SUPPORTING E-PLACEMENT: ACHIEVEMENTS IN THE

ITALIAN WORKFARE PROJECT

Mariagrazia Fugini^, Piercarlo Maggiolini*, Krysnaia Nanini^

^ Department of Electronics and Information (DEI), * Department of Management Engineering (DIG)

Politecnico di Milano, Piazza Leonardo da Vinci 32-I, 20133 Milano

Keywords: Employment, eGovernment, Information Systems, Cooperativeness, Public Administrations.

Abstract: This paper presents the basic developments and architectural issues of the Italian “Borsa Continua

Nazionale del Lavoro” (BCNL), an eGovernment project aimed at developing a Portal for Services to

Employment. It consists in a network of nodes structured at three main levels: the National level, managed

by the Ministry of Welfare; the Regional level, in which Regions are grouped in local federations in order to

interoperate, and the Provincial level, in turn structured as a federation of local domains. The federation is

the structural tool supporting proactive and reactive policies aimed at enhancing job-placement. The paper

describes each level, and the cooperation occurring in the domains and across levels. Advantages and

drawbacks of this architecture are discussed. Finally, the paper illustrates the basic issues related to security

and privacy in the networked environment, in particular presenting cooperative federated authentication.

1 INTRODUCTION

During the last few years, Government and Public

Administrations (PAs) felt the necessity to renovate

their relationship with the administered territory, in

terms of increased efficiency and efficacy both in

services and communication exchange towards the

users’ communities, such as individuals, companies,

Administrations (Chambers of Commerce, Public

Pension Offices, Local Governments, and so on).

For these reasons, eGovernment was conceived as a

tool to define and manage the relationships between

citizens and PA, and among PAs, through a capillary

and digitalized modernization of services.

EGovernment in Italy has been mainly delegated

to Regions, which are autonomously proceeding in

the implementation of public on-line advanced

services through the activation of Regional

Competence Centres. The achievement of

eGovernment processes requires much time and

various efforts to reach a standardization of the

electronic procedures, because eGovernment

comprises not only the digitalization of bureaucratic

procedures, but also many regulations on privacy

and user authentication; identification of minimal

levels of provisioning regarding social rights;

coordination and integration of ICT in local and

central administrations; protection of concurrency

and provisioning of institutional information.

One of the fields where eGovernment in Italy is

more fertile is related to Services to Employment. At

the beginning of the 1990’s, the ineffective status of

the National Public Employment System brought the

necessity for a radical change in services to

employment, where efforts were to be concentrated

not only in finding a job, but also in education,

professional training and job qualification.

Moreover, during the years 1996-97, some Local

PAs signed a partnership with the Ministry of

Welfare for engineering of new on-line service

network devoted to citizens, enterprises, and PAs

themselves. The first design of this network of

services led to the creation of the Networked

Employment Centres distributed over the regional

territories and Provinces to support the whole

employment, educational and training process

towards citizens. This way, the Regional autonomies

began to design their own Workfare Portals

providing the opportunity to automatically match job

Offers and Requests (O/R) over a territory of

competence. At the same time, the need arose to

integrate the local Workfare Portals within a unique

distributed and cooperative Information System (IS).

This paper gives an overview of the Italian

Project aimed at developing the distributed and

245

Fugini M., Maggiolini P. and Naninî K. (2006).

SUPPORTING E-PLACEMENT: ACHIEVEMENTS IN THE ITALIAN WORKFARE PROJECT.

In Proceedings of the Eighth International Conference on Enterprise Information Systems - DISI, pages 245-250

DOI: 10.5220/0002498502450250

 SciTePress

cooperative Web based IS supporting the

employment workfare. This project called “Borsa

Continua Nazionale del Lavoro” (BCNL) standing

for National Workfare Information System is framed

in the Italian National Plan of eGovernment started

in 2002. The goal of BCNL is to support real-time

electronic transactions through a network of Portals,

regarding job O/R in a virtual e-marketplace.

