1 / 28

X-Road – Estonian Interoperability Platform

X-Road – Estonian Interoperability Platform. Arne Ansper, arne@cyber.ee Cybernetica, www.cyber.ee. Introduction: Problem. In the beginning of the decade, Estonian governmental IT systems suffered from poor interconnectivity

kitra-trujillo
Download Presentation

X-Road – Estonian Interoperability Platform

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. X-Road – Estonian Interoperability Platform Arne Ansper, arne@cyber.ee Cybernetica, www.cyber.ee

  2. Introduction: Problem • In the beginning of the decade, Estonian governmental IT systems suffered from poor interconnectivity • Establishing new connections between governmental databases and systems was time-consuming and expensive • Department of State Information Systems decided to improve the situation and solve the interconnectivity problems

  3. Introduction: Solution • Proposed solution • Creation of the national middleware that would provide unified access to all governmental databases • Using web services as underlying technology • Governmental X-Road program was launched to fulfil this vision and to create and run the system • Cybernetica was contracted to design and build the system

  4. Introduction: Cybernetica • Estonian R&D company, active in the field of information security • Data communication security • Digital signature and time-stamping technology • e-Voting (first parliamentary elections over Internet in the world) • Development of security critical distributed systems • Consulting, auditing

  5. Goal • To build an infrastructure that would • allow effortless access to the data in state registries • without compromising the security of the data and • with minimal impact to the existing systems.

  6. Background • Many registries, all very different, managed and developed by different organizations and financed separately • Many users, most of them are very small organizations without security knowledge and with a very small IT budget • High security requirements. Registries contain personal data that is in some cases used to make high value decisions and in some cases needed in real time

  7. Unification Requirements • Unified legal framework • Unified security measures – the initial cost of implementing the security measures will be amortized across all the state registry connections • Unified API – all applications must be able to access all state registries in a similar way • Unified installation and management – all installations should look like same

  8. Security Requirements • Required security properties by priority • Evidentiary value, authenticity, integrity • Availability • Confidentiality

  9. Security Requirements • All applications required authenticity, integrity and assurance that it is possible to proof to the third party the origin of some data, received over X-Road • In addition, it was envisioned that X-Road would be used by time-critical applications, like for performing the checks on the border. So, availability was next in the list of priorities • And finally, the confidentiality was required in most, but not all cases

  10. Approach to Solution • Develop system for highest security requirements • That could be used by smallest organizations • Encapsulate the complexity • Provide functionality

  11. Components of the Solution • X-Road is • Organization • Legislation • Infrastructure • Technology

  12. Central Agency • X-Road has central agency that ensures its operation • Ensures the legal status of the X-Road and the information exchanged via it, by enforcing the stated policies • Responsible for steering the further development of the X-Road and ensuring its consistency and integrity

  13. Central Services • Certification authority • Directory service • Time-stamping service • Monitoring service - detecting security breaches, collecting the statistics • Web-based portal for citizens and smaller organizations - access to services in a simple and centralized way

  14. Infrastructure • Based on web services - well supported, easy-to-use, vendor and platform neutral message exchange protocol • SOAP and XMLRPC, with two-way transliteration • Synchronous and asynchronous operation • SOAP attachments • X-Road servers can process messages with unlimited size

  15. Infrastructure • Meta-services that can be used to find out the structure and properties of the system • List of other organizations • List of services • Formal description of the services for automatic generation of the user interfaces

  16. Infrastructure

  17. Infrastructure

  18. Infrastructure

  19. Technology: Deployment • Self-contained standardized monofunctional server: • Common PC hardware • Free software • GNU/Debian Linux based • Automated installer for Linux and X-Road • Minimal GUI • Built-in patching system • Cheap and easy to install and run • At the same time - secure

  20. Technology: Evidentiary Value • All outgoing messages are signed • All incoming messages are logged and time-stamped • Message receiver can later prove with the help of the X-Road central agency when and by whom was the message sent.

  21. Technology: Availability • Distributed system, with minimal number of central services • Secure DNS (DNS-SEC) provides robust, scalable directory service with built-in caching and redundancy • Protocol supports redundant servers and load sharing • Mechanisms against DoS attacks

  22. Technology: Access Control • X-Road core deals only with inter-organizational access control, where access is granted to organization as whole • Organization must ensure that only right people can use this service, by using whatever technical means it sees appropriate • This obligation is enforced by service provisioning contract between the organizations

  23. Two Level Access Control • Balanced use of technical and organizational security measures • The impact to the existing systems was minimized • Biggest success factor of the X-Road

  24. Current Status • In production from 2002 • 65 service providers • 398 service consumers • 30 million transactions on 2006

  25. Future: International Usage? • Independent deployment in other country or domain • Interoperability between countries / domains

  26. Deployment in Other Country • Creation of the Central Agency • Establishing the legal status • Setting up the technical system • Creation of the services • Creation of the consumers

  27. Interoperability • Amendments needed to legal and technical systems • Bilateral agreements between countries • Solutions for certification and directory infrastructure - future research and development needed

  28. Thank you!

More Related