Gotze.eu

Tag: Denmark

  • That’s Some Business Case You Got There, Area 12

    Speaking of changes … the Danish central administration is facing some major changes.

    Yesterday, Computerworld broke the news (Gigantisk it-revolution pÃ¥ vej i staten): The government will establish two centralised, state-wide administrative service centres, one for IT service, and one for HR, travel admin, financial management, etc. Today, the Minister of Taxation came out and presented the IT service centre plan. Estimated savings: 425 million DKK annually, a lot of money compared to the US. Significant staff reductions are planned: In IT, from current 1.576 FTE to 1.132 over three years. The IT-consolidation will reduce today’s 4.000 servers to around 700.

    On Tuesday, the Minister of Finance presented the central government budget proposal for 2008, which enforces a 1% spending freeze. Hmm, guess they’ve read Kotter’s eight steps to change management, where step one is to create a sense of urgency for changes.

    Michael Karvø and other experts applauds the plan. And so do I. But just as Kim Viborg Andersen, professor at Copenhagen Business School, I do also see some if not many pitfalls and significant risk elements. The central government administration is a darn complex beast, and only rarely acts as one enterprise. On the other hand, over the past several years there has been many attempts at enterprise solutions at the state-wide level, especially with administrative services, so in some areas, these changes are just “natural” next steps towards “the state as an enterprise”.

    Been there, done that? Dorte Toft reminds us that it is barely a decade ago since the Danish state had its own, central IT-service centre, the Datacentralen, which was then sold out to CSC. Whether the new plan is in fact a revival of Datacentralen – Datacentralen 2.0? – is quite unclear to me. From what I can read (also I haven’t seen the actual proposal/report) the plan will not necessarily mean more insoucing and “home taking” of tasks and operations. It’s more about re-souring, if you want – moving tasks and operations from individual ministries and agencies to the new service centre.

    IMO, it’s a good strategy to go with Area 12 in this process of enterprising the state. “Area 12” is the call name for the service area called “Administration and Management” in the Government Business Reference Model, FORM, which the Ministry of Finance released late last year. FORM must now be seen as a very essential tool in the implementation of the plan, and I really hope the decision makers will understand that. Basically, they need to understand what is administrative IT and what’s not, and that is exactly what FORM can help with.

  • Denmark Says No With Comments

    It’s official: Denmark has voted No with Comments to ISO/IEC DIS 29500 OOXML. See Danish Standards’ press release (in Danish). They are submitting 64 pages of comments, and state that Denmark will work for an approval assuming the comments will be addressed.

    I’ve read through the comments, and find them balanced and thorough. It will require some substantial changes to EOOXML for it to address these comments. However, addressing the comments will also require changes to OpenDocument, because the gist of the comments is to ensure interoperability between the ISO document standards.

    Good thing so many companies have recently joined the various standards committees, because if ISO follows the Danish recommendations, lots of work is yet to be done.

  • Microsoft and Danish Government in New Identity Deal

    A year ago, my former collegue Søren Peter Nielsen wrote, on behalf of the Danish government, a letter to Microsoft. Seems he got a response, and I’m sure it’ll interest XMLGrrl and many others, that an announcement was made yesterday: Agreement between the National IT and Telecom Agency and Microsoft: Agreement concerning partial support of the SAML 2.0 standard.

    “The ongoing dialog between the National IT and Telecom Agency and Microsoft has resulted in an agreement on partial support of the SAML 2.0 standard in Microsoft’s forthcoming version of their federation product named Active Directory Federation Services 2”, the agency writes.

    The text agreed upon is as follows:

    “The Danish public sector has chosen SAML 2.0 as their federation standard. Microsoft products use WS-Federation and WS-Trust as the foundation of their federated identity architecture. The Danish government has agreed that the SAML 2.0 token format is sufficient to provide basic interoperability between WS-Federation and SAML 2.0 environments as a common assertion format, without loss of authentication integrity.

    To support interoperability between WS-Federation and SAML 2.0 based products Microsoft has agreed to support the SAML 2.0 token format in the future release of Active Directory Federation Services code-named Active Directory Federation Services “2”. Microsoft will provide the Danish public sector Centre of Service Oriented Infrastructure with pre-release code to help analysis and planning of solutions for integrating WS-Federation-based clients in the Danish federation, and to collect feedback on the feature implementation.

