White Paper

Connected Government
Cloud Enabling Public Services
The Importance of Functional and Nonfunctional Requirements in
Building a Multi-tenanted Digital Government Stack

http://wso2.com Version 1.2 (April 24, 2014)

 White Paper

Table of Contents
eGovernment and the Move Towards Cloud................................................................................................................................................03
Think Global, Act Local................................................................................................................................................................. 03
1. Model A - Centrally Owned and Managed.................................................................................................................04
2. Model B - Centrally Owned, But Locally Managed.....................................................................................................04
3. Model C - Locally Owned and Managed....................................................................................................................05
With Great Power Comes Great Responsibility............................................................................................................................ 05
Major Functional and Nonfunctional Requirements of a Typical Multi-tenant eGovernment Application................................................. 06
The Challenge of Functional and Nonfunctional Requirements................................................................................................... 06
Customizable Business Rules........................................................................................................................................................ 06
Customizable Workflows.............................................................................................................................................................. 06
Theming and UI............................................................................................................................................................................ 07
System-wide Auditing................................................................................................................................................................... 07
Customizable and Dynamic Forms................................................................................................................................................07
Document Storage and Versioning............................................................................................................................................... 08
Identity Management, Roles, and Access Control........................................................................................................................ 08
Customizable Reports................................................................................................................................................................... 08
Data Migration and Integration.................................................................................................................................................... 08
Field, Mobile Access, and API Management.................................................................................................................................08
Master Data, Semi Master Data, and Local Data.......................................................................................................................... 09
Localization................................................................................................................................................................................... 09
Dashboards and User Preferences................................................................................................................................................09
Hierarchical Governance Model and Sub Tenants........................................................................................................................ 09
Scheduling.................................................................................................................................................................................... 10
G2C, C2G and Citizens Portal........................................................................................................................................................ 10
Towards an Enterprise-grade e-Government Solution................................................................................................................................. 10
WSO2 Cloud and WSO2 Private PaaS........................................................................................................................................... 10
WSO2 Product Mapping to Digital Government Requirements................................................................................................... 13
Summary.......................................................................................................................................................................................................16
Glossary........................................................................................................................................................................................ 16
References.................................................................................................................................................................................................... 17

2
http://wso2.com
 White Paper

eGovernment and the Move Towards Cloud

In a nutshell, eGovernment refers to “the utilization of Information Technology (IT), Information and
Communication Technologies (ICTs), and other web-based telecommunication technologies to improve
and/or enhance on the efficiency and effectiveness of service delivery in the public sector” (Jeong, 2007).
eGovernment is a combination of technologies that improves the delivery of information and services to
government stakeholders and citizens, thus paving the way for more efficient community.

Source: XKCD (http://xkcd.com/908/)

Cloud computing provides a government with a compelling technology vision - a massive pool of
technology resources, without having to worry about ownership, capital costs, or maintenance. With the
introduction of cloud computing, eGovernment initiatives around the world are starting to see a new
dimension, where the focus is more on the delivery of technology to end consumers.

Think Global, Act Local

Local government (LG), also known as local authorities, state, federal, city, borough or municipal
government, among others, is often the closest authority that works with people, in terms of proximity and
value. It is a vital component, often independent of national government, that works towards the improved
social, economical, and political structure of the community it represents.

3
http://wso2.com
 White Paper

Local Govt. Dept.

LG x
LG x
branch
Local Govt. Dept.

LG x LG y
Field Mobile
Citizen’s
VPN
Portal Citizens
LG x X
LG y

Secure
Network Internet

Citizen’s
Portal Citizens
Y

National Users,
Consolidation
Application Cluster

Private
Cloud

Gov Data Center

3rd Party Systems

Figure 1: Business architecture of a typical public services system

In Figure 1, LG(x) and LG(y) are different local government entities consisting of customized LG applications,
accessed by departmental users via a secure network. Citizens of the relevant LG bodies will access a
‘Citizen’s Portal,’ again in a multi-tenanted manner.

