Government Service Bus

The GSB (Government Service Bus) is intended to become the central platform
of integration and services for the provision of government electronic services
and transactions, and a provider of common value-add Shared Services which
will be used by all connected entities and government agencies. i.e. Identity
management, e – Payment and core data exchange between government
entities. Figure 1 shows the role of the GSB as an integration enabler to
implement government e – services.

Figure 1: GSB role in the e – government services infrastructure.

The government service bus project is considered among the most critical
and high – impact projects within YESSER projects portfolio for 2007

GSB major components:

The GSB project has been divided into two phases, based on the (6) pilot
services requirements (category 1) and (category 2) services’ requirements
as identified in the e – Government national action plan.
Phase 1 of the solution is sought for as a quick win phase, enabling the provision
of 6 e-Services from 4 governmental agencies to use a common infrastructure for
integration, sharing of data and the use of centralized shared services. It
encompasses the following layers:

Integration & Messaging Layer

Messaging & Queuing

The GSB Solution will provide the ability to perform Store and Forward of
messages between the various services and clients of the GSB, both in
synchronous or asynchronous way.

Service Registry
The Service Registry will be used to provide a controlled point of access to
service metadata for all services provided by e-Government.

Transaction Management
Transactions are a fundamental concept in building reliable distributed
applications over the KSA GSB. A transaction is a mechanism to insure all the
participants in an application achieve a mutually agreed outcome.

Switching & Routing

Service switching and routing is a key “enabling service” of the GSB which
ensures that a service is accessed in most efficient and performing manner.

Service Provision and Delivery Gateways

The Service Gateways makes the services of one application or provider
available to others, and vice versa, in a controlled and secure manner. They
provide an alternative to client-based or server-based wrappers and instead
acts as an intermediary component to translate non-Web Services
invocations into Web Services calls and messages, and vice versa.

e-Gov Adapters
E-Government Adapters are software components that enable a logical
business transactions to be executed seamlessly between systems.

Data Management Layer

Shared Data Service

The e-Gov Data Adapters will allow the GSB, through the Shared Data Service,
to accept requests for data from client systems, invoke the relevant Adapter to
retrieve the data, validate it using the Data Schema Validation engine and
returned in Canonical Data Format to the requester.

Database Access Service

The Database Access Service (DAS) enables the GSB to query/update its
RDBMS through a web service.

Data Schema Validation

Data Schema Validation is an important feature of the GSB, ensuring that all data
shared among services conforms to an agreed upon Schema or Metadata rules.
These agreed upon schemas and metadata rules will be defined through the
YEFI process framework.

Security Layer

Security Overview
Since the GSB will be handling sensitive personal and government data,
as well as transactions with legal implication it must provide a high level of
security for access, identification, authorization and non-repudiation.
Below is a list of the general security requirements that will be provided by
the GSB security solution.

Authentication and Single Sign-On

The GSB solution will provide a centralized authentication via LDAP
directory services. It will also provide a single sign on solution
between the e-Gov portal and participating agency sites.

Authorization
The GSB LDAP will hold some basic authorization levels that will be
used internally within the GSB and accessible to external systems.

Identity Verification
Government services rely on identity verification before tendering of
service, which is usually done by requesting a citizen to show-up in
person and present identification. In order to prevent fraud, e-
Services need to maintain a strong identity management and
issuance process, so that a user requesting an e-Service can be
verified to be what the user claims to be.

Non-Repudiation
For Phase 1 of the GSB, non-repudiation will be achieved through
1. Authentication (registered user with username/password)
 2. One-time Identify verification process as outlined in the
identity verification section.
3. Business transaction logs and audits.
User Management The administration of User Accounts, along with
creation, update, disabling and verification of users is done through
this component

Core Services Layer

Payment Gateway
Since most e-Government services do require a payment of fees for
the service rendered, it important that the GSB provide a common
shared service for payment processing. This service can be used by
any government agency system that is connected to the GSN. No
need for each agency to have its own integration point into a
payment service/gateway is needed any more.

Logging Engine
The logging engine is responsible for logging different activities (business
transitions and system actions) and errors within the GSB framework. The
logging engine will also provide a framework for logging that can be used by
different component of the GSB.

Interaction Layer

Secure Management Site

The Secure Management Site will be used by GSB Administrators and Yesser
Customer Service Representatives.