    In addition, the co-authors of WS-Federation (including Microsoft) have submitted the specification to OASIS for standardization. This step further enables interoperability between federated environments that deploy SAML 2.0-based products and those that deploy WS-Federation-based products.”

    In commenting the agreement, the agency writes: “With this agreement a possibility for inclusion of Microsoft based clients in a common public SAML 2.0 based federation has opened”, and notes:

    The integration will require the standard based login solutions to be expanded with a special integration code. The solution is therefore a pragmatic tactical integration solution, but with the above-mentioned partial SAML 2.0 support from Microsoft it is expected that the integration can be done without influencing the individual “Microsoft Active Directory Federation Service” user organizations.

    The agency notes that more iinformation on the concrete possibilities will be published as the National IT and Telecom Agency’s Centre for Service Oriented Infrastructure receives pre-release code from Microsoft that can be integration tested.
    The agency elaborates a bit more on the deal:

    It is still desired, that Microsoft support all of the SAML 2.0 standard in their products, but the above-mentioned agreement are a good first step towards more convergence among standards for transverse user management.

    The National IT and Telecom Agency also sees the filing of the WS-Federation (WS-FED) specification for standardization in OASIS as a step that can promote convergence among federation standards.

    It should be stressed that it does not mean that the WS-Federation specification is recommended equally to SAML 2.0 for common public solutions.

    When the results of the standardization with WS-Federation become available (expectedly in the end of 2008) it might be relevant to do a new assessment but for now the SAML 2.0 it is still the only standard, which is recommended as a federation standard for Danish common public solutions.

    So, there we have it.

    I want to congratulate Søren Peter on a job well done. Stand firm on SAML 2.0, the open ecosystem needs it. And thanks to Microsoft for listening to customers (but why only partial support?).

  • Hiser in Danish, and now in English

    I wrote a Danish article in Version2 published yesterday. Here is my translation:

    Danish Document Controversy Raises International Concerns

    OpenDocument Foudation is very concerned about the development in Denmark. Moreover, the organisation is readying a plugin that will make it even easier to use the ODF-format.

    John Gøtze

    The awareness of the political initiatives around the usage of open standards reaches beyond Denmark.

    “Denmark needs a winning attitude, but this policy is appeasement”, comments Sam Hiser, Director of Business Affairs in OpenDocument Foundation, an organization promoting and supporting ODF.

    Sam Hiser is following the international development around ODF closely, and is not pleased with what he hears from Denmark.

    “Denmark’s dual format policy is one of the more depressing events in recent months”, he says.

    “It sets a precedent for compromise that paints Danish agencies into a corner,” he argues.

    Hiser proposes that the Danish policy should above all permit CIOs to do the necessary business process re-engineering to get away from the control of tMicrosoft.

    “We’ve always thought our conception of an ODF Plugin for MS Office as being among Microsoft’s worst nightmares. And that it is. Something which goes into Windows XP/Office and permits native file open, edits and save as ODF is going to be very interesting”, Hiser tells about the ODF Foundation’s plugin.

    There are other ODF-plugins to Microsoft Office. First, Sun’s Plugin for MS Office, which produces an OpenOffice-equivalent conversion to ODF. Second, the Microsoft/Clever Age/Novell Plugin for Office 2007.

    The OpenDocument Foundation calls their ODF Plugin for Microsoft Office “da Vinci”, but is not yet an finished product.

    Hiser explains that the da Vinci plugin has two elements the others do not. First, it has a ODF InfoSet API for server-side integration with the ODF Plugin for MS Office. Second, it has a ODF Feature-Set Wizard to help organizations govern the features in their office files.

    Hiser explains that the OpenDocument Foundation’s plugin will ensure vendor independence when developing applications that use the document data.

    Thanks, Sam!

  • Assessing Standards

    Following up on my recent blog entry, Mandatory Open Standards in Denmark, I want to draw attention to further reports published by the National IT and Telecom Agency as background material to the main report. These materials are all in English.
    First is a report called Research about OpenXML, ODF & PDF made for the Danish government by Norwegian consultancy house Ovitas AS.

