Accelerated Information Sharing for Law Enforcement (AISLE) Using Web Services

Bob Slaski, V.P. Product Development Gerry Coleman, Director Advanced Technology Systems Wisconsin Crime Information Bureau 7915 Jones Branch Drive P.O. Box 2718 McLean, VA 22102 Madison, WI 53701-2718 [email protected] [email protected] Office: 703.720.7480 Office: 608.266.0872 Fax: 703.917.4201 Fax: 608.267.1338

Abstract 1.1 Sharing Information Information sharing is the defining principle for To support the increased demands of public safety and Web Services is the technology best information sharing in the post September 11th positioned to facilitate sharing and lower costs. The era, the national public safety and criminal justice National Law Enforcement Telecommunication System technology infrastructure needs massive overhaul. (NLETS) provides a network for criminal justice Law enforcement officers and intelligence agents information exchange throughout North America. must be able to determine if terrorist information NLETS is defining new standards based upon XML is maintained in the databases of the Federal and Web Services under the Accelerated Information Bureau of Investigation (FBI) or the United States Sharing for Law Enforcement (AISLE) Project. AISLE deployed an XML Message Router (XMR) which Secret Service, or in the tens of thousands of local provides operational Web Services capabilities. The police record systems. AISLE Project developed and published detailed 1.2 Lowering Costs specifications based upon a broader Justice XML Data Dictionary. Initial Web Services provided partner Further impetus for a criminal justice agencies with guaranteed message services technology infrastructure overhaul is the obvious functionality and interoperability with existing systems cost savings associated with Internet-based by providing bi-directional legacy transaction technologies during a time of budget shortfalls. transformation capabilities. AISLE uses a self-defining Tens of thousands of municipal, state, and federal XML transaction with Web Services Attachments to systems are already linked by a vast, private support legacy image transfer. Future efforts will focus telecommunication infrastructure built on Internet on more distributed Web Services as well as Web Services Security. protocols for law enforcement use. Leveraging this existing infrastructure will create economies Keywords: public safety, integrated justice, of scale that will benefit the law enforcement security, attachments, XML Message Router. community and, as a result, the entire country. 1.3 Streamlining Justice Processes

The nation’s renewed focus on homeland 1.0 Industry Challenges security highlights the need for seamless Information sharing is the defining principle integration of and distributed access to disparate for effective homeland security. To help defend law enforcement information systems. Already, against terrorism and protect the lives of all criminal justice integrated justice systems that Americans, criminal justice and law enforcement streamline complex, duplicative justice processes organizations must be able to efficiently and (from enforcement through parole and probation). accurately share data and exchange intelligence across jurisdictional boundaries. multinational corporation that has strong control 1.4 Providing Mission Critical Service over internal operations and subcontractors. Most law enforcement interactions are based on unpredictable and, in many cases, 2.0 Role of XML and Web Services uncooperative encounters. There is a need for The technologies best positioned to enable highly accurate and timely information because of information sharing throughout law enforcement potential risks to officers during a very short are XML and Web Services. The broad adoption encounter. of these standards-based technologies will allow pervasive and efficient communications and lower 1.5 Improving Security the cost of maintaining the current Security concerns are critical issues to all law communications infrastructure. enforcement agencies. The current system largely 2.1 Adopting XML and Web Services relies on a private network for security and established procedures and relationships. New Like many organizations, National Law security standards offer the potential for greatly Enforcement Telecommunication System improved security on the private network and the (NLETS) adopted XML several years ago as the potential to leverage lower cost public networks. basis for future transactions but has only recently The implementation of an automated security begun operational deployment. NLETS delayed framework must address the laws associated with implementation of XML transactions until it the release of law enforcement information which identified a more effective transport for XML vary considerably from state to state. New transactions. Historically, NLETS had used an technology must provide safeguards for privacy asynchronous guaranteed delivery data exchange which often applies to information such as model with specialized TCP/IP socket level criminal history and juvenile offenses. communications (or legacy binary synchronous data link communications) and text-based 1.6 Supporting a Diverse Community transactions with data formatted as field value Individual federal, state, county, city, and tribal pairs reminiscent of older synchronous terminal law enforcement organizations must be able to transactions (See Figure 1). Now, NLETS is communicate in a very timely and accurate using Web Services to provide an open manner despite the variations in technology and framework for standardized transport consistent modernization cycles. This situation presents a with the loosely coupled nature of the law dramatically different set of problems than might enforcement community. be seen in a more highly controlled environment, such as the interactions that might occur in a large

OSI Layer NLETS AISLE Web Services Application NLETS Applications NLETS Applications Presentation NLETS Native Messages XML,WSDL, MIME

