Factsheet of Public Services Infrastructure (PSi) Updated on: 1st Sep 03
1 Objective of Paper 1.1 This document provides an overview of the Public Services Infrastructure (PSi). 2 Overview of PSi 2.1 PSi serves as a complete end-to-end platform for Government agencies in Singapore to develop, deploy and operate their e-services on the Internet efficiently and rapidly. Public Service Infrastructure Development Environment Testing Environment Quality Assurance Environment Production Environment Generator Application Services Application Services Application Services Application Services Platform Network Figure 1 Components of PSi 2.2 PSi comprises several components, namely, infrastructure, application services and the Generator (see Figure 1). The Generator is a development environment that allows developers to rapidly develop e-services. To simplify e-service development, PSi also provides a set of application services that can be used by e-services. These application services are payment, authentication and back office/legacy system integration services. 2.3 The Generator, application services and all e-services are deployed on the infrastructure layer of PSi. This infrastructure consists of a Page 1 of 7
set of hardware systems and software applications. The infrastructure is designed and constructed to cater to enterprise-scale e-service hosting requirements, such as being highly available and scalable. 3 Features of PSi 3.1 PSi provides high availability through its use of hardware redundancy, hotstandby machines, server clustering, system fail-over, and uninterruptible power supply. 3.2 PSi provides high performance through the use of enterprise-class servers and software applications. 3.3 PSi provides high scalability through the adoption of a multi-tiered design with multiple web servers, application servers and database gateways and servers. 3.4 PSi is platform independent. Its code can run in any J2EE compliant environment. 3.5 PSi is secure. Its Internet connection to the public is secured using the Secure Sockets Layer (SSL) protocol. It uses intrusion detection software to ward off hacking attempts. In addition to this, the PSi servers and system software are tested for and protected against common security flaws. 3.6 PSi is standards-based. It adopts the following standards: Java 2 Enterprise Edition (J2EE) o Java Server Pages (JSP) o Java Servlets o Java Database Connectivity (JDBC) o Enterprise JavaBeans (EJB) Extensible Markup Language (XML) Page 2 of 7
HyperText Markup Language (HTML) HyperText Transport Protocol (HTTP) 3.7 PSi adopts a thin-client approach. This means that developers do not need to install any software on their machines to start their e-service development. All they require is an Internet browser. 3.8 The PSi code is flexible and extensible. Flexibility is achieved through the use of plug-and-play component technology, and extensibility through the use of object-oriented programming technology. 4 Infrastructure 4.1 The underlying infrastructure that supports PSi is deployed on the SGNet government network. The infrastructure comprises hardware systems and software applications configured according to a multi-tier architecture. The infrastructure can be upgraded easily without affecting e-services that are already in the PSi production environment. Government agencies that develop and deploy their e-services on PSi need not set-up and maintain their own network infrastructures. 4.2 The infrastructure also consists of an Intermediate Zone (IZ) comprising hardware and database software that provides a data storage service to Government agencies. Government agencies can choose to use the IZ to host data that is essential to successful transaction completion. Alternatively, agencies can choose to integrate their own relational databases (RDBMS) or legacy systems directly into PSi without intermediate data storage. 4.3 A browser-based System Management Console (SMC) is provided as an infrastructure service for privileged users from agencies, or their appointed vendors. The SMC can be used to administer user accounts, e-services, application services, and reports. For example, privileged users can monitor the migration process between the different PSi environments. Page 3 of 7
4.4 Development of e-services in PSi takes place progressively across four identical environments (see Figure 1) i.e.: The Development environment, for developing e-services The Testing environment, for systems integration testing The Quality Assurance environment, for user acceptance testing The Production environment, for the delivery and provision of e-services to Internet users 4.5 The infrastructure has a Migration Service to manage the migration of e- services from the development environment, through to the testing, quality assurance and production environment. Each Government agency can specify the people who must vet each e-service before it is allowed to migrate to the next environment in the development cycle. These vetters can be Government officers or appointed vendors. 5 Application Services 5.1 The application services layer comprises a set of common services that most e-services would require. Typically, a Government agency will need to authenticate users, collect payments or access databases from their e- services. PSi satisfies these requirements by providing security, epayment and electronic data exchange (EDX) services. 5.2 The application services layer currently provides the following epayment mechanisms: NETSCash - Users may make payment for their transactions using a cash card on a PC with an attached cash card reader. Page 4 of 7
enets Debit - Users may make payment for their transactions via a direct debit from their bank account through the bank s secure Internet banking facilities. Customers will simply key in their Internet Banking User ID and PIN to effect a transaction. enets Credit - Users may make a credit card payment over the Internet using a Visa or Master credit card. The payment transactions are authorised by the credit card issuing bank in real-time. 5.3 When a payment collection process is invoked within an e-service, the PSi epayment service will prompt the Internet user to select the desired payment mechanism. PSi provides hardware, software and network connectivity to the relevant service providers to process payments electronically. Government agencies need not develop their own epayment services or make separate arrangements with electronic payment service providers. 5.4 PSi s security service provides the following features: Authentication of users via a User ID and password, or via a smart card. Encryption of data submitted via a smart card. Digital signing of data submitted via a smart card. SingPass Authentication Service - A service-wide single-factor authentication service to support electronic transactions over the Internet between the Government and, the general public and businesses. 5.5 The e-service developer can specify the level of security required for the e- service via the PSi Generator. For example, a developer can specify that an e-service requires authentication of at least a User ID and password. Users of the e-service can then use their User ID and password or a stronger authentication mechanism, (e.g., their smart card) to authenticate themselves. Page 5 of 7
5.6 PSi provides support for integration with the database and legacy systems of Government agencies via the EDX service. Each EDX service facilitates data transfer between the agency s database and its e-services built on PSi. The EDX service acts as a trusted proxy for e-services to query and write information to the database and legacy systems of the agencies. 5.7 An EDX service allows an e-service to retrieve or save information to or from designated databases. Databases can be located either at the PSi Intermediate Zone (IZ) or at the backend systems of the agencies. Hence, e- service developers can leverage on EDX services to access backend servers without worrying about interconnection issues. 5.8 An example of a database service offered by PSi using EDX is the Companies and Businesses Data Service (CBDS). CBDS provides information on companies and businesses for use by government e- services. The CBDS service will use information from the Companies and Businesses information maintained by the Registry of Companies and Businesses. 6 Generator 6.1 The Generator allows developers to: Develop the user interface of the e-service Developers are provided with a set of graphical components (e.g. check box, drop-down list box and text box) and can define how values for such components are captured or displayed. Implement the business logic for an e-service A high-level Business Rule Language is provided for e-service developers to code the business logic of their e-service. Create required variables and data fields and associate them with corresponding database values via EDX Page 6 of 7
Developers can define the database to retrieve/store the values for variables and data fields by selecting an appropriate EDX service for database access. Enabling security and cryptography functions for the e-service By selecting from a list of choices, developers can specify the security level for the e-service and other cryptography functions required, such as digital signature, encryption and SingPass authentication. Payment support for the e-service Developers can specify which supported epayment mechanism is to be provided by the e-service by selecting the appropriate epayment mechanisms. 7 Conclusion 7.1 PSi provides the Singapore Government a rich and highly-integrated centralised software platform to rapidly develop, deploy and operate public e-services on the Internet. With PSi, shared infrastructures and services can be easily reused by all the Government agencies, allowing for effective and efficient development and management of e-services. 7.2 PSi is designed and implemented with the forefront technologies and design approaches available in the IT industry to offer enterprise-scale services. Page 7 of 7