8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
1/56
Redpaper
Copyright IBM Corp. 2009. All rights reserved. ibm.com/redbooks 1
Government SOA Scenario:
Immigration and Border Management
This IBM Redpaper describes a service-oriented architecture (SOA) industry
solution for immigration and border management using the IBM GovernmentIndustry Framework. It describes how the IBM Government Industry Framework
can be used to implement two scenarios:
Advanced Passenger Analysis Registered Traveler
Martin Keen
Allen DreibelbisHungTack Kwan
John LaLone
Paul McKeown
Rashmi Kaushik
Robert Spory
Marilza Maia
Vinod Chavan
http://www.redbooks.ibm.com/http://www.redbooks.ibm.com/http://www.redbooks.ibm.com/http://www.redbooks.ibm.com/8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
2/56
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
3/56
Government SOA Scenario: Immigration and Border Management 3
Figure 1 IBM Government Industry Framework supports integrated government solutions
This paper discusses scenarios in the safety and security domain to illustrateleading practices and how to adopt the IBM Government Industry Framework
components.
New challenges at the border
Around the world, the threat of terrorism and the promise of globalization are
reshaping the fundamental nature of borders and how they are managed.Borders must be open for business and closed to unwanted guests. The desire to
improve speed and convenience is constantly held in check by the responsibilityfor security and safety
In many nations, control operations are now executed beyond the physical borderand before arrival at a nation's official points of entry. The result is a muchbroader and more complicated scope of operation for border management, and a
greater need for collaboration between nations.
IBM Systems and Technology Group
IBM Government Industry Framework
Key IBM Software Group Products
Government Extensions and Accelerators
Data, Processand Risk Models
Interfaces andAdapters
Templatesand Portlets
ReferenceArchitectures
ToolsDeliveryGuides
IBM Global Business Services
IBM Global Technology Services
Partner Ecosystem
IBM Government Services Solutions
Tax and
RevenueManagement
Social
Services andSocial Security
Safety and
Security
Metropolitan
Transportationand Roads
Integrated
UrbanInfrastructure
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
4/56
4 Government SOA Scenario: Immigration and Border Management
Border management duties are shared between a wide range of governmentagencies such as customs, border protection, immigration, police, and
intelligence. Each of these agencies have individual priorities in support of thecommon goal. There must be a constant flow of information between these
agencies to coordinate their activities effectively.
The need for international and inter-agency collaboration to achieve the twinobjective of security and facilitation means that government leaders responsible
for border integrity face rising complexity in accomplishing their missions.
Governments realize that the increase in international air travel and imposition of
rigorous security checks mean more queues and more inconvenience forpassengers. This can result in further disruption to airline schedules and
increased safety and security risks because crowded airports can become
terrorist targets.
Recognizing identity has never been more important to ensure homeland
security, travel, and public safety. If immigration and border agencies know withwhom they are dealing, they can treat them appropriately. The faster the process,
the less the disruption, making identity management technologies key. Some ofthese analytical tools are shown in Figure 2.
Figure 2 Analytical tools to identify and assess passengers
These tools will be referred to in more detail in the rest of the paper.
Screening
Assess Risk Profile
Passenger Data Load
and Score
Name Recognition
Record Results
Alerts against Watch
Lists
Watch Lists
Manage Lists
Passenger Records
Reprocessed
Secondary Analysis
Workflow for Manual
Expertise
Intelligence Resolution
Alerting
Manage Cases
Generate Alert
Notification
Auditing
Passenger Profile
Ticket
Case & Alert History
Biometrics
Stored in eDocuments
Local verification of ID
Identifying unknown
people
Uses face, fingerprints
iris scans for
identification
http://-/?-http://-/?-8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
5/56
Government SOA Scenario: Immigration and Border Management 5
What is being done to meet the twin challenges of security and
facilitation?
Airports, airlines, and governments are aware of the problem and are
considering a range of options to address this challenge. There are primarily tworanges of options:
Resource management
This option looks to increase capacity. Examples include adding moreairports, adding more security gates, and adding more staff. These solutions
are typically expensive to implement, and are subject to environmentalconstraints.
Technology
This option looks to increase throughput by early identification of passengers,
early risk assessment, and speeding low risk passengers through automatedchecks wherever possible. These options include, either singly or in
combination:
Advanced Passenger Analysis
Registered Traveler programs Automated border gates
Self check-in through the Web and kiosks
This paper focuses on Advanced Passenger Analysis and Registered Traveler
programs.
Advanced Passenger Analysis
Advanced Passenger Analysis is the process of comparing passenger data withwatchlists and profiles before and during flights. Sending information from airline
to government prior to travel provides cost effective facilitation and securitybecause background checks on more passengers earlier in the process means
fewer delays due to manifest checks by the destination country prior to take-off.After high risk passengers are identified, border agents can focus their attentionson reducing their risk through detailed questioning. Focused checks are more
effective than random checks of everyone who attempts to board a plane.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
6/56
6 Government SOA Scenario: Immigration and Border Management
Benefits of Advanced Passenger AnalysisThe following benefits are derived from a Advanced Passenger Analysis solution:
Advanced Passenger Analysis reduces cost of both the arrest of serious
criminals and the denial of boarding to certain passengers.
Border security is tightened because an early warning system allows more
time for the authorities to develop plans for intervention.
Passengers enjoy an easier, quicker travel experience because they aretreated sensitively according to the risk they present and by having sent
information in advance. Background checks that would normally cause aqueue at the border can be done before they arrive.
Airports benefit because they are less likely to incur fines for poor
performance due to long queues.
Airlines benefit because they are less likely to carry unwelcome passengers,
which could cost the airlines both large fines and the fee of returningunwelcome passengers to their departure point.
Registered Traveler programs
In a Registered Traveler program, registered travelers use a token to accessautomated or fast-service security and border checkpoints. The enrollment
process generally involves the traveler providing a detailed biography for riskassessment, and providing biometric information. Tokens are issued to travelers
meeting the credentials. The Registered Traveler program continues to performongoing checks to ensure that the traveler's behavior remains consistent withtheir trusted status.
The Registered Traveler program can be a commercial or government program:
As a commercial program it is a fee paying card-based program combined
with other services such as car parking and business lounges. As a government program it uses electronic passports or ID cards to access
automated gates.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
7/56
Government SOA Scenario: Immigration and Border Management 7
Benefits of a Registered Traveler programRegistered Traveler programs offer benefits to a range of stakeholders:
For passengers it means more convenience and consistent and reasonable
times for security checks. These can be significant because Registered
Travelers are normally through the border in a few minutes. CommercialRegistered Traveler programs provide a full service offering, including accessto private lounges, preferential car parking, and loyalty schemes in the airport.
Airlines benefit indirectly. If fewer people are delayed due to queues at theborder and security they are likely to view air travel more positively. It could
also mean less disruption to their timetables because of late boarders.
Airports profit from their commercial Registered Traveler programs. Theymight also enjoy an improved image because the automation has reduced
queue times for all. There could be more repeat business as travelers are lesslikely to avoid airports in the future due to previous negative experiences.
Governments could see an improvement in national security because they
can process people more thoroughly using automated gates. It allows forbetter assessment of security risks because international schemes canenable multi-background checks.
Governments also have a biometric records of entry and exit. They know whois in or out of the country.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
8/56
8 Government SOA Scenario: Immigration and Border Management
Capability model for a new and improved border management
process
Figure 3 shows the capability model for a new and improved border management
process. This border management process needs to support collaborationbetween agencies, secure and timely exchange of critical information, ability to
meet increased demand, and the ability to respond quickly to changingregulations and policies.
