages over conventional password and PIN-based systems. Three primary advantages of biometrics are noted in a security environment are as follows:

� Biometrics does not need to be remembered and cannot be easily lost. This makes it much easier for the user.

� Biometrics cannot be easily stolen or loaned to a friend. This makes it more secure from a system point of view.

� Biometrics typically has higher information content than a password, making it harder for a hacker to crack such a system.

Immigration and border agencies can use a combination of biometrics and biographics information for enrollment and proofing, based upon which an applicant is issued Registered Traveler credentials.


Registered Traveler business processThe overall flow of the Registered Traveler contains the stages detailed in Figure 14.

Figure 14 Overall flow of the Registered Traveler process

� Pre-enrollment

Collect biographic data that is used to initiate the enrollment process.

� Enrollment

The enrollment process drives the identity proofing and results in the approval or rejection of an application.

� Proofing

Validate all of the identity information that is provided by an applicant.

� Enrollment approval

If there are no issues during enrollment and proofing, then approve the enrollment application.

� Credential provisioning

Create the credential that will be used when issuing an identity token (such as a national ID card).

� Credential issuance

Issue the credential using the required physical token (such as a smart card).

� Credential activation

Activate the issued credential so that it can be used to validate an individual’s identity.

� Identity usage

Use the credential in a high assurance transaction where it is required to validate a person’s identity.

� Identity monitoring

Monitor identity usage for fraud or abuse to ensure the trustworthiness of the identity.

Pre-Enrollment Enrollment Proofing Enrollment

ApprovalCredential

ProvisioningIdentityUsage

Credential Activation

Credential Issuance

IdentityMonitoring


Figure 15 shows the two high-level steps in a Registered Traveler process.

Figure 15 Registered Traveler process (tier 1)

� Obtain a Registered Traveler credential through a domestic application process (includes pre-enrollment, enrollment, proofing, enrollment approval, credential provisioning, and credential issuance).

� Use the credentials on the day of travel at the airport (includes credential activation, identity usage and identity monitoring).

We now look at each activity in the process in turn.

Activity 1.1: Registered Traveler Domestic Application ProcessThe domestic application process involves the steps shown in Figure 16.

Figure 16 Activity 1.1: Registered Traveler Domestic Application Process (tier 2)

� An individual applies for Registered Traveler credentials or identification (this is pre-enrollment).

� Enrollment into the program requires capture of biometrics. In some Registered Traveler programs, up to 10 fingerprints, iris patterns of both eyes for recognition, and a digital photograph are required.

� A proofing system verifies fingerprints and irises as part of the scan against watch lists.

Next, we take a closer look at the two activities that make up this part of the process.


Activity 1.1.1: Registered Traveler ApplicationThe online application process involves the steps shown in Figure 17.

Figure 17 Activity 1.1.1: Registered Traveler Application (tier 3)

1. The applicant submits an online application with requested biographic information, along with appropriate processing fees.

2. The information is sent to government agencies for identity checks.

3. The applicant is either approved for further Registered Traveler processing or declined.


The Review Other Travel and Government Agency Checks process shown in Figure 17 on page 30 is implemented as a sub-process (Figure 18). In this sub-process the identity checks are performed against e-Identity tracking systems, border clearance systems, e-Passport/e-Visa systems, and e-Identity management systems to ensure the applicant is a low risk applicant.

Figure 18 Sub-process: Review Other Travel and Government Agency Checks

Note: A variation to this process is also valid, where biographic and biometrics information are accepted up front with the application. In this case, government checks are completed in parallel with biometrics proofing, instead of a two-step process.


Activity 1.1.2: Registered Traveler Enrollment and ProofingAfter the biographical data is vetted against watch lists, the applicant is approved for further processing as shown in Figure 19.

Figure 19 Activity 1.1.2: Registered Traveler Enrollment and Proofing (tier 3)

� Up to 10 fingerprints are captured, iris patterns of both eyes are recorded for recognition, and a digital photograph is taken.

� During the manual interview stage, the interviewer decides whether or not to grant the Registered Traveler privilege.

