X-Road
SeRvinG e-nation oveR 10 yeaRS
Backbone
of the Estonian eGovernment
12 years
of active duty, no downtime
Over
2000 connected e-services
More than
900
connected organizations, public registers and databases
Over
350 million transactions
in 2013
Survived the first nationwide cyber-attack on the Estonian information
infrastructure in 2007
X-Road hiGhliGhtS
X-Road / eGovernment interoperability framework
X-Road provides a distributed, secure, unified web-services based inter-organizational
data exchange framework.
Distributed – X-road is a completely distributed, resilient system with distributed management. X-road does not centralize the data and does not change the ownership of the data.
Heterogeneous – X-road connects information systems built on any it platform. X-road does not prescribe any tools and technologies for intra-organizational use.
Secure – designed to satisfy the security requirements of the inter-organizational communicationby ensuring the: authenticity, integrity and non-repudiation of exchanged data
high availability of services confidentiality of exchanged data
Reliable – the system does not have a single point of failure. all components of the system can be made redundant for high resiliency against failures and attacks. Components that are available over shared or public network employ protective measures against denial of service (DoS) attacks.
Federation support – X-road supports bi-lateral agreements between X-road Centre’s
Easy to implement – X-road infrastructure deployment is fast and efficient. Several deployment options are available, including managed infrastructure. Supports heterogeneous environments, including cloud-hosted information systems.
Consultation and system support are available for the development of organizational procedures and legal framework.
Easy to use – X-road is easy to adapt
all communication is based on web-services and can therefore easily used by all developers. access to all other organizations is unified – there is only one api and one set of rules that must be followed by developers.
Secure services publication and management requires a minimum effort from the data owner. automated e-services user interface generation reduces the amount of tedious coding.
Remote administration service (optional) – X-road technology can be provided as a fully administered service based on the SaaS (Software as a Service) model.
oveRview
X-Road is a technology that provides all the necessary
components for integration of inter-organizational e-services.
X-Road can also be provided in the form of Software
as a Service, which is fully managed by Service Provider.
Such service makes instant technical implementation possible.
X-Road / eGovernment interoperability framework
X-ROAD KEY COMPONENTS
implementation of X-road does not change the ownership or location of the data. the databases and registers will not be centralized. the data will be managed by the same institutions that manage them currently. X-road just unifies the access to all e-services and allows secure access to data in databases. each institution is still responsible for the quality of the data and can determine which other institutions have access to its data. X-road does not limit how the registries and organizations implement their information systems – all platforms and hosting models are supported, including cloud-based setups.
Interoperability backbone – provides unified access to data. in particular, for interoperability backbone:
the receiver of the data can prove to third parties the origin and content of the received data (non-repudiation). the system ensures that all data that is exchanged between institutions and travels over wide-area network (either public, shared or private) is encrypted in order to ensure the confidentiality of the data.
the system implements access control mechanisms that allow the service providers to control the access to services on the client institution basis.
Integrated Service Portals – acts as a single window of access to all public e-services the end-user (a person) is authenticated by the portal.
the communication with end user is encrypted.
the portals for businesses and governmental institutions support the role-based management of user access rights to invoke services.
authentication of users – supports all authentication methods.
Citizen Portal
Legacy or proprietary System
Adapter Registry’s e-services Officials Portal SECURITY GATEWAY
SECURITY GATEWAY SECURITY GATEWAY Entrepreneurs
Portal
e-SeRviceS publication & aGGReGation
featuReS and functionS
of X-Road componentS
centRal SeRviceS and adminiStRation MONITORING SERvICE CERTIFICATION SERvICE CATALOGUE OF E-SERvICES ADMINISTRATION SERvICES Citizen Portal Legacy or proprietary SystemAdapter Registry’s e-services
Officials Portal SECURITY GATEWAY
SECURITY GATEWAY SECURITY GATEWAY Entrepreneurs
Portal
e-SeRviceS publication & aGGReGation
oRGanization oRGanization
FEATURES AND FUNCTIONS OF SECURITY SERvERS
Security Servers are one of two components of X-road which should be installed, hosted, and managed in the service provider network. as an alternative, Security Server can be provided as a managed access service to X-road.
Main features
Security Servers implement a security gateways for web-services. all web-service requests and responses are digitally signed, timestamped, encrypted and archived by security servers.
Security Servers implement organizational level access control for web-services.
Security Servers encapsulate all of the complexity of highly available pki-based infrastructrures and provide developers with transparently secured inter-organizational web services.
Security Servers provide meta-services for discovering the structure of the infrastructure, including organizations and services.
Secure Messaging
Security Servers sign all messages they send to other data providers in X-road. Security Servers verify all messages they receive from other data providers in X-road. Security Servers log all query responses to the secure log.
Administration
web-based administrative interface for performing configuration and maintenance tasks
management of e-services access rights
archival of exchanged web-service requests and responses in digitally signed form all activities in the administrative interface will be recorded in an audit log one server can support multiple organizations
X-Road / eGovernment interoperability framework
FEATURES AND FUNCTIONS OF INTEGRATED SERvICE PORTALS
Integrated Service Portals provide a single window for users to access all e-services: provision of e-services for citizens, entrepreneurs and public officials
instant automatic publication of new services based on the service description (no programming needed) authentication of users via multitude of authentication mechanisms, including smartcards, mobile-iD, federated authentication, etc. with the possibility of adding new authentication methods
role-based access control for enterpreneurs and public officials
FEATURES AND FUNCTIONS OF ADAPTER SERvERS
adapter is optional custom component that implement web-services that will be shared via X-road.
adapter provide to developer a toolkit which consists of source codes, manuals, and templates for devoloping a necessary adapter.
the platform for adapters can be freely chosen by the organization to suit its existing platform and it policies. adapter Servers have been successfully implemented on .net, Jee, python, various eSb and other platforms.
X-ROAD CENTRE
X-road Centre is an organization that creates and maintains an X-road infrastructure instance and offers services to end-users:
trusted third party services: certification of security servers, management of secure directory infrastructure, tamper-proof log service for security servers
monitoring service – health monitoring of security servers, provides warnings to system administrators in case of error conditions
e-service usage monitoring – for statistical purposes
usage monitoring for detection of suspicious activities (such as unwarranted queries to collect confidential information)
CERTIFICATION AUTHORITY
Certification authority offers standard certifications services: issues certificates for digital signature and for web servers offers certificate validity checking service using oCSp protocol offers time-stamping service using rfC 3161 protocol
Additional features (optional)
TECHNICAL IMPLEMENTATION SERvICES:
training and education
technology provision, installation, configuration technical online support for administrators remote administration
consultations for e-service developers development of adapter Server software support
EGOvERNMENT MANAGEMENT CONSULTING:
situation assessment and requirement analysis planning
eGovernment interoperability management consulting and training
legal framework consulting
development of organizational processes
pki and digital signature implementation consulting