Based on the level of autonomy and its linkage to central government, eGovernment can be viewed in
three different perspectives. For clarity, let’s divide them into three different models:

1. Model A - Centrally Owned and Managed

Systems are centrally owned but locally governed - a nation-wide system is implemented where each local
government is a tenant in the system and have basic to advanced level of customizability. Most policies
are set at national level and pushed to local government level. In technical terms, the central government
provides a Software as a Service (SaaS) model to local governments.

2. Model B - Centrally Owned, But Locally Managed

Systems are centrally funded, but implemented at local government level. These are instances where
the central government funds infrastructure for the local government to build as seen fit. In technical
terms, the central government provides a Platform as a Service (PaaS) to local governments, and local
governments can deploy their own applications and services on top of it. This is often seen in regions where
funding is approved through the central government, which in turn creates the infrastructure so local
governments can have their own implementation on top of it.
4
http://wso2.com
 White Paper

3. Model C - Locally Owned and Managed

Systems are deployed at local government level without any involvement from the central government. In
this instance, hosting and infrastructure are handled by the local government.

Each of the above categories have their own set of advantages and challenges. The preferences of
the above models also change from country to country, and region to region. At a glance, the possible
advantages of the cloud for eGovernment are, but not limited to

• Central management, thus providing a consistent and transparent system across LG that
implements national policies (Model A)
• Local governance, thus providing enough flexibility to create and implement local policies for the
locality (Model B, C)
• Provides the central government with the ability to adapt innovative pricing models, such as the
SaaS ‘pay-as-you-go’ model, based on actual usage by local governments and/or citizens (Model A)
• Provides the central government with the ability to seamlessly push updates to local governments,
whilst allowing local governments to create or configure new features at local level (Model A)
• Facilitates horizontal and vertical sharing of data, services and facilities (Model A, B)
• Provide a low IT footprint with low cost of operations, where infrastructure and knowledge can be
shared across government agencies (Model A, B)
• Provide a low TCO entry point for government agencies to automate and IT enable their services,
with a faster time to market (Model A, B, C)
• Better and more interactive G2G, G2B, and G2C services (Model A, B, C)

With Great Power Comes Great Responsibility

The introduction of cloud computing and SaaS has had a significant impact on eGovernment, for the better,
or sometimes for the worse. At a national level and local level, there has been enough debate on security
and data privacy of government data sitting in public clouds outside the country. A local government system
introduces an additional level of data privacy concerns - this time between local government bodies.

Along with the need to evaluate the best approach - be it public, private or hybrid clouds, focus on
stringent security policies, government certification, and accreditation is also of utmost importance.
A move towards cloud with data hosted on public infrastructure means these risks need to be adequately
addressed. In the US, for instance, The Federal Risk and Authorization Management Program (FedRAMP)
[3] is a government initiative that provides a standardized approach to security assessment, authorization,
and continuous monitoring for cloud products and services. As widely stated, “the whole is greater than
the sum of its parts” and eventually a centrally governed, certified, or accredited security solution that can
be adapted at a local level would provide a stronger security solution for eGovernment.

5
http://wso2.com
 White Paper

Major Functional and Nonfunctional

Requirements of a Typical Multi-tenant
eGovernment Application
The Challenge of Functional and Nonfunctional
Requirements
Functional requirements are those set of features that a system implements - as the name suggests, this
would usually be the set of functionality that the system provides. In essence, it relates to ‘what the system
does.’ As would be expected, these are the set of functionalities that are readily visible as features or
functions of a system.

Nonfunctional requirements (NFR), on the other hand, are a set of additional requirements that determine
‘how a system works in practice’. NFRs are the often hidden set of requirements that run the system, such
as “the number of concurrent users that can access the system” or “the maximum amount of time a report
can take to render.”

As applications and their architecture become more complex by the day and as more and more applications
start moving towards the cloud, nonfunctional requirements start becoming the key set of requirements
that need to be satisfied in order to ensure successful implementation. NFRs have become the key set of
issues that enterprise architectects, DevOps, and implementers face in the move towards cloud-based
systems.

A number of challenges exist, regardless of the type of eGovernment application being built - centrally
managed or locally managed.

