Tag Archives: government-it

Alan Mather’s 2003 ‘Enterprise Architecture in Government’ white paper available online

Alan Mather has just released his excellent “Enterprise Architecture in Government” white paper from 2003. This white paper has mythic status in UK Government IT circles because of it’s visionary roadmap of an implementation for Enterprise Architecture (EA) for the UK. Pre-dating the “Cross Government Enterprise Architecture” (XGEA) work of the CTO Council (who hadn’t even been formed at the time, but nor had the CIO Council who commissioned them either) this is the earliest attempt at applying an EA vision to the co-ordination of the UK’s IT and IS portfolio.

Alan surely requires little introduction, and is a singularly authoritative voice, having been the been the Chief Exec. of the Office of the e-Envoy’s (OeE, then e-Government Unit, or eGU, and finally the CIO Council) e-Design Team (eDT, currently led admirably by it’s new Director, Chris Haynes, although the eDT itself is now part of DWP having moved there at the same time as the eGU transformed into the CIO Council). Alan spent a number of years at the heart of the Cabinet Offices push for ‘Shared Services’ and Government services online programmes, helping to instigate and then deliver the largest UK “Government to Government” (G2G) system, by volume and scale, the Government Gateway.

Writing in his blog article also entitled “Enterprise Architecture in Government” (available from http://blog.diverdiver.com/2009/05/enterprise-architecture-in-government.html) he says:

More than a few people are starting to get active again around shared services, enterprise architectures, shared data centres (and all of the SaaS, HaaS and maybe just plain old aaS that could bring). A while ago I wrote a document that I hoped would lead to a debate on delivering some or all of those things into UK government. The document largely languished on my hard drive gathering virtual dust like so many reports about what government should do to make things better. It never quite got finished although, looking through it now some 6 years after it was written, it still seems to hang together pretty well.

Alan’s being rather reserved here because I know it was released to a few, select, senior people across Government, and I genuinely credit this to having furthered, if not initiated, the conversation in Government about planning out it’s overall EA (both “as is”, “to be”, and strategy) in a much more pro-active manner. I’m glad to say I was one of the people Alan chose to review the document back in 2003, but frankly I thought it was excellent at the time and still do.

For the life of me I can’t understand why Alan isn’t at the epicentre of Government as an integral part of the UK Government EA programme, then again he is running a major programme at the moment, another large-scale system key to the future of the UK, so I imagine know he is kept pretty busy by that delivery.

Anyone and everyone interested in UK Government IT should read this document, I’m sure many of you would be shocked at how visionary the paper is, and how relevant it still is after six years. Alan Mather’s “Enterprise Architecture in Government” document is available from box.net (which opens in a new window): https://www.box.net/shared/ki3z6ejjiv

Links for this article:

Simon Freeman, ex Chief Architect of the Government Gateway, responds to “Evolution of UK Government Messaging Systems”

About eighteen months ago I wrote up an overview of government to government (G2G) systems in the UK, followed by a high level comparison of the three most utilised, and a look at the potential evolution of the G2G systems across the UK.

The last of the three articles discussed the UK G2G systems and how they might end up being integrated together, I postulated that there were two major approaches a point-to-point “Mesh” approach or a master G2G “Hub” approach. I also mentioned the “Decentralised” Hub model brought to my attention by Simon Freeman, ex Chief Architect of the Government Gateway, a major UK G2G system. The “Decentralised” Hub is a model whereby one of the existent G2G systems effectively evolves into the master G2G Hub.

Mesh

Hub

Decentralised Hub

UK-G2G-Systems-0.1.6 UK-G2G-Systems-0.1.7 UK-G2G-Systems-0.1.8

I agreed with Simon that the most likely candidate was the Government Gateway because of it’s dominance in terms of volume and variety of data in comparison to the other UK G2G systems. Every day this becomes more and more likely as the number of messages originating from non Gateway sources increases.

Following the post Simon was kind enough to respond to the article and a couple of the comments that had been posted there. He makes a number of points specifically about identity and how it it is managed in the UK, as well as the Data Protection Act and it’s effect on UK Government IT planning, which I think are interesting enough to repeat here.