Figure 3 Capability model for a new and improved border management process
The result of this enhanced border management process are two offerings:
Enhanced Advanced Passenger Analysis A new Registered Traveler program
These two offerings are the subject of the remainder of this paper.
Advanced Passenger Analysis
This section describes how to model a Advanced Passenger Analysis process,perform business service modeling, and illustrates a solution architecture withIBM product mappings.
Business
Initiatives
Value
Proposition
Capabilities
Offering
Enhanced Advanced Passenger Analysis (APA) New Registered Traveler (RT) Program
Boost national
economy through more
travel and trade
Improved mgmt of
crisis and alerts
Tighten national
security
Improved convenience
for air/sea/land
travelers
Improved
effectiveness and efficiency
of border control
resources
Enhanced Border Management Processes
Rapid response to new
government regulationsand security policies
Ability to increase
collaborationwith other agencies
Ability to be sure of
passenger identity
Ability to process more
passengers using
Automated borders
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
9/56
Government SOA Scenario: Immigration and Border Management 9
Modeling the Advanced Passenger Analysis process
This section describes an Advanced Passenger Analysis process for an
international air travel example. This solution can be applied to a broader rangeof border agency/immigration departments that might already have a basic
Advanced Passenger Analysis solution or no Advanced Passenger Analysissolution at all.
What is the Advanced Passenger Analysis System?Advanced Passenger Analysis (APA) is an early warning system that allows
governments to collect and analyze Advance Passenger Information (API) andPassenger Name Record (PNR) data from airlines before and during their
journey. By comparing API and PNR data with watchlists and profiles,
governments can be alerted if named persons of interest, or unnamed individualswho fit the profile of high risk passengers are attempting to cross their borders.
Some countries believe that the use and storage of API/PNR Data intrudes on
passenger privacy and are seeking compromises on the amount of data that isprocessed and stored.
Countries are reaching consensus on a standard way of collecting informationfrom airlines.
Advance Passenger Information:
Concerns data that air/sea carriers did not store previously but which they
now have to collect separately for the benefit of border authorities.
Includes all the data elements that travelers have to present at the bordercontrol at the travel destination.
Transmission resembles a pre-arrival manifest sent to the border authoritiesof the travel destination.
Consists of data that can be directly taken from the machine-readable part ofa passport plus the general flight-related data that exist in the airlinecomputers.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
10/56
10 Government SOA Scenario: Immigration and Border Management
Advanced Passenger Analysis business processFigure 4 shows the high level activities in an Advanced Passenger Analysis
business process.
Figure 4 Advanced Passenger Analysis process (tier 1)
The high level process operations are as follows:
1. An individual makes travel reservations using a travel request system (using
an online reservation system, kiosk, mobile device, or in person).
2. An e-ticket is generated.
3. API is routed from airline reservation system to border control operations
center (BCOC).
4. BCOC normalizes the data and matches against a number of watch lists.
5. The system generates hits if there is a match.
6. A person intervenes to decide if a hit should be an alert.
7. Authorities are alerted to possible travel of person of interest.
8. Instructions on passenger handling are issued (such as deny, accept, or
arrest on arrival).
We now look at each activity in this process in turn.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
11/56
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
12/56
12 Government SOA Scenario: Immigration and Border Management
Activity 1.2: Government agency review
After the travel reservation is made, pre-travel verification if performed as shown
in Figure 6.
Figure 6 Activity 1.2: Government Agency Review (tier 2)
1. Based on the ePassport number taken from the reservation, the passportvalidity is checked.
2. That persons name is checked against watch lists for immigration, crime, and
other possible interested stakeholders.
3. If there is a match the operators decide what action to take.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
13/56
Government SOA Scenario: Immigration and Border Management 13
Activity 1.3: Day of travel
On the day of travel the events detailed in Figure 7 occur.
Figure 7 Activity 1.3: Day of Travel (tier 2)
1. A passenger checks-in using appropriate travel documents (such as a valid
photo id, and an e-ticket) and continues with travel to a destination ifbackground security checks are passed.
2. For international travel, additional checks are conducted at the port of arrival.
Next, we take a closer look at the two activities that make up this part of theprocess.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
14/56
14 Government SOA Scenario: Immigration and Border Management
Activity 1.3.1: Check-in
For countries where real time authority is desired, the events detail in Figure 8 on
page 15 occur.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
15/56
Government SOA Scenario: Immigration and Border Management 15
Figure 8 Activity 1.3.1: Check-in (tier 3)
1. A traveler checks-in using the appropriate travel documents (such as a valid
photo ID, and an e-ticket).
2. Personal information and travel details are validated.
3. Information is submitted real-time for checks and screening againstgovernment databases (see Activity 1.2: Government agency review on
page 12 for government agency checks)
4. The traveler is either approved or rejected for travel.
5. If the traveler is approved, their bags are checked-in and travel continues.
6. If the traveler is declined, they are notified. Carrier and border management
systems are updated with the travel decline information.
Activity 1.3.2: Arrival clearance
For international travel, identity is monitored at the travel destination for fraud or
abuse to ensure the trustworthiness of the identity. This process to perform this isas shown in Figure 9.
Figure 9 Activity 1.3.2: Arrival Clearance
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
16/56
16 Government SOA Scenario: Immigration and Border Management
1. Validation of the ePassport or eVisa to ensure it is generated from acompetent authority.
2. Verification and validation of the biometric or biographic information of the
traveler.
3. Validation of the traveler using random second factor identification (includingrandom questions, fingerprints, or iris identification).
4. Verification of the health, quarantine form, or reason of travel.
Benefits of Advanced Passenger AnalysisThe Advanced Passenger Analysis process described in this section offers thefollowing benefits:
Ensures border protection from undocumented or undesirable passengers at
departure time. This is achieved by:
Providing a mechanism to anticipate threats and alerts reported for thetraveler
Obscure and anonymous relationship resolution
Risk assessment
Checks can be done prior to a passenger commencing their journey. Thisreduces time for screening passengers on the day of travel or upon reaching
their destination.
The security check is more thorough and completed within minutes ascompared to manual procedures of interviews and secondary random checks.
Adding a new government agency check or making changes to policies in thefuture is easy, without having to alter the entire business process.
Ensures compliant measures for international identity standards, treaties, and
conventions
Updates ePassport information across the border management systemsafter the person crosses the border. This provides tracking information.
Border security violation information is forwarded to alert border guardspromptly.
Handles exceptional situations, and initiates a remedy procedure. Exceptional
situations include:
Diverted travel due to bad whether, technical problems, or medical
emergencies
Other emergencies where travelers reached the wrong country withoutany bad intention but without the appropriate visa
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
17/56
Government SOA Scenario: Immigration and Border Management 17
Business service modeling
After performing business process modeling, the next task is to delineate the
services that comprise the business processes. This can be achieved using theservice-oriented modeling and architecture (SOMA) approach from IBM,
illustrated in Figure 10.
Figure 10 Service-oriented modeling and architecture (SOMA)
SOMA provides an approach to building a SOA that aligns to business goals andties the business processes directly to underlying applications through services.
The process of SOMA consists of three general steps:
Identification Specification Realization of services, components, and flows
The service identification step of SOMA consists of three techniques that canhelp identify services for the Advanced Passenger Analysis business process:
Domain decomposition
This is a top-down view of the business process. It consists of processdecomposition where processes are broken up into sub-processes and
high-level business use cases. In this top-down decomposition, businessprocesses are represented hierarchically.
