Internal market, Industry,
Entrepreneurship and SMEs
IMI Internal Market Information System
EDPB IT Board meeting
Brussels, 4th May 2017 DG GROW R.4 – Single Market Service Centre
Internal market, Industry,
Entrepreneurship and SMEs
2
Content
IMI fundamentals
IMI architecture
IMI security
IMI Implementation model
Demo
Internal market, Industry,
Entrepreneurship and SMEs
IMI Fundamentals
Internal market, Industry,
Entrepreneurship and SMEs
4
IMI concept
Fundamentals on IMI
IMI is a PaaS (Platform-as-a-Service)
no SW development for implementing new business modules
IMI is Generic:
functional reusability via configurable workflows
trade-off reusability/customisability
Internal market, Industry,
Entrepreneurship and SMEs
5
IMI concept
Fundamentals on IMI:
IMI is Workflow-driven
data is processed through structured workflows according to status-related views and actions, and to granted permissions
IMI is Content-agnostic
data content is decoupled workflows
data structure and manipulation is modelled according to business needs via a meta-data management tool - MDMT
Internal market, Industry,
Entrepreneurship and SMEs
IMI Architecture
Internal market, Industry,
Entrepreneurship and SMEs
7
IMI Architecture
Main characteristics
Service Oriented
N-Tier
Internal market, Industry,
Entrepreneurship and SMEs
8
IMI Architecture
Technology
Database: Oracle
Application server: Oracle Weblogic
Back-end development: JEE and Spring (Security, Integration, Web Service)
Front-end development: ExtJS (MVC, UI components)
Internal market, Industry,
Entrepreneurship and SMEs
9
Deployment view
Internal market, Industry,
Entrepreneurship and SMEs
10
Deployment view
Multiple
environments
Dev
Test
Training
Production
Multiple
sub-systems
Back-office
Scheduler
Connect
Integration
Front-office
Configurations
Fault-tolerance
Single-node
Internal market, Industry,
Entrepreneurship and SMEs
11
Back office
Internal market, Industry,
Entrepreneurship and SMEs
12
Back-office
Core services
Authentication and authorisation services
Authorities and users management
Workflow engine: status machine
Multilingual support:
Label translations
Integration with Machine Translation @EC
Internal market, Industry,
Entrepreneurship and SMEs
13
Back-office
Modules
Specific configurations of available workflows within a legal area or domain
MDMT definitions: data structure and validation, screens, reports, searches
Workflows
Standard: Request, Alert, Notification, Notification-driven repository, Directly managed repository
Special: SOLVIT, EPC
Internal market, Industry,
Entrepreneurship and SMEs
14
Back-office
Repository services
MDMT
Dynamic screen generation
Dynamic reports generation
Entries access control
Import/Export: interoperability via REST-ful web-services
Internal market, Industry,
Entrepreneurship and SMEs
15
Scheduler
Internal market, Industry,
Entrepreneurship and SMEs
16
Scheduler
Execution of system's automatic actions
Automatic email notifications and reminders
Workflow timers and automatic actions
Internal market, Industry,
Entrepreneurship and SMEs
17
EPC Front office
Internal market, Industry,
Entrepreneurship and SMEs
18
EPC Front-office Core services
User authentication and authorisation
Simplified workflow engine (no handling of MDMT definitions)
Report generation
Multi-lingual support
Main functionality
Professional's profile management
EPC applications management
Documents management
Internal market, Industry,
Entrepreneurship and SMEs
19
Connect and Integration server
Internal market, Industry,
Entrepreneurship and SMEs
20
Connect and Integration
Connect
Interconnection with external systems
Supports multiple communication channels: Java Message Service (JMS), web-services
Integration
Communication between sub-systems
Queues of messages
Internal market, Industry,
Entrepreneurship and SMEs
IMI Security
Internal market, Industry,
Entrepreneurship and SMEs
22
IMI Security
Security governance
Security plan in compliance with COM decision 3602 and implementing rules and approved by HR.DS
Data protection rules under EDPS scrutiny
Access and authorisation management delegated to officially appointed Member States IMI Coordinators
MoU and SLA with DIGIT for hosting
Internal market, Industry,
Entrepreneurship and SMEs
23
IMI Security
Hosting security
System hosted in the EC Data Centre in Luxemburg
DC physically secured and mirrored in a remote site for disaster recovery
System deployed over virtual environments in a server farm
No remote root or administrator access allowed (only on local console)
24/7 incident handling and reporting procedures in place
Internal market, Industry,
Entrepreneurship and SMEs
24
IMI Security
Application security
Spring Security framework
Access to the system only allowed to authenticated users
Authorisation mechanism based on logical data partitioning (modules, workflows, sections, etc.) and user roles
Data validation to prevent injection or scripting attacks
Internal market, Industry,
Entrepreneurship and SMEs
25
IMI Security
Application security
HTTPS protocol for end-to-end connection encryption
Auditing and logging:
Application and database level: accesses and actions
Reverse proxy level: identification of incoming traffic based on IP addresses
Penetration testing and code review of main releases
Continuous improvement of coding practices
Internal market, Industry,
Entrepreneurship and SMEs
26
IMI Security
Back-office User Authentication
Username + password + 12 digits security code
Strong password policy (structure, duration, reuse, etc.)