Here’s his post in full:

Hi Wayne,

Thanks for pointing out my new found fame on your blog. I would point out these views below are mine and not government’s, not least of all because I don’t work for gov any more. I must admit that it amuses me a great deal when identity is discussed by IT suppliers. In fact I had a good laugh when Mr XYZ representing IT suppliers of Gov came on Radio 4 on Sunday and moaned about the lack of requirements on the identity programme. I would be interested to hear your views. And to Miles Peters’ comment above, I think it important to note that SUN provided a ‘hub’ to the Home Office some time back and despite the fact that Gateway is all built on Wintel, Wayne consistently has supported its use.

One of the issue facing government on identity is that it is not a technical problem. If gov takes forward a huge programme of IT without solving the business issues it would surely be guilty of not learning past lessons. As far as I can see, they have taken a look at what is needed in gov from a identity perspective and realised that there is plenty there to be getting on with.

Identity cards are continually focused on anti-terrorism devices. This position has no credibility because the focus is on ‘card’ and not the wider identity needs. A card carrying population will still have terrorists.

So IMHO the way to look at ID is to look at the outcomes gov needs to achieve and then look at the best way to achieve them.

So let’s have a go.

1) Reduction in fraud in benefits

2) Immigration controls

3) Reduction in tax fraud and avoidance

4) Entitlement to other Gov servics (NHS etc)

In the UK there is a basic set of issues to do with benefit and tax. There are 4 key categories

1) The people who knowingly defraud tax and benefit system

2) The people who defraud tax and benefits by accident because the system is hard.

3) The people who pay the right tax and benefits by accident because the system is hard

4) The people who pay the right tax and benefits because the know what they are doing.

To help 1-4 above, identity management needs to ensure that each person who is liable for tax and benefits has one identity tied to one human being. I suspect that what government has realised is that a huge % of our population has an NI number but until now HMRC would not allow the number to be used for wider purposes. This seems to be changing. Once we are in a position where each taxpaying person or benefit receiving person is identified consistently by a single number such as NI it means that better detection of fraud can occur and save the UK a huge amount of money. The second issue once you have all these NIs is to tie a single human being to its ownership and ensure that there are ways to detect if any given human is attempting to get two identities. Thats where the biometrics come in. So I suspect that the reason the big IT approach for identity cards is being revisited is that by simply widening NI usage across Gov and reusing the database already in existence in DWP the Gov can go a long way to achieving some of its goals. Introduction of biometrics is a harder problem to solve technically but we can start to reap big benefits from just the first step.

I won’t go into the other points in the initial 4 as this is already way too long. I would however counter the position on DPA. It is by far the biggest excuse I have heard in gov for not solving these problems and yet has very few grounds. I firmly believe that if you want services from gov then you need to accept a certain loss of privacy. It is a difficult pill to swallow but ultimately there are lots and lots of bad people out there who are robbing hard working tax payers of lots and lots and lots of money. Why is it unreasonable to ask people to prove their identity. We should also note that the privacy being fought for is only perceived anyway. If gov wants to cross check your details because of fraud suspicion then data can be shared. It is just unreliable ad costs money (us money).

Let me put this another way. If we assume benefit and tax fraud costs the UK (guess only) 4 billion pounds per year. Now lets say that the average tax payer pays about 20K per year in total taxes (its probably far less). That means that 200,000 people’s hard earned tax cash will simply walk out the door this year. Let’s put it another way. That means that for a working life of 30 years over 6000 people will work all their lives paying tax to cover 1 year’s losses to people who think it is ok to defraud the UK tax and benefit system. Now put yourself in one of those 6000 people’s shoes. You will pay taxes all of your life for nothing and so will every one you know, and probably most of the people you will ever know. Next year, another 4 billion will go missing.

Data protection should not be an excuse for such haemorrhaging of cash.

The one final point which I think demonstrates the real issue to be sorted out by ID. The guy on Radio 4 said that even if ID agency gets the solution on there is no obligation for any Gov department to sign up and use. I am not sure what is more outrageous, the possibility that they may not sign up or that they are given an option at all.

So let’s not get to wrapped up in tech on ID. There’s load’s to be done with what we have if the right policy and delivery was put in place today. Further IT spend is just a red herring. A very expensive red herring.