Some of the generic challenges that need to be met when building an eGovernment solution are listed
below:

Customizable Business Rules

Business rules are bound to change at LG level, hence calling for tenant-specific business rules. For instance,
the assessment tax for a Municipal Council in Colombo, Sri Lanka would be different from the assessment
tax rate in Negombo, Sri Lanka. The structure of business rules that consist of the actual logic and operators
would have to change based on changes in policy, etc. while rule values should be configurable by non-IT
users via an intuitive interface.

Customizable Workflows
eGoverment is usually characterized by complex workflows and business logic, determined and governed
at state and local government level. For instance, the application for the construction of a condominium
in Lyngby would have to go through a workflow of 10 steps including authorizations for two different
authorities, while the same application in Copenhagen would require 12 steps, but with no outside
authorizations required. Along with the number of nodes or steps in the workflow being individually
6
http://wso2.com
 White Paper
configurable, the number and level of human participation would have to change as well. Hence, the
requirement for a tenant level workflow implementation is present.

Source: Geek & Poke

(http://geekandpoke.typepad.com/geekandpoke/2009/03/let-the-clouds-make-your-life-easier.html)

Theming and UI
Each tenant would uniquely represent an LG or state - hence the web application that is presented would
have to have the look and feel of the LG, including its color scheme, logo, custom banner and, in some
cases, custom-static content.

System-wide Auditing
System admins and product owners would require system wide auditing to figure out how the system
is used. More importantly, local government legislation might call for audit trails of BAU operations and
custom KPI monitoring for LG. A tenant admin needs to be able to view all transactions that have taken
place in report formats that can be shared.

Customizable and Dynamic Forms

An LG would need to have its own set of forms. The multi-tenanted eGoverment solution would in most
cases be replacing a manual, paper-based process of collecting information, and these forms would be
uniquely designed to capture information required for the LG, which would be quite different from other
LGs in most situations.

7
http://wso2.com
 White Paper

Document Storage and Versioning

At local level, documents, such as building plans, blueprints, licenses, and applications need to be stored
per tenant. Documents would have to be versioned and can be attached to various states of a workflow as
well. These documents need to be accessed by different SOA components like services, workflows, rules,
etc.

Identity Management, Roles, and Access Control

Each state or LG would have a set of citizens that belong to that division who have access to their own local
government portal. Government officials of the state would have restricted access to the LG tenant and
would not have access to other tenants and their data. This would call for role-based, resource-level, or
data-level access control and granular authorization.

There can be national government requirements on the number and types of roles, which can be fixed and
replicated between tenants; in addition, new roles will be created at LG level as well.

In a complex scenario, a user might have property in two states - in a more complicated scenario, a local
government might be split into two bodies, which would mean all users now would belong to a newer
authority.

Customizable Reports
Reports are key to any eGovernment application, which also usually enable the linkage between the
automated process and manual process. Conventional eGovernment applications that are just converting
to an automated environment might still have the need to officially maintain a signed, paper artifact in the
form of a report. There just might be the requirement to send a printed version for filing by a higher official
as well - all in all, reports are a must.

Different tenants would have the requirement of having a different kind of report. The need to create ad
hoc queries resulting in reports, exportable reports to PDF, spreadsheets, etc. exist as well. Reports need to
be designed and deployed by the LGs while the access control logic needs to be handled by the backend.

Data Migration and Integration

LGs would often have large amounts of operational data and records, either on paper reports, forms or
in digital form on spreadsheets and simple databases. With the introduction of a new system, these data
need to be imported to ensure a historical trail of information. Each LG might have different types of legacy
systems, thus calling for an automated framework for integration and migration, sometimes involving
custom integration implementation.

Field, Mobile Access, and API Management

Field officers of LG would require to access a subset of applications and services via mobile devices. In
addition to exposing and managing mobile services, the system would also have to manage and govern
APIs that can be different platforms for integration.
8
http://wso2.com
 White Paper

Master Data, Semi Master Data, and Local Data

With a multi-tenanted approach, the categorization of master data plays an important role. Some master
data, such as the nation-wide taxation values, a list of all cities, etc., need to be governed at a central level,
while data such as an LG’s assessment tax need to be maintained at LG level and differs from LG to LG.