Session NLETS TCP/IP Protocol Web Services (SOAP)

Transport Bisync TCP TCP Network Bisync IP IP Data Link Frame Relay Frame Relay Physical Frame Relay Frame Relay

Figure 1. NLETS and AISLE Web Services Protocol Profile operator was eliminated, and the task of 2.2 Realizing Web Services Benefits interpreting response data was pushed to the With XML and Web Services, law officer on the street. This resulted in difficult enforcement communications will likely evolve situations as officers were trying to interpret from a proprietary “switch-centric” increasingly complex transactions while communications model to a more distributed engaged in potentially dangerous encounters that standards-based system. At the state level, the demanded their full attention. adoption of XML and Web Services will allow 3.2 Law Enforcement Information public safety organizations to fully and effectively participate among the increasing Needs number of automated, integrated criminal justice To complicate matters, the law enforcement systems. Furthermore, the adoption of industry community has two distinct sets of users with standards will enable the law enforcement very different needs. The primary users are community to leverage the benefits, police forces. Police require very timely, advancements and investments of industry accurate, and simple information. During a leading technology companies. Advancements citizen law enforcement encounter, the level of in the areas of Web Services Security and Web information required is the equivalent to that Services Attachments will be especially useful provided by a traffic signal – go, caution, stop. to the law enforcement community in the future. Access to photo images and wireless access are highly desirable. In contrast, investigators need 3.0 Background as much information as possible, even if it is less Law enforcement networks evolved using two accurate or less timely. The investigative model very different models. As the national “carrier” most resembles a conventional Internet search. for law enforcement online transaction Even partial information can be useful, and processing, NLETS reaches more than 500,000 public source information is of great value. Web law enforcement communications devices in Services provides the ideal framework for both North America. NLETS is a consortium of the communities. states and, consequently, uses a distributed data model. The National Crime Information Center 3.3 NLETS Today (NCIC), in contrast, is federally operated and Unlike thirty years ago, today's networks and uses a central repository model. With the central systems used by the law enforcement repository model, data is standardized, and there community are faster, more reliable, and more are synchronous online transactions. consistent. Internet technologies have made it 3.1 NLETS Distributed Access Model easier for law enforcement organizations to operate in a loosely coupled environment, The distributed data model has resulted in eliminating the need for the old message inconsistent data formats and response content. switching model. Today, XML and Web Limitations of early technology, lack of Services are the ideal technologies to exchange standardization, and insufficient control over law enforcement data transactions, and data values contributed to data inconsistencies in standardization efforts are underway. NLETS early law enforcement networks like NLETS. has published a complete XML specification for At the time, transactions were often operator-to- the inquiry formats and is working to develop operator, rather than machine-to-machine, in a standardized response formats. The ability to manner similar to “telex” transactions. Since a regulate data content by schema, and the ability person was involved, it was acceptable to have to view data through a common style sheet, will variations in the responses as long as the be of tremendous value to law enforcement operator could provide a consistent answer to personnel who may need access to data from 50 the requesting officer. As machine-to-machine different states. operations became the norm, inquiry formats were standardized. Eventually, the intervening XML Message Router (XMR), at NLETS to 4.0 Technical Approach provide bi-directional transaction transformation To develop and deploy Web Services capability. The XMR allows for both format technology, NLETS established a pilot Web conversion and protocol transition. The XMR Services Project called Accelerated Information handles the transformation between XML and Sharing for Law Enforcement (AISLE) in legacy transaction formats, and provides the conjunction with the Wisconsin Crime ability to exchange information between Web Information Bureau and with the support of the Services and legacy transport. National Institute of Justice. Prior to AISLE, Wisconsin had created a new architecture for 4.3 Web Services Description intrastate law enforcement information sharing The AISLE Project Web Services provides with Internet technologies. Wisconsin’s plan for self-defining XML transactions rather than a was to make more information available without more specific and more complex WSDL. This forcing centralized warehousing. During this approach