Presentation is loading. Please wait.

Presentation is loading. Please wait.

X-Road – Estonian Interoperability Platform

Published byEmory Wells Modified over 8 years ago

Similar presentations

Presentation on theme: "X-Road – Estonian Interoperability Platform"— Presentation transcript:

1 X-Road – Estonian Interoperability Platform
Arne Ansper, Cybernetica,

2 Introduction: Problem
In the beginning of the decade, Estonian governmental IT systems suffered from poor interconnectivity Establishing new connections between governmental databases and systems was time-consuming and expensive Department of State Information Systems decided to improve the situation and solve the interconnectivity problems

3 Introduction: Solution
Proposed solution Creation of the national middleware that would provide unified access to all governmental databases Using web services as underlying technology Governmental X-Road program was launched to fulfil this vision and to create and run the system Cybernetica was contracted to design and build the system

4 Introduction: Cybernetica
Estonian R&D company, active in the field of information security Data communication security Digital signature and time-stamping technology e-Voting (first parliamentary elections over Internet in the world) Development of security critical distributed systems Consulting, auditing

5 Goal To build an infrastructure that would
allow effortless access to the data in state registries without compromising the security of the data and with minimal impact to the existing systems.

6 Background Many registries, all very different, managed and developed by different organizations and financed separately Many users, most of them are very small organizations without security knowledge and with a very small IT budget High security requirements. Registries contain personal data that is in some cases used to make high value decisions and in some cases needed in real time

7 Unification Requirements
Unified legal framework Unified security measures – the initial cost of implementing the security measures will be amortized across all the state registry connections Unified API – all applications must be able to access all state registries in a similar way Unified installation and management – all installations should look like same The "effortless" part needs some explanation. There are legal obligations that must be met when processing personal data. Having a unified legal framework makes things a lot easier for smaller organizations. There are security measures (technical, physical and organizational) that must be in place in order to process personal data. Having a unified framework for security measures ensures that every organization has just one set of measures to apply in order to be allowed to use all state registries. The initial cost of implementing the security measures will be amortized across all the state registry connections. All applications must be able to access all state registries in a similar way. The installation and management of the technical security measures must be doable by the ordinary IT administrator without special security training and knowledge. Impact to the existing systems should be minimal.

8 Security Requirements
Required security properties by priority Evidentiary value, authenticity, integrity Availability Confidentiality

9 Security Requirements
All applications required authenticity, integrity and assurance that it is possible to proof to the third party the origin of some data, received over X-Road In addition, it was envisioned that X-Road would be used by time-critical applications, like for performing the checks on the border. So, availability was next in the list of priorities And finally, the confidentiality was required in most, but not all cases

10 Approach to Solution Develop system for highest security requirements
That could be used by smallest organizations Encapsulate the complexity Provide functionality

11 Components of the Solution
X-Road is Organization Legislation Infrastructure Technology

12 Central Agency X-Road has central agency that ensures its operation
Ensures the legal status of the X-Road and the information exchanged via it, by enforcing the stated policies Responsible for steering the further development of the X-Road and ensuring its consistency and integrity

13 Central Services Certification authority Directory service
Time-stamping service Monitoring service - detecting security breaches, collecting the statistics Web-based portal for citizens and smaller organizations - access to services in a simple and centralized way

14 Infrastructure Based on web services - well supported, easy-to-use, vendor and platform neutral message exchange protocol SOAP and XMLRPC, with two-way transliteration Synchronous and asynchronous operation SOAP attachments X-Road servers can process messages with unlimited size

15 Infrastructure Meta-services that can be used to find out the structure and properties of the system List of other organizations List of services Formal description of the services for automatic generation of the user interfaces

16 Infrastructure

17 Infrastructure

18 Infrastructure

19 Technology: Deployment
Self-contained standardized monofunctional server: Common PC hardware Free software GNU/Debian Linux based Automated installer for Linux and X-Road Minimal GUI Built-in patching system Cheap and easy to install and run At the same time - secure

20 Technology: Evidentiary Value
All outgoing messages are signed All incoming messages are logged and time-stamped Message receiver can later prove with the help of the X-Road central agency when and by whom was the message sent.