� A physical identification card or logical credentials based on biometrics matches (where the biometrics is stored in a government repository) might be provided to approved applicants.


� For cross country Registered Traveler programs, the threat analysis process is repeated at individual locations. Therefore, the enrollment system needs to have the capability to aggregate results from systems other than its own.

� The enrollment system contacts agencies and cross country enrollment systems through the card interfacing system.

� The program is typically offered to only citizens or permanent residents of the country.

� At the time of enrollment, applicants decide the duration for enrollment in the program (a minimum of one year) and pay the corresponding fee.

� The enrollment procedure is same for re-enrollment upon expiry.


Activity 1.2: Day of TravelOn the day of travel, the traveler’s identity is checked and monitored as shown in Figure 20.

Figure 20 Activity 1.2: Day of Travel (tier 2)

� The traveler proceeds through a dedicated Registered Traveler lane (if applicable) for security checks.

� The traveler uses the Registered Traveler identification card.

� Upon approval, a receipt is printed with a photograph of the traveler.


� It is possible that the Registered Traveler lanes have automated security scanners to make the physical security screening faster.

� The Registered Traveler program maintains its own watch list (cached) that contains information about travelers that should not travel due to various reasons (such as criminal, law enforcement, invalid Registered Traveler traveler credentials, and so forth).

� The Registered Traveler systems continuously update the watch list for invalid, expired, revoked, or profiled travelers.

Business service modeling

After performing business process modeling, the next task is to delineate the services that comprise the business processes. This can be achieved using the SOMA approach from IBM. The service identification step of SOMA consists of three techniques that can help identify services for the Registered Traveler business process.

The use of SOMA is outlined in “Business service modeling” on page 17.

Technical solution

This section describes the technical solution that was designed and built for the Registered Traveler process. It includes a description of the IBM product offerings that were used in the implementation.

Technical challenges, solution design, and system contextThe technical challenges and architecture principles of design for building a Registered Traveler process are essentially the same as those described for Advanced Passenger Analysis. For more information about these challenges and principles, refer to “Technical challenges, solution design, and system context” on page 20.

In addition to the architecture design principles for Advanced Passenger Analysis, a Registered Traveler solution requires the management of registered traveler data. The solution design should provide the enterprise with an authoritative source for Master Data such as registered traveler data that manages information integrity and controls the distribution of master data across the enterprise in a standardized way that enables reuse.


The system context diagram for the Registered Traveler process is shown in Figure 21.

Figure 21 System context diagram for Registered Traveler


Solution architectureThe solution architecture for the Registered Traveler process is shown in Figure 22.

Figure 22 Solution design for Registered Traveler

Understanding the solution architectureNote some of the highlights of this architecture:

� A master data repository containing a single, accurate view of registered traveler data has been created.

� The data tier contains a registered traveler registry and registered traveler content.

AdvancedPassenger

System Portal

EnterpriseService Bus

ApplicationLogic

Presentation Tier Data TierIntegration Tier

External Systems• Government• Commercial• Passenger data

from Carriers

Application Tier

CarrierHelp Desk

Customs & ImmigrationBorder ControlLaw EnforcementCommercialPublic

Messaging, Web Services


HTMLHTML

XML XML

Case Mgmt

Targeting

Screening

Alert Generation andMgmt

Advanced PassengerInformation System

Content Mgmt

TransactionServices

WebServices

MessageMediation

ComplexEvents

ProcessServices

AnalyticsData

Rules

PassengerData

Case MgmtData

NORAData


Client DataIntegration

Registered TravelerMgmt

Biometrics System RT Registry

RT Content


� The registered traveler data contains data provided by the registered traveler applicant (such as biographical information) in addition to data used to support the approval process for screening of the applicant. The registered traveler data consists of:

– A consolidated view of privately owned data (such as DMV records, information from credit agencies, banks, and so forth).

– Biographic data of the individual that holds the registered traveler identification.

– Biometrics of an individual in the registered traveler content repository which can drive the unique key in the master data repository.

� A registered traveler management application has been created to process new registered traveler identification applications, as well as handle travel departure clearance on the day of travel.