The project is not unique in its area of interest:

in Europe, many projects directed to Services to

Employment are active, one for all, the EURES

project (EURES, 2005). Recently, the Single

European Employment Marketplace (SEEMP)

launched by the EU (EEO, 2005; EIF, 2005) has the

purpose to create a network of Services to

Employment distributed all over Europe to increase

workers’ mobility in the EU and to stimulate the

renewal of competences, and knowledge within

European Member States and within the single

Countries.

This paper is organized as follows. Section 2

describes the BCNL project dedicated to e-

employment. Section 3 illustrates the problems

related to security and privacy in this project; some

solutions aimed at protecting personal data from

unauthorized manipulation are explained. Section 4

describes a proposal of integration of the BCNL into

the SEEMP project.

2 AN ITALIAN E-GOVERNMENT

PROJECT: THE “BCNL”

The BCNL is conceived as a National Network

providing advanced services to employment such as

the O/R matching in the job environment (BLL,

2004; Fugini et al., 2004). This distributed and

cooperative IS (Coulouris et al., 1994) is composed

of a cluster of logically and independent

applications and databases which collaborate to

pursue common objectives through a hardware and

software communication and interoperability

infrastructure (Hendrikse, 2003). Being cooperative,

the BCNL correlates pre-existing and autonomous

informative and application resources regarding

many subjects, both public (Pas) and private (e.g.,

work agencies). Advantages of this approach are the

autonomy of sites in local policies and in

technological choices. Drawbacks arise in the

management of the overall system, e.g., when

tackling problems of access to distributed

applications and databases, of ensuring that

individual data are unique, or when dealing with

data privacy and distributed user authentication

(CoopIS, 2005).

The main target of the BCNL is summarized in

Figure 1: it provides matching procedures among job

O/R loaded on the Workfare Portal. On one side, the

citizen who joins the marketplace publishes his

Offer in terms of Curriculum Vitae (CV) in a

standard format on the Web: personal data are

protected by Privacy Laws and can circulate in the

BCNL only upon the citizen’s (who is the owner by

default) explicit consensus. On the other side,

enterprises, or job intermediaries, publish their job

Requests, while preserving the privacy of their data.

The BCNL system, through a Search Engine,

searches the “best” match, and provides the results

back to the users. As an additional function, when an

individual is hired, the system communicates the

individual’s and enterprise’s data to the National

Pension Registry and to the Social Security Registry,

thus tracking the users’ social positions and updating

the National statistics about employment, using a

Data Mining engine. Besides citizens and

enterprises, other actors are involved in the system:

1) the Provincial Employment Centres (EC)

distributed on the territory, which are usually the

physical mediators between citizens and enterprises;

2) schools, institutions or universities, that can

promote re-qualification courses for workers, stages

and training programmes; 3) Regional and National

offices, which inspect data on market trends in order

to update statistics and to tune the system. To these

users, the Portal offers many advanced job search

functions or consultation of the most up-to-date

professions, or access to a Statistical Information

System (SIS) and a Data Warehouse.

The BCNL architecture is organized at three

levels:

1) the National level;

2) the Regional level of cooperative nodes of

Regions that have negotiated a cooperation

contract (Ciborra et al., 1987);

3) the Provincial level of cooperative nodes;

all the Provinces in a Region adhering to

the Regional domain must adhere to a

Provincial cooperation contract.

These levels interoperate through a dedicated

proprietary network built over the Internet for the

Web portion. Cooperative nodes are grouped in

domains, linked in a multilayer infrastructure. Figure

2 reports a simplified scheme of the interconnection

among the domains. At the Provincial level, each

Province in a Region is connected to all the

Provinces of that region via the Regional Node

which coordinates data exchange.

ICEIS 2006 - DATABASES AND INFORMATION SYSTEMS INTEGRATION

246

Pen s io n an d

Social Sec urity

Registries

Workers

Enterprises

and w ork

agencies

Workers ’

Regis tr y

(Private)

Job Offer

(Public)

Matc h O /R

Enterprises’

Regis tr y

(Private)

Job Re ques t

(Public)

Figure 1: Scheme of the BCNL (Borsa Continua Nazionale del Lavoro).