    The criteria covered in the research report include three main areas:
    1. Openness (open documentation, rights, open interface, open meeting, consensus, due process)
    2. Market issues (penetration, maturity, implementation)
    3. Business potentials (functional and non-functional requirements, security, potentials and architecture)
    In conclusion, they write:

    The conclusion of this preliminary research is that both OpenXML and ODF qualify as viable candidates for open standards for editorial document formats based on the criteria used in this research. PDF is currently controlled by Adobe Systems but has a unique worldwide take up.

    “Viable candidates”? Hmmm. Nevertheless, the report is a fairly balanced analysis, which on several accounts makes it very clear, that there are big differences between the standards. One could, reasonably I’d argue, ask how the conclusion is supported by the research. I miss the substantial argument for how low a barrier one should have for what is and what isn’t a viable candidate.

    It is worth noting that the hearing report in appendix A (only in Danish) has a quite thorough outline of how standard assessments should be conducted. The Norwegians does note that their work was done in parallel to the development of this outline, so I suppose we can’t blame them. But one would expect more from the Danish administration then. What is missing is exactly the specific “scores” for, or evaluations of, various detailed issues. If we assume such scores are red/yellow/green, my bet is that OOXML would have quite a few yellows if not reds, which would need some explaining in order to make the conclusion valid.

    More serious research
    The government commissioned a research project about “Open Standards and their Early Adoption” in 2005-06. This was conducted by Professor Mogens Kühn Pedersen and Vladislav V. Fomin from Department of Informatics at Copenhagen Business School, and their final report is also available (download report, literature review and delphi survey). The report’s executive summary:

    Standards have proven themselves indispensable to the industrial revolution. How are standards developed today? What does the economics of standards tell about the impact of standards upon economic growth and productivity? Do standards influence industry innovation? How are the standardization processes in the field of ICT taking place? How and why do open standards differ from other types of standards? How may open standards influence ICT government policy and the reverse: How will government need to take action in the face of the international trend toward open standards in ICT?

    The reports perhaps raises more questions than they answer. But read them you must.

  • Mandatory Open Standards in Denmark

    I’d be interested in the international reactions to this piece of news:

    On Friday, the Danish Minister of Science, Technology and Innovation, Helge Sander, made a press announcement (Danish) about his plan for following up on the Parliament Resolution 8 months ago.

    The implementation plan is presented in a report which suggests that “open standards should be implemented gradually by making it mandatory for the public sector to use a number of open standards when this becomes technically feasible”.

    The report identifies an initial sets of open standards as candidates for mandatory use from 1 January 2008 “if an economic impact assessment shows that this will not involve additional costs to the public sector”.

    The implementation plan’s elements are as follows:

    • “From 1 January 2008, all new public IT solutions should make use of the mandatory open standards relevant to the IT solution in question unless there are significant reasons for not complying with these standards.
    • If there are significant reasons for not complying with the relevant mandatory open standards, this must be reported on signing the contract, stating the reasons for applying the exceptional provisions.
    • In case of IT solutions where the technical procurement is above the EU tendering limit, the reasons must be reported to the National IT and Telecom Agency for the purpose of publication.
    • All ministers must ensure that mandatory standards are drawn up within their respective areas of responsibility where this is relevant. This must be made in cooperation with local/regional administrations in line with the existing common public projects in the area of digitalization.”

    In short: The Danish Interoperability Framework gets a new level of status: Mandatory.

    The proposed mandatory standards from 1 January 2008 falls within the following areas:

    • Standards for data interchange between public authorities
    • Standards for electronic file and document handling
    • Standards for exchanging documents between public authorities (Open Document Format and Office OpenXML)
    • Standards for electronic procurement in the public sector
    • Standards for digital signatures
    • Standards for public websites / homepages
    • Standards for IT security (only within the public sector)

    Around a dozen standards: Compliant XHTML or HTML, complaint CSS, WAI Level 2, OCES (digital signature), XML 1.0, XML Schema 1.0, NDR 3.0, FESD (docuument management), OIOUBL, UNSPSC, and DS484 (ISO 17799).

    With regard to standards for exchanging documents between public authorities, the report proposes that “it should be mandatory to use at least one of the document standards Open Document Format or Office OpenXML”, and that it is up to the individual agency to decide what they want. The report explains that a study will be conducted this year with “the purpose of obtaining the necessary experience with these standards before 1 January 2008”.