IBM Government Industry Framework components recommended to implement the solution architecture

This section describes the IBM Government Industry Framework components recommended to implement the solution design:

� Component options products used to implement the Advanced Passenger System Portal in the presentation tier:

– IBM WebSphere Portal Server– Triton (SOA Foundation Accelerator)

� Connectivity infrastructure products used to implement the ESB in the integration tier:

– IBM WebSphere Enterprise Service Bus– IBM WebSphere Message Broker– IBM WebSphere DataPower– IBM WebSphere Service Registry and Repository– Triton (SOA Foundation Accelerator)

� Business process management products used to implement process services and client data integration in the integration tier:

– WebSphere Dynamic Process Edition– Triton (SOA Foundation Accelerator)– IBM WebSphere iLOG JRules

Note: This paper uses a patterns-based approach in arriving at the architecture described here. To read more about the patterns associated with this architecture, see “Applying business and infrastructure patterns” on page 40.


� Products used to implement NORA data in the data tier:

– IBM Entity Analytic Solutions

• IBM Relationship Resolution• IBM Identity Resolution• IBM Anonymous Resolution

– IBM Cognos

� Single View1 of entity master data management products used to implement the registered traveler registry and registered traveler content in the data tier:

– IBM InfoSphere Master Data Management Server

– IBM InfoSphere Information Server

• IBM InfoSphere DataStage• IBM InfoSphere QualityStage

– IBM InfoSphere Global Name Recognition

� Single View of entity enterprise content management products used to implement the registered traveler registry and registered traveler content in the data tier:

– IBM FileNet® Business Process Manager– IBM FileNet Image Services– IBM FileNet Records Manager– IBM FileNet Content Services

� Infrastructure products used to implement SOA Security

– IBM Tivoli Access Manager– IBM Federated Identity Manager– IBM Tivoli Identity Manager– IBM Tivoli Directory Server– Triton (SOA Foundation Accelerator)

� Rapid deployment (for service creation and service reuse) products:

– IBM Rational Software Architect– IBM InfoSphere Data Architect

� Infrastructure products used to implement SOA Management:

– IBM Tivoli Performance Analyzer– IBM Tivoli Composite Application Manager for SOA– IBM Tivoli Composite Application Manager for WebSphere– Triton (SOA Foundation Accelerator)

1 Single View is a middleware solution that supports identity and relationship analytics in addition to managing the authoritative source of registered traveler master data.


� Products used to implement SOA Governance:

– IBM WebSphere Service Registry and Repository– IBM Rational Asset Manager– IBM Tivoli Change and Configuration Management Database– IBM Rational Method Composer

Benefits of the Registered Traveler architectureThe solution architecture for Registered Traveler provides the following benefits:

� Moving towards an SOA based connectivity architecture allows flexibility, faster response to changes in government security requirements, legislation and lower cost development in future projects.

� Establishing an enterprise-wide strategy for governance, security, and management paves the way for:

– Controlled, well-planned rollout of future projects that impact internal systems and external communication.

– Simplification of troubleshooting of composite applications.

– Confidentiality, integrity, and availability of components to cater to safety of information processing needs.

� Adding on registered traveler requirements to a basic level of Advanced Passenger Analysis functionality becomes easier by taking a SOA approach.

� Establishing a single view of managed, trusted registered traveler data shared across carriers and government agencies, is a critical factor for faster, thorough travel security clearance and safety.

� Provides identity insight capabilities to discover non-obvious relationships and perform identity management.

Applying business and infrastructure patterns

This section describes the business and infrastructure patterns associated with the solution architectures for Advanced Passenger Analysis and Registered Traveler. By breaking down these solutions into common patterns, it simplifies the understanding and development of the overall solution.

Table 1 on page 41 shows the business and infrastructures patterns used, and whether they apply to Advanced Passenger Analysis and Registered Traveler.


Table 1 Business and infrastructure patterns

Business patterns for Advanced Passenger Analysis and Registered Traveler

This section addresses the business patterns that apply to both Advanced Passenger Analysis and Registered Traveler.