avoids the difficulties with different project, it quickly became obvious that Web vendor WSDL incompatibilities, but requires Services was an ideal standard for linking a additional logic to determine the appropriate distributed network of data sources. In addition service to process the transaction. Future to its intra-state Web Services network, designs will be more efficient by expanding the Wisconsin needed a Web Service interface to the Web Services to affect a direct receipt by the national network, NLETS. appropriate process, but these future designs will likely retain a single XML transaction 4.1 Message Oriented Web Services document. The initial phase of the Web Services Transaction formats are consistent with the deployment consisted of the implementation of a federal initiative to define a standardized XML simple symmetric “send message” Web data dictionary. This dictionary, called the Services. The AISLE Web Service Description Justice XML Data Dictionary, and sponsored by Language (WSDL) was defined, and the Office of Justice Programs, will serve as the corresponding Web Services were deployed for basis for all XML efforts at both the federal and each leg of the switching infrastructure. Web state levels. The deployment of the initial Web Services eliminated the need for proprietary Services was performed in parallel with the socket level communications and provided an Justice XML Data Dictionary definition. XML operational framework. Future efforts will take standards for the law enforcement and criminal full advantage of the Web Services justice communities are still under development. infrastructure to provide direct access to new The AISLE Project extended the XML services and provide Web Services discovery definitions Wisconsin had already implemented capabilities. – intra-state – to a national level. The AISLE Project contributed considerable value to the 4.2 XML Message Router national law enforcement community in gaining While the AISLE project successfully transaction-oriented Web Services experience. introduced an effective and efficient Web Feedback was also provided to the national Services infrastructure to the NLETS system, justice XML standards organizations on the use broad deployment of Web Services throughout of XML in real-world operations. the NLETS membership will take years. It is 4.4 Web Services Image Attachments therefore important that the legacy infrastructure and new Web Services be fully interoperable. Despite the tremendous value of images in The relationship between old and new must be law enforcement operations, few law structured to enable a clear and viable transition enforcement agencies use the current system to path from proprietary to open standards. The exchange image data. Web Services AISLE Project answered this challenge by Attachments have the simplicity of Internet e- deploying a commercially available product, the mail attachments at a programmatic level, which will help to promote the adoption of Web deployed XML and Web Services using interim Services. The AISLE Project’s deployment of a data standards, allowing for the continued Web Services infrastructure has already definition of XML standards to occur in parallel. contributed greatly to the image exchange Tangible results were immediately provided. capability of the community. The AISLE There was the additional advantage of providing Project implemented Web Services Attachments the benefit of operational experience back to the to support the transfer of images. Direct Internet standards process, which can otherwise be a less Message Encapsulation (DIME) was used to grounded process. Collectively, these support this capability. Initial experiences implementation strategies were principal reasons integrating different vendor implementations for the success of the AISLE Project. (See were problematic. In particular, automated Figure 2.) WSDL tools did not produce compatible definitions and manual definitions were 5.1 End User / Technical Documentation required. As with XML formats, legacy image The law enforcement community is extremely formats and DIME attachments were made to be diverse and autonomous in terms of technology. fully interoperable to promote the acceptance of Because of the breadth of the community, the Web Services approach. comprehensive technology specifications and an educational outreach program are required. As 5.0 Implementation Strategy part of AISLE, the primary mechanism used to Creating data standards is a difficult and promulgate Web Services technology was a lengthy process, and there is a natural tendency major revision of the end user and technical to defer development projects until standards are documentation with a new section devoted to complete. By contrast, introducing new XML and Web Services. Since technical technology using the same data can occur documentation is nearly always inadequate, relatively quickly, particularly if the new efforts to enhance the documentation were technology is interoperable with existing universally welcome throughout the law technology. The AISLE Project provided fully enforcement community. bi-directional transformations between XML and legacy formats. This successful approach