    A revised governance model should ensure more mandatory standards over time. The minister is given more authority, but not much actual power to rule over the sectors. The report goes into the “comply or explain”-principle and how it will be practised, and here, it discusses exceptions … I’ll quote in length from their English summary:

    “Requirements regarding the use of mandatory open standards will not involve any obligation or incentive to expedite procurement, upgrading or implementation of new or existing IT solutions by public authorities.

    To ensure the value of open standards to the individual authority, it is important to avoid the authority being compelled to make inappropriate choices. For this reason, a number of exceptions are made to the general rule of using mandatory open standards.

    In connection with contracts and development projects, authorities are exempted from the rules of using mandatory open standards if this means that the authority is compelled to adopt a solution which:

    • is significantly more expensive in relation to using other standards,
    • degrades the security level critically in relation to using other standards,
    • involves a significant reduction in functional performance which is a direct result of the solution being based on mandatory open standards,
    • increases the implementation time markedly,
    • leads to conflicts with standards applicable within specific areas as a result of international commitments.

    Furthermore, public authorities are exempted from the rules of using mandatory open standards if the solution does not involve data interchange with other systems.

    In case one or more of the points above are in evidence, the relevant authority may choose to dispense with specific mandatory open standards for the solution concerned.

    New solutions where technical procurement involves overall costs exceeding the EU tendering limit must be reported to the National IT and Telecom Agency on signing the contract, stating the reasons for applying the exceptional provisions.

    New solutions with overall costs below this limit should also make use of mandatory open standards, unless they fall within the exceptional provisions. However, these solutions are not subject to the reporting requirement.

    Download the English summary as PDF or ODF. The full report in Danish is here.

    The consultation period ends 23 March.

  • On the radio: Sutor, Munk and Gøtze

    During Bob Sutor’s visit in Copenhagen (I posted the homemade video with Bob Sutor the other day), I had organised for him to be interviewed by DR (Danish Broadcasting Corporation, national public radio).

    Tonight, DR brought the interview with Bob in their program Harddisken (third section), with an almost half-hour long theme about open standards hosted by Henrik Føhns. He had invited me in the studio for comments and debate with Marie Munk, Deputy Director General in the National IT and Telecom Agency. Bob apprears in edited and partly-translated form, but Marie and I were live on the air (and didn’t get to hear Bob!). So, it was there and then. Afterwards, of course – oh, why didn’t I say this and that, and all that, but it was also fun being live.
    The whole show is now downloadable as a podcast — the Harddisken podcast-feed should reach 10.000 users, I was told, and is the third most used podcast of all in DR. Go get the podcast and help Harddisken become the most downloaded podcast! (of course, it’s in Danish, but the music is great 😉 – and Bob does get a bit of airtime, which of course is in English). About two-thirds into the MP3-file.

    Since I cannot get DRs online radio and their fancy DRPlayer to work in my system (Mac OSX, Firefox) I chose not to link to those services here … but want to say to DR: Thank you for the podcasts!

  • Local History of Standards

    Quoting myself:

    This article discusses current and recent developments in Denmark, where open standards have become a central policy issue. Although Denmark is prone for leading the way in true, large-scale openization, a full-blown effort towards these ends is highly unlikely.

    That’s the abstract of an article I wrote for translation into Spanish and publication in Novática, the journal of the Spanish CEPIS society ATI, Asociación de Técnicos de Informática, issue 184 (November-December 2006).

    The editor, Llorenç Pagés, is also Chief Editor of Upgrade, The European Journal for the Informatics Professional, and will also there soon publish an issue about ODF, in which I will have an extended version of my article.

    Llorenç allowed me to share my English manuscript, so I’ve uploaded it here: You can get the ODF-version or the web-version: A Brief History of Open Standards in Denmark, where the password is ODF 😉

    I invite comments on the article. I’m still working on the extended version, and think improvements are possible …
    On a side-note, I had to hack WordPress to be able to upload ODF-files within it. Bugger, that should be a standard feature!!

    On another side-note, you should be able to use OpenID when leaving your comment.