Applying the data consolidation and data cleansing patternsInformation integration services consists of the data consolidation and data cleansing patterns. It addresses the following pain points:

� Data arrives in many different formats from carriers (such as UN Edifact, TN3270, proprietary) so it is difficult to compare data.

� Supplementary information, such as address, phone number, and routing is required to be more certain of identity.

� Names are entered inconsistently through the process making it hard to recognize the same individual with different titles.

Pattern name AdvancedPassengerAnalysis

RegisteredTraveler

Business patterns

Information Integration Services - Data Consolidation and Data Cleansing

Yes Yes

Risk Analytics and Relationship Resolution Yes Yes

Business Process Automation and Business Rules Integration

Yes Yes

Interaction and Collaboration Yes Yes

Master Data Management Yes

Enterprise Content Management Yes

Infrastructure patterns

Connectivity Yes Yes

Security Yes Yes

SOA Management Yes Yes

SOA Governance Yes Yes


How this pattern should be applied� Partial extract/transform/load (ETL) is used to consolidate data from several

diverse sources, such as public records and government sources (including crime databases, no-fly lists, and police records).

� Data cleansing and standardization might only be done partially to merge data properly from multiple data sources leaving critical data elements in their original state to support screening.

� This consolidated data is used for identity screening, targeting and profiling.

Business value of adoptionThe key value of this process lies in improving the reliability, quality and consistency of the data so that decisions that are made based on this information have higher accuracy.

Recommended IBM Government Industry Framework products� IBM InfoSphere Information Server

– IBM InfoSphere DataStage– IBM InfoSphere QualityStage

� IBM InfoSphere Global Name Recognition

Applying the Risk Analytics and Relationship Resolution patternThis pattern addresses the following pain points:

� Manual checks and screening is extremely slow and analysis is not simple.

� Targeting, if done manually, can be complex and impossible to get through massive numbers of the PNR data in time.

How this pattern should be appliedProfiles of risky travelers with indications of suspicious behavior are created based on historical data and complex behavioral patterns. Create profiles of travelers is known as targeting. For this to be executed efficiently we need analytical tools, rather than human operators manually scrutinizing data to identify out of the ordinary behaviors.

Personal identity information from the booking records are used to check against watch lists, crime databases, and publicly available information to make sure traveler does not pose any risk. In addition, the non-obvious relationships of travelers with any criminals can also be resolved using identities and passenger information.


Recommended IBM Government Industry Framework products� IBM Cognos is used for targeting.

� IBM Entity Analytic Solutions is used for screening and identity resolution.

– IBM Relationship Resolution– IBM Anonymous Resolution– IBM Identity Resolution

� IBM InfoSphere Global Name Recognition provides multi-cultural name information, analytics, and name matching through a series of flexible, easy-to-integrate, SOA-enabled interfaces.

Applying the Business Process Automation and Business Rules Integration patternsThese patterns addresses the need to quickly integrate new technologies and requirements to ensure that CBP agencies are alerted to unobvious threats and suspicious behavior, so prompt action can be taken.

How these patterns should be applied� Modeling the entire Advanced Passenger Analysis process provides an

end-to-end view of the actors, operations, and feasibility of the process. The process can then be documented, simulated, and put into execution, and the process can refined iteratively.

� Due to large volumes of passenger data and data provided for analysis to develop profiles flowing through the systems, it is almost impossible to manually develop and manage risk profiles without automation.

� Profiling: Rules are created based on the development of profiles to screen passengers based upon passenger traveler information to ensure that behavior is not at a high risk.

� If the passenger gets flagged as a result of the targeting process, an alert is sent for further investigation to case management, where a human operator takes charge of the case to decide if the traveler should or should not continue the journey.

Business value of adoption� Integration of business rules with passenger screening makes the Advanced

Passenger Analysis solution robust, fast, and much more secure with automated pre-built rules that can analyze traveler profiles, instead of manually studying the behavior.

� Addition of new behavioral patterns or modification of existing rules are easy and does not require the alteration of existing business process.