For example, the Government Registered Traveler Program process can be
decomposed into sub-processes such as: Advanced Passenger Analysis
Registered Travel Program
service allocationto components
component layer
Service realization decision
Subsystemanalysis
Componentspecification
Servicespecification
component flow
specification
informationspecification
service flow
specification
message & eventspecification
Identification
Specification
Realization
Domaindecomposition
Goal-servicemodeling
Existing assetanalysis
http://-/?-http://-/?-8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
18/56
18 Government SOA Scenario: Immigration and Border Management
Each sub-process can in turn be decomposed further, ultimately leading to alist of business use cases. For example, the Advanced Passenger Analysis
sub-process can be decomposed as follows:
Advanced Passenger Analysis Travel Request,
Advanced Passenger Analysis Passenger Screening Advanced Passenger Analysis Day of Travel
The Advanced Passenger Analysis Travel Request sub-process ultimately
leads to the business use cases such as:
Complete Online Travel Request E-Ticket is Generated for Traveler
These business use cases are typically good candidates for business
services.
Goal-service modeling
In this phase, business services are identified based on goals and metrics.
For example, goals can be defined such as:
Reduce Traveler Time Increase Collaboration with Other Government Agencies
These goals might consist of sub-goals, such as Reduce Travelers Time by30% (the percentage value will, of course, vary dependant on the project).
Business services can be identified and grouped under these goals. Existing asset analysis
In contrast to domain decomposition, this is a bottom-up approach. Existing
systems are analyzed according to their suitability for inclusion in businessprocesses. For example, the Complete Online Travel Request process can beanalyzed to determine if any of the services used in this existing process
meet the needs of the new business processes. Typically, reuse of existing
systems and assets provides a lower cost solution to implementing servicefunctionality than creating new assets.
IBM provides service offerings for working with SOMA. The IBM SOA IntegrationFramework service offering is shown in Figure 11 on page 19.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
19/56
Government SOA Scenario: Immigration and Border Management 19
Figure 11 Using the IBM SOA Integration Framework to perform SOMA decomposition
Note: For more information about applying SOMA, refer to the
developerWorks article, Service-oriented modeling and architecture,available at the following Web page:
http://www.ibm.com/developerworks/library/ws-soa-design1/
http://www.ibm.com/developerworks/library/ws-soa-design1/http://www.ibm.com/developerworks/library/ws-soa-design1/8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
20/56
20 Government SOA Scenario: Immigration and Border Management
Technical solution
This section describes the technical solution that was designed and built for the
Advanced Passenger Analysis process. It includes a description of the IBMproduct offerings that were used in the implementation.
Technical challenges, solution design, and system contextThe following technical challenges should be considered when designing anAdvanced Passenger Analysis process:
There is point-to-point integration between several applications as well as
applications and data sources.
Scaling the existing architecture to accommodate new data sources such as
international watch lists and criminal data is complex and time consuming. There is a high level of complexity in effectively supporting multicultural
names and personal identity information that comes from a variety of data
sources.
The travelers data has to be consolidated from several different sources toverify identities, match against watch lists, and support detection of fraud and
threat.
SOA-based projects are not planned at an enterprise level, causing
governance, service management, and service security concepts to beimplemented only in pocket.
To meet these technical challenges, the following architectural principles shouldbe used in the solution design:
The solution should provide an enterprise integration framework, components
and reusable services that make use of existing systems that span multiple
hardware and software platforms.
The solution should be designed to provide the flexibility to incorporate futuretechnology and accommodate changes to business and performance
requirements, changes to laws and regulations, trade volumes, and securitythreats.
The solution should provide a common programming model based upon
industry-accepted computing standards to improve reuse within thearchitecture.
The solution should support the use of multiple technologies and techniquesfor interoperability with external systems and for the integration of systemsand applications within the Integrated Border Management solution.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
21/56
Government SOA Scenario: Immigration and Border Management 21
The solution should be based upon an architecture approach andtechnologies using industry-accepted open computing standards,
Government, World Customs Organization (WCO), and internationalstandards.
The solution should be built upon the concept of tiers and layers, which
requires the separation of presentation, application, and data to develop aresilient, secure, and end-to-end solution architecture.
The location and internal working and implementation details of a serviceshould be isolated from the service consumers to provide a dynamically
reconfigurable architectural style.
The system context diagram for the Advanced Passenger Analysis process is
shown in Figure 12.
Figure 12 System context diagram for Advanced Passenger Analysis
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
22/56
22 Government SOA Scenario: Immigration and Border Management
Solution architectureThe solution architecture for the Advanced Passenger Analysis process is shown
in Figure 13.
Figure 13 Solution architecture for Advanced Passenger Analysis
Understanding the solution architecture
Note some of the highlights of this architecture:
An Advanced Passenger Analysis Portal has been introduced to allowstandardized access to APIs by authorized carriers, government agencies,and border agencies in other countries.
In the Integration layer, an enterprise services bus (ESB) has been introducedto make applications and information available within and outside the
enterprise in a flexible, agile and secure manner.
Process services in the integration layer denote the business processes andworkflows in execution (such as the APA and case management processes)
Advanced
Passenger
System Portal
Enterprise
Service Bus
Application
Logic
Presentation Tier Data Tier Integration Tier
External Systems Government Commercial Passenger datafrom Carriers
Application Tier
CarrierHelp
Desk
Customs & ImmigrationBorder ControlLaw EnforcementCommercialPublic
Messaging, Web Services
SOA Governance, Security and Management
HTMLHTML
XMLXML
Case Mgmt
Targeting
Screening
Alert Generation andMgmt
Advanced PassengerInformation System
Content Mgmt
TransactionServices
WebServices
MessageMediation
ComplexEvents
InformationIntegrationServices
ProcessServices
AnalyticsData
Rules
PassengerData
Case MgmtData
NORAData
SOA Governance, Security and Management
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
23/56
Government SOA Scenario: Immigration and Border Management 23
In the application tier, two separate applications are introduced:
Screening passengers using PNR data against watch-lists, crimedatabases, no-fly lists, public records, and so forth.
Targeting by using analytics capabilities to analyze behaviors of risky
travelers to develop risk-based profiles that can be used for screeningagainst the passenger lists.
In the integration tier, Information Integration Services provides support fordata consolidation from several government sources and criminal databases,
along with cleansing as needed.
The case management database contains case details for the processing andevaluation of passengers that have been flagged for further investigation.
Triton
Several components of the solution design can use a framework component
called Triton. This is a SOA Foundation Accelerator that helps realize the
business value of SOA faster and with less risk than typical customimplementations. Triton addresses the following business and IT pain points:
Business pain points:
We bought all of this software months ago and I still have not seen any
benefit.
All I wanted to do was to integrate these existing information systems, andnow I have more software and still no integration.
IT pain-points:
We are having a difficult time putting all these software products together.
We are having a hard time locating all of the skill sets necessary tointegrate all of these products.
We need a common platform across our enterprise to lower total cost ofownership, to improve interoperability, and to share more information.
Note: This paper uses a patterns-based approach in arriving at thearchitecture described here. To read more about the patterns associated
with this architecture, see Applying business and infrastructure patternson page 40.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
24/56
24 Government SOA Scenario: Immigration and Border Management
Triton can help address these pain points in the following ways:
Triton uses the IBM investment in SOA implementations worldwide andharvested leading practices to provide an advantage over competitors who
are still building every business solution for the first time, every time.
Triton removes the focus on integrating middleware. Triton is the core of the IBM Government Industry Framework, which means
that many independent software vendors are integrating theirbusiness/mission applications to this same stack, providing a built-in path for
enabling additional functionality.
The benefits of Triton are as follows:
Lower maintenance cost and effort.
Improved time-to-value and return on investment.
Improved quality of implementation through the use of harvested leadingpractices from worldwide SOA engagements.
Lowered risk of failed engagements due to the inability to install and configure
the SOA infrastructure.