Localization
LGs of the same nationality in some parts of the world would use different languages for operations, thus
the localization can be managed centrally or locally. However, even within the same language, the official
terminology for an asset or entity may differ between LGs. This calls for LG governed localization as the
preferred mechanism.

Dashboards and User Preferences

Workflows are key items in eGovernment applications, and the ability to view one’s outstanding workflow
items, notifications and messages and what not is key in providing the ultimate level of efficiency.
Dashboards act as the central portal where scheduled tasks, notices, and workflow items are shown to
business users.

Hierarchical Governance Model and Sub Tenants

The national governance structure is usually hierarchical - there might exist the requirement to consolidate
or aggregate data and information based on this hierarchy. Another consideration is on whether horizontal
sharing of data between LG are required.

Organization of the Empire

The Emperor

Advisors

Moffs and
Compnor
Grand Moffs

Planetary
Ubiqtorate Military Bureaucracy
Governors

Figure 2: A section of the governance model of the Galactic Empire in Star Wars

Source: Star Wars - Sw1wiki [3]

9
http://wso2.com
 White Paper

Scheduling
Many aspects are required to be executed as scheduled tasks that run at given time periods - for instance,
the assessment tax and relevant fines of one LG would be calculated at the end of each quarter, while the
same would be calculated monthly at another LG; however, both would be scheduled to run in the specific
period at setup time.

G2C, C2G, and Citizens Portal

WIth local government applications being performed online, citizens of the area require a multi-tenant
portal solution that allows them to apply for applications online, make payments, check application
and license status, and perform basic G2C and C2G interactions. The portal needs to be deployed and
customizable per LG with CMS like features to reflect the state of each LG.

Towards an Enterprise-grade e-Government

Solution
To make cloud adoption a reality, cloud architects need an enterprise scale PaaS framework, which has
the flexibility to support the deployment requirements of the organization. This PaaS framework needs to
be flexible enough so that it can be deployed in a public cloud integrating with various Infrastructure as a
Service (IaaS), a private or hybrid cloud, or on-premise.

WSO2 Cloud and WSO2 Private PaaS

WSO2 Private PaaS (formerly “Stratos”, currently in the incubator phase becoming Apache Stratos at the
time of writing) is the most complete, enterprise-grade cloud solution, offering an open PaaS. WSO2 Private
PaaS is a complete, multi-tenant, self-service, metered, middleware cloud for complex, enterprise-ready
projects.

WSO2 Private PaaS supports heterogeneous environments in the cloud, both through the new plug-in
simplicity of adding third-party cartridges, and expanded support for IaaS platforms that enterprises run
today.

10
http://wso2.com
 White Paper

WSO2 Private PaaS (Platform as a Service)

Application Platform Middleware Containers and Services

Carbon Carbon
Other Any
Enterprise Application PHP
Carbon Pluggable
Service Bus Server Cartridge
Cartridges Cartridge
Cartridge Cartridge

WSO2 Private PaaS Foundation Services

Relational Column File Task

Message Logging Security Registry Billing
Data Storage Storage Mgmt
Service Service Service Service Service
Service Service Service Service

WSO2 Private PaaS Controller

Elastic Cloud Artifact PaaS Service

Deployment
Load Controller/ Distribution Management Load
Synchronizer
Balancer Auto-scaler Service Console Monitor

Infrastructure Cloud (EC2, vmWare, Rackspace, OpenStack, Eucalyptus, etc.)

Figure 3: WSO2 Private PaaS components

Giving you all the power of cloud, WSO2 Private PaaS includes the WSO2 Apache Stratos PaaS Foundation;
all pre-integrated, cloud-ready, and fully multi-tenant WSO2 Carbon middleware products; and cartridges
for PHP, TomCat and MySQL.

Developers and third-party vendors also can develop their own cartridges through the use of jclouds – an
Apache incubator project – and it also offers the ability to run on almost any IaaS cloud, including SUSE
cloud and other OpenStack-based offerings, VMware, Eucalyptus, and Amazon Elastic Computing Cloud
(EC2).

