Today, companies cannot rely on outdated systems, governments being no exception. There are multiple bene- fits when performing the digital transformation (DT) of its processes, but also several downsides such as costs. This paper presents first the main use cases: resolve a procedure, send a notification to the citizen by hand, reclassify a procedure and create a request, and then the reference solution divided into 3 components. First, the Domain Model related to the main entities and their lifecycles. Second, the Reference Architecture adds the remaining projects’ modules such as web services, and also the dependencies between them. Third, the Implementation presents how to implement that information in a real-world case using “low-code” technology, especially useful to mitigate several issues. Lastly, an evaluation of the proposed solution is also presented.

Self-Sovereign Identity (SSI) is a user-centric, decentralised identity approach that provides a means for identification, authentication, and authorisation without the involvement of external entities, responsible for identity provisioning and management in current centralised and federated approaches. In general, the basic building blocks of an SSI system include Decentralised Identifiers, Verifiable Credentials, Identity Wallets, a Verifiable Data Registry, and three main actors, Issuer, Identity Holder, and Verifier. Even though the SSI field is dominated by proposals, SSI systems can be implemented in different ways, which is reflected in the absence of a well-defined architecture. Thus, the best implementation is still a matter of research, the requirements of the individual system and its field of application. However, well-designed and implemented systems are crucial to avoiding failures, speeding up the development process, ensuring high quality and the broader adoption of SSI solutions. Hence, the main objective of this study was to identify design patterns and good practices of the SSI ecosystems by reviewing and analysing the literature, technical documentation and existing SSI implementations. Therefore, the study is built on existing knowledge, and presents a comprehensive catalogue of thirty-five SSI Design Patterns that can serve as a starting point for a possible SSI system design.

The European project Digital Europe for All (DE4A, www.de4a.eu) represents a research
project in a close relationship to the European Single Digital Gateway Regulation (SDGR). It
focusses on the research on “Trust” and “Semantics”, combined with three pilots. Austria (BMDW,
BRZ) is involved in the project, mainly as piloting partner. The project pursues existing European
results deriving from European initiatives and regulations, like CEF and eIDAS, as well as
preceding European projects, like TOOP. The use of international open standards represents a
prerequisite to the project. The broad approach of the project is highly demanding, but promises
a significant progression to the realisation of the SDGR, overall the Once-Only principle (OOP)
and the technical equivalent therefore, the Once-Only-Technical-System (OOTS).

This paper demonstrates a proof of concept for cross-border information exchange guided by the single digital gateway regulation (SDGR) and once-only principle (OOP). The research systematically investigates the challenges and limitations of existing solutions for semantic interoperability. Furthermore, the concept of canonical evidence is introduced as a tool for the cross-border exchange of structured data automatically with less ambiguity and in compliance with the legal requirements of the selected public services. A design science research approach in an agile set-up is applied in the artefact (canonical evidences) development process. The requirements are elicited based on eight case studies set up in the context of the EU initiative, Digital Europe for all (De4a). The data models developed in this study are in compliance with the requirements and provisions of a selected set of EU member states. The outcome of the study includes eleven evidence types that could be reusable in executing procedures of respective e-Government services.

In human resource management of large organisations, finding the best candidate for a job description requires an extensive examination of a large number of resume profiles. Even with the advent of Deep Information Retrieval and the supported semantic similarity search, identification of relevant skills within profiles requires thorough investigation over several aspects, including educational background, professional experience, achievements, etc. However, these techniques are based on the existence of domain-specific, human-annotated datasets, a laborious task that portrays high cost and a slow labeling progress. In this paper, we propose Resume2Skill-SE, an end-to-end architecture for interpretable skill-based talent matching.

Advances in technology and software engineering strive to build efficient and robust techniques that would be delivered as quickly as possible. It has been shown that this can be achieved by reusing existing implementations, libraries, components or even frameworks. In the field of public administration, which must follow and implement national and European regulations, in addition to compatibility at the data level and processes, it is important to ensure cross-sector and cross-border integration. In this paper, we present the project "Digital Europe for All", more precisely an example of the use of a reusable web component based on the semantic representation of data. We show that it is possible to easily embed the component in any website and to support any types of evidence that are presented using the project ontology.