IBM Government Industry Framework components recommended toimplement the solution architecture
This section describes the IBM Government Industry Framework componentsrecommended to implement the solution design:
Component options products used to implement the Advanced PassengerSystem Portal in the presentation tier:
IBM WebSphere Portal Server
Triton (SOA Foundation Accelerator)
Connectivity infrastructure products used to implement the ESB in the
integration tier:
ESB runtime, such as one or more of the following:
IBM WebSphere Enterprise Service Bus IBM WebSphere Message Broker
IBM WebSphere DataPower
IBM WebSphere Service Registry and Repository
Triton (SOA Foundation Accelerator)
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
25/56
Government SOA Scenario: Immigration and Border Management 25
Business process management products used to implement process servicesin the integration tier:
IBM WebSphere Dynamic Process Edition
Triton (SOA Foundation Accelerator) IBM WebSphere iLOG JRules
Information integration services products used to consolidate and cleansedata from various sources in the integration tier:
IBM InfoSphere Information Server
IBM InfoSphere DataStage IBM InfoSphere QualityStage
IBM InfoSphere Global Name Recognition
Analytics data product used to implement Analytics Data and Rules in thedata tier:
IBM Cognos
Risk products used to implement NORA data in the data tier:
IBM Entity Analytic Solutions
IBM Relationship Resolution IBM Identity Resolution
IBM Anonymous Resolution
IBM Cognos
Infrastructure products used to implement SOA Security:
IBM Tivoli Access Manager IBM Federated Identity Manager
IBM Tivoli Identity Manager IBM Tivoli Directory Server
Triton (SOA Foundation Accelerator)
Rapid deployment (for service creation and service reuse) products:
IBM Rational Software Architect
IBM InfoSphere Data Architect
Infrastructure products used to implement SOA Management:
IBM Tivoli Performance Analyzer
IBM Tivoli Composite Application Manager for SOA IBM Tivoli Composite Application Manager for WebSphere
Triton (SOA Foundation Accelerator)
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
26/56
26 Government SOA Scenario: Immigration and Border Management
Products used to implement SOA Governance:
IBM WebSphere Service Registry and Repository IBM Rational Asset Manager
IBM Tivoli Change and Configuration Management Database IBM Rational Method Composer
Registered Traveler program
Registered Traveler provides a secure, fast, and robust solution for both
governments and travelers. This section describes how to model a RegisteredTraveler process, and perform business service modeling. It illustrates a solution
architecture with IBM product mappings.
Modeling the Registered Traveler process
This section describes a typical Registered Traveler process that could be offered
by a government agency or through a commercial program. The borderagency/immigration department might have an Advanced Passenger Analysisprocess in place before undertaking this solution.
Business challenges and pain pointsThe business challenges and pain points experienced in a typical bordermanagement process are as follows:
Immigration and border agencies
There is a heavy burden of analysis of travelers (name and identity,
possible relationship to wanted individuals, unobvious threats, and so
forth) with limited resources and ever increasing demands on homelandsecurity.
Relying purely on Advanced Passenger Information (API) data provides
limited details for risk assessment.
There is often limited information sharing across immigration agencies andgovernment bodies, with poor means of electronic notification and alerts.
Travelers
Travelers face lengthy security checks and lines at airports.
Frequent travelers, especially, need faster and more convenient means to
reduce travel time.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
27/56
Government SOA Scenario: Immigration and Border Management 27
Government IT systems
Response to changing security requirements, with new checks andaddition of new data sources, is slow and turns into lengthy projects.
Inflexible enterprise architecture limits building new services (online, self
service, real-time automated checks) from existing silo systems. Airports and travel carriers (airlines, sea, and land carriers)
Travel carriers are constantly improving the end-to-end passengerexperience, but many factors are outside of their control.
Lengthy queues at security and the border and restrictive processes arerarely the travel carriers fault, but they lead to a feeling of dissatisfaction
with their product and service.
Authenticating trusted users with biometric technologyA Registered Traveler solution uses biometric technology to authenticate trustedusers. Biometrics is the science of identifying or verifying the identity of a personbased on physiological or behavioral characteristics. Physiological
characteristics include fingerprints, retinal pattern, iris, and facial appearance.Behavioral characteristics are actions carried out by a person in a unique way.
They include signatures, voiceprints, and gait, although these are naturallydependent on physical characteristics as well.
Biometrics have several advantages over conventional password and PIN-based
systems. Three primary advantages of biometrics are noted in a securityenvironment are as follows:
Biometrics does not need to be remembered and cannot be easily lost. This
makes it much easier for the user.
Biometrics cannot be easily stolen or loaned to a friend. This makes it more
secure from a system point of view.
Biometrics typically has higher information content than a password, making itharder for a hacker to crack such a system.
Immigration and border agencies can use a combination of biometrics andbiographics information for enrollment and proofing, based upon which anapplicant is issued Registered Traveler credentials.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
28/56
28 Government SOA Scenario: Immigration and Border Management
Registered Traveler business processThe overall flow of the Registered Traveler contains the stages detailed in
Figure 14.
Figure 14 Overall flow of the Registered Traveler process
Pre-enrollment
Collect biographic data that is used to initiate the enrollment process.
Enrollment
The enrollment process drives the identity proofing and results in the approvalor rejection of an application.
Proofing
Validate all of the identity information that is provided by an applicant.
Enrollment approval
If there are no issues during enrollment and proofing, then approve theenrollment application.
Credential provisioning
Create the credential that will be used when issuing an identity token (such asa national ID card).
Credential issuance
Issue the credential using the required physical token (such as a smart card).
Credential activation
Activate the issued credential so that it can be used to validate an individuals
identity.
Identity usage
Use the credential in a high assurance transaction where it is required to
validate a persons identity.
Identity monitoring
Monitor identity usage for fraud or abuse to ensure the trustworthiness of the
identity.
Pre-
EnrollmentEnrollment Proofing
Enrollment
Approval
Credential
Provisioning
Identity
Usage
Credential
Activation
Credential
Issuance
Identity
Monitoring
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
29/56
Government SOA Scenario: Immigration and Border Management 29
Figure 15 shows the two high-level steps in a Registered Traveler process.
Figure 15 Registered Traveler process (tier 1)
Obtain a Registered Traveler credential through a domestic application
process (includes pre-enrollment, enrollment, proofing, enrollment approval,credential provisioning, and credential issuance).
Use the credentials on the day of travel at the airport (includes credential
activation, identity usage and identity monitoring).
We now look at each activity in the process in turn.
Activity 1.1: Registered Traveler Domestic Application Process
The domestic application process involves the steps shown in Figure 16.
Figure 16 Activity 1.1: Registered Traveler Domestic Application Process (tier 2)
An individual applies for Registered Traveler credentials or identification (thisis pre-enrollment).
Enrollment into the program requires capture of biometrics. In someRegistered Traveler programs, up to 10 fingerprints, iris patterns of both eyesfor recognition, and a digital photograph are required.
A proofing system verifies fingerprints and irises as part of the scan againstwatch lists.
Next, we take a closer look at the two activities that make up this part of the
process.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
30/56
30 Government SOA Scenario: Immigration and Border Management
Activity 1.1.1: Registered Traveler Application
The online application process involves the steps shown in Figure 17.
Figure 17 Activity 1.1.1: Registered Traveler Application (tier 3)
1. The applicant submits an online application with requested biographicinformation, along with appropriate processing fees.
2. The information is sent to government agencies for identity checks.
3. The applicant is either approved for further Registered Traveler processing or
declined.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
31/56
Government SOA Scenario: Immigration and Border Management 31
The Review Other Travel and Government Agency Checks process shown inFigure 17 on page 30 is implemented as a sub-process (Figure 18). In this
sub-process the identity checks are performed against e-Identity trackingsystems, border clearance systems, e-Passport/e-Visa systems, and e-Identity
management systems to ensure the applicant is a low risk applicant.
