X-Road - PowerPoint PPT Presentation

About This Presentation
Title:

X-Road

Description:

X-Road Estonian Interoperability Platform Arne Ansper, arne_at_cyber.ee Cybernetica, www.cyber.ee – PowerPoint PPT presentation

Number of Views:101
Avg rating:3.0/5.0
Slides: 29
Provided by: ArneA5
Category:

less

Transcript and Presenter's Notes

Title: X-Road


1
X-Road Estonian Interoperability Platform
  • Arne Ansper, arne_at_cyber.ee
  • Cybernetica, www.cyber.ee

2
Introduction Problem
  • In the beginning of the decade, Estonian
    governmental IT systems suffered from poor
    interconnectivity
  • Establishing new connections between governmental
    databases and systems was time-consuming and
    expensive
  • Department of State Information Systems decided
    to improve the situation and solve the
    interconnectivity problems

3
Introduction Solution
  • Proposed solution
  • Creation of the national middleware that would
    provide unified access to all governmental
    databases
  • Using web services as underlying technology
  • Governmental X-Road program was launched to
    fulfil this vision and to create and run the
    system
  • Cybernetica was contracted to design and build
    the system

4
Introduction Cybernetica
  • Estonian RD company, active in the field of
    information security
  • Data communication security
  • Digital signature and time-stamping technology
  • e-Voting (first parliamentary elections over
    Internet in the world)
  • Development of security critical distributed
    systems
  • Consulting, auditing

5
Goal
  • To build an infrastructure that would
  • allow effortless access to the data in state
    registries
  • without compromising the security of the data and
  • with minimal impact to the existing systems.

6
Background
  • Many registries, all very different, managed and
    developed by different organizations and financed
    separately
  • Many users, most of them are very small
    organizations without security knowledge and with
    a very small IT budget
  • High security requirements. Registries contain
    personal data that is in some cases used to make
    high value decisions and in some cases needed in
    real time

7
Unification Requirements
  • Unified legal framework
  • Unified security measures the initial cost of
    implementing the security measures will be
    amortized across all the state registry
    connections
  • Unified API all applications must be able to
    access all state registries in a similar way
  • Unified installation and management all
    installations should look like same

8
Security Requirements
  • Required security properties by priority
  • Evidentiary value, authenticity, integrity
  • Availability
  • Confidentiality

9
Security Requirements
  • All applications required authenticity, integrity
    and assurance that it is possible to proof to the
    third party the origin of some data, received
    over X-Road
  • In addition, it was envisioned that X-Road would
    be used by time-critical applications, like for
    performing the checks on the border. So,
    availability was next in the list of priorities
  • And finally, the confidentiality was required in
    most, but not all cases

10
Approach to Solution
  • Develop system for highest security requirements
  • That could be used by smallest organizations
  • Encapsulate the complexity
  • Provide functionality

11
Components of the Solution
  • X-Road is
  • Organization
  • Legislation
  • Infrastructure
  • Technology

12
Central Agency
  • X-Road has central agency that ensures its
    operation
  • Ensures the legal status of the X-Road and the
    information exchanged via it, by enforcing the
    stated policies
  • Responsible for steering the further development
    of the X-Road and ensuring its consistency and
    integrity

13
Central Services
  • Certification authority
  • Directory service
  • Time-stamping service
  • Monitoring service - detecting security breaches,
    collecting the statistics
  • Web-based portal for citizens and smaller
    organizations - access to services in a simple
    and centralized way

14
Infrastructure
  • Based on web services - well supported,
    easy-to-use, vendor and platform neutral message
    exchange protocol
  • SOAP and XMLRPC, with two-way transliteration
  • Synchronous and asynchronous operation
  • SOAP attachments
  • X-Road servers can process messages with
    unlimited size

15
Infrastructure
  • Meta-services that can be used to find out the
    structure and properties of the system
  • List of other organizations
  • List of services
  • Formal description of the services for automatic
    generation of the user interfaces

16
Infrastructure
17
Infrastructure
18
Infrastructure
19
Technology Deployment
  • Self-contained standardized monofunctional
    server
  • Common PC hardware
  • Free software
  • GNU/Debian Linux based
  • Automated installer for Linux and X-Road
  • Minimal GUI
  • Built-in patching system
  • Cheap and easy to install and run
  • At the same time - secure

20
Technology Evidentiary Value
  • All outgoing messages are signed
  • All incoming messages are logged and time-stamped
  • Message receiver can later prove with the help of
    the X-Road central agency when and by whom was
    the message sent.

21
Technology Availability
  • Distributed system, with minimal number of
    central services
  • Secure DNS (DNS-SEC) provides robust, scalable
    directory service with built-in caching and
    redundancy
  • Protocol supports redundant servers and load
    sharing
  • Mechanisms against DoS attacks

22
Technology Access Control
  • X-Road core deals only with inter-organizational
    access control, where access is granted to
    organization as whole
  • Organization must ensure that only right people
    can use this service, by using whatever technical
    means it sees appropriate
  • This obligation is enforced by service
    provisioning contract between the organizations

23
Two Level Access Control
  • Balanced use of technical and organizational
    security measures
  • The impact to the existing systems was minimized
  • Biggest success factor of the X-Road

24
Current Status
  • In production from 2002
  • 65 service providers
  • 398 service consumers
  • 30 million transactions on 2006

25
Future International Usage?
  • Independent deployment in other country or domain
  • Interoperability between countries / domains

26
Deployment in Other Country
  • Creation of the Central Agency
  • Establishing the legal status
  • Setting up the technical system
  • Creation of the services
  • Creation of the consumers

27
Interoperability
  • Amendments needed to legal and technical systems
  • Bilateral agreements between countries
  • Solutions for certification and directory
    infrastructure - future research and development
    needed

28
Thank you!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "X-Road " is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!