The second level links the Regions which coordinate

their Provinces, while referring to the National

Node, managed by the Ministry of Welfare. An end-

user (citizen, company, work agency, EC) can

access domain where the inserted data are made

visible. Such entry point node is considered the

subject’s competence (master) domain: each time the

subject accesses the BCNL from a different node, the

National level (which is in charge of subjects’

authentication), requires the subject’s credentials to

the master domain of that subject.

2.1 Cooperative Issues of the BCNL

Cooperativeness is one of the basic features of the

BCNL; therefore, distributed data are reachable from

any site, due to the adopted Web Service

technologies for interoperability based on Web

Services. Cooperativeness has various advantages

(Fugini et al., 2003). First of all, data stored in the

databases (available 24/7) can be accessed in an

interoperable way, via user Web Sessions through

Web Service technologies and interoperability

formats (i.e.: XML and JDBC for data).

Distributed transactions are granted to be

correctly executed and traced by the technical

components belonging to the Envelope of

eGovernment standard. Users are authenticated

through security mechanisms preserving the

autonomy of sites in defining their own security

policies. Such policies are defined within users’

profiles, according to which users can read and write

the authorized data only.

Applicative cooperation (Fugini et al., 2002) is

granted by the adoption of a pair of <Applicative

Gateway, Delegated Gateway>, together with a

Manager of Events, a Workflow Engine, a Web

Service Gateway, a UDDI Registry and a Service

Broker, as shown in Figure 3. All these components

are used in the same Web session. Each domain

communicates with other domains through the

Domain Gateway whose role is a proxy for access to

the applicative resources of the BCNL.

National

Level

Region 1

Region 2

Region 3

Region n

Region

Prov. 1

Prov. 2

Prov. q

Prov. 1

Prov. q

Prov. 1

Figure 2: The three levels of the BCNL.

Applicative Cooperation components

Applicati ve Gateway Delegate d Gate way

Service Broker

Manager of the E vents

Web Service Gateway UDDI Re gis try

Workflow Engine

Figure 3: Applicative Cooperation Components.

The Gateway function is twofold: it acts as an

Application Gateway whenever it provides data and

services, and as a Delegated Gateway, when it

invokes services or requires data.

The BCNL comprises front-end and back-end

functions (Figures 4 and 5). The Web based front-

end implements the end-user interface; it includes

multi-channel gateways (web, phone, and wireless

access). It manages both contents and layout of the

Website, and tracks the correct sequence of events

and queries sent to the Portal and forwarded to the

back-end portion.

SUPPORTING E-PLACEMENT: ACHIEVEMENTS IN THE ITALIAN WORKFARE PROJECT

247

The back-end manages the communications

among the network nodes, for example, for remote

access to databases, or for distributed application

execution, granting the correct execution and

sequence of operations, and managing error

messages if some operations could not be properly

concluded. It manages external communications to

provide cooperation among nodes and with other

analogous systems (e.g., Social Security, National

Healthcare IS, European Job Marketplace systems,

such as EURES).

Considering the issue of minimal requirements

for Private Job Placement Agencies and

Organizations (e.g., temporary work companies or

head hunters) to join the Portal, the interoperability

architecture includes a Passive back-end component,

located at each organization, sharing data with the

Portal. Such organizations are required to install in

their IS only a Web Service module, in order to

share data in the environment, according to a

standard format. This component is passive in that,

according to the Web Service paradigm, it reacts to

events forwarded by the Portal Web Services and

cannot start any conversation.

A further core component of the BCNL is the

distributed Search Engine. It executes the O/R

match spreading over the user-specified domains in

the e-marketplace. It retrieves the best matching

results as well as a set of results that partially fulfil

the requests, ranked according to a similarity rank.

Thus, subjects are enabled to explore a large set of

opportunities; meanwhile, the Portal is aware of the

most requested jobs and can update its internal

Statistical Information System and the research

criteria.

Content

m ana gem ent

Community

Multidevice

management

Layout

m ana gem ent

Web

m ana gem ent

Session

Management

FRONT END

Figure 4: Front-end components.