Figure 18 Sub-process: Review Other Travel and Government Agency Checks
Note: A variation to this process is also valid, where biographic and biometricsinformation are accepted up front with the application. In this case,
government checks are completed in parallel with biometrics proofing, insteadof a two-step process.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
32/56
32 Government SOA Scenario: Immigration and Border Management
Activity 1.1.2: Registered Traveler Enrollment and Proofing
After the biographical data is vetted against watch lists, the applicant is approved
for further processing as shown in Figure 19.
Figure 19 Activity 1.1.2: Registered Traveler Enrollment and Proofing (tier 3)
Up to 10 fingerprints are captured, iris patterns of both eyes are recorded for
recognition, and a digital photograph is taken.
During the manual interview stage, the interviewer decides whether or not togrant the Registered Traveler privilege.
A physical identification card or logical credentials based on biometricsmatches (where the biometrics is stored in a government repository) might be
provided to approved applicants.
F t R i t d T l th th t l i
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
33/56
Government SOA Scenario: Immigration and Border Management 33
For cross country Registered Traveler programs, the threat analysis processis repeated at individual locations. Therefore, the enrollment system needs to
have the capability to aggregate results from systems other than its own.
The enrollment system contacts agencies and cross country enrollmentsystems through the card interfacing system.
The program is typically offered to only citizens or permanent residents of thecountry.
At the time of enrollment, applicants decide the duration for enrollment in the
program (a minimum of one year) and pay the corresponding fee.
The enrollment procedure is same for re-enrollment upon expiry.
Activity 1 2: Day of Travel
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
34/56
34 Government SOA Scenario: Immigration and Border Management
Activity 1.2: Day of Travel
On the day of travel, the travelers identity is checked and monitored as shown in
Figure 20.
Figure 20 Activity 1.2: Day of Travel (tier 2)
The traveler proceeds through a dedicated Registered Traveler lane (ifapplicable) for security checks.
The traveler uses the Registered Traveler identification card.
Upon approval, a receipt is printed with a photograph of the traveler.
It is possible that the Registered Traveler lanes have automated security
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
35/56
Government SOA Scenario: Immigration and Border Management 35
It is possible that the Registered Traveler lanes have automated securityscanners to make the physical security screening faster.
The Registered Traveler program maintains its own watch list (cached) that
contains information about travelers that should not travel due to variousreasons (such as criminal, law enforcement, invalid Registered Traveler
traveler credentials, and so forth).
The Registered Traveler systems continuously update the watch list for
invalid, expired, revoked, or profiled travelers.
Business service modeling
After performing business process modeling, the next task is to delineate the
services that comprise the business processes. This can be achieved using the
SOMA approach from IBM. The service identification step of SOMA consists ofthree techniques that can help identify services for the Registered Travelerbusiness process.
The use of SOMA is outlined in Business service modeling on page 17.
Technical solution
This section describes the technical solution that was designed and built for theRegistered Traveler process. It includes a description of the IBM product
offerings that were used in the implementation.
Technical challenges, solution design, and system contextThe technical challenges and architecture principles of design for building aRegistered Traveler process are essentially the same as those described for
Advanced Passenger Analysis. For more information about these challenges andprinciples, refer to Technical challenges, solution design, and system context on
page 20.
In addition to the architecture design principles for Advanced PassengerAnalysis, a Registered Traveler solution requires the management of registeredtraveler data. The solution design should provide the enterprise with an
authoritative source for Master Data such as registered traveler data thatmanages information integrity and controls the distribution of master data across
the enterprise in a standardized way that enables reuse.
The system context diagram for the Registered Traveler process is shown in
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
36/56
36 Government SOA Scenario: Immigration and Border Management
The system context diagram for the Registered Traveler process is shown inFigure 21.
Figure 21 System context diagram for Registered Traveler
Solution architecture
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
37/56
Government SOA Scenario: Immigration and Border Management 37
Solution architectureThe solution architecture for the Registered Traveler process is shown in
Figure 22.
Figure 22 Solution design for Registered Traveler
Understanding the solution architecture
Note some of the highlights of this architecture:
A master data repository containing a single, accurate view of registeredtraveler data has been created.
The data tier contains a registered traveler registry and registered traveler
content.
Advanced
Passenger
System Portal
Enterprise
Service Bus
Application
Logic
Presentation Tier Data Tier Integration Tier
External Systems Government Commercial Passenger datafrom Carriers
Application Tier
Carrier
HelpDesk
Customs & ImmigrationBorder ControlLaw EnforcementCommercialPublic
Messaging, Web Services
SOA Governance, Security and Management
HTMLHTML
XMLXML
Case Mgmt
Targeting
Screening
Alert Generation andMgmt
Advanced PassengerInformation System
Content Mgmt
TransactionServices
WebServices
MessageMediation
ComplexEvents
ProcessServices
AnalyticsData
Rules
PassengerData
Case MgmtData
NORAData
SOA Governance, Security and Management
Client Data
Integration
Registered TravelerMgmt
Biometrics SystemRT Registry
RT Content
The registered traveler data contains data provided by the registered traveler
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
38/56
38 Government SOA Scenario: Immigration and Border Management
g p y gapplicant (such as biographical information) in addition to data used to
support the approval process for screening of the applicant. The registeredtraveler data consists of:
A consolidated view of privately owned data (such as DMV records,
information from credit agencies, banks, and so forth).
Biographic data of the individual that holds the registered traveler
identification.
Biometrics of an individual in the registered traveler content repositorywhich can drive the unique key in the master data repository.
A registered traveler management application has been created to process
new registered traveler identification applications, as well as handle traveldeparture clearance on the day of travel.
IBM Government Industry Framework components recommended toimplement the solution architecture
This section describes the IBM Government Industry Framework componentsrecommended to implement the solution design:
Component options products used to implement the Advanced PassengerSystem Portal in the presentation tier:
IBM WebSphere Portal Server
Triton (SOA Foundation Accelerator)
Connectivity infrastructure products used to implement the ESB in the
integration tier:
IBM WebSphere Enterprise Service Bus IBM WebSphere Message Broker
IBM WebSphere DataPower IBM WebSphere Service Registry and Repository
Triton (SOA Foundation Accelerator)
Business process management products used to implement process servicesand client data integration in the integration tier:
WebSphere Dynamic Process Edition Triton (SOA Foundation Accelerator)
IBM WebSphere iLOG JRules
Note: This paper uses a patterns-based approach in arriving at thearchitecture described here. To read more about the patterns associated
with this architecture, see Applying business and infrastructure patternson page 40.
Products used to implement NORA data in the data tier:
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
39/56
Government SOA Scenario: Immigration and Border Management 39
IBM Entity Analytic Solutions
IBM Relationship Resolution IBM Identity Resolution IBM Anonymous Resolution
IBM Cognos
Single View1 of entity master data management products used to implementthe registered traveler registry and registered traveler content in the data tier:
IBM InfoSphere Master Data Management Server
IBM InfoSphere Information Server
IBM InfoSphere DataStage
IBM InfoSphere QualityStage IBM InfoSphere Global Name Recognition
Single View of entity enterprise content management products used toimplement the registered traveler registry and registered traveler content in
the data tier:
IBM FileNet Business Process Manager IBM FileNet Image Services
IBM FileNet Records Manager
IBM FileNet Content Services
Infrastructure products used to implement SOA Security
IBM Tivoli Access Manager IBM Federated Identity Manager
IBM Tivoli Identity Manager IBM Tivoli Directory Server
Triton (SOA Foundation Accelerator)
Rapid deployment (for service creation and service reuse) products:
IBM Rational Software Architect
IBM InfoSphere Data Architect
Infrastructure products used to implement SOA Management:
IBM Tivoli Performance Analyzer IBM Tivoli Composite Application Manager for SOA IBM Tivoli Composite Application Manager for WebSphere
Triton (SOA Foundation Accelerator)
1 Single View is a middleware solution that supports identity and relationship analytics in addition to
managing the authoritative source of registered traveler master data.