Notification Engine
The Notification engine will “push” or “route” service requests to recipients via a
number of mechanisms, such as SMS, E-mail and even voice calls.

Email Gateway
Among the GSB notification channels, secure e – mail solution will be
used to notify users of the GSB in a reliable and timely manner.

UI Syndication
The UI Syndication engine is the mechanism used to integrate
remote user interface of e-Services developed and hosted by the
various government agencies into the portal of the e-Government of
Saudi Arabia, and to provide web-service interfaces to pages and
user interfaces hosted on the e-Gov Portal or Secure Management
Site to remote portals for use within their UI frameworks.
 Auditing & Reporting
Auditing and reporting modules provide access to business and technical activity
logs across the different services and components of the GSB.

Systems Management
The management tools will be used to manage and monitor the GSB hardware
and software components

Phase 2 of the solution is sought for as an additional phase, enabling the

provision of an additional 20 e-Services from various governmental agencies to
use the GSB infrastructure, and adding extra value-add services to the
installation. It encompasses the following components:

Integration & Messaging Layer

Workflow & Choreography

Choreography is about the development and execution of business process flow
logic, which is abstracted from applications. Inherent in this are rules which
govern the sequencing and control of service invocations, which in turn support
these business processes and workflows

Orchestration
Orchestration is a type of collaboration in which the primary service directly
invokes other services. The primary service knows the sequence of actions
and the interfaces, responses, and return states of the called services.

Protocol Transformation

Protocol transformation has been traditionally provided as a key enabling

feature of Message-Oriented-Middleware (MOM).

Quality of Service Management

The Quality of Service (QoS) Management is an Observer Service that

checks all the messages that flow through the GSB. Anytime a fault occurs
the Observer raises an event to notify any systems subscribing to the service
and it can then process the information appropriately.

Event Management
 The GSB Event Management Service is a standard “push service” that
enables decoupling clients from consumers of GSB events. The various GSB
components can publish messages into an Event Channel and the Event
Management Service will deliver the messages to all the appropriate
subscribing users.

Data Management Layer

Data Transformation
Together with integration, data transformation involves the reformatting of the
source data including files, records and fields, and the removal of data that is not
required in the target system. It may also involve decoding and translating field
values, adding a time attribute (if one is not present in the source data) to reflect
the currency of data, data summarization, and the calculation of derived values.

File System Access

The File Access Service enables the GSB to read and write files to the local area
network storage devices through Web Services.

Enterprise Search Engine

The Enterprise-Wide Search service which will aggregate and filter data from
local databases and file-systems, outputs of GSB services, as well as federated
repositories of shared data and agency services. The search result will be
returned in XML format following the GSB YEFI based structure for data, and can
be used by any service or client to perform search needs.

Data Enrichment

Data enrichment, also known as “data enhancement”, is about adding value to

existing data already used in an organization.

Security Layer

PKI Integration
This is the proposed integration point to external security providers.
The main entities identified so far are: PKI, MoI, and MoCI.

Encryption and Signing

The solution components can be used for the encryption and
signing of business data across the boundaries of the
transaction.

Core Services Layer

Service Level Management

This is the layer of management that belongs exclusively to the Service Level
Agreements (SLAs).

Interaction Layer

SMS Gateway
The Short Message Service Gateway will allow all users of the GSB to integrate
SMS with their existing systems through a single point of entry. The GSB will
enable all providers and users the ability to simply 'plug in' to the SMS gateway
and begin sending SMS messages. For those systems which already send out e-
mail alerts, the SMS Gateway will be able to supplement this alert mechanism
through SMS messaging.

IVR Gateway
The Interactive Voice Response Gateway will provide the necessary interaction
services to handle telephone callers.

Postal Service Management

The Postal Service Management interface can interact with the Postal Service
system. The Postal Service Management interface will provide the GSB with a
web service that enables the GSB to send a Pickup-Delivery request to the
Postal Service Office System.

Development & Publishing Toolkit

The development and publishing toolkit enables the ministries to develop and
publish e-Services. Along with the reference architecture and the YEFI
interoperability framework government agencies can use this toolkit to develop
their services systematically. The toolkit will contain a sample e-Gov Adapter,
YEFI, reference architecture, technical reference model, and all other necessary
development tools and guidelines.