Digitalisation promotes online education, internationalisation and student mobility. Based on the Bologna process and the European higher education area, learning mobility has been successful under Erasmus and other similar initiatives. However, a key issue for students and universities is that a significant amount of time is spent on the manual labour involved in the process of applying to degree programs overseas. It is therefore essential for higher education institutions to better exploit the potential of technology and Web 2.0 to enable a secure exchange of evidence during application for degree programs and academic courses in foreign Higher Education Institutions, as well as applying for study grants and obtaining recognition for academic and other types of studies. Harmonisation of the student data is a key initial step for enabling such exchange. In this study, an approach to a secured exchange of education evidence is instrumented under the H2020 project Digital Europe for All (DE4A). Existing semantic standards for Web 2.0 applications, core vocabularies for public service data and semantic assets from existing best practices such as W3C, ISA2 core vocabularies, and Europass data model are used to curate data models that allow the exchange of a higher education diploma, secondary education diploma and information of special needs (disability, large family), which is required by students when requesting study grants (waive of tuition fees). The semantic interoperability agreements are established cross-border through these data models called canonical evidences. The canonical evidences are tested with the national data services of three countries, Portugal, Slovenia, and Spain. The final data models are implemented in XML Schema format that could be used by any educational organisation intending to use trusted public service databases within Europe to automatically retrieve information on students’ degrees. The validity of the canonical evidences is tested on two pilot occasions within the DE4A project. The outcome of this study summarises the procedural requirements for evidences when applying for a higher degree program and seeking grants. Furthermore, it resulted in verified canonical evidence data models that fulfil the procedural requirements for applying for studying abroad.

Self-Sovereign Identity (SSI) is a novel and emerging, decentralized digital identity approach that enables entities to control and manage their digital identifiers and associated identity data while enhancing trust, privacy, security, and the many other properties identified and analyzed in this paper. The paper provides an overview and classification of the SSI properties, focusing on an in-depth analysis, furthermore, presenting a comprehensive collection of SSI properties that are important for the implementation of the SSI system. In addition, it explores the general SSI process flow, and highlights the steps in which individual properties are important. After the initial purification and classification phase, we then validated properties among experts in the field of Decentralized and Self-Sovereign Identity Management using an online questionnaire, which resulted in a final set of classified and verified SSI properties. The results can be used for further work on definition and standardization of the SSI field.

Intel SGX improves the security of applications by shielding code and data from untrusted
software in enclaves. Since enclaves lose their state when closed, that state has to be sealed, i.e.,
cryptographically protected with a secret key, and stored outside the enclave boundary. In SGX, the
used key is bound to both the enclave and the processor that sealed the data, so it is unfeasible for
any enclave in another computer to derive the same secret key to unseal such data. This oers security
to the data, but also makes it impossible to recover that data if the original computer is damaged or
stolen. In order to support backup and recovery of data sealed by enclaves, we propose SRX, a solution
for sharing sealed data amongst a restricted set of SGX-enabled computers executing the same enclave
code. Enclaves using SRX have access to common keys to seal and unseal enclave data, allowing the
sharing of sealed data among the trusted domain. SRX guarantees that these secret keys are never
exposed outside the trusted domain. SRX was implemented and evaluated with two applications: a
bitcoin wallet and a password manager.

Trusted Execution Environment (TEE) technology like ARM TrustZone allows protecting confidential data using cryptographic keys that are bound to a specific TEE and device. However, there are good reasons to allow relocating such data from a TEE to another TEE in another device, often in a non-interactive (offline) and anonymous manner.
We propose the Trusted Relocation Extension (TRX), a TrustZone-based trusted storage service enabling backup /recovery and sharing of data between TEEs in different devices. TRX works offline, without previous key exchange, and ensures the anonymity of the sender and the receiver. We present an implementation of TRX compatible with OP-TEE and its evaluation with Raspberry Pi 3 B+ devices.

The public sector, private firms, business community, and civil society are generating data that is high in volume, veracity, velocity and comes from a diversity of sources. This kind of data is known as big data. Public Administrations (PAs) pursue big data as “new oil” and implement data-centric policies to transform data into knowledge, to promote good governance, transparency, innovative digital services, and citizens’ engagement in public policy. From the above, the Government Big Data Ecosystem (GBDE) emerges. Managing big data throughout its lifecycle becomes a challenging task for governmental organizations. Despite the vast interest in this ecosystem, appropriate big data management is still a challenge. This study intends to fill the above-mentioned gap by proposing a data lifecycle framework for data-driven governments. Through a Systematic Literature Review, we identified and analysed 76 data lifecycles models to propose a data lifecycle framework for data-driven governments (DaliF). In this way, we contribute to the ongoing discussion around big data management, which attracts researchers’ and practitioners’ interest.

The public sector, private firms, business community, and civil society are generating data that are high in volume, veracity, and velocity and come from a diversity of sources. This type of data is today known as big data. Public administrations pursue big data as “new oil” and implement data-centric policies to collect, generate, process, share, exploit, and protect data for promoting good governance, transparency, innovative digital services, and citizens’ engagement in public policy. All of the above constitute the Government Big Data Ecosystem (GBDE). Despite the great interest in this ecosystem, there is a lack of clear definitions, the various important types of government data remain vague, the different actors and their roles are not well defined, while the impact in key public administration sectors is not yet deeply understood and assessed. Such research and literature gaps impose a crucial obstacle for a better understanding of the prospects and nascent issues in exploiting GBDE. With this study, we aim to start filling the above-mentioned gaps by organizing our findings from an extended Systematic Literature Review into a framework to organise and address the above-mentioned challenges. Our goal is to contribute in this fast-evolving area by bringing some clarity and establishing common understanding around key elements of the emerging GBDE.