Products used to implement SOA Governance:
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
40/56
40 Government SOA Scenario: Immigration and Border Management
IBM WebSphere Service Registry and Repository IBM Rational Asset Manager
IBM Tivoli Change and Configuration Management Database IBM Rational Method Composer
Benefits of the Registered Traveler architectureThe solution architecture for Registered Traveler provides the following benefits:
Moving towards an SOA based connectivity architecture allows flexibility,faster response to changes in government security requirements, legislation
and lower cost development in future projects.
Establishing an enterprise-wide strategy for governance, security, andmanagement paves the way for:
Controlled, well-planned rollout of future projects that impact internalsystems and external communication.
Simplification of troubleshooting of composite applications.
Confidentiality, integrity, and availability of components to cater to safety of
information processing needs.
Adding on registered traveler requirements to a basic level of Advanced
Passenger Analysis functionality becomes easier by taking a SOA approach.
Establishing a single view of managed, trusted registered traveler data sharedacross carriers and government agencies, is a critical factor for faster,
thorough travel security clearance and safety.
Provides identity insight capabilities to discover non-obvious relationships andperform identity management.
Applying business and infrastructure patternsThis section describes the business and infrastructure patterns associated with
the solution architectures for Advanced Passenger Analysis and RegisteredTraveler. By breaking down these solutions into common patterns, it simplifies
the understanding and development of the overall solution.
Table 1 on page 41 shows the business and infrastructures patterns used, andwhether they apply to Advanced Passenger Analysis and Registered Traveler.
Table 1 Business and infrastructure patterns
http://-/?-http://-/?-8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
41/56
Government SOA Scenario: Immigration and Border Management 41
Business patterns for Advanced Passenger Analysis and Registered
Traveler
This section addresses the business patterns that apply to both AdvancedPassenger Analysis and Registered Traveler.
Applying the data consolidation and data cleansing patternsInformation integration services consists of the data consolidation and data
cleansing patterns. It addresses the following pain points:
Data arrives in many different formats from carriers (such as UN Edifact,TN3270, proprietary) so it is difficult to compare data.
Supplementary information, such as address, phone number, and routing isrequired to be more certain of identity.
Names are entered inconsistently through the process making it hard to
recognize the same individual with different titles.
Pattern name Advanced
Passenger
Analysis
Registered
Traveler
Business patterns
Information Integration Services - Data Consolidation
and Data Cleansing
Yes Yes
Risk Analytics and Relationship Resolution Yes Yes
Business Process Automation and Business Rules
Integration
Yes Yes
Interaction and Collaboration Yes Yes
Master Data Management Yes
Enterprise Content Management Yes
Infrastructure patterns
Connectivity Yes Yes
Security Yes Yes
SOA Management Yes Yes
SOA Governance Yes Yes
How this pattern should be applied
P ti l t t/t f /l d (ETL) i d t lid t d t f l
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
42/56
42 Government SOA Scenario: Immigration and Border Management
Partial extract/transform/load (ETL) is used to consolidate data from several
diverse sources, such as public records and government sources (includingcrime databases, no-fly lists, and police records).
Data cleansing and standardization might only be done partially to merge
data properly from multiple data sources leaving critical data elements in theiroriginal state to support screening.
This consolidated data is used for identity screening, targeting and profiling.
Business value of adoption
The key value of this process lies in improving the reliability, quality andconsistency of the data so that decisions that are made based on this information
have higher accuracy.
Recommended IBM Government Industry Framework products
IBM InfoSphere Information Server
IBM InfoSphere DataStage IBM InfoSphere QualityStage
IBM InfoSphere Global Name Recognition
Applying the Risk Analytics and Relationship Resolution
pattern
This pattern addresses the following pain points:
Manual checks and screening is extremely slow and analysis is not simple.
Targeting, if done manually, can be complex and impossible to get throughmassive numbers of the PNR data in time.
How this pattern should be applied
Profiles of risky travelers with indications of suspicious behavior are createdbased on historical data and complex behavioral patterns. Create profiles of
travelers is known as targeting. For this to be executed efficiently we needanalytical tools, rather than human operators manually scrutinizing data toidentify out of the ordinary behaviors.
Personal identity information from the booking records are used to check against
watch lists, crime databases, and publicly available information to make suretraveler does not pose any risk. In addition, the non-obvious relationships of
travelers with any criminals can also be resolved using identities and passengerinformation.
Recommended IBM Government Industry Framework products
IBM Cognos is used for targeting
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
43/56
Government SOA Scenario: Immigration and Border Management 43
IBM Cognos is used for targeting.
IBM Entity Analytic Solutions is used for screening and identity resolution.
IBM Relationship Resolution
IBM Anonymous Resolution IBM Identity Resolution
IBM InfoSphere Global Name Recognition provides multi-cultural nameinformation, analytics, and name matching through a series of flexible,
easy-to-integrate, SOA-enabled interfaces.
Applying the Business Process Automation and BusinessRules Integration patterns
These patterns addresses the need to quickly integrate new technologies andrequirements to ensure that CBP agencies are alerted to unobvious threats andsuspicious behavior, so prompt action can be taken.
How these patterns should be applied
Modeling the entire Advanced Passenger Analysis process provides anend-to-end view of the actors, operations, and feasibility of the process. The
process can then be documented, simulated, and put into execution, and theprocess can refined iteratively.
Due to large volumes of passenger data and data provided for analysis to
develop profiles flowing through the systems, it is almost impossible tomanually develop and manage risk profiles without automation.
Profiling: Rules are created based on the development of profiles to screen
passengers based upon passenger traveler information to ensure thatbehavior is not at a high risk.
If the passenger gets flagged as a result of the targeting process, an alert is
sent for further investigation to case management, where a human operatortakes charge of the case to decide if the traveler should or should not
continue the journey.
Business value of adoption
Integration of business rules with passenger screening makes the AdvancedPassenger Analysis solution robust, fast, and much more secure with
automated pre-built rules that can analyze traveler profiles, instead ofmanually studying the behavior.
Addition of new behavioral patterns or modification of existing rules are easyand does not require the alteration of existing business process.
Recommended IBM Government Industry Framework products
The following IBM Government Industry Framework products are recommended:
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
44/56
44 Government SOA Scenario: Immigration and Border Management
The following IBM Government Industry Framework products are recommended:
IBM WebSphere Dynamic Process Edition IBM WebSphere iLOG JRules
Applying the Interaction and Collaboration patternThis pattern addresses the following pain points:
Different border agencies have different interfaces and disparate applications
(such as 3270, green screens, and portals) for various users inside andoutside their agency.
A wide range of software manageability and deployment leads to higher
costs.
How this pattern should be applied
The following approaches are advised in applying this pattern:
Border agencies should move towards an open interface for exchange of
information and communication with other security agencies and carriers. Theintent is to develop common channel agnostic services and serve them up to
any front end. This decreases maintenance costs and increases flexibility andcustomer satisfaction.