PBKDF2 hashing of stored user credentials
Front-office User Authentication
ECAS
Internal market, Industry,
Entrepreneurship and SMEs
27
IMI Security
Authorisation and access control
Data organised in structured units called "workflow items" (e.g. a Request)
Access to data in individual workflow items and execution of available actions in every status are checked against actor's permissions
Permissions are managed at:
Authority level: granted access to a module and authority's role
User level: available roles within the granted access
Internal market, Industry,
Entrepreneurship and SMEs
IMI implementation model
Internal market, Industry,
Entrepreneurship and SMEs
29
Adding a new module in IMI
Legal aspects:
IMI Regulation annex and/or relevant policy legislation (co-decision proc.)
OR via an Implementing act (e.g. launching a pilot, replacing an
existing system)
Users input:
Legislator / Policy unit expresses the needs
IMI team maps needs to existing technical solution
Workflow content defined in cooperation with Member States experts
Support:
Training sessions for IMI users, Helpdesk support
Internal market, Industry,
Entrepreneurship and SMEs
30
Existing workflow done directly by DG GROW, NO development required
1.Select an existing workflow
2. Define the content
3. Define the visual display
to users
Policy-specific configurations: - Centralised / decentralised
processing of information - EC involvement in the
procedures - Active or passive involvement
of recipients (e.g. alerts)
Multiple layouts are available: - User Interface - Search (criteria, results, preview) - Reports - Email fields - External web-services
> 35 types of fields (date, text, lists, documents, tabs, …)
- Control behaviour throughout workflow
- Content is and will always remain policy specific
Adding a new module in IMI
Internal market, Industry,
Entrepreneurship and SMEs
31
New workflow required
Implementation is fast (3-4 weeks) and highly qualitative due to semi-automated development:
Workflow specified in XML
Auto-generation of all configuration data for the IMI workflow engine (wf statuses, actions, transitions, permissions, …) - ready to be inserted in the database
Auto-generation of templates for Java classes
The development team can focus exclusively on the implementation of the business logic
Further available for all IMI users
Adding a new module in IMI
Internal market, Industry,
Entrepreneurship and SMEs
32
Example – new workflow for PQ Alert
Internal market, Industry,
Entrepreneurship and SMEs
33
Workflow described in XML format
Emails to be sent when this action is taken
Definition of one workflow action
Definition of who can take this action
Definition of the status resulting from this action
Status in which the action is available
How to log this action in the history
3
3
Internal market, Industry,
Entrepreneurship and SMEs
34
Workflow described in XML format
Users with access to the entry with personal data
Definition of view permissions for one status
Users with access to the entry without personal data
Users with access to the preview only
Status
Internal market, Industry,
Entrepreneurship and SMEs
35
Configuring a PQ Alert via MDMT
Internal market, Industry,
Entrepreneurship and SMEs
36
MDMT step 1. Select an existing workflow
Internal market, Industry,
Entrepreneurship and SMEs
37
MDMT step 2. define the content (fields)
Internal market, Industry,
Entrepreneurship and SMEs
38
MDMT step 3. Drag & drop fields to define
visual display, Search, Reports, …
Internal market, Industry,
Entrepreneurship and SMEs
39
MDMT step 3 (cont.) - Search
Internal market, Industry,
Entrepreneurship and SMEs
40
MDMT end result: user's detail view
Internal market, Industry,
Entrepreneurship and SMEs
IMI Demo
Internal market, Industry,
Entrepreneurship and SMEs
42
IMI demo
Content
Article 56 Repository of cases
Article 60 Notifications
Article 61 Request for mutual assistance
Internal market, Industry,
Entrepreneurship and SMEs
Contact: [email protected]
IMI website: http://ec.europa.eu/imi-net/
?
Top Related