IMHO

PS. You can tell this is a techie blog as you have to type in BR in the text to get a new line!

I really should reply to Simon’s request to hear my views on the identity programme and the relationship to and opinions of the vendor community of the programme (as I see it); I’ll try and do this soon for the readers of this blog. I’ve spoken to Simon a number of times since he posted the above and we’ve talked about the subject of this post, so really I’ll be using the upcoming response as an opportunity to state my opinions.

Evolution of UK Government Messaging Systems

This is the third part of a three part overview of UK Government G2G Messaging Sub-Systems.

Specifically this post is looking at the “Evolution of Messaging Sub-Systems used by the UK Government” – given the current, and the near-future, state of UK G2G systems, how might we expect them to mature and evolve.

At a minimum I would recommend reading part one of this series of articles, “Messaging Sub-Systems in the UK Government”.

The near future – the most likely Shared Services Model

Shows which organisations are most likely to share “information” and function across the emerging UK G2G infrastructure.

UK-G2G-Systems-0.1.5

So… What Next ? It is only a matter of time before these Ontologies start to share information in a more controlled and planned manner.

In fact data traffic between a number of these G2G systems is already being planned out.

It’s not hard to see that an “Evolution of the UK Government G2G eco-system” is taking place, specifically around two primary models: “Mesh” or “Hub”.

Mesh

Shows the Mesh model

UK-G2G-Systems-0.1.6

Currently the data traffic flows between the UK Government G2G systems (and constituents / members of those G2G eco-systems) are being planned to be developed in a point-to-point manner. The diagram shows just how convoluted that could become (if not worse), and easily shows how many connections, and end-points would need to support a full flow of information across these G2G systems.

In earlier versions of this analysis I used to pun that this model was “a bit of a ‘Mesh’”. Believing that moving forward the more controlled model of the Hub would win out over the Mesh model. However, given the lack of understanding of this issue space, probable costs involved in doing something more strategic (although the cost of doing large numbers of point-to-point integrations would dwarf these), and a very ‘stove-piped’ view of individual programme functional requirements, there is a lack of movement towards a more centralised Hub model at the moment.

Hub

Shows the Hub model

UK-G2G-Systems-0.1.7

I used to say that “my money’s” on the Hub Model, because: The Hub model allows for a host of new functionality, from a potential real time UK modeller & analysis, to a single one-stop shop access point, and a definitive cross UK ID understanding.

But the until the issue space is better understood and appreciated I doubt there will be more movement towards this model, and for the time being the “spaghetti” of the Mesh model will proliferate.

Simon Freeman’s “Decentralised” Hub

Shows the the evolved Hub model postulated by Simon Freeman.

UK-G2G-Systems-0.1.8

Simon Freeman’s (Ex-eGU Chief Architect for the GG) opinion is that the major G2G Message Hubs will merge, and that the strongest (think VHS vs. Betamax, or even better, Ethernet vs. TokenRing) will win out – based upon volume & variety of usage (principally leaving the GG as the strongest by this metric). New functionality (see above) will then be built over this merged hub.

Even Chris Haynes, Director of EDT (Delivery and Transformation Group) at the Cabinet Office, recently said “Gateway is the emerging backbone of Government Service Identity Management.” in a presentation titled “Identity Management across the Public Sector”.

The accompanying diagram represents that possible evolution of the Government Gateway into the UK wide central G2G system.

That concludes my overview of UK Government G2G Messaging Sub-Systems – hope you enjoyed it.

Part one of this article, “Messaging Sub-Systems in the UK Government”, and part two, “Comparison of Major Messaging Sub-Systems in the UK Government”, are also avialiable.

As I mentioned in the first part of this series, I very much hope that at the very least the co-ordination of these G2G messaging systems will come under the remit of a cross UK government organisation, such as the CIO Council, and that John Suffolk, the UK Government CIO will be involved in supporting that initiative.

In a later post I will be looking at “Shared Services” in greater depth. Specifically at what “Shared Services” means to me, a value model (for judging how “Shared” that “Shared Service” is) and potential value calculator (I’ve got most of the content, just need time to get it online).

I will also delve into the Government Gateway, especially communication to and across it via Departmental Integrations Server (DIS) devices.