CBP agencies could provide an integrated desktop to their border protectionpersonnel at the ports that allows all disparate applications, communicationfrom the carriers, security agencies and commercial Registered Traveler
programs to be integrated on the glass into a composite application
This pattern allows information aggregation from multiple diverse sources or
applications (internal and external information required by a user) while alsoproviding collaborative experience to conduct business more efficiently.
Business value of adoption
Adoption of this pattern provides business value in the following ways:
Provides increased productivity for users through composite applications and
integration of existing applications on the glass.
Supports enterprise integrated desktops across application types and surfacerole based workspaces for given tasks.
Reduces IT and administration costs through remote deployment andmanagement of software across all customer segments.
Business patterns for Registered Traveler
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
45/56
Government SOA Scenario: Immigration and Border Management 45
This section addresses the business patterns that apply to Registered Traveler.
Applying the Master Data Management pattern
This pattern addresses the following pain points:
Traveler data is redundant, often inconsistent, and not current across multipleheterogeneous systems that are typically developed in silos.
Point-to-point interfaces are often developed to move updated traveler data
from one system to another, which constrains the ability for IT to makechanges and increases the overall cost of ownership.
How this pattern should be applied
The following approaches should be taken in applying this pattern:
An approved registered traveler registry should be established to maintain anauthoritative source of registered traveler master data that is current and of
high quality, and can facilitate the secure sharing of registered traveler datawithin the organization and across organizational boundaries (for exampleDMV records, credit reports, and financial information from banks).
Registered Traveler could be used to support Advanced Passenger Analysisscreening for international travel and to support domestic travel for security
screening where the traveler would provide their biometrics to match againsttheir credentials to expedite domestic travel.
From a MDM perspective, registered traveler data can be loaded through
batch, messaging, Web service, or real time through EJB calling an MDMservice.
The Registered Traveler system itself would support the business process for
managing the application, vetting (background processing), adjudication andapproval, and payment processing.
A CSR or multiple user roles might be involved in the processing andmanagement of the application as a case. The Registered Traveler system
should invoke a MDM server transaction to either perform a person look-up tosee if the person applied before or call the MDM Server AddParty Service,
which would find a match and update or add that information to Single View.This can be done as part of a global transaction with the Registered Travelersystem calling the MDM service, and is XA compliant.
The biometrics stored can drive the unique identification for a person in the
MDM server.
The MDM server publishes changes so that there is a publish/subscribemodel pattern for the synchronization of trusted traveler data. For example, if
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
46/56
46 Government SOA Scenario: Immigration and Border Management
a registered traveler updates their address or contact information, the updateis sent to passport and visa immigration systems.
Any time a MDM add/update transaction occurs, there is a pattern of data
quality management (cleansing and standardization) and then suspectduplicate processing to see if the person already exists.
Business value of adoption
Adoption of this approach provides business value in the following ways:
The actual passenger data (PNR) for those persons that are traveling canonly be retained for limited time. However, registered traveler data andcontent is established for a much longer time. Treating this as master data will
ensure accuracy and consistency with dependent sources of public andprivate data.
Establishing a single view of managed, trusted, and registered traveler data
shared across carriers and government agencies is a critical factor for faster,thorough travel security clearance and safety for frequent travelers.
Recommended IBM Government Industry Framework products
IBM InfoSphere Master Data Manager Server is recommended for creating asingle view of registered travelers.
Applying the Enterprise Content Management patternThis pattern addresses the following pain points:
Inability of the current systems to integrate with a biometric system to capture
fingerprint images.
Inability to capture and store content associated with a person such as a
passport image, birth certificate, and so forth.
Inability to manage and link content distributed over multiple contentmanagement systems with structured data about a person.
How this pattern should be applied
The following approaches should be used to apply this pattern:
Use master data management to associate structured data along withunstructured content through a common key, driven by data cleansing,standardization, and matching.
Use MDM as a controller to the drive-federated query requests about aperson to retrieve all content and data about a person relevant to a query.
Business value of adoption
Adoption of this approach provides business value in the following ways:
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
47/56
Government SOA Scenario: Immigration and Border Management 47
p pp p g y
Ability to access the correct content at the right time quickly, and easily and
accurately associate a travelers biographic records from a single contentrepository
Ability to manage exposure to litigation, internal policy, external mandatoryregulations, and government compliance
Increased productivity:
Having the right information captured in a single version and singlelocation for all unstructured content
Content-centric processes are automated and integrated as part of theoverall registered traveler business process
Recommended IBM Government Industry Framework products
The following IBM Government Industry Framework products are recommended:
IBM FileNet Business Process Manager IBM FileNet Image Services IBM FileNet Records Manager IBM FileNet Content Services
Infrastructure patterns that apply to Advanced Passenger Analysisand Registered Traveler
This section addresses the infrastructure patterns that apply to both AdvancedPassenger Analysis and Registered Traveler.
Applying the Connectivity patternThis pattern addresses the following pain points:
Point-to-point integration between several applications such as screening,targeting to data sources such as analytics databases, case management
data, and so forth.
Scaling Advanced Passenger Analysis architecture to accommodate new
data sources (such as international watch lists and criminal data) becomescomplex and time consuming.
How this pattern should be applied
The following approaches should be taken in applying this pattern:
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
48/56
48 Government SOA Scenario: Immigration and Border Management
An ESB architecture behind the firewall enables loose coupling, basic routing
and easy integration and adaptation of their diverse applications inside andoutside the enterprise.
Development of new applications for Registered Traveler along withcorresponding data sources becomes much faster.
The ESB provides support for different protocols and the exchange of
message formats between applications at the channels and within the datacenter.
Business value of adoption
Adoption of this pattern offers business value in the following ways:
The ESB provides a solution to respond to requests in a channel independentfashion to support user interface flexibility.
Development and updates to applications to keep up with changing security
mandates becomes considerably faster.
Recommended IBM Government Industry Framework products
The following IBM Government Industry Framework products are recommended:
IBM WebSphere Enterprise Service Bus IBM WebSphere Message Broker IBM WebSphere DataPower IBM WebSphere Service Registry and Repository
Applying the security patternThis pattern addresses security across all tiers of the solution architecture.
Presentation tier security
Consider the following guidelines for presentation tier security.
The Web interface to Advanced Passenger Analysis /Registered TravelerPortal needs to be covered in aspects of security by employing best practices
such as defense-in-depth. By this, the solution is protected by its layeredplacement across security zones.
IBM Tivoli Access Manager for e-business provides an access management
infrastructure that can fulfill the above needs.
Identity management
Consider the following guidelines for identity management.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
49/56
Government SOA Scenario: Immigration and Border Management 49
As the realms within which the solution operates is important (national
security), it is essential that the users who interact with the system, especiallythose who can modify the information (such as over presentation tier), are
identified with high levels of assurance.
As per security best practices, the channel for verifying the identity of an
Advanced Passenger Analysis/Registered Traveler critical user should bemultiple. For example the user should provide what they know (user
ID/password over the Web) and provide information about what they have(token/smart card/biometric information). A combination of the two would
better determine the identity.
To have access to the Advanced Passenger Analysis/Registered Traveler
solution, an infrastructure has to be provided for users to enroll, anydocuments to be scanned for approval (and stored), workflow systems to get
required approvals, and for scanning of biometrics.
Determine which internal government employees should have access toregistered traveler identification information.
Upon approvals, a secured credential would be granted and issued to theuser.
The credential (such as a smart card) contains aspects of the user that can
be verified with the user's biometric information. Solution components for thisinclude an approval engine such as IBM Tivoli Identity Manager.
Integration tier security
Consider the following guidelines for integration tier security.
The integration tier of Advanced Passenger Analysis is primarily performed bythe ESB/Message Queue (MQ) components. The security aspects, such as
integrity of messages and confidentiality (such as who or which application
can write into the queues and read from it), are critical. Similarly for Webservices invocations, it is important that these invocations are performed bythe authorized entities as per the security policies.
