Mediators / Vahendajad 25.08.2016

Heiko Vainsalu

Theory or Practice

• State portal eesti.ee

Services are opened to RIA

Clients are citizens and enterpreneurs

• Gateways for pharmacies and GPs (based on MISP)

Services are opened to Eesti E-Tervise SA

Clients are pharmacists and GPs

• What services have found alternatives as X-Road membership is not reachable?

Extend X-Road Reach

• … to clients who are not able to be X-Road members

• … to clients who must not be X-Road members

• … to clients who technically don't qualify for membership (no

information system)

A Mediator …

• Is X-Road member

• Is Registered as mediator (has informed

other members of being a mediator)

• Has declared the methods how third parties

are authenticated for mediation

• Has declared how mediated parties can

access X-Road message log

A Mediator Is Not Security Server

IaaS provider

Organization

IaaS provider

SS

ERP

Good Old „allasutus“

It's the same as "allasutus/unit" in older X-Road message protocols...

... with improved regulation.

What would be expectations/requirements for a mediator?

X-Road v6 Transition

What’s Up?

Regulation in the government – in September

Confusion with flavours of eSeal:

eSeal, Advanced eSeal, Advanced eSeal with qualified certificates, Qualified eSeal

Qualified certificates ensures organization authenticity and acceptance in cross

border situations

Trust Services quantity on X-Road…

Timeline…

Trust Services Quantities and Pricing

• AUTH certificate

1 per security server

1 per member (client) of security server

• OCSP service (top up for existing service)

up to 1000 service calls per month per certificate

top up current OCSP contract

• Timestamping

up to 1000 service calls per security server per month

might use more

No dependencies on:

• number of partners

• number of services

• number of transactions

Monthly Cost estimate (without investments)

• 1 security server for 1 member: 140€ (+VAT)

• Small hosting (2 servers, 20 clients): 70€/member (+VAT)

• Big hosting (3 servers, 150 clients): 23€/member (+VAT)

Timeline

• In production: RIA/aar

• In the pipeline RIK / Haigekassa / RIA / SMIT

• October the 3rd

v5 membership read only

• Info Event (estim. December 2016) • March the 31st

removing members from old central server

• May the 31st

shutdown of v5 environment

Do's and do not's

• Don't change data service structure/functionality

• Do rethink information system landscape and define

required subsystems

• Do publish to Your partners (and RIA) the schedule of

transition

• Do inform Your partners (and RIA) if some services shall

not follow the transition

Trust Federation of X-tee and Palveluväylä

Terminology

• X-Road – Technology and Ideology • X-tee – Estonian X-Road Instance • Palveluväylä – Finnish X-Road Instance

WIP Estimated contract: end of 2016

What’s In It For Members?

Changes:

• new member classes (of other instance)

• other security context and regulation

• other service catalogue

How to be informed?

Joint X-Road Community (Credit To Karri Niemelä)

Tools and Content

Portal http://community.x-road.eu | http://jointxroad.github.io GitHub https://github.com/jointxroad • Components • Patterns • Examples • Etc. Slack https://jointxroad.slack.com/messages

X-Road Trainings • Learning material for X-Road security server administrator • X-Road Webservice Developer Trainings (X-tee liideste arendajate koolitused)

The learning material for X-Road security server administrator

https://moodle.ria.ee/

• in English

• in Estonian

Pilot trainings

About the training:

• 2 pilot trainings: 2th and 5th August (est/eng) • Participants 20 + 16 • The training hold by Mr. Toomas Vann (JukuLab OÜ) • Before the training needed to prepare theory chapters I-XI and XXVI • Infrastructure requirements:

laptop (pre-downloaded Ubuntu 14.04.4 LTS server image), Virtualization software if needed (VirtualBox for example), Free disk space (at least 10GB).

Topics • Theory:

Why X-Road?

What is X-Road?

What is X-Road composed of?

Hints to responsibilities

• Practice:

Step-by-step installation of X-Road Security server

Configuration of X-Road server

Everyday upkeep and problem solving

• Discussion on e-learning materials for improvements

• Test

X-Road Webservice Developer Trainings

• Traditional developer training

• Oriented for class room trainings

• X-Road relevant approach

• 6 trainings in Estonia in Estonian estim. in March (3) and in April (3)

• Agreement signed (Tallinna Tehnikaülikool)

Output for trainee

The training must provide to the trainee the following results:

• Understands how X-Road works

• Understands service based approach

• Knows where to find and how to use X-Road web services descriptions

• Can work with SOAP messages

• Can implement, deploy and configure services in security server

• Knows where to find additional information

Management Of X-Road

Ecosystem Quality

• 2/3 of services are not described OK/NOK?

• 50% of described services are not up to date OK/NOK?

The privilege for free service descriptions, has it been abused?

Security Categories

Security Context

Goal: X-Road can be used as communication channel for open services Security context changes? Security context switches... • Trust Federation • Non confidential public data • Other channels for data exchange

Thank You! Please fill in feedback forms

http://ria.ee/x-tee/fact#eng The learning materials of the X-Road have been compiled with funding from the structural funds support scheme “Raising Public Awareness about the Information Society” of the European Regional Development Fund.