And I may even be up for a critique of the “UK Cross Government Enterprise Architecture”, hosted over at the UK Government’s CIO Councils CTO Council website.

Comparison of Major Messaging Sub-Systems in the UK Government

This is the second part of a three part overview of UK Government G2G Messaging Sub-Systems.

Specifically this post is a “Comparison of Major Messaging Sub-Systems in the UK Government”, looking in more detail at three of the largest UK G2G systems and contrasting them with each other.

I’ve split it into two parts:

Comparison of the major Identity Ontologies

I’ve found that for any of these systems to truly deliver significant value they need to support four basic components. In fact this is no different of any large integration system found in any other sector. The four basic building block are:

  • Internal (Back-End) Integration – preferably “Service” focused, there has to be a way to unlock the functionality and processing capability within the individual departments, organisations and authorities. Whether this is via a “Service Oriented Architecture” (SOA) or “Enterprise Application Integration” (EAI) a fundamental premise is that data can be sent and received from these “Back-End” systems.
  • Shared Identity – An Ontology wide shared understanding of Identity is required for these disparate systems to share data and function with the correct level of authority.
  • Messaging System / Backbone – An Ontology wide & inclusive G2G messaging system – unlike the internal messaging systems used within Departments, Organisations and Authorities (typically under one management team and are “closed systems”), the G2G systems are typically outside any single organisations monopolistic control, requiring participation from the wider membership of that Ontology to deliver data communication across it’s members.
  • Access (Front-End) Gateway(s) – Portal or other Front-End access point – visibly delivers much of the value, which is actually brought into being by the previous three building blocks.

Table comparing the major Identity Ontologies

The table below shows each of the Ontologies I had identified in my earlier post, and rates them across the four areas described above.

  Silobusters / Internal Integration Common Ontology Wide Identity G2G Messaging Subsystem(s) Access Gateways Other Notes
Citizen Some Internal Integration – not yet focused upon the real-time provision of services Yes – via the Government Gateway Yes – via the Government Gateway Mostly Organisation specific, some centralisation – via the Government Gateway Only Ontology heavily in production – Hub & Spoke Model
Justice Little or no Internal Integration None Defined / Agreed Three Major messaging systems evolving – CJEX, Impact & DISC – natural segregation of case information Mostly Organisation specific, very little centralisation (mapping to messaging systems) Triple Hub Model evolving – Based around Data Segregation (“data firewalls” likely to be required)
Immigration None we are aware of (Little or no Internal Integration) None – would heavily be based on Passport data for early revisions None – Was due to have a single link to Police ‘Schengen’ Systems, however this has paused, as has our implementation of Schengen Organisation specific  
Transport None we are aware of (Little or no Internal Integration) None – would heavily be based on Driving License data for early
revisions
None we are aware of Organisation specific  
Health Brownfield Integration at the Local Service Provider (LSP) level slowing – more
research needed
Some – evolving based around ‘Patient’ data NHS Data Spine – 5 Sub-Hubs at the LSP – a Star Hub Model   Hub & 5 Sub-Hubs Model (Star Model)
Security None we are aware of (Little or no Internal Integration) Unknown by Author SCOPE – No Data – Assume some inclusion of G2G type functionality Unknown – Organisation specific ?  
Military None we are aware of (Little or no Internal Integration) Unknown by Author DII – No Data – Assume some inclusion of G2G type functionality Unknown – Organisation specific ?  
Education None we are aware of (Little or no Internal Integration) Unknown by Author Currently under investigation Mostly Organisation specific, very little centralisation  
Other(s)         Fire Service ?

If you can help fill out this table – then kindly get in touch (preferably via the “comment” mechanism at the bottom of this post) and I’ll be happy to republish with suggested amendments.

With hindsight what I feel that what I should have done with this table is break the Ontologies down into their constituent members – especially when looking at how much internal integration has been and is being planned to be delivered in the near future.

Comparison of three of the largest UK G2G systems

Now I’ll be looking in more detail at three major Messaging subsystems, and comparing them against each other.

