The Greek Interoperability Center

: In this paper we present the Greek Interoperability Center (GIC), which constitutes a common and uniform framework for web services hosting and use. Those web services are either implemented by the Ministry of Finance or other Ministries (web service clients). The aim of GIC is to act as a hub for exchanging business/operational data between Public Sector Agencies, but also for establishing a uniform way to implement web services (and clients) in terms of security and web service implementation techniques. This was accomplished by implementing an Enterprise Service Bus as well as a number of "horizontal" functions named Common Implementation Framework.


Introduction
The Greek National Strategic Reference Framework (NSRF, 2007-2013) which constitutes the reference document for the programming of European Union Funds at national level for the 2007-2013 period emphasised the adaptation to the new i2010 European Union policy identified through the idabc program (2005).More specifically, it focused on how: (a) to enable the exchange of information between public administrations and between these public administrations and Community institutions; (b) to facilitate the provision of pan-European services to businesses and citizens, taking their needs into account; (c) to achieve interoperability between different policy areas, notably on the basis of a European interoperable framework; (d) to promote the dissemination of good practices and encourage the development of innovative telematics solutions for public administrations.A project that was financed to implement exchange of information between public administrations in a uniform manner was the Greek Interoperability Center (GIC, 2016).The idea for GIC arose from the fact that each Public Sector Authority (PSA), in order to exchange information with another authority, was obliged to conform with specific (and in the majority of cases different) implementation requirements imposed in terms of security issues such

Related work
A number of interoperability solutions in public administrations are already implemented.Current approaches include among others the work presented in Masethe et al. (2013), in which a platform that generates Electronic Health Records (EHR) by using an Enterprise Service Bus (ESB) is presented which integrates data collection, processing, reporting and use of information.In this platform, the user is connected through the application tier interface to the system management for authentication.Another interesting platform is presented in Samadzadegan et al. (2008), describing the EGIS platform implemented for some of Tehran's (capital of Iran) municipal organizations.In this work, Oracle SOA has been developed to build service oriented enterprise GIS and deploy them to middleware platforms.The enterprise service bus (ESB) uses routes and distributes events between applications and connects existing IT systems with business partners by accessing definitions and important data about the services from the registry.The system provides a Portal, a Web, and a Mobile function for the different types of end-user access.
However, recent approaches are heading for more sophisticated solutions in service provision, i.e. service orchestration as well as incorporation of semantic interoperability.More specifically, Kurniawan and Ashari (2015) proposed a service orchestration mechanism (which uses patternsutilizations and rules that retrieve data from all databases) through an enterprise service bus (ESB) in order to integrate many services from many departments which use their own platforms and IT.On the other hand, Castellano et al. (2005) present an e-Government Framework that allows cooperation among different Government Agencies' (GAs) applications -called network of eG-Domains -based on the Enterprise Service Bus model.Each eG-Domain is connected to the eG-Bus through the eG-Gate which represents the single access point of interaction with external entities using the Web Services technology.The eG-Bus provides a standard-based infrastructure for application connectivity and process orchestration (on top of applications, not within them) among different eG-Nodes.The eG-Domain incorporates both intra (i.e., databases, legacy applications, portals and workflow engines present in a Governmental Agency) and extra Domain services (provided by remote GAs through the eG-Bus or directly by the eG-Bus).Basic components in this architecture include among others: (a) eG-DomainBus, providing basic services such as intelligent routing, process management, transformation, tracking, auditing and logging.
(b) eG-ServicePortal, which serves as a single access point for the information and applications, providing aggregation of content from diverse sources and personalized services.
(c) eG-ServiceWorkflow, which adopts an orchestration model and synchronizes the interactions among different eG-Services.
Another work which implements a variation of service orchestration is presented by Alboai et al. (2016).More specifically, the authors present the software architecture used for the OPERANDO privacy platform which uses SwarmESB, an open source Enterprise Service Bus (ESB) based on executable choreographies.Executable choreographies are scripts that get executed in multiple processing nodes which may belong to multiple organisations.OPERANDO architecture contains, among others, major components or layers such as: • Authentication layer, i.e. a set of services and components responsible for the authentication and monitoring of all business processes; • OPERANDO Core services: a collection of complex services, techniques and algorithms that offer functions such as secure data vaults, anonymization, data mining, etc.; • Regulator API: a collection of web services offered to legal authorities (regulators) to monitor and control OPERANDO's features regarding privacy laws and regulations.
A work adopting the semantic interoperability incorporation approach is presented in Ryan and Eklund (2010).There, an interoperability framework was implemented called the Health Service Bus (HSB), based on the Enterprise Service Bus (ESB) middleware software architecture performing semantic interoperability via the content of the message sent within the framework and how it is processed.Messages are XML based on HL7 V3 models, while translation Services were developed based on XSLT transforms.The implementation involves a service container providing the service interface to the ESB, as well as a client application for entering patient observations and for testing the prototype HSB.
Work focusing on data protection and access to legacy databases deserves special attention.González et al. (2016) present a work for monitoring and enforcing data protection laws within an E-government Interoperability Platform.The solution is based on an Enterprise Service Bus using the SwitchYard2 ESB product as well as recognized security standards (e.g.eXtensible Access Control Markup Language).The invoking agency includes in the SOAP message the identification of the service and the name of the operation it wants to invoke as well as a security token previously obtained from the Interoperability Platform, using the WS-Trust standard.Once these security controls are completed, the message is routed to the Middleware Infrastructure where some validations (e.g.data format validations) and, if required, transformations (e.g.including a missing element in the message) are performed.Finally, the message is sent to the target service which is hosted by the servers of a public agency.This work focuses on consents for sharing personal data, given that these are the ones which can be monitored through an interoperability JeDEM 10(1): 82-93, 2018 Pavlina Fragkou platform.Consents are given for a specific purpose and for a given time period.In particular, the validation considers the type of personal data that is being exchanged (i.e.public or sensitive) and the consents provided by citizens regarding these data.If the validation fails, the solution performs different pre-configured actions to the original message (e.g.execute a message transformation to take out elements which do not have the required consents to be shared).If not, the response also includes the action to be taken to enforce the law.If public agencies are authorized to exchange personal data, the message is routed to the Log Router component; otherwise, it is routed to the Action Router component.The Action Router component obtains from the XACML response the actions to be taken, including the XSLT transformation that should be applied to the message.
On the other hand, Lemma et al. (2014) discuss the features of Open-DAI, an open-source platform designed to enable organisations to expose data as services, directly pulling from their legacy databases.Access to legacy databases is ensured by the open-source component JBoss TEIID, a data virtualisation system that allows applications to use data from multiple, heterogeneous data stores, using Virtual Private Network (VPN) connections, and also allowing data transformations.Pilot services were developed within the project in the form of mobile or web applications.
Finally, a solution that takes into account the incorporation of provision of electronic services into the cloud technology is presented by Hamiga and Jarzab (2012).This work presents Electronic Platform of Public Administration Services (ePUAP -Polish acronym), a centralized point of access to all services for citizens which offers, among others, the following services: (c) Catalog services -centralized repository of document templates, procedure descriptions etc.
Fuse ESB6 product was chosen as the ESB implementation.Guvnor tool of Jboss Fuse ESB was used for the creation and sharing of Service Tasks into the cloud.

