Published on 30-Dec-2010
Validated on 28 Dec 2012
"With this security solution, we’re able to deliver new e-government applications much faster than would otherwise be possible." - —Santiago Paz, Project Manager, AGESIC
Cloud & Service Management, Service Management
IBM Business Partner:
One of a number of e-government programs is underway in Uraguy that enables hospitals to notify government social security and social service agencies online when a child is born.
Maintain trust in new e-government services by protecting the confidentiality, integrity and access to citizen information
An integrated security solution that reduces the cost and complexity of securing thousands of e-government services while helping maintain compliance
Enables faster deployment of new services; helps staff confirm compliance with national and European Union laws; provides easy and secure access for citizens and government employees
In Uruguay, an exciting pilot program is underway that enables hospitals to notify government social security and social service agencies online when a child is born. It’s one of a number of e-government programs the country is launching to replace paper-based processes and provide greater efficiency and transparency to services. About 50,000 government employees and 2 million citizens will ultimately use these online services.
“Trust in the system is vital,” says Santiago Paz, project manager at AGESIC, Uruguay’s Agency for the Development of Government Electronic Management and Information Society and Knowledge. “Without trust no one will use these new services.”
Understanding the importance of security, in 2007 AGESIC began designing in security as it planned for the country’s e-government services. “Because all transactions need a very high level of security, we decided it would be most effective to split the system into two parts and offload security from the application,” says Paz.
The agency opened a bidding process for an eGovernment Interoperability Solution. The proposals were evaluated from a technical and economical point of view. Finally, IBM was selected based on its scalability and support for security standards—including WS-Security, SAML, WS-Trust, XACML, LDAP and HTTPS. “From our review, the IBM solution presented by Urudata Software obtained the highest score in the evaluation of the bidding candidates,” says Paz.
Managing confidentiality, integrity and access
Working with IBM and IBM® Business Partner Urudata Software, AGESIC has implemented a multitier architecture that provides a comprehensive security solution for e-government services and addresses transport security, access control and identity management. To maintain the confidentiality and integrity of Web services, IBM WebSphere® DataPower® Integration Appliance acts as the policy enforcement point, receiving policies from IBM Tivoli® Security Policy Manager. Security tokens are issued by Tivoli Federated Identity Manager to confirm that the individuals claiming to send a message are who they say they are. IBM Tivoli Access Manager for e-business provides the centralized authentication, policy management and access control services to give citizens and government employees fast and secure access to online services. And IBM Tivoli Directory Server and IBM Tivoli Identity Manager provide the trusted identity data to support the authentication process across all Web services.
Finally, IBM Tivoli Security Information and Event Manager software collects and analyzes log information and generates the necessary audit reports to help staff quickly identify any irregularities, such as a high number of attempted transactions without the appropriate access rights. Because the software automates and centralizes the collection of log files from IBM security software along with third party products, including JBoss and .NET platforms, AGESIC expects that it will help to reduce the time and cost traditionally associated with log management.
“IBM has been a trusted partner, helping us in the design, engineering and installation of our security infrastructure,” says Paz.
Reducing the cost and complexity of security
According to Paz, by separating security from the applications themselves, the organization can deliver e-government services faster, while confirming that a high level of security is consistently applied. In fact, in pilot projects it took programmers less than two weeks to develop the software module to use the security platform. “It would be impossible for programmers to build the same level of security in just two weeks,” says Paz. “With this security solution, we’re able to deliver new e-government applications much faster and more securely than would otherwise be possible.”
Additionally, this approach provides the organization with greater agility. “If we didn’t have this common infrastructure, we would have to change and retest every application,” says Paz. “But, with this security solution, we can just make the change once and the change is reflected across all our e-government applications.”
For More Information
Contact your IBM sales representative or IBM Business Partner.
Visit us at: ibm.com/tivoli
You can get even more out of Tivoli software by participating in independently run Tivoli User Groups around the world. Learn about opportunities near you at: www.tivoli-ug.org
Additionally, IBM Global Financing can tailor financing solutions to your specific IT needs. For more information on great rates, flexible payment plans and loans, and asset buyback and disposal, visit: ibm.com/financing
For more information on Urudata Software, visit:
For more information on AGESIC, visit
Products and services used
IBM products and services that were used in this case study.
Tivoli Security Policy Manager, Tivoli Directory Integrator, Tivoli Access Manager for e-business, Tivoli Directory Server, Tivoli Federated Identity Manager, Tivoli Identity Manager, Tivoli Security Information and Event Manager, WebSphere DataPower Integration Appliance XI50
© Copyright IBM Corporation 2010 IBM Corporation Software Group Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America December 2010 All Rights Reserved IBM, the IBM logo, ibm.com and Tivoli are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at ibm.com/legal/copytrade.shtml Other company, product or service names may be trademarks or service marks of others. References in this publication to IBM products and services do not imply that IBM intends to make them available in all countries in which IBM operates.