Recommended IBM Government Industry Framework productsThe following IBM Government Industry Framework products are recommended:

� IBM WebSphere Dynamic Process Edition� IBM WebSphere iLOG JRules

Applying the Interaction and Collaboration patternThis pattern addresses the following pain points:

� Different border agencies have different interfaces and disparate applications (such as 3270, green screens, and portals) for various users inside and outside their agency.

� A wide range of software manageability and deployment leads to higher costs.

How this pattern should be appliedThe following approaches are advised in applying this pattern:

� Border agencies should move towards an open interface for exchange of information and communication with other security agencies and carriers. The intent is to develop common channel agnostic services and serve them up to any front end. This decreases maintenance costs and increases flexibility and customer satisfaction.

� CBP agencies could provide an integrated desktop to their border protection personnel at the ports that allows all disparate applications, communication from the carriers, security agencies and commercial Registered Traveler programs to be integrated on the glass into a composite application

� This pattern allows information aggregation from multiple diverse sources or applications (internal and external information required by a user) while also providing collaborative experience to conduct business more efficiently.

Business value of adoptionAdoption of this pattern provides business value in the following ways:

� Provides increased productivity for users through composite applications and integration of existing applications on the glass.

� Supports enterprise integrated desktops across application types and surface role based workspaces for given tasks.

� Reduces IT and administration costs through remote deployment and management of software across all customer segments.


Business patterns for Registered Traveler

This section addresses the business patterns that apply to Registered Traveler.

Applying the Master Data Management patternThis pattern addresses the following pain points:

� Traveler data is redundant, often inconsistent, and not current across multiple heterogeneous systems that are typically developed in silos.

� Point-to-point interfaces are often developed to move updated traveler data from one system to another, which constrains the ability for IT to make changes and increases the overall cost of ownership.

How this pattern should be appliedThe following approaches should be taken in applying this pattern:

� An approved registered traveler registry should be established to maintain an authoritative source of registered traveler master data that is current and of high quality, and can facilitate the secure sharing of registered traveler data within the organization and across organizational boundaries (for example DMV records, credit reports, and financial information from banks).

� Registered Traveler could be used to support Advanced Passenger Analysis screening for international travel and to support domestic travel for security screening where the traveler would provide their biometrics to match against their credentials to expedite domestic travel.

� From a MDM perspective, registered traveler data can be loaded through batch, messaging, Web service, or real time through EJB™ calling an MDM service.

� The Registered Traveler system itself would support the business process for managing the application, vetting (background processing), adjudication and approval, and payment processing.

� A CSR or multiple user roles might be involved in the processing and management of the application as a case. The Registered Traveler system should invoke a MDM server transaction to either perform a person look-up to see if the person applied before or call the MDM Server AddParty Service, which would find a match and update or add that information to Single View. This can be done as part of a global transaction with the Registered Traveler system calling the MDM service, and is XA compliant.

� The biometrics stored can drive the unique identification for a person in the MDM server.


� The MDM server publishes changes so that there is a publish/subscribe model pattern for the synchronization of trusted traveler data. For example, if a registered traveler updates their address or contact information, the update is sent to passport and visa immigration systems.

� Any time a MDM add/update transaction occurs, there is a pattern of data quality management (cleansing and standardization) and then suspect duplicate processing to see if the person already exists.

Business value of adoptionAdoption of this approach provides business value in the following ways:

� The actual passenger data (PNR) for those persons that are traveling can only be retained for limited time. However, registered traveler data and content is established for a much longer time. Treating this as master data will ensure accuracy and consistency with dependent sources of public and private data.

� Establishing a single view of managed, trusted, and registered traveler data shared across carriers and government agencies is a critical factor for faster, thorough travel security clearance and safety for frequent travelers.

Recommended IBM Government Industry Framework productsIBM InfoSphere Master Data Manager Server is recommended for creating a single view of registered travelers.

Applying the Enterprise Content Management patternThis pattern addresses the following pain points:

� Inability of the current systems to integrate with a biometric system to capture fingerprint images.

� Inability to capture and store content associated with a person such as a passport image, birth certificate, and so forth.

� Inability to manage and link content distributed over multiple content management systems with structured data about a person.