JusticeStandards Data DictionaryDefinition

FEEDBACK FEEDBAC FEEDBAC K K

XMLXML Tech Deployment RESULTS

Next Steps Early EarlyA ISLE TechnicalAISLE ProcurementIntegrated

Adoption Pilot Guide Specifications Adoption Pilot Justice Specification NLETS AISLE Proposal Figure 2. AISLE Implementation Strategy and Organization for the Advancement of 5.2 Procurement Specifications Structured Information Standards (OASIS) will A key to the broad adoption of these new be considered. Nearly all current security technologies are detailed specifications specifications are applicable including WS- sufficient for procurement. Because of the Federation, WS-Security, WS-Policy, WS- participating agencies’ autonomous natures, Privacy, WS-Trust, WS-Authorization, WS- each with independent budgets and technology, SecureConversation and WS-SecurityPolicy as procurement specifications are critical. The well as security, encryption and key AISLE Project provided extensive technical management markup language specifications. documentation, including integrated XML cross 6.2 Synchronous Web Services references to legacy transactions and extensive XML and Web Services appendices. Emphasis With the AISLE Project, Web Services was was placed on XML instances that matched initially used to provide asynchronous message existing examples of text based transactions. delivery using the message switching model. This documentation serves as the basis for Unlike a typical Web Service, in the strategic planning and future procurements. asynchronous model, the Web Service delivers the inquiry and returns a message 5.3 Mainframe System Interoperability acknowledgement rather than the transaction Web Services configured for guaranteed response. A peer Web Service delivers the message delivery competes against IBM’s response at varying intervals based on the WebSphere® MQ in a diverse environment that member state network speed and message switch includes mainframe systems. Web Services infrastructure. In this case, the Web Services offers several compelling advantages as it does description merely provides for a text not require a costly license, has rapidly evolving transaction and optional image. extensions for security and attachments, is The next step is the definition of synchronous supported natively by most server vendors, has Web Services that interact with and mask the extensive application development tools, and has legacy message switching and asynchronous standardized protocols for discovery and service Web Services. The synchronous Web Service description. The AISLE Project provides would appear to interact directly with the data interoperability between Web Services and MQ sources and return the transaction response to support the law enforcement community despite the complexity of the intervening segment that adopted MQ prior to Web Services message exchanges and interactions. The general availability. synchronous Web Services may operate by suspending the requesting application (blocking) 6.0 Next Steps or by providing a notification of response (non- blocking), but in either case there is only a 6.1 Web Services Security single Web Service interaction that includes Advancements in Web Services security both inquiry and response. standards are particularly valuable to law The adoption of the synchronous Web enforcement since security concerns are critical Service model will result in a single Web issues. The Web Services infrastructure Services transaction model for both the central provided by the AISLE Project addresses federal model (NCIC) and the distributed state information exchange between systems. These model (NLETS). Further, transaction formats subsystems are assumed to have performed will be aligned because the Justice XML authentication of individuals. Consequently, Data Dictionary will serve as the basis for all standards such as biometric identification are not XML efforts at both the federal and state levels. directly applicable to the AISLE Project. The The use of a common service model and AISLE Project must address authorization, standardized dictionary will streamline privacy, and encryption. Security related operations and reduce costs. standards from World Wide Web Consortium 6.3 Distributed Web Services transactions. In the case of urgent messages there is a need to push the message to the end As the number of connecting agencies grows, user. Inter-organizational messages can be the architecture becomes more complicated. It is supported through Web Services but delivery to common for a large number of agencies to need the end user is more likely to take the form of e- access to a single data source. Traditionally, a mail or instant messaging. As a result, the use "message switch" would funnel inquiries from of e-mail or instant messaging as an end-to-end many agencies into a single data source, and solution may be more appropriate. route the replies back to the inquirer. Web Services could simply be the protocol between 6.6 Wireless Support the message switch and data source, but many Web Services is expected to greatly other possibilities now exist. Perhaps the accelerate the adoption of wireless services and inquiring agent program running on a server vice versa. Current wireless services rely on could make its own inquiry directly to the data proprietary gateway systems that add to cost and source using Web Services. NLETS is an complexity. Web Services offers a well international message switch, connecting state- supported application development framework level message switches to thousands of local for wireless devices. XML stylesheets can enforcement agencies and many hundreds of easily format responses to accommodate the state data sources. Today, all inquiries have to smaller size of wireless handheld devices. pass through many layers of switches to process a transaction. With Web Services, one can 6.7 The Promise of Web Services envision a direct connection from a local system Clearly, Web Services offers the potential to to a data source in another state. provide more cost effective links to criminal 6.4 Object Oriented Approach justice organizations, e.g. courts and prisons at a local level. It is an economical transport choice Web Services and new XML standards have for any server-to-server connection between a initially been structured to mirror existing pair of agencies. A police department might transactions. These transaction formats were want to transfer custody information to the established many years ago based upon efficient county jail, or a prosecutor might want to file a network routing and legacy system processing. complaint with a criminal court. In the future, A different set of criteria has more bearing today Web Services holds the promise of very rapid and new transaction formats are being developed publishing and discovery of new services and to reflect new criteria. In particular, transactions very efficient access to data repositories at all are being considered from an object oriented levels from national to local. While most law perspective and the initial XML work has enforcement information services are highly focused this approach. The Wisconsin Crime regulated, there is increasing need for more Information Bureau developed the first rapid deployment of new services for such operational implementation of these new operations as homeland defense, or newer transactions and works closely with the Justice “Amber Alert” public notification systems. Web XML Data Dictionary Project to promote this Services can be used to meet these needs. The new approach. From a technical perspective, AISLE Project has been instrumental in this approach will use the Resource Description providing the operational framework to allow Framework. the broad deployment of XML and Web 6.5 Inter-organizational Messaging Services and promote the acceptance of these technologies in the criminal justice community. NLETS provides support for inter- organizational messaging in addition to the online transaction processing. These messages can be very urgent or simply informational. Historically, these messages have been have been treated like all other text based