To achieve both these requirements, the following security components can
help:
WebSphere MQ Extended Security Edition
IBM Tivoli Federated Identity Manager
Application tier security
Consider the following guidelines for application tier security.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
50/56
50 Government SOA Scenario: Immigration and Border Management
Application level security on which roles can perform which actions will be
performed by the application itself. The information about the mapping ofusers to roles, roles to actions, and actions to resources is handled by the
application itself.
In the Advanced Passenger Analysis solution, WebSphere Portal Server
(based on WebSphere Application Server) will handle these aspects. Theapplication components can, however, delegate the responsibility of storing
this data to CIS components (such as IBM Tivoli Directory Server) orexternalize access management to IBM Tivoli Access Manager for
e-business.
Data tier securityConsider the following guidelines for data tier security.
Data storage encryption
Sensitive information needs to be encrypted and stored in tape drives,
virtualized storage, or disk subsystems. It is important to have a systemthat can store this data and manage the set of encryption keys.
Advanced Passenger Analysis data will come from all over the world, so it
needs to be encrypted during transition and not just during rest in the case
management database. WebSphere MQ Extended Security Edition hasthis capability.
The Registered Traveler data is persistent for the lifetime of the registeredtraveler identification. Therefore, encrypting this data is important.
Data access
User access to stored data needs to be controlled both logically andphysically. Information in user repositories (such password information) needsto be encrypted and stored using security algorithms (for example
SHA1/AES) as per business policy. Information stored in the databasesneeds to be encrypted using directory or database provided encryption
mechanisms.
Applying the SOA Management patternAdvanced Passenger Analysis and Registered Traveler business service level
agreement (SLA) requirements and non-functional requirements are key todetermining exact systems management requirements. This section lists
systems management components and a mapping of IBM solution offerings thatcater to them.
Note that although these solutions and services are positioned for the boundaryof control of a Advanced Passenger Analysis or Registered Traveler project, they
can be expanded to other enterprise class solutions.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
51/56
Government SOA Scenario: Immigration and Border Management 51
can be expanded to other enterprise class solutions.
Availability of systems and services
Consider the following guidelines for availability of systems and services To meet the expected throughput and performance SLAs, it is important to
know the availability characteristics of the system where the components run.It is therefore imperative in real time to:
Determine the availability of operating system resources (such as
memory, hard disk space, and CPU cycles).
Determine the availability of applications and services.
Send alerts when critical thresholds are reached for resources or critical
applications are not running.
Take corrective actions where possible by running system commands attarget machines that can be configured to perform remediation steps (For
example, start an application server if it is down).
Report the availability snapshot of the critical systems in a dashboard.
The IBM Tivoli Monitoring suite can help with these requirements.
Capability of predictive alertsTo be better prepared to predict issues, consider the following issues:
Keep historical data (not just real-time data) of systems utilization.
Determine trends of peaking resources.
Determine the time to reach resources limit (for example a hard disk would
reach capacity in 30 days at the current rate).
Provide growth statistics for multiple time periods (such as one week, one
month, 90 days).
Send alerts by integrating with existing e-mail/SMS systems to page theconcerned person.
IBM Tivoli Performance Analyzer can help with these requirements.
Systems troubleshooting
When solution systems are not functioning to the expected levels, informationshould be available on where the problem is occurring. This is often a dauntingtask with many participants involved.
There is a need to improve operational efficiency by providing visible informationof what is happening in the environment and which components are performing
poorly. This information should show the performance of transactions over
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
52/56
52 Government SOA Scenario: Immigration and Border Management
p y pmultiple stages. This will help identify where bottlenecks are in a system.
The following products can help:
IBM Tivoli Monitoring IBM Tivoli Composite Application Manager for Transactions IBM Tivoli Composite Application Manager for SOA IBM Tivoli Composite Application Manager for WebSphere
Applying the SOA Governance patternThis pattern addresses SOA governance concerns.
How this pattern should be appliedConsider the following guidelines for how this pattern should be applied:
Plan, develop, and deploy an enterprise level governance strategy, so it is not
done in pockets within each department.
Execution of governance practices need proactive best practices andenforcement.
Compliance reports need to be stored and retrieved for audits.
When starting SOA-based projects, identify and prioritize new and ideal setsof service candidates. By following best practices and adopting SOMA, the
highest value business services that will need to be implemented can beidentified easily and accurately.
To regulate the creation of new services with future SOA projects, implement
a centralized registry and repository.
Institutionalize governance best practices with executive sponsorship and
support across departments.
By adopting the SOA Governance and Management Methodology (SGMM),assign roles and responsibilities for spawning and owning services and put a
funding model in place.
Comply with government and regional regulations:
ICAO 9303 machine readable travel documents.
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
53/56
Government SOA Scenario: Immigration and Border Management 53
IATA target times for passenger throughput (for example, 15 minutes toclear security).
USA TSA regulations. FBI T60 rule: Information about all passengers flying to the USA must
reach the FBI one hour before the plane takes off.
EC API directive: airlines must send passenger API for each passenger
before the plane lands.
Business value of adoption
Consider the following guidelines for business value of adoption
By adopting an enterprise level governance strategy, the benefit comes fromreduced costs through standards-enforced usage of the same monitoring
tools, technologies, procedures, and reporting for audit compliance.
Reduced exposure to litigations as the regulation and audit compliances are
managed using standard procedures as at enterprise level.
Recommended IBM Government Industry Framework products
Consider the following guidelines for recommended IBM Government Industry
Framework products IBM WebSphere Service Registry and Repository IBM Rational Asset Manager IBM Tivoli Change and Configuration Management Database IBM Rational Method Composer
The team who wrote this IBM Redpaper
This paper was produced by a team of specialists from around the world:
Martin Keen, Consulting IT Specialist, IBM ITSO
Allen Dreibelbis, Executive Solutions Architect for Single View of a Citizen, IBMSWG IM Advanced Engagement Team
HungTack Kwan, Certified IT Architect, IBM Global Solution Center
John LaLone, Executive Consultant, IBM SOA Sales
Paul McKeown, Associate Partner, IBM Customs Revenue and BorderManagement.
R h i K hik SOA S i P d t M IBM SOA P tf li
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
54/56
54 Government SOA Scenario: Immigration and Border Management
Rashmi Kaushik, SOA Scenarios Product Manager, IBM SOA PortfolioConsumability
Robert Spory, SOA Consultant, IBM SOA Sales
Marilza Maia, Business Integration Solutions Architect, IBM SOA AdvancedTechnologies
Vinod Chavan, Global Sales Leader, IBM Industry Frameworks
Thanks to the following people for their contributions to this project:
Wendy Clarke
David Waxman Leonard Lee John J McKeon Ashish Cowlagi
Notices
8/14/2019 2-IBM-RP - BI Government SOA Scenario Immigration and Border Management
55/56
Copyright International Business Machines Corporation 2009. All rights reserved.
Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by
GSA ADP Schedule Contract with IBM Corp. 55
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in other countries. Consultyour local IBM representative for information on the products and services currently available in your area.Any reference to an IBM product, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product, program, or service thatdoes not infringe any IBM intellectual property right may be used instead. However, it is the user'sresponsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document.The furnishing of this document does not give you any license to these patents. You can send licenseinquiries, in writing, to:IBM Director of Licensing, IBM Corporation, North Castle Drive Armonk, NY 10504-1785 U.S.A.
The following paragraph does not apply to the United Kingdom or any other country where suchprovisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATIONPROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS ORIMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimerof express or implied warranties in cer tain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically madeto the information