How this pattern should be appliedThe following approaches should be used to apply this pattern:

� Use master data management to associate structured data along with unstructured content through a common key, driven by data cleansing, standardization, and matching.

� Use MDM as a controller to the drive-federated query requests about a person to retrieve all content and data about a person relevant to a query.


Business value of adoptionAdoption of this approach provides business value in the following ways:

� Ability to access the correct content at the right time quickly, and easily and accurately associate a traveler’s biographic records from a single content repository

� Ability to manage exposure to litigation, internal policy, external mandatory regulations, and government compliance

� Increased productivity:

– Having the right information captured in a single version and single location for all unstructured content

– Content-centric processes are automated and integrated as part of the overall registered traveler business process


� IBM FileNet Business Process Manager� IBM FileNet Image Services� IBM FileNet Records Manager� IBM FileNet Content Services

Infrastructure patterns that apply to Advanced Passenger Analysis and Registered Traveler

This section addresses the infrastructure patterns that apply to both Advanced Passenger Analysis and Registered Traveler.

Applying the Connectivity patternThis pattern addresses the following pain points:

� Point-to-point integration between several applications such as screening, targeting to data sources such as analytics databases, case management data, and so forth.

� Scaling Advanced Passenger Analysis architecture to accommodate new data sources (such as international watch lists and criminal data) becomes complex and time consuming.


How this pattern should be appliedThe following approaches should be taken in applying this pattern:

� An ESB architecture behind the firewall enables loose coupling, basic routing and easy integration and adaptation of their diverse applications inside and outside the enterprise.

� Development of new applications for Registered Traveler along with corresponding data sources becomes much faster.

� The ESB provides support for different protocols and the exchange of message formats between applications at the channels and within the data center.

Business value of adoptionAdoption of this pattern offers business value in the following ways:

� The ESB provides a solution to respond to requests in a channel independent fashion to support user interface flexibility.

� Development and updates to applications to keep up with changing security mandates becomes considerably faster.


� IBM WebSphere Enterprise Service Bus� IBM WebSphere Message Broker� IBM WebSphere DataPower� IBM WebSphere Service Registry and Repository

Applying the security patternThis pattern addresses security across all tiers of the solution architecture.

Presentation tier securityConsider the following guidelines for presentation tier security.

� The Web interface to Advanced Passenger Analysis /Registered Traveler Portal needs to be covered in aspects of security by employing best practices such as defense-in-depth. By this, the solution is protected by its layered placement across security zones.

� IBM Tivoli Access Manager for e-business provides an access management infrastructure that can fulfill the above needs.


Identity managementConsider the following guidelines for identity management.

� As the realms within which the solution operates is important (national security), it is essential that the users who interact with the system, especially those who can modify the information (such as over presentation tier), are identified with high levels of assurance.

� As per security best practices, the channel for verifying the identity of an Advanced Passenger Analysis/Registered Traveler critical user should be multiple. For example the user should provide what they know (user ID/password over the Web) and provide information about what they have (token/smart card/biometric information). A combination of the two would better determine the identity.

� To have access to the Advanced Passenger Analysis/Registered Traveler solution, an infrastructure has to be provided for users to enroll, any documents to be scanned for approval (and stored), workflow systems to get required approvals, and for scanning of biometrics.

� Determine which internal government employees should have access to registered traveler identification information.

� Upon approvals, a secured credential would be granted and issued to the user.

� The credential (such as a smart card) contains aspects of the user that can be verified with the user's biometric information. Solution components for this include an approval engine such as IBM Tivoli Identity Manager.

Integration tier securityConsider the following guidelines for integration tier security.

� The integration tier of Advanced Passenger Analysis is primarily performed by the ESB/Message Queue (MQ) components. The security aspects, such as integrity of messages and confidentiality (such as who or which application can write into the queues and read from it), are critical. Similarly for Web services invocations, it is important that these invocations are performed by the authorized entities as per the security policies.

� To achieve both these requirements, the following security components can help:

– WebSphere MQ Extended Security Edition– IBM Tivoli Federated Identity Manager


Application tier securityConsider the following guidelines for application tier security.