The WSO2 platform (as shown in Figure 4) consists of 100% open-source products that span the entire
breadth of SOA, yet remain lean, simple, and easy to use and inexpensive. All products are built on a
common foundation called WSO2 Carbon - a modular, reconfigurable, elastic, OSGi-based architecture.
This creates a strong stable base for building large-scale enterprise applications, as well as integrating with
legacy and existing applications.

11
http://wso2.com
 White Paper

Storage Server

Figure 4: WSO2 middleware stack

A core advantage of WSO2 Private PaaS is the fact that the same set of middleware applications,
components, and services shown in Figure 4 can be deployed in various deployment models, including
public cloud, private cloud, hybrid cloud or locally, on-premise.

Stratos
StratosLive
Private PaaS
Public PaaS

Choose a deployment
Storage Server option, or create a
hybrid cloud by
combining deploymet
options.

(Same programming
model is used across all
Carbon deployment choices)
On-Premise

Figure 5: WSO2 middleware deployed in various modes

12
http://wso2.com
 White Paper

WSO2 Product Mapping to Digital Government

Requirements
A simple product matrix is given below, which shows how WSO2 components can be mapped against the
requirements given above.

WSO2 Component Core Use Requirement Mapping

WSO2 Application Server
(WSO2 AS)
Single tenant aware application
Applications can be built as a
single tenant aware application
where each LG has its own
database, schema or partition
and multi-tenancy is handled at
application level. The advantage
of this approach is the ease of
pushing application updates
across all LG, as just one instance
needs to be updated.

Tenant-specific applications Alternatively, a custom

application can be deployed for
each LG as well. The advantage
of the latter approach is that
LG-specific custom modules can
be built to cater to the specific
requirements of an LG – for
instance, if one LG wants to invest
in a module to manage public
utilities, it can then build and
deploy it in its own space.

WSO2 Enterprise Service Bus Message transformation between Message transformations

(WSO2 ESB) core application and ancillary between the core applications
applications and legacy applications are just
one part of the problem – the
application also would need to
handle upcoming services.

Scheduling, end of day processes LG often have scheduled services,

for instance end of day processing
of all payments, which can be
called as a scheduled service from
the ESB. Again, a multi-tenant ESB
would call different scheduled
services based on the tenant.

13
http://wso2.com
 White Paper

WSO2 Business Rules Server
(WSO2 BRS)
WSO2 Business Process Server
(WSO2 BPS)
WSO2 Business Activity Monitor
(WSO2 BAM)
Custom rules for LG
Custom business processes and
workflows
LG-wide or nation-wide auditing
LG-specific business rules can
be stored in a multi-tenant
manner. Hence, the same rule, for
instance a LG building tax rule can
have different implementations
at LG level and different
implementation at national level.
An advanced use case that we
have come across is the need for
LG admin users to create new
rules. The WSO2 BRS supports
rules written in Drools being
deployed at run time.
Stateful or stateless long-running
business processes are written in
BPEL 2.0 with human task support
and can be deployed per tenant
for LG-specific workflows or at
super-tenant level for nation-
wide workflows. Task escalations,
assignment to people or roles,
and task deadline management
can be carried out integrating
with WSO2 IS or by implementing
a custom solution.
Auditing or operational BI can be
a legal requirement to monitor
all transactions, both at local
level and national level, which
is supported by WSO2 BAM.
WSO2 BAM can monitor other
servers as well, allowing admins
to take action based on server
performance. Furthermore, KPI
monitoring can also be carried
out for monitoring performance
of users and the LG itself.

WSO2 API Manager (WSO2 APIM) Service and API management Eventually a digital government
system will expose a number
of services as APIs to users,
developers, mobile devices, etc.
APIM is able to create, publish,
discover, and govern API usage.

