Presentation on theme: "Training for developers of X-Road interfaces"— Presentation transcript:
1 Training for developers of X-Road interfaces NameDate
2 X-Road: what, why and for whom? X-Road provides to the members means for secure data exchangeUsing public internetUsing data services (web services)Independent of the platform and architecture of the information system of a memberUniversality and IT security
3 Functioning of X-Road from the dataservice developer’s perspective Members are divided into providers of dataservices and users of dataservicesEach member must pass the following stages:Affiliation of membershipDescription of dataservices and granting access rightsData exchangeLong-term validation of transaction
4 AffiliationFor development of dataservices, affiliation is required with X-Road development environment, where RIA is providing trust services
5 Development of dataservices and access rights Provider of the dataservice develops and describes the X-Road dataservice for provision.User of dataservice develops the necessary client application for the dataservice.User of dataservice requests access rights to the necessary dataservice.Provider of dataservice grants to other members access rights for using the dataservice.
6 Data exchangeDrafting and signing a SOAP message, using OCSP validation (user)Creation of encrypted channel and transmission of messageVerification of e-stamp and addition of body of SOAP message to message logProcessing of messages in the information system of the providerSignature of response in the security server of the providerSending response and closing the channelVerification of response signature and use of data
8 Long-term validation of transaction Timestamping of messagesInput to central monitoring (metainformation)
9 Security of X-Road Security is ensured by: Distributed architecture Security serversStandard technologiesA member must ensure that nothing happens to the message between the security server and information systemConfidentialityAvailabilityIntegrity
10 Distribution of X-Road Decentralised controlDirect communication between membersX-Road Center does not interfere with communicationMaintains freedom of membersEnsures authenticity of members
11 X-Road Center does not interfere with communication Universal membershipFreedom of choiceDirect communication
12 Role of X-Road CenterRegistration of members and verification of conformityUser support (questions related to the installation of a security server, administration and organisational processes)Monitoring the ecosystemSupervision over membersOrganisation of the provision of trust services
13 Benefit of X-Road for the state Overview of the entire ecosystemOverview of communication between the partiesUniversalityImprovement of ecosystemSaving resources
14 Development of X-Road through versions X-Road versionPrimary (and supported) version of message protocolStage of e-stateMain reasons for new versionVersion 1.0( )1.0First 40–50 e-services, predecessor of state portal first ID cardsVersion 2.0( )2.0 (1.0)XML-RPC → SOAP, WSDLAppearance of SOAP protocolVersion 3.0( )400–500 e-servicesVarious updates: MS Active Directory-based user administration in MISP, etc.Version 4.0( )Over 40 million requests annuallyFocus on security (log encrypting option, etc.), RIHAVersion 5.0( )3.1 (3.0, 2.0)Over 2800 e-servicesAdoption of new technological developments, change in WSDL style (RPC/Encoded→Document/Literal wrapped), MISP2, new cryptoalgorithmsVersion 6.0( )4.0Cooperation with FinlandAdoption of e-stamp to ensure integrity of messages. The need to get rid of legacy. The need to bring data exchange into conformity with the Digital Signatures Act
15 Main differences between X-Road versions 5 and 6: Message exchange Digital stamp added to message in security server (e-stamp) conforms to the Electronic Identification and Trust Services for Electronic Transactions ActNoYesGeneration and preservation of evidential valueIn cooperation between security server and central serverSecurity server ensures evidential valueMessage logText fileDatabase and ASiC-E containers in file systemMessage protocol2.0, 3.0, 3.14.0Digitas stamp/E-stampverification capabilityIn central serverThrough a verifier component installed with the security server
16 Main differences between X-Road versions 5 and 6: Description of SOAP profile Message headerChanges related to hierarchical identifier: identifier of subsystem (security server client) and service identifierMessage bodyThere are no obligatory additional requirements in the content of messages. Version 6.0 has no obligation to use ‘request’ and ‘response’ elements or to duplicate request message in a response message. Namespace of messages is not fixed.
17 Main differences between X-Road versions 5 and 6: Rights and certificates MembershipDifferentiation of users and providers of serviceMembers are organizations which affiliate just once. Member identifier is hierarchical and includes token of X-Road instance, information about member class (private, public) and registry code of authority.Service rights/access rightsDatabase (e.g. ‘xkogu’) grants access rights to authoritiesAccess rights are administered on the level of subsystem. Each subsystem is bound to X-Road member. SubsystemSubsystem uses signature certificate of sub-authoritySubsystem uses an e-stamp certificate of X-Road membersSecurity server identifierunique identifier independent of the address and certificate of the security server Certificates issued byRIAQualified trust service provider
18 Main differences between X-Road versions 5 and 6: trust services Consumption of trust servicesSecurity server does not perform OCSP and timestamp requestsSecurity server performs OCSP and timestamp requests at least with frequency specified in security policyAsynchronous servicesSupportedNot supported
19 Main differences between X-Road versions 5 and 6: Other functionality Encoding serviceSupportedNot supportedInternational universalitySupport of several interfacing components
20 Thank You! First name Surname email@example.com The training materials for developers of X-Road interfaces have been compiled with funding from the structural funds support scheme “Raising Public Awareness about the Information Society” of the European Regional Development Fund.