Greek Interoperability Center (GIC) aims
Greek Interoperability Center (GIC) is in line with the approaches presented in the previous section in the sense that its implementation is based on an open source enterprise service bus (as presented in the next section), it meets all prerequisites to assure security issues, and finally it provides sophisticated web services using the concept of orchestration.Most specifically, its intention is to adopt a set of principles that will act as standards for web services implementation for all Greek public administration agencies.This is achieved by providing a list of services common to all online services hosted by it.Those common services involve: In particular, authentication involves a set of predefined information that a client Public Sector Authority must send to GIC in order to be appropriately authenticated.On the other hand, via Management Request Application (described in the next section), a set of controls are performed in order to check which web service operation(s) the client authority is authorized to use, as well as the number or calls on a daily base it is authorized to perform.Call logging -auditing refers to predefined information that is exchanged and stored in each operation call on both sides in order to be able to perform troubleshooting in case a problem occurs.The auditing process pays special attention to keeping the least information required in both systems.This is achieved using the notion of "business key", which is usually an operational feature initially agreed upon between both parties.This is in alignment with the EU's General Data Protection Regulation (GDPR, 2016).Finally, GIC supports a Digital Signature Infrastructure where a digital certificate is installed in the client's infrastructure.Messages exchanged between GIC and public sector authorities are digitally signed.
A key function of GIC is web services provision to public sector authorities through a process of registration via Management Request Application (MRA), described hereafter.During an online web service request from a public sector authority, a number of different roles of internal as well as external users are involved.GIC offers the possibility of web service customization according to the public sector authority's needs.It also provides the ability to develop new web services through the combination of others, i.e. to provide compound web services following the concept of orchestration.
In order to support the full life cycle of a request, it provides a Pilot as well as a Production environment to public administrations.A Pilot environment is used for performing necessary tests between parties before proceeding into the Production phase.GIC hosts a number of already installed web services each of which contains a number of operations relevant to the Enterprise Service Bus (ESB) used for this purpose (as described in Section 4).