� Application level security on which roles can perform which actions will be performed by the application itself. The information about the mapping of users to roles, roles to actions, and actions to resources is handled by the application itself.

� In the Advanced Passenger Analysis solution, WebSphere Portal Server (based on WebSphere Application Server) will handle these aspects. The application components can, however, delegate the responsibility of storing this data to CIS components (such as IBM Tivoli Directory Server) or externalize access management to IBM Tivoli Access Manager for e-business.

Data tier securityConsider the following guidelines for data tier security.

� Data storage encryption

– Sensitive information needs to be encrypted and stored in tape drives, virtualized storage, or disk subsystems. It is important to have a system that can store this data and manage the set of encryption keys.

– Advanced Passenger Analysis data will come from all over the world, so it needs to be encrypted during transition and not just during rest in the case management database. WebSphere MQ Extended Security Edition has this capability.

– The Registered Traveler data is persistent for the lifetime of the registered traveler identification. Therefore, encrypting this data is important.

� Data access

User access to stored data needs to be controlled both logically and physically. Information in user repositories (such password information) needs to be encrypted and stored using security algorithms (for example SHA1/AES) as per business policy. Information stored in the databases needs to be encrypted using directory or database provided encryption mechanisms.

Applying the SOA Management patternAdvanced Passenger Analysis and Registered Traveler business service level agreement (SLA) requirements and non-functional requirements are key to determining exact systems management requirements. This section lists systems management components and a mapping of IBM solution offerings that cater to them.


Note that although these solutions and services are positioned for the boundary of control of a Advanced Passenger Analysis or Registered Traveler project, they can be expanded to other enterprise class solutions.

Availability of systems and servicesConsider the following guidelines for availability of systems and services

� To meet the expected throughput and performance SLAs, it is important to know the availability characteristics of the system where the components run. It is therefore imperative in real time to:

– Determine the availability of operating system resources (such as memory, hard disk space, and CPU cycles).

– Determine the availability of applications and services.

� Send alerts when critical thresholds are reached for resources or critical applications are not running.

� Take corrective actions where possible by running system commands at target machines that can be configured to perform remediation steps (For example, start an application server if it is down).

� Report the availability snapshot of the critical systems in a dashboard.

� The IBM Tivoli Monitoring suite can help with these requirements.

Capability of predictive alertsTo be better prepared to predict issues, consider the following issues:

� Keep historical data (not just real-time data) of systems utilization.

� Determine trends of peaking resources.

� Determine the time to reach resources limit (for example a hard disk would reach capacity in 30 days at the current rate).

� Provide growth statistics for multiple time periods (such as one week, one month, 90 days).

� Send alerts by integrating with existing e-mail/SMS systems to page the concerned person.

� IBM Tivoli Performance Analyzer can help with these requirements.

Systems troubleshootingWhen solution systems are not functioning to the expected levels, information should be available on where the problem is occurring. This is often a daunting task with many participants involved.


There is a need to improve operational efficiency by providing visible information of what is happening in the environment and which components are performing poorly. This information should show the performance of transactions over multiple stages. This will help identify where bottlenecks are in a system.

The following products can help:

� IBM Tivoli Monitoring� IBM Tivoli Composite Application Manager for Transactions� IBM Tivoli Composite Application Manager for SOA� IBM Tivoli Composite Application Manager for WebSphere

Applying the SOA Governance patternThis pattern addresses SOA governance concerns.

How this pattern should be appliedConsider the following guidelines for how this pattern should be applied:

� Plan, develop, and deploy an enterprise level governance strategy, so it is not done in pockets within each department.

� Execution of governance practices need proactive best practices and enforcement.

� Compliance reports need to be stored and retrieved for audits.

� When starting SOA-based projects, identify and prioritize new and ideal sets of service candidates. By following best practices and adopting SOMA, the highest value business services that will need to be implemented can be identified easily and accurately.

� To regulate the creation of new services with future SOA projects, implement a centralized registry and repository.

� Institutionalize governance best practices with executive sponsorship and support across departments.

� By adopting the SOA Governance and Management Methodology (SGMM), assign roles and responsibilities for spawning and owning services and put a funding model in place.


