presentation by heiko vainsalu - x-tee seminar...
TRANSCRIPT
Theory or Practice
• State portal eesti.ee
Services are opened to RIA
Clients are citizens and enterpreneurs
• Gateways for pharmacies and GPs (based on MISP)
Services are opened to Eesti E-Tervise SA
Clients are pharmacists and GPs
• What services have found alternatives as X-Road membership is not reachable?
Extend X-Road Reach
• … to clients who are not able to be X-Road members
• … to clients who must not be X-Road members
• … to clients who technically don't qualify for membership (no
information system)
A Mediator …
• Is X-Road member
• Is Registered as mediator (has informed
other members of being a mediator)
• Has declared the methods how third parties
are authenticated for mediation
• Has declared how mediated parties can
access X-Road message log
A Mediator Is Not Security Server
IaaS provider
Organization
IaaS provider
SS
ERP
Good Old „allasutus“
It's the same as "allasutus/unit" in older X-Road message protocols...
... with improved regulation.
What would be expectations/requirements for a mediator?
What’s Up?
Regulation in the government – in September
Confusion with flavours of eSeal:
eSeal, Advanced eSeal, Advanced eSeal with qualified certificates, Qualified eSeal
Qualified certificates ensures organization authenticity and acceptance in cross
border situations
Trust Services quantity on X-Road…
Timeline…
Trust Services Quantities and Pricing
• AUTH certificate
1 per security server
1 per member (client) of security server
• OCSP service (top up for existing service)
up to 1000 service calls per month per certificate
top up current OCSP contract
• Timestamping
up to 1000 service calls per security server per month
might use more
No dependencies on:
• number of partners
• number of services
• number of transactions
Monthly Cost estimate (without investments)
• 1 security server for 1 member: 140€ (+VAT)
• Small hosting (2 servers, 20 clients): 70€/member (+VAT)
• Big hosting (3 servers, 150 clients): 23€/member (+VAT)
Timeline
• In production: RIA/aar
• In the pipeline RIK / Haigekassa / RIA / SMIT
• October the 3rd
v5 membership read only
• Info Event (estim. December 2016) • March the 31st
removing members from old central server
• May the 31st
shutdown of v5 environment
Do's and do not's
• Don't change data service structure/functionality
• Do rethink information system landscape and define
required subsystems
• Do publish to Your partners (and RIA) the schedule of
transition
• Do inform Your partners (and RIA) if some services shall
not follow the transition
Terminology
• X-Road – Technology and Ideology • X-tee – Estonian X-Road Instance • Palveluväylä – Finnish X-Road Instance
WIP Estimated contract: end of 2016
What’s In It For Members?
Changes:
• new member classes (of other instance)
• other security context and regulation
• other service catalogue
How to be informed?
Tools and Content
Portal http://community.x-road.eu | http://jointxroad.github.io GitHub https://github.com/jointxroad • Components • Patterns • Examples • Etc. Slack https://jointxroad.slack.com/messages
X-Road Trainings • Learning material for X-Road security server administrator • X-Road Webservice Developer Trainings (X-tee liideste arendajate koolitused)
The learning material for X-Road security server administrator
https://moodle.ria.ee/
• in English
• in Estonian
Pilot trainings
About the training:
• 2 pilot trainings: 2th and 5th August (est/eng) • Participants 20 + 16 • The training hold by Mr. Toomas Vann (JukuLab OÜ) • Before the training needed to prepare theory chapters I-XI and XXVI • Infrastructure requirements:
laptop (pre-downloaded Ubuntu 14.04.4 LTS server image), Virtualization software if needed (VirtualBox for example), Free disk space (at least 10GB).
Topics • Theory:
Why X-Road?
What is X-Road?
What is X-Road composed of?
Hints to responsibilities
• Practice:
Step-by-step installation of X-Road Security server
Configuration of X-Road server
Everyday upkeep and problem solving
• Discussion on e-learning materials for improvements
• Test
X-Road Webservice Developer Trainings
• Traditional developer training
• Oriented for class room trainings
• X-Road relevant approach
• 6 trainings in Estonia in Estonian estim. in March (3) and in April (3)
• Agreement signed (Tallinna Tehnikaülikool)
Output for trainee
The training must provide to the trainee the following results:
• Understands how X-Road works
• Understands service based approach
• Knows where to find and how to use X-Road web services descriptions
• Can work with SOAP messages
• Can implement, deploy and configure services in security server
• Knows where to find additional information
Ecosystem Quality
• 2/3 of services are not described OK/NOK?
• 50% of described services are not up to date OK/NOK?
The privilege for free service descriptions, has it been abused?
Security Context
Goal: X-Road can be used as communication channel for open services Security context changes? Security context switches... • Trust Federation • Non confidential public data • Other channels for data exchange
Thank You! Please fill in feedback forms
http://ria.ee/x-tee/fact#eng The learning materials of the X-Road have been compiled with funding from the structural funds support scheme “Raising Public Awareness about the Information Society” of the European Regional Development Fund.