Greek Interoperability Center's components
Greek Interoperability Center (GIC) consists of three major componets:

The Enterprise Service Bus
According to wikipedia, "An enterprise service bus (ESB) implements a communication system between mutually interacting software applications in a service-oriented architecture (SOA).As it implements a distributed computing architecture, it implements a special variant of the more general clientserver model, wherein, in general, any application using ESB can behave as server or client in turns.ESB promotes agility and flexibility with regard to high-level protocol communication between applications.The primary goal of the high-level protocol communication is enterprise application integration (EAI) of heterogeneous and complex service or application landscapes (a view from the network level)".More specifically, ESB is a software platform that uses a framework of standards and rules to provide data exchange services between systems and applications through a single messaging model and online services.Some common characteristics of ESB are the following: The aim of Greek Interoperability Center (GIC) is to abolish the strategy of creating one-to-one connections between public sector authorities for the provision of a web service, but instead to adopt the idea of a hub, where all web services will be provided through a unique point, as depicted in Figure 1.The structure of JBOSE Fuse is listed in Figure 2.

Figure 2: JBOSE Fuse Structure
Apache CXF supports web services components implemented using Simple Object Access Protocol -SOAP message (xml) over HTTP protocol.It hosts a number of web service description languages (wsdls) each of which is an xml file that describes the "contract" of the service, following the Universal Description and Discovery Integration (UDDI).JBOSS fuse platform supports CXF Interceptors i.e., the CXF framework elemental processing unit when calling a web service.The information exchange is supported through message exchange (message reading-message conversion-header editing-message validation) which is achieved using interceptors that run in different phases for an incoming/outgoing message, depending on the implementation.

ESB incorporation to Greek Interoperability Center (GIC)
The incorporation of Jboss Fuse Enterprise Service Bus into Greek Interoperability Center (GIC) was performed in a four layer architecture implementation.Those four layers are: 1.The Presentation Layout, for web services provision.This layer involves a number of certified users (internal and external ones).It also supports the whole life cycle of a web service request applied by a Public Sector Authority (PSA) as well as a number of functions such as: User Definition, Customization and Request Management etc; 2.
The intermediate layer, which supports hosting and provision of proAtomic/business/compound services, aimed at providing complex and business-class services to participating systems; 3. The Apache Karaf Infrastructure Software, which is an application service software for both users and external systems.It is based on Apache Karaf Open Source (OSGI); 4. The Enterprise Service Bus software based on the RED HAT JBoss FUSE open source software, which has the logic of interconnecting heterogeneous infrastructures (or systems) to use web services through a common channel.The common channel uses international communication rules to reuse it.Special attention must be paid to the fact that this architecture is able to provide orchestration procedures, i.e. procedures for the synthesis and orchestration of simple and technical web services in order to provide more complex ones.
Additionally, Greek Interoperability Center (GIC) maintains a number of staging base generation procedures for receiving data from internal source systems, performing checks, correlations as well as transformations, and any other processing required before being promoted to other systems through the end-to-end web services.This approach is similar to one presented in González et al. (2016) in the sense that unauthorized information can be filtered in the staging area.

Management Request Application (MRA)
As noted in a previous section, Management Request Application (MRA) is the front end, i.e. the access point of Greek Interoperability Center (GIC) to Public Sector Authorities in order to apply for web service provision.Management Request Application (MRA) is an online application (supporting internal and external users) through which: a) Requests can be applied by a Public Sector Authority (PSA) for the provision to use one or more web services b) User rights are attributed to PSA's servers for every web service that is requested c) Web service operations are parameterized for every PSA d) Pilot and productive functionality of web services (Pilot and Production Infrastructure) are offered Management Request Application (MRA) contains both an external as well as an internal API.The external API, addressed to external users, is used for submitting, updating, modifying, canceling requests from PSAs.In the initial phase, PSA obtains access to MRA.At a subsequent step, PSA authorizes one or more users who are able to manage PSA's information systems as well as requests applied to use web services.
On the other hand, the internal API which is addressed exclusively to users/employees of the Ministry of Finance, is used to control the lifecycle of a PSA's request for a web service.It provides a number of functions such as production of digital certificates installed on the PSA's information system for web service use, management of the provided web services, management of both internal and external users etc.
Figure 3 depicts the steps followed by both internal and external users during a request from a PSA to use a web service until its final use in production mode in PSA's information system.

