Post on 13-Jan-2016
1
Government Transformation Initiative – eGovernment Procurement for Good Governance
Session 5 – Standards in e-Government Procurement
Eduardo TaleroMay 27, 2009
2May 27, 2009 eduardo@talero.name
Agenda
1.Context for eGP BM Standards Decisions
2.The general case for standards
3.The specific cae of Standards and eGP
4.Standards to consider for different phases of eGP
5.Reality check on standards adoption
6.Recommendations to consider.
3May 27, 2009 eduardo@talero.name
Reminder: Functional Scope of eGP system
Processing Center
`E-Reverse Auction
E-Catalog Purchasing
System integration/ Collaboration
eGP System
Public Sector systems
Asset management
Contract management
Indent management
Financial management
Budgeting
Private Sector systems
Bid/Proposal Preparation
Catalog management
Order management
InvoicingBuyer/Seller Support
E-Tendering
Publication / DisclosureI
II
IVIII
4
WHY STANDARDS?
eduardo@talero.nameMay 27, 2009
5May 27, 2009 eduardo@talero.name
Prevent
failures
Standards help to…
6May 27, 2009 eduardo@talero.name
Increase efficiency of complex operations
Standards help to…
7May 27, 2009 eduardo@talero.name
Introduce order and predictabi-lity in electronic exchanges
Standards help to…
8May 27, 2009 eduardo@talero.name
Reduce risk
Standards help to…
9May 27, 2009 eduardo@talero.name
Increase trust
Standards help to…
10
►Enhance B2G/G2G connectivity and interoperability
►Generate trust in electronic experience
►Enhance competition and inclusion
►Enhance efficiency and flexibility of public procurement function
►Enhance cooperation and transparency
►Facilitate evolution and innovation
►Increase return, reliability of investments
►Avoid vendor lock-in
How standards can help eGP
eduardo@talero.nameMay 27, 2009
11eduardo@talero.name
eGP SystemDevelopmentMethodology(UML, RUP)
May 27, 2009
SOME STANDARDS FOR eGP System Specification/Construction
Quality(CMM)
Architecture(SOA,WOA )
Workflow (BPMN, UMM,
BPSS)
Networking (TCP/IP)
12eduardo@talero.name
eGP System`Model
legislation(UNCITRAL, EC Directives 2004/17/EC
and 2004/18/EC )
Identification(UN-SPSC, GPC,
CPV, eCl@ss )
May 27, 2009
E-GP System: KEY STANDARDS FOR DISCLOSURE FACILITIES
Laws/Regulations
Business opportunities
Bidding documents
Contract awards
Formatting (ODF, PDF, OOXML)
13eduardo@talero.name
e-GP System - User Support FacilitiesCommunication
(Imap)
ePayments (SET, IFX..)