21 Technology: Availability
Distributed system, with minimal number of central services Secure DNS (DNS-SEC) provides robust, scalable directory service with built-in caching and redundancy Protocol supports redundant servers and load sharing Mechanisms against DoS attacks

22 Technology: Access Control
X-Road core deals only with inter-organizational access control, where access is granted to organization as whole Organization must ensure that only right people can use this service, by using whatever technical means it sees appropriate This obligation is enforced by service provisioning contract between the organizations

23 Two Level Access Control
Balanced use of technical and organizational security measures The impact to the existing systems was minimized Biggest success factor of the X-Road

24 Current Status In production from 2002 65 service providers
398 service consumers 30 million transactions on 2006

25 Future: International Usage?
Independent deployment in other country or domain Interoperability between countries / domains

26 Deployment in Other Country
Creation of the Central Agency Establishing the legal status Setting up the technical system Creation of the services Creation of the consumers

27 Interoperability Amendments needed to legal and technical systems
Bilateral agreements between countries Solutions for certification and directory infrastructure - future research and development needed

28 Thank you!

Download ppt "X-Road – Estonian Interoperability Platform"

Similar presentations

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Web Services Security Requirements Stephen T. Whitlock Security Architect Boeing.

Web Services Security Requirements Stephen T. Whitlock Security Architect Boeing.
Utilization of Basic Register Information from the PSI Perspective Aki Siponen, Counsellor, Ministry of Finance Business with Public Information National.

Utilization of Basic Register Information from the PSI Perspective Aki Siponen, Counsellor, Ministry of Finance Business with Public Information National.
Reliability on Web Services Presented by Pat Chan 17/10/2005.

Reliability on Web Services Presented by Pat Chan 17/10/2005.
Submitted by- Mr. Avinash Sadaphule 20 November 2009 Management Trainee, MKCL.

Submitted by- Mr. Avinash Sadaphule 20 November 2009 Management Trainee, MKCL.
©Centre for Development of Advanced Computing 1 State e-governance Service Delivery Gateway (SSDG)‏ A Messaging Middleware for.

©Centre for Development of Advanced Computing 1 State e-governance Service Delivery Gateway (SSDG)‏ A Messaging Middleware for.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
E-region Gabrovo Document interchange between regional administration, municipalities within the region and de-concentrated state administrations for administrative.

E-region Gabrovo Document interchange between regional administration, municipalities within the region and de-concentrated state administrations for administrative.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.

Identity and Access Management IAM. 2 Definition Identity and Access Management provide the following: – Mechanisms for identifying, creating, updating.
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation Mike Smorul, Joseph JaJa, Yang Wang, and Fritz McCall.

PAWN: A Novel Ingestion Workflow Technology for Digital Preservation Mike Smorul, Joseph JaJa, Yang Wang, and Fritz McCall.
Https://www.tervisepank.ee Tervisepank ® e-solution for primary care Madis Tiik, MD CEO, Estonian Society of Family Doctors 06.04.2006.

Tervisepank ® e-solution for primary care Madis Tiik, MD CEO, Estonian Society of Family Doctors
Picmet'03 System Integration Process of Government Information Systems Ahto Kalja Department of State Information Systems/ Tallinn Technical University.

Picmet'03 System Integration Process of Government Information Systems Ahto Kalja Department of State Information Systems/ Tallinn Technical University.
United Nations Development Program India Coordination & Decision Support System (CDSS) on External Assistance Department of Economic Affairs Ministry of.

United Nations Development Program India Coordination & Decision Support System (CDSS) on External Assistance Department of Economic Affairs Ministry of.
Service Broker Lesson 11. Skills Matrix Service Broker Service Broker, provides a solution to common problems with message delivery and consistency that.

Service Broker Lesson 11. Skills Matrix Service Broker Service Broker, provides a solution to common problems with message delivery and consistency that.
Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.
Understanding Active Directory

Understanding Active Directory
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Similar presentations

Ads by Google