  • Version2: New Media for IT Professionals

    Version2

    On Monday, Danish media house Ingeniøren A/S will launch the first phase of Version2, a new biweekly magazine and online media for IT professionals in Denmark. I’m proud to say that I’m part of the team behind Version2.
    The magazine and website will launch in November, but we will start the river of news via Ingeniørens site next week, where Tania and I are covering the JAOO-conference.

    The “real” Version2 opening in November will be our attempt at practising “Media 2.0″/”News 2.0” or whatever – lots of good blogs, wikis, and all that.

  • Digital Identity Management – Challenges and Benefits

    Amir Hadziahmetovic has published his MSc in IT thesis, which he made under my supervision. It is in English and is called Digital Identity Management – Challenges and Benefits (Download PDF). Besides giving a nice introduction to and analysis of Identity Management, Amir makes some interesting observations about the identity management situation in Denmark. I recommend everyone to read this good thesis.

    I’ve extracted a few central paragraphs introducing the project:

    The main research problem is how to find the optimal model that will solve Digital Identity (DI) management and the data interchange for electronic business in new network economy. The problem lies in unknown path of how to make choices for interoperable DI, and how to find the optimal strategy to implement chosen model. The research will commence with exploring the area of general Digital Identity Management, continue with analyzing platform for interoperable management and exchange of DIs, including implementation challenges, and end with listing the benefits of having such a platform implemented.

    Imagine the sewerage management of a bigger city where each building block has a container for waste waters instead of a city-wide sewerage system. Without drain-pipes connecting the containers, every now and then a container would fill up, and for emptying a pump-trucks would be needed. They would pump out the content from a container, and spill it out at some depot outside the town. This would be very complex system of containers and trucks, difficult to control and manage. Some of the containers would certainly get overfilled, causing flooding and bad smell. With the growth of the city, the system would get even more unreliable. Therefore the majority of today’s cities have outspread sewerage system, which connects the depots, automating the spill of waste waters.

    The similar problem modern business has with today’s DI management: Identity data in containers, filling up quickly; the system unable to exchange data with other systems; difficult to maintain and automate the spill of data. To enable development of electronic business, more reliable system for DI management is required.

    Business trends today push organizations toward strengthening of cooperation and linking of business processes between them. Many companies and governments are tending to expand their activities by integrating online services and systems, and letting external users access internal data. Individual users want comfortable Web experience, and minimal effort in getting tailor-made products and services. Inability of today’s IT systems to match these trends is choking present development of business. Strengthening of cooperation and linking of business processes is putting pressure on IT systems and belonging infrastructure, requiring that Digital Identity data is created in unified fashion, and safely exchanged between organizations.

    Digital Identity Management (IM) is a fundamental part of integrated company systems and online services. It defines who has access to what in some cases, and identifies customers and users of the services in other cases. IM architecture of today has to evolve from predominantly silo to common, interoperable architecture, based on open standards. This kind of architecture is a fundament for Federated IM, where identities are safely exchanged.

    This project will try to look at Digital Identity Management, technology and architecture in relation to business goals and strategies. The main concepts of Digital Identity Management will be addressed i.a. concepts like Federated Identity, Single Sign-On (SSO), and Open Standards. The report will present a study of business and technical implications of Federating Identity, where Identity management is the central issue.

    An analysis of the practical as well as architectural aspects of Federated Identity will be covered. An analysis of open standards for interoperability will be covered, especially those advised by Danish National IT and Telecom Agency and their Reference Model for Identity. The report will focus on standards from the Model such as Role-Based Access Control (RBAC), Security Assertion Markup Language (SAML), Lightweight Directory Access Protocol (LDAP) and Public certificates for electronic services – OCES Digital Signature, but also will discuss alternatives. Finally privacy issues will be considered.

    The fundamental objective of any enterprise IT system must be full support to business flexibility and agility in ever-changing business environment. The ultimate goal of this project is to perceive the challenges of the IM evolution path, and to show how Identity Management supports connection between the systems and the processes, providing users with better web experience.

    Method: The project will list general theoretical issues, comparing different views on these issues, and presenting own reasoning.

    The obstacles in relation to acceptance of Reference Model for Identity will be analyzed. The analysis will be based on empirical research including feedback from involved organizations, interviews with individuals from selected organizations, conferences, and forums.

    Again: Download Amir’s thesis (PDF).