3 SECURITY AND PRIVACY

As mentioned in the previous sections, the

constitution of a federation at a National, Regional

and Provincial level, led to focus on the mechanisms

of users’ authentication to protect subjects’ privacy

(Chopra et al., 2003), according to the Italian law

196/2003. For this reason, our purpose is to provide

the description of a distributed end-user

authentication process in the BCNL. The case

regards, as an example, a worker, first registered in a

competence domain A, invoking a service offered by

domain B of the federation (Fig. 6). In the same

Web session, after the first authenticated access

operation, the worker requires access to a second

service offered by a different domain C in the net.

When the user, registered in domain A, connects to

domain B to invoke the service, domain B redirects

the user to the National domain which has been

designed as the node responsible for coordination of

the authentication process in the BCNL. The

National node presents a log-in mask where the user

fills in the credentials, currently a user-id and a PIN

code, which are checked by the competence domain.

A challenge-based mechanism is used by the nodes

for mutual authentication, in order to prevent

shadow server or repudiation issues. Once verified

the security credentials, the National Authentication

Server releases a SAML token (Bellettini et al.,

2004), that uniquely identifies the user. By using this

token, the user can access the desired service. If in

the same session, the user requires the service on

domain C, he is not required to re-insert the

credentials due to the Single Sign On (SSO)

technology adopted to implement the distributed

authentication and access control mechanism.

Through SSO, the user is authenticated only once

over the whole network: the SAML (Secure

Assertion Mark-up Language) Token, contains all

the information necessary to correctly authenticate

the user (Fugini et al., 2001).

ICEIS 2006 - DATABASES AND INFORMATION SYSTEMS INTEGRATION

248

ET L

Es traction

Transformation

Analysis and

Statistical

Productions

Data Mining

Engine

Database tier

Application Services

Presentation tier

Integration tier

Business tier

BCNL

services

Administrative

Services

Orientativ e

services

Stage

services

Figure 5: Back-end Components.

A second case of federated authentication is

shown in Fig. 7. An Enterprise requires access to a

service offered by the National node. The hypothesis

is that the user is registered in the National Pension

registry (INPS). The user gets connected to the

National node where it is specified that the user’s

data are collected in the INPS Registry. The

National node delegates the authentication procedure

to the INPS node; the user inserts his credentials.

After the check and the positive result, the INPS,

which is the other node in the BCNL network

enabled to release authentication tokens, generates

an INPS token and sends it to the National domain.

This last one authenticates the user and provides the

user with the SAML token. Once in possess of the

SAML, the enterprise is now authorized to use the

requested service. The federation of domains

constituting the BCNL must guarantee the minimal

requirements of authentication in the interactions

using encrypted channels (e.g., using the SSL-3

protocol), or digital certificates applied on the

Domain Gateways to control the correct provenience

of the messages. These mechanisms are

implemented to protect truthfulness of the

connections and the data stored in the Data

Warehouses linked through the Database tier. The

technical issues of the Portal BCNL adhere to the

indications of the Envelope of eGovernment,

promoted by CNIPA (CNIPA, 2002), the National

Centre for ICT in PAs.

User

registered

In Domain A

Authenticatio n

Web Server

SSO

Cens us

Domain A

Application in

Domain B

Service request

RedirectLog-in mask

Log-in Credentials

Check and resultSAML

SAML

Service

Figure 6: Sequence diagram describing cooperative user's

authentication.

Authenticator

with

token

generator

Only

token

generator

Service

provider

National Domain

Pension

re g is try

Figure 7: Cooperative authentication of an Enterprise

accessing a service of the National node.

4 TOWARDS INTEGRATION OF

THE BCNL IN A EUROPEAN

FRAMEWORK

In Europe, the situation of eGovernment varies from

Country to Country; however, each Member State

started specified programmes dedicated to

eGovernment (Kubicek et al., 2000; Lenihan, 2002).

SUPPORTING E-PLACEMENT: ACHIEVEMENTS IN THE ITALIAN WORKFARE PROJECT

249

Differences are not only about territorial policies but

also even in the level and model of services provided

to citizens (Liikanen, 2003). Services towards

companies are more developed than those directed to

private citizens. This is partly due to the limited

access to large band Internet by citizens and also to

low Internet security. Also in Europe, one of the

most developed services concern employment

services to citizens and companies. A proposal exists

to connect the BCNL into a European Workfare IS.