� Comply with government and regional regulations:

– ICAO 9303 machine readable travel documents.

– IATA target times for passenger throughput (for example, 15 minutes to clear security).

– USA TSA regulations.

– FBI T60 rule: Information about all passengers flying to the USA must reach the FBI one hour before the plane takes off.

– EC API directive: airlines must send passenger API for each passenger before the plane lands.

Business value of adoptionConsider the following guidelines for business value of adoption

� By adopting an enterprise level governance strategy, the benefit comes from reduced costs through standards-enforced usage of the same monitoring tools, technologies, procedures, and reporting for audit compliance.

� Reduced exposure to litigations as the regulation and audit compliances are managed using standard procedures as at enterprise level.

Recommended IBM Government Industry Framework productsConsider the following guidelines for recommended IBM Government Industry Framework products

� IBM WebSphere Service Registry and Repository� IBM Rational Asset Manager� IBM Tivoli Change and Configuration Management Database� IBM Rational Method Composer

The team who wrote this IBM Redpaper

This paper was produced by a team of specialists from around the world:

Martin Keen, Consulting IT Specialist, IBM ITSO

Allen Dreibelbis, Executive Solutions Architect for Single View of a Citizen, IBM SWG IM Advanced Engagement Team

HungTack Kwan, Certified IT Architect, IBM Global Solution Center

John LaLone, Executive Consultant, IBM SOA Sales


Paul McKeown, Associate Partner, IBM Customs Revenue and Border Management.

Rashmi Kaushik, SOA Scenarios Product Manager, IBM SOA Portfolio Consumability

Robert Spory, SOA Consultant, IBM SOA Sales

Marilza Maia, Business Integration Solutions Architect, IBM SOA Advanced Technologies

Vinod Chavan, Global Sales Leader, IBM Industry Frameworks

Thanks to the following people for their contributions to this project:

� Wendy Clarke� David Waxman� Leonard Lee� John J McKeon� Ashish Cowlagi


© Copyright International Business Machines Corporation 2009. All rights reserved.

Notices

This information was developed for products and services offered in the U.S.A.

IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing, IBM Corporation, North Castle Drive Armonk, NY 10504-1785 U.S.A.

The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you.

This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice.

Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.

Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.

This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental.

COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrates programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy, modify, and distribute these sample programs in any form without payment to IBM for the purposes of developing, using, marketing, or distributing application programs conforming to IBM's application programming interfaces.

Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. 55

®

Redpaper™

This document REDP-4586-00 was created or updated on November 11, 2009.

Send us your comments in one of the following ways:� Use the online Contact us review Redbooks form found at:

ibm.com/redbooks� Send your comments in an email to:

[email protected]� Mail your comments to:

IBM Corporation, International Technical Support OrganizationDept. HYTD Mail Station P099, 2455 South RoadPoughkeepsie, NY 12601-5400 U.S.A.

Trademarks

IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. These and other IBM trademarked terms are marked on their first occurrence in this information with the appropriate symbol (® or ™), indicating US registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at http://www.ibm.com/legal/copytrade.shtml

The following terms are trademarks of the International Business Machines Corporation in the United States, other countries, or both:

Cognos®DataPower®DataStage®developerWorks®

FileNet®IBM®InfoSphere™Rational®

Redpaper™Redbooks (logo) ®Tivoli®WebSphere®

The following terms are trademarks of other companies:

Cognos, and the Cognos logo are trademarks or registered trademarks of Cognos Incorporated, an IBM Company, in the United States and/or other countries.

FileNet, and the FileNet logo are registered trademarks of FileNet Corporation in the United States, other countries or both.

EJB, and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.

Other company, product, or service names may be trademarks or service marks of others.


http://www.ibm.com/legal/copytrade.shtml


http://www.ibm.com/redbooks/

http://www.ibm.com/redbooks/

http://www.redbooks.ibm.com/contacts.html

government soa scenario: immigration and border management

Technology

government specific

strong government capabilities

government specific

government leaders responsible

border agencies

industry models

border management duties

social security safety