May 27, 2009
SOME STANDARDS FOR e- GP SUPPORT FACILITIES
Supplier registration
& alerts
Electronic payments
Reference prices
Research support
Identification(UN-SPSC, GPC,
CPV, eCl@ss )
Supplier Registry
Registration (DUNS)
14eduardo@talero.name
Reliability (HTTP-R)
May 27, 2009
SOME STANDARDS FOR eGP DATA CENTER
eGP Data Processing
Center
Directory Service(LDAP, DSML)
Computer securityISO/IEC 15408
Site security (RFC 2196)
IT Service Management
(ISO/IEC 20000) Network security
(ISO/IEC 18028-1 )
15eduardo@talero.name
`
Reliability (HTTP-R)
May 27, 2009
SOME STANDARDS FOR eGP TRANSACTION SYSTEMS
Information Security Controls
(ISO 17999)
Information security
management(ISO/IEC 27001)
Information Security Testing
(OSSTMM)
E-Reverse Auctions
E-Catalog Purchasing
System integration/ Collaboration Facilities
E-Tendering
eGP System
16eduardo@talero.name
Communication (Imap)
May 27, 2009
KEY STANDARDS FOR e- REVERSE AUCTIONS
E-Reverse Auction Facilities
17eduardo@talero.name
QUESTIONS & ANSWERS
e-Tendering Facilities
Authentication (X509, XML DSig, XKMS)
Encryption (SSL, XML
Encryp)
May 27, 2009
KEY STANDARDS FOR eGP PHASE IIa - eTENDERING SYSTEM
Traceability(ISO 13335 )
BUYERS
SUPPLIERS
Q & ASUPPLIER ROSTER
DOCUMENT STORE
Encrypted Receipts
Decrypted
Bids
Bid Document
s
PROCESSING TIMETABLE
Supplier Profiles
Encrypted Bids
Bid Vault
18eduardo@talero.name
Messaging (SOAP)
Reliability (HTTP-R,
WS-R)
Interoperability (WSDL, BPEL)
SUPPLIER 1
Electronic Catalog
SUPPLIER 2
Electronic Catalog
e-Catalog Purchasing Facilities
May 27, 2009
SOME STANDARDS FOR eGP PHASE IIb - e-CATALOG PURCHASING SYSTEM
Documentation (UBL,
C-CATALOG)
Secure Access(SAML, XACML)
Publication (UDDI)
19eduardo@talero.name
Interpretation (DSDL, Relax NG)
Interoperability/Collaboration (ebXML, WS-I Profiles, WSCI, BPEL)
Provisioning (SPML)
EGP SYSTEM: STANDARDS FOR SYSTEM INTEGRATION/ COLLABORATION FACILITIES (PHASES III AND IV)
Web Security(WS Security, SAML, XACML)
Registration of Services
(UDDI)Private Sector
Systems
EGP System
Public Sector Systems
Web Services (WS*)
20May 27, 2009 eduardo@talero.name
►Mandated already by many governments (India, UK, Canada, EU, Phil, Brazil…) and recommended by most.
► Embraced in varying degrees by large vendors (IBM, HP, Oracle…)
►However, from 2006 MDB survey of eGP systems in 14 leading countries…
Adoption of Open Standards is…
21May 27, 2009 eduardo@talero.name
*Argentina, Australia (State of New South Wales), Brazil, Chile, Finland, Hong Kong, India (Indian Railways), Italy, Mexico, Norway, Romania, Singapore, South Korea, The Philippines
►No one says to allow ODF documents.
►Only 6 use UNSPSC.
►Only 4 use XML, and only one uses ebXML for interoperable electronic business
►Only 4 use SOAP, 3 use UDDI, only 1 uses WSDL and none use BPEL, WS-Security, WSCI (so much for SOAs).
►However, most use digital certificates and asymmetrical encription for authentication.
Use of Open Standards by 14 leading eGP governments *
22May 27, 2009 eduardo@talero.name
►Adopt and open standards policy for all eGP related work. Refer to them by name (“or substantially equivalent”) in SRSs and SLAs.
►Investigate and if possible adopt ebXML family of standards (ISO 15000) for all eGP-related work.
►Adopt SOA and Web services as the architectural standards for eGP.
►Adopt a business process modeling standard (BPMN or UMM) and use to document functional requirements of eGP system, even if procuring a COTS solution. It will serve well in acceptance testing and in avoiding vendor lock-in.
Recommendations to Consider
23May 27, 2009 eduardo@talero.name
►Reserve Digital signatures and PKI for strong authentication and signing of legally-enforceable documents. For other purposes, experiment first with simpler methods (encryption, two-factor authentication).
►Assign a person to watch and recommend standards. This may be done centrally for whole government.
►Open door to OSS products as they often implement and promote open standards.
►Strongly consider adopting international classification/description standards (UN SPSC, CPV, GTIN or similar) instead of a home-grown alternative.
Recommendations to Consider (2)
24
THANK YOU
Questions?
etalero@worldbank.org
eduardo@talero.nameMay 27, 2009
25
Extra slides
eduardo@talero.nameMay 27, 2009