Presentation is loading. Please wait.

Presentation is loading. Please wait.

Training for developers of X-Road interfaces

Published byPhillip Walters Modified over 6 years ago

Similar presentations

Presentation on theme: "Training for developers of X-Road interfaces"— Presentation transcript:

1 Training for developers of X-Road interfaces
Name Date

2 X-Road: what, why and for whom?
X-Road provides to the members means for secure data exchange Using public internet Using data services (web services) Independent of the platform and architecture of the information system of a member Universality and IT security

3 Functioning of X-Road from the dataservice developer’s perspective
Members are divided into providers of dataservices and users of dataservices Each member must pass the following stages: Affiliation of membership Description of dataservices and granting access rights Data exchange Long-term validation of transaction

4 Affiliation For development of dataservices, affiliation is required with X-Road development environment, where RIA is providing trust services

5 Development of dataservices and access rights
Provider of the dataservice develops and describes the X-Road dataservice for provision. User of dataservice develops the necessary client application for the dataservice. User of dataservice requests access rights to the necessary dataservice. Provider of dataservice grants to other members access rights for using the dataservice.

6 Data exchange Drafting and signing a SOAP message, using OCSP validation (user) Creation of encrypted channel and transmission of message Verification of e-stamp and addition of body of SOAP message to message log Processing of messages in the information system of the provider Signature of response in the security server of the provider Sending response and closing the channel Verification of response signature and use of data

7 Technologies used in data exchange

8 Long-term validation of transaction
Timestamping of messages Input to central monitoring (metainformation)

9 Security of X-Road Security is ensured by: Distributed architecture
Security servers Standard technologies A member must ensure that nothing happens to the message between the security server and information system Confidentiality Availability Integrity

10 Distribution of X-Road
Decentralised control Direct communication between members X-Road Center does not interfere with communication Maintains freedom of members Ensures authenticity of members

11 X-Road Center does not interfere with communication
Universal membership Freedom of choice Direct communication

12 Role of X-Road Center Registration of members and verification of conformity User support (questions related to the installation of a security server, administration and organisational processes) Monitoring the ecosystem Supervision over members Organisation of the provision of trust services

13 Benefit of X-Road for the state
Overview of the entire ecosystem Overview of communication between the parties Universality Improvement of ecosystem Saving resources

14 Development of X-Road through versions
X-Road version Primary (and supported) version of message protocol Stage of e-state Main reasons for new version Version 1.0 ( ) 1.0 First 40–50 e-services, predecessor of state portal  first ID cards Version 2.0 ( ) 2.0 (1.0) XML-RPC → SOAP, WSDL Appearance of SOAP protocol Version 3.0 ( ) 400–500 e-services Various updates: MS Active Directory-based user administration in MISP, etc. Version 4.0 ( ) Over 40 million requests annually Focus on security (log encrypting option, etc.), RIHA Version 5.0 ( ) 3.1 (3.0, 2.0) Over 2800 e-services Adoption of new technological developments, change in WSDL style (RPC/Encoded→Document/Literal wrapped), MISP2, new cryptoalgorithms Version 6.0 ( ) 4.0 Cooperation with Finland Adoption of e-stamp to ensure integrity of messages. The need to get rid of legacy. The need to bring data exchange into conformity with the Digital Signatures Act

15 Main differences between X-Road versions 5 and 6: Message exchange
Digital stamp added to message in security server (e-stamp) conforms to the Electronic Identification and Trust Services for Electronic Transactions Act No Yes Generation and preservation of evidential value In cooperation between security server and central server Security server ensures evidential value Message log Text file Database and ASiC-E containers in file system Message protocol 2.0, 3.0, 3.1 4.0 Digitas stamp/E-stamp verification capability In central server Through a verifier component installed with the security server

16 Main differences between X-Road versions 5 and 6: Description of SOAP profile
Message header Changes related to hierarchical identifier: identifier of subsystem (security server client) and service identifier Message body There are no obligatory additional requirements in the content of messages. Version 6.0 has no obligation to use ‘request’ and ‘response’ elements or to duplicate request message in a response message. Namespace of messages is not fixed.

17 Main differences between X-Road versions 5 and 6: Rights and certificates
Membership Differentiation of users and providers of service Members are organizations which affiliate just once. Member identifier is hierarchical and includes token of X-Road instance, information about member class (private, public) and registry code of authority. Service rights/access rights Database (e.g. ‘xkogu’) grants access rights to authorities Access rights are administered on the level of subsystem. Each subsystem is bound to X-Road member.  Subsystem Subsystem uses signature certificate of sub-authority Subsystem uses an e-stamp certificate of X-Road members Security server identifier unique identifier independent of the address and certificate of the security server  Certificates issued by RIA Qualified trust service provider

18 Main differences between X-Road versions 5 and 6: trust services
Consumption of trust services Security server does not perform OCSP and timestamp requests Security server performs OCSP and timestamp requests at least with frequency specified in security policy Asynchronous services Supported Not supported

19 Main differences between X-Road versions 5 and 6: Other functionality
Encoding service Supported Not supported International universality Support of several interfacing components

20 Thank You! First name Surname firstname.surname@amet.ee
The training materials for developers of X-Road interfaces have been compiled with funding from the structural funds support scheme “Raising Public Awareness about the Information Society” of the European Regional Development Fund.

Download ppt "Training for developers of X-Road interfaces"

Similar presentations

Introduction to Web Services Protocols. Talk titledate2 Communication and standards Efficient (or indeed any) communication is dependent on a shared vocabulary.

Introduction to Web Services Protocols. Talk titledate2 Communication and standards Efficient (or indeed any) communication is dependent on a shared vocabulary.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Practical Digital Signature Issues. Paving the way and new opportunities. www.oasis-open.org Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.

Practical Digital Signature Issues. Paving the way and new opportunities. Juan Carlos Cruellas – DSS-X co-chair Stefan Drees - DSS-X.
UDDI v3.0 (Universal Description, Discovery and Integration)

UDDI v3.0 (Universal Description, Discovery and Integration)
SOAP & Security IEEE Computer Society Utah Chapter Hilarie Orman - Purple Streak Development Tolga Acar - Novell, Inc. October 24, 2002.

SOAP & Security IEEE Computer Society Utah Chapter Hilarie Orman - Purple Streak Development Tolga Acar - Novell, Inc. October 24, 2002.
SOAP.

SOAP.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.

SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.

X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.
S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.

S New Security Developments in DICOM Lawrence Tarbox, Ph.D Chair, DICOM WG 14 (Security) Siemens Corporate Research.
Secure Electronic Transaction (SET)

Secure Electronic Transaction (SET)
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
X-Road – Estonian Interoperability Platform

X-Road – Estonian Interoperability Platform

Similar presentations

Ads by Google