The three major G2G messaging systems in government are:

The Government Gateway, the NHS Data SPINE and the Criminal Justice Exchanges

UK-G2G-Systems-0.1.9

This diagram shows the three major G2G areas that we identified above: it allows us to see each of them in contrast to the other – hopefully making the differences more pointed (and thus more obvious).

The (Single) Hub & Spoke model used by the Government Gateway

Shows the “Hub & Spoke” used by the Government Gateway.

UK-G2G-Systems-0.1.10

Notable points:

  • The Gateway has to be Highly Available – or nothing Communicates if it’s down
  • The Sub-Spokes shown communicating into Local Authorities actually just pass traffic straight through to the Government Gateway – there is no way to keep traffic within a ‘Sub-Hub’ – all traffic terminates, originates, or passes through the central ‘Hub’
  • Relies upon a DIS box as an end point – this acts a “Guaranteed Delivery” mechanism as once on a DIS box the traffic is assumed will (eventually) arrive at the central Hub

Five Point “Star Hub” Model used by the NHS NPfIT Data SPINE

Shows the “Star Hub” used by the NHS NPfIT Data SPINE.

UK-G2G-Systems-0.1.11

Notable points:

  • The model implies that if the central hub is unavailable end-points (hospitals, LHA / LHB’s) connected to a Local Service Provider (LSP) will still be able to send and receive data with their Regional Siblings
  • Of course we now have 6 messaging systems, with almost identical functionality (apart from the Authorisation and Authentication, and the Registration and Enrolment).
  • The diagram is slightly incomplete as it’s likely that Hospitals, etc, would plug into the LHA / LHB’s for a region – who would then in turn plug into the Regional LSP

“Tri-Hub” model currently evolving within the (Criminal) Justice Ontology

Shows the “Tri-Hub” developing in the Home Office / (Criminal) Justice Ontology.

UK-G2G-Systems-0.1.12

Notable points:

  • Although this has evolved out of exasperation (with Centralised Functions, like the CJIT Exchange) – it actually makes a lot of sense
  • It allows for data communications between like for like organisations, but logical & physical segregation between the Courts, etc. & the Police, etc. & the Home Office / NOMS, etc.
  • I believe that ‘information firewalls’ will evolve to segregate (and keep secure) information between these three primary groups – the Police & Courts can not share certain case information – it’s possible they can be aware it exists, but not the content – this model allows for ‘localised’ sharing, but secure within a group
  • The model also implies that by having no central hub means it is more resilient – end-points will still be able to send and receive data with their Group Siblings – as well as having dual resilient routes

That completes part two of my overview of UK Government G2G Messaging Sub-Systems.

Again come back in a couple of days for the next instalment – the “Evolution of Messaging Sub-Systems used by the UK Government” – given the current, and the near-future, state of UK G2G systems, how might we expect them to mature and evolve.

Part one of this article, “Messaging Sub-Systems in the UK Government”, is also available.

Messaging Sub-Systems in the UK Government

This is the first part of a three-part overview of UK Government G2G Messaging Sub-Systems.

Specifically, this post looks at “Messaging Sub-Systems in the UK Government” and is an overview of what’s in place, what’s not, and how I’ve classified them.

If you’ve been involved with Government, Education, and Health (GEH) IT implementations over the last few years, you will no doubt have come across some of the major G2G systems that have been developed, and are continuing to mature.

Since just before Tony Blair announced UK Online in September 2000, with a pledge to provide all government services online by 2005, there have been movements towards greater co-operation and joint working across the UK Government.

In the UK we’ve been hearing about “Joined-Up Government” and “Shared Services” for a number of years. Reports such as the Gershon Review, the Transformational Government Strategy and the Varney Report all call for government departments and organisations to work together to deliver more capabilities and greater savings.

With this drive towards greater cohesion, we have seen systems gravitate around what I call “Identity Ontologies” – Identity as understood and utilised by certain naturally grouped Government Organisations, Departments and Authorities. Sharing of Information is being done in departments which have a natural affinity for their peers, based around these Identity Ontologies.

For a number of reasons, security of information being exchanged being one, privacy and civil liberties being another, restriction of information (at least some of it) is, and will continue to be, limited across these Ontologies.