Common Implementation Guide of Web Services
As previously mentioned, a Common Implementation Guide was created in order to adopt a common implementation to "horizontal" functions-operations, which include:  Authentication, for user and password control;  Authorization, checking whether the (certified) user has the right to use a particular web service;  Call recording Tracking (Auditing), which is a horizontal data logger for all web service calls, such as applicant's username, the date and time of the web service call, its duration, error messages etc;  Digital Signature, which includes signing the message and verifying it;  Error Message Handling Modeling.
Special attention must be paid to Error Message Handling where a standardization approach was adopted in order to describe and classify errors according to their type, i.e. general type errors related to authentication or authorization, or web service specific errors related to the nature of the web service provided, i.e. its business logic.All the aforementioned operations have been implemented as services provided in the form of OSGI services (OSGI: Open Services Gateway Initiative) and web services.

Web Services provided by Greek Interoperability Center (GIC)
At present, Greek Interoperability Center (GIC) offers a number of web services which can be categorized into five distinct categories:  web services of high interest and wide use (such as oAuth 2.0 and electronic payment) The benefits resulting from the public sector's use of the aforementioned web services are apparent both to citizens and companies, as well as to Public Sector Authorities themselves as far as internal business processing is concerned.This is due to the fact that citizens and companies will enjoy high quality electronic services, especially those resulting from web service orchestration.From Public Sector Authorities' perspective, benefit lies in web provision from a single point (i.e.Greek Interoperability Center) only instead of creating dedicated (one-toone) connections with every party, effecting high technological complexity during implementation.Other governments will also benefit from this single point structure, since Greek Interoperability Center (GIC) will act as the national receiver of e-invoices from other european member states following PEPPOL guidelines embraced by the European Commission.2

The Once Only Principle
The Greek Interoperability Center (GIC) is based on the 'Only Once' principle, i.e. the principle that "information and data submitted to public authorities need not be submitted again, since data submitted to a Body may be derived from another", for each Public Sector Authority (PSA) has the responsibility to maintain its data and to make it available via online services to other Public Sector Authorities (PSAs).The Greek Interoperability Center (GIC) does not preserve this data, but contributes to making it available to other Public Sector Authorities and ensures their uniform availability (using the same technical methods and best practices for data security).
A prerequisite for applying the principle is: (a) appropriate interconnection has been developed for the provision of data by other Public Sector Authorities (e.g.web service) which is integrated into the Greek Interoperability Center (GIC); (b) The Public Sector Authority (PSA) wishing to receive data is able to develop an appropriate client application.

Conclusion and future work
In this paper we have presented the structure and basic components of Greek Interoperability Center (GIC) which aims to act as a hub to Greek Public Administration Authorities.GIC's intention is to establish a uniform way to web service implementation by proposing a common implementation framework.Some of GIC's "strong" points include secure data exchange, efficient monitoring of the whole life cycle of a web service operation, different infrastructure environments for pilot and production phase as well as service orchestration provision.The most important lesson learned regarding GIC's increasing use and cooperation with other Public Sector Authorities for incorporating their web services into GIC, is the PSA's hesitation to migrate to this infrastructure by abandoning older technological approaches.This results from lack of familiarity with current technological approaches as well as dated mentality.
As mentioned previously, hosting web services into the Greek Interoperability Center (GIC) is an ongoing process.The more web services are hosted in it, the more web service orchestration requests in order to produce compound web services are processed.From a European perspective, GIC can play a leading role regarding compliance with the forthcoming European Parliament's regulations on establishing a framework for Interoperability between EU information systems.
(a) Communication services -including sending and receiving electronic documents, with various options of validation/receipt acknowledgment.(b)Security services -such as Single Sign-On (SSO), a citizen identification number verification.
a) an Enterprise Service Bus (ESB); b) a Management Request Application (MRA); c) a Common Implementation Guide of Web Services.

Figure 1 :
Figure 1: Existing Web Service provision and ESB proposed solution

Figure 3 :
Figure 3: Existing Web Service provision and ESB proposed solution


web services to limited recipients/organizations (containing compound web services such as Home Electricity Discount Payment)  web services addressed to municipalities and other public bodies  web services involving taxation -debt certification  web services of other Public Sector Authorities (clients service) such as identity card verification However, there are a number of open issues to be addressed in the future, apart from hosting and creating web services.Those open issues involve among others: (a) hosting of Public Sector Authorities into G-Cloud residing in the Ministry of Finance with simultaneous provision of web services through GIC; (b) creation of an interface similar to Management Request Application (MRA) to be addressed to Public Sector Authorities -whose web services are hosted in the Greek Interoperability Center (GIC) -in order to provide the necessary permissions to other Authorities wishing to use them; (c) adaptation to General Data Protection Regulation (GDPR) of European Union by performing necessary changes.