Presentation is loading. Please wait.

Presentation is loading. Please wait.

Training for developers of X-Road interfaces

Similar presentations

Presentation on theme: "Training for developers of X-Road interfaces"— Presentation transcript:

1 Training for developers of X-Road interfaces
Name Date

2 X-Road: what, why and for whom?
X-Road provides to the members means for secure data exchange Using public internet Using data services (web services) Independent of the platform and architecture of the information system of a member Universality and IT security

3 Functioning of X-Road from the dataservice developer’s perspective
Members are divided into providers of dataservices and users of dataservices Each member must pass the following stages: Affiliation of membership Description of dataservices and granting access rights Data exchange Long-term validation of transaction

4 Affiliation For development of dataservices, affiliation is required with X-Road development environment, where RIA is providing trust services

5 Development of dataservices and access rights
Provider of the dataservice develops and describes the X-Road dataservice for provision. User of dataservice develops the necessary client application for the dataservice. User of dataservice requests access rights to the necessary dataservice. Provider of dataservice grants to other members access rights for using the dataservice.

6 Data exchange Drafting and signing a SOAP message, using OCSP validation (user) Creation of encrypted channel and transmission of message Verification of e-stamp and addition of body of SOAP message to message log Processing of messages in the information system of the provider Signature of response in the security server of the provider Sending response and closing the channel Verification of response signature and use of data

7 Technologies used in data exchange

8 Long-term validation of transaction
Timestamping of messages Input to central monitoring (metainformation)

9 Security of X-Road Security is ensured by: Distributed architecture
Security servers Standard technologies A member must ensure that nothing happens to the message between the security server and information system Confidentiality Availability Integrity

10 Distribution of X-Road
Decentralised control Direct communication between members X-Road Center does not interfere with communication Maintains freedom of members Ensures authenticity of members

11 X-Road Center does not interfere with communication
Universal membership Freedom of choice Direct communication

12 Role of X-Road Center Registration of members and verification of conformity User support (questions related to the installation of a security server, administration and organisational processes) Monitoring the ecosystem Supervision over members Organisation of the provision of trust services

13 Benefit of X-Road for the state
Overview of the entire ecosystem Overview of communication between the parties Universality Improvement of ecosystem Saving resources

14 Development of X-Road through versions
X-Road version Primary (and supported) version of message protocol Stage of e-state Main reasons for new version Version 1.0 ( ) 1.0 First 40–50 e-services, predecessor of state portal  first ID cards Version 2.0 ( ) 2.0 (1.0) XML-RPC → SOAP, WSDL Appearance of SOAP protocol Version 3.0 ( ) 400–500 e-services Various updates: MS Active Directory-based user administration in MISP, etc. Version 4.0 ( ) Over 40 million requests annually Focus on security (log encrypting option, etc.), RIHA Version 5.0 ( ) 3.1 (3.0, 2.0) Over 2800 e-services Adoption of new technological developments, change in WSDL style (RPC/Encoded→Document/Literal wrapped), MISP2, new cryptoalgorithms Version 6.0 ( ) 4.0 Cooperation with Finland Adoption of e-stamp to ensure integrity of messages. The need to get rid of legacy. The need to bring data exchange into conformity with the Digital Signatures Act

15 Main differences between X-Road versions 5 and 6: Message exchange
Digital stamp added to message in security server (e-stamp) conforms to the Electronic Identification and Trust Services for Electronic Transactions Act No Yes Generation and preservation of evidential value In cooperation between security server and central server Security server ensures evidential value Message log Text file Database and ASiC-E containers in file system Message protocol 2.0, 3.0, 3.1 4.0 Digitas stamp/E-stamp verification capability In central server Through a verifier component installed with the security server

16 Main differences between X-Road versions 5 and 6: Description of SOAP profile
Message header Changes related to hierarchical identifier: identifier of subsystem (security server client) and service identifier Message body There are no obligatory additional requirements in the content of messages. Version 6.0 has no obligation to use ‘request’ and ‘response’ elements or to duplicate request message in a response message. Namespace of messages is not fixed.

17 Main differences between X-Road versions 5 and 6: Rights and certificates
Membership Differentiation of users and providers of service Members are organizations which affiliate just once. Member identifier is hierarchical and includes token of X-Road instance, information about member class (private, public) and registry code of authority. Service rights/access rights Database (e.g. ‘xkogu’) grants access rights to authorities Access rights are administered on the level of subsystem. Each subsystem is bound to X-Road member.  Subsystem Subsystem uses signature certificate of sub-authority Subsystem uses an e-stamp certificate of X-Road members Security server identifier unique identifier independent of the address and certificate of the security server  Certificates issued by RIA Qualified trust service provider

18 Main differences between X-Road versions 5 and 6: trust services
Consumption of trust services Security server does not perform OCSP and timestamp requests Security server performs OCSP and timestamp requests at least with frequency specified in security policy Asynchronous services Supported Not supported

19 Main differences between X-Road versions 5 and 6: Other functionality
Encoding service Supported Not supported International universality Support of several interfacing components

20 Thank You! First name Surname
The training materials for developers of X-Road interfaces have been compiled with funding from the structural funds support scheme “Raising Public Awareness about the Information Society” of the European Regional Development Fund.

Download ppt "Training for developers of X-Road interfaces"

Similar presentations

Ads by Google