14
http://wso2.com

WSO2 Elastic Load Balancer
(WSO2 ELB)
WSO2 Identity Server (WSO2 IS)
WSO2 Private PaaS Management
WSO2 App Factory
http://wso2.com
White Paper
Intelligent load balancing
Management of users, roles, and
federated identity
Management of tenants
Compliance-based application
lifecycle management
Elastic load balancing enables
nodes to scale elastically in
conjunction with the IaaS layer,
depending on various load
balancing parameters. WSO2
nodes/components can be
deployed as manager and worker
nodes. Another useful feature is
to do tenant aware load balancing
where some LG would require
more resources compared with
other LGs.
A national system can allow LG
to sign up in a self-sign-up mode,
in which case they would have
to be validated at sign up time.
Else, a manual LG/tenant creation
process can exist where a super
admin at national level creates
the local government tenant,
which in turn instantiates the
other relevant services as well.
A national system can allow LG
to sign up in a self-sign-up mode,
in which case they would have
to be validated at sign up time.
Else, a manual LG/tenant creation
process can exist where a super
admin at national level creates
the local government tenant,
which in turn instantiates the
other relevant services as well.
The LG can implement App
Factory as a complete application
lifecycle management solution,
which incorporates the LGs
SLAs, compliance and policy
framework. This would then
ensure that government
applications built through this
process follow a set of enforced
guidelines.
15
 White Paper

Users and Roles Multi-tenant

Fine grained access DB and Registry

Multi-tenant
Identity Server
Custom configurations
- Tax Rates
- LG specific rules

Application Logic
Dynamic Forms

Tenant Aware Super Tenant

Application Workflows
(Single Tenant)

Custom Workflows
Multi-tenant LA specific documents,
Application DB - Blueprints
- Assessments
- Licenses

Transparency Tenant Aware

Component-wide Auditing
Audits Multi-tenancy
Tenant Governance

Figure 6: Sample eGovernment solutions architecture with WSO2 components

Summary
Cloud-based architectures are fast becoming the de-facto solution for digital governments. National
and local government that are capitalizing on the cloud infrastructure are starting to reap benefits with
improved G2G, G2B, and G2C services. WSO2 Private PaaS, the enterprise-grade cloud solution coupled
with WSO2 middleware, offer a myriad of inbuilt services and features that provide an ideal platform
to build flexible, scalable, well-architectured cloud solutions at a faster time to market, enabling digital
connected government at its best.

Glossary
Acronym Abbreviation
CMS Content Management System
G2C Government to Citizen
C2G Citizen to Government
G2B Government to Business
G2G Government to Government
BAU Business as Usual
KPI Key Performance Indicators
SaaS Software as a Service
PaaS Platform as a Service
IaaS Infrastructure as a Service
API Application Programming Interface
BPEL Business Process Execution Language
16
http://wso2.com
 White Paper

References
[1] Dimaio, Andrea, “Digital Government is little else than making e-government work”, Sep 2013,
http://blogs.gartner.com/andrea_dimaio/2013/09/18/digital-government-is-little-else-than-making-
e-government-work/

[2] Jeong Chun Hai @Ibrahim. (2007). Fundamental of Development Administration. Selangor: Scholar Press.
ISBN 978-967-5-04508-0

[3] http://cloud.cio.gov/fedramp

[4] http://sw1mush.wikia.com/wiki/Galactic_Empire

17
http://wso2.com
 White Paper

About WSO2
WSO2 is the only company that provides a completely integrated enterprise application platform for enabling
a business to build and connect APIs, applications, Web services, iPaaS, PaaS, software as a service and legacy
connections without having to write code; using big data and mobile; and fostering reuse through a social enterprise
store. Only with WSO2 can enterprises use a family of governed secure solutions built on the same code base
to extend their ecosystems across the cloud and on mobile devices to employees, customers and partners in
anyway they like. Hundreds of leading enterprise customers across every sector—health, financial, retail, logistics,
manufacturing, travel, technology, telecom and more—in every region of the world rely on WSO2’s award-winning,
100% open source platform for their mission-critical applications. To learn more, visit http://wso2.com or check out
the WSO2 community on the WSO2 Blog, Twitter, LinkedIn, Facebook, and FriendFeed..

Check out more WSO2 Whitepapers and WSO2 Case Studies.

For more information about WSO2 products and services,

please visit http://wso2.com or email bizdev@wso2.com
18