In such streamline, the EU recently launched a new

project on e-employment called SEEMP (Single

European Employment Market Place). It is a

definition of a further level of the BCNL: people can

become more visible on the market through the

publication of their O/R all over Europe. SEEMP

adheres to the new EU policies of federalism and

power decentralization. It is aimed at designing and

implementing an interoperability architecture for

public e-Employment services which encompasses

cross-governmental business and decisional

processes, interoperability and reconciliation of local

professional profiles and taxonomies, semantically

enabled web services for distributed knowledge

access and sharing. Moreover, the efforts to be made

in SEEMP imply the integration and the unification

of the data format and of the services semantics, by

means of ontologies. Security is treated considering

the privacy laws in the EU, and is based on token

passing mechanisms and SSO. SSL will be the basis

for encryption, but smart card authentication will be

experimented. Database security in a shared

environment is also a basic issue that is going to be

treated via distributed views and protected JDBC

connections. Physical security will be provided

through ad hoc firewall based architecture. A

challenging issue is the harmonization of security

policies, and their expression (e.g., through WSDL,

WSMO, or WS policy). The first outcomes of

SEEMP will be available by June 2006.

REFERENCES

Bellettini, C. and Fugini, M., (eds) 2004. Security in

Distributed Information Systems: Trends in Methods,

Tools and Social Engineering, IDEA Book Publishing

BLL: Borsa Lavoro Lombardia, 2004

www.borsalavorolombardia.net

Chopra, K. and Wallace, W.A., 2003. Trust in Electronic

Environment, in Proceedings of the 36

Hawaii

International Conference in System Science, Hawaii

Ciborra, C. and Gasbarri, G. and Maggiolini, P., 1987.

System Design for Local Authorities: Participation

Based on ‘Information Contracts’, in System Design

for Human Development and Productivity:

Participation and Beyond, P. Dockerty, and Fuchs-

Kittowsky, and Kolm P. and Mathiassen L. (Eds),

North-Holland, Amsterdam

CNIPA, 2002. Handbooks, Network Services offered on

websites by Italian Regions and Autonomous

Provinces, July

CoopIS, 2005. Proceedings of Cooperative Information

Systems Conference, Cyprus, November, Springer

Verlag

Coulouris, G. and Dollimore, J. and Kindberg, T., 1994.

Distributed Systems, Concepts and Design, Addison-

Wesley

EURES, European Employment Service, 2005.

www.europa.eu.int/eures

EEO, European Employment Observatory, 2005. www.eu-

employment-observatory.net

EIF, European Interoperability Framework, 2005.

www.europa.eu.int/idabc

Fugini, M., and Maio, F., and Plebani, P., 2001. Sicurezza

dei sistemi informatici, Apogeo

Fugini, M. and Mezzanzanica, M., 2003. Development of

a Security Methodology for Cooperative Information

Systems, 11th European Conference on Information

Systems, Naples, June

Fugini, M. and Mezzanzanica, M., 2004. An Application

within the Plan for E-Government: the Workfare

Portal, in Annals of Cases on Information Technology,

volume 6, IDEA Group Publishing, pp. 59-89

Fugini, M. and Plebani, P., 2002 A Methodology for

Development of Trusted Cooperative Information

Systems. In Conference on Information Resource

Management, Seattle, May

Hendrikse, G.W.J., 2003. Governance of Chains and

Network: a Research Agenda, Journal of Chains and

Network Science, 3 (1), 1-7

Kubicek, H. and Haegen, M., 2000. One stop-Government

in Europe: an Overview, in COST Action A 14

Government and Democracy in the Information Age,

Working Group “ICT in Public Administration”,

Bremen

Lenihan, D.G., 2002. Realigning Governance: from e-

Government to e-Governance, Centre for

Collaborative Government, Ottawa, April

Liikanen, E., 2003. E-Government and the European

Union, Upgrade, Volume IV, N° 2, April

ICEIS 2006 - DATABASES AND INFORMATION SYSTEMS INTEGRATION

250