I was told by Brian Woodford, lately of Sun Microsystems UK, now at Tata Consulting and previously at BT, that in BT groupings similar to these are called UK Government “Communities of Interest” (COI), however as none of my BT contacts can confirm, nor deny this, I believe it to be both anecdotal and apocryphal.

Identity Ontologies

This diagram shows the major “Identity Ontologies” in the UK GEH arena.

UK-G2G-Systems-0.1.1

Purposefully it does not show:

  • Education Ontology – possibly a subset of Citizen, although currently they are looking at a National Programme which could also encompass Data Sharing across a G2G system.
  • Fire Service (and related Emergency Services) – currently these fall under the remit of the Department for Communities and Local Government (DfCLG), however from 2001 to 2006 they had reported into the Office of the Deputy Prime Minister (ODPM), and before 2001 the Home Office. I believe they have an affinity to the Home Office based G2G system(s), although heavily related to those of the local authorities.

It’s very likely there may be other Ontologies, however given the conversations I have had with a number of senior civil servants and government IT professionals I believe it to be quite inclusive.

One of the most interesting items is that Local Government and Authorities often connect to almost all of these Ontologies.

Why does this stuff matter?

By understanding the current overall government IT landscape, and the systems under procurement we can postulate how the UK Government IT Landscape may mature and thus should “evolve”. Rather than these systems evolve into place, it is my belief that at the very least it should be overseen and planned in a strategic manner by a responsible government department, such as the CIO Council (led by the UK Government CIO, John Suffolk). This is very much along the lines of the the aim of Enterprise Architecture, and certainly has a relationship to Enterprise Architecture Planning.

Currently Sharing Services

Shows the major G2G messaging systems related to each Identity Ontology, and which organisations are sharing “information” via these messaging systems.

UK-G2G-Systems-0.1.2

This diagram shows the “Identity Ontologies” represented by there underlining, and supporting, G2G messaging systems, and other end-point systems which had been connected up (or were due to connect up) by the start of 2006.

Obviously with subject matter is so large, and covering such a large IT eco-system, it has been necessary to abstract a certain level of detail out of this overview.

Aren’t the Departments, Organisation and Authorities already sharing information ?

Of course the UK Government shares massive amounts of data, much of it electronically, however the amount that is transmitted via G2G data exchanges, in a shared and common model, is much smaller (in number, if not volume) than the amount sent via point-to-point data exchanges.

The advantages of using a G2G system rather than relying on a large number of point-to-point data exchanges is that there is a significant reduction of effort in terms of connections and connection end-points which need to be built and maintained. It also allows the G2G communication to share frameworks such as error & exception handling, audit & traceability, security & inspection, and management information. These are very similar to the advantages found in Enterprise Application Integration (EAI).

Due to Deliver Shared Services Soon

Shows which organisations are due to share ‘information’ soon.

UK-G2G-Systems-0.1.3

So this diagram shows which end-points are due to connect into their respective G2G systems, and thus share data soon.

The differences between this and the previous diagram are striking and obvious, and is due to the proliferation of integration and data sharing which is occurring, and is due to take place, across the UK Government IT eco-system.

Supporting Network Infrastructure

Shows the network backbone – in context.

UK-G2G-Systems-0.1.4

Very similar to the last diagram – however shows there major sets of network infrastructure which underpin these messaging systems:

  • The Citizen Identity Ontology focused GSI2 network.
  • The Home Office related Police National Network (PNN3).
  • The NHS NHSnet (actually being superseded by the NHS National Network or N3).

Most Likely Shared Services Model

Shows which organisations are most likely to share “information”.

Based upon the previous analysis, this diagram gives the best prediction for which systems would be connecting soon. The renewed focus on the road transport network and the advances being put forward to enable portions of the road traffic pricing mechanisms bear out some of my predictions.

Since these diagrams were drawn up a number of departments have undergone significant changes, however much of this analysis is still valid.

That completes this part of my overview of UK Government G2G Messaging Sub-Systems.

Come back in the next couple of days for the second part – “Comparison of Major Messaging Sub-Systems in the UK Government”, looking in more detail at three of the largest UK G2G systems and contrasting them with each other.

UK Government G2G Messaging Sub-Systems

Just to say that over the next weeks posting’s I will be looking at UK Government Messaging Sub-Systems. ….. 5 Trackbacks