Mediators / Vahendajad

Teema esitlus: "Mediators / Vahendajad"— Esitluse väljavõte:

1 Mediators / Vahendajad
Heiko Vainsalu

2 Theory or Practice State portal eesti.ee Services are opened to RIA
Clients are citizens and enterpreneurs Gateways for pharmacies and GPs (based on MISP) Services are opened to Eesti E-Tervise SA Clients are pharmacists and GPs What services have found alternatives as X-Road membership is not reachable?

3 Extend X-Road Reach … to clients who are not able to be X-Road members
… to clients who must not be X-Road members … to clients who technically don't qualify for membership (no information system)

4 A Mediator … A Mediator Is Not Security Server IaaS provider
Is X-Road member Is Registered as mediator (has informed other members of being a mediator) Has declared the methods how third parties are authenticated for mediation Has declared how mediated parties can access X-Road message log Organization ERP IaaS provider SS

5 Good Old „allasutus“ It's the same as "allasutus/unit" in older X-Road message protocols with improved regulation. What would be expectations/requirements for a mediator?

6 X-Road v6 Transition

7 What’s Up? Regulation in the government – in September
Confusion with flavours of eSeal: eSeal, Advanced eSeal, Advanced eSeal with qualified certificates, Qualified eSeal Qualified certificates ensures organization authenticity and acceptance in cross border situations Trust Services quantity on X-Road… Timeline… Kvalifitseeritud e-allkiri (võrdne käsitsi antud allkirjaga) – põhineb kvalifitseeritud sertifikaadil (mis on olnud kehtiv allkirjastamise ajal) ning antud turvalise vahendiga (kiipkaaart jms.) = meie digitaalallkiri. Täiustatud e-allkiri kvalifitseeritud serdiga – igasugu soft-serdiga jmt. allkirjad, mis tekitavad tõsiseltvõetava seose allkirjastatud asja ja allkirja andja vahel, serdi kehtivuse kontroll allkirjastamisel ei ole tingimata nõutav. Täiustatud e-allkiri – sama, kuid sert pole kvalifitseeritud. Lihtsalt e-allkiri – igasugu vigurid, mida ka hea fantaasia korral e-allkirjaks annab nimetada (pulgaga ekraanil antud vmt.)

8 Trust Services Quantities and Pricing
AUTH certificate 1 per security server 1 per member (client) of security server OCSP service (top up for existing service) up to 1000 service calls per month per certificate top up current OCSP contract Timestamping up to 1000 service calls per security server per month might use more No dependencies on: number of partners number of services number of transactions Monthly Cost estimate (without investments) 1 security server for 1 member: 140€ (+VAT) Small hosting (2 servers, 20 clients): 70€/member (+VAT) Big hosting (3 servers, 150 clients): 23€/member (+VAT)

9 Timeline In production: RIA/aar
In the pipeline RIK / Haigekassa / RIA / SMIT October the 3rd v5 membership read only Info Event (estim. December 2016) March the 31st removing members from old central server May the 31st shutdown of v5 environment Do's and do not's Don't change data service structure/functionality Do rethink information system landscape and define required subsystems Do publish to Your partners (and RIA) the schedule of transition Do inform Your partners (and RIA) if some services shall not follow the transition

10 Trust Federation of X-tee and Palveluväylä

11 Terminology X-Road – Technology and Ideology
X-tee – Estonian X-Road Instance Palveluväylä – Finnish X-Road Instance WIP Estimated contract: end of 2016

12 What’s In It For Members?
Changes: new member classes (of other instance) other security context and regulation other service catalogue How to be informed? Kvalifitseeritud e-allkiri (võrdne käsitsi antud allkirjaga) – põhineb kvalifitseeritud sertifikaadil (mis on olnud kehtiv allkirjastamise ajal) ning antud turvalise vahendiga (kiipkaaart jms.) = meie digitaalallkiri. Täiustatud e-allkiri kvalifitseeritud serdiga – igasugu soft-serdiga jmt. allkirjad, mis tekitavad tõsiseltvõetava seose allkirjastatud asja ja allkirja andja vahel, serdi kehtivuse kontroll allkirjastamisel ei ole tingimata nõutav. Täiustatud e-allkiri – sama, kuid sert pole kvalifitseeritud. Lihtsalt e-allkiri – igasugu vigurid, mida ka hea fantaasia korral e-allkirjaks annab nimetada (pulgaga ekraanil antud vmt.)

13 Joint X-Road Community
(Credit To Karri Niemelä)

14

15 Tools and Content Portal | GitHub Components Patterns Examples Etc. Slack

16 X-Road Trainings Learning material for X-Road security server administrator X-Road Webservice Developer Trainings (X-tee liideste arendajate koolitused)

17 The learning material for X-Road security server administrator
in English in Estonian

18 Pilot trainings About the training:
2 pilot trainings: 2th and 5th August (est/eng) Participants The training hold by Mr. Toomas Vann (JukuLab OÜ) Before the training needed to prepare theory chapters I-XI and XXVI Infrastructure requirements: laptop (pre-downloaded Ubuntu LTS server image), Virtualization software if needed (VirtualBox for example), Free disk space (at least 10GB).

19 Topics Theory: Why X-Road? What is X-Road? What is X-Road composed of?
Hints to responsibilities Practice: Step-by-step installation of X-Road Security server Configuration of X-Road server Everyday upkeep and problem solving Discussion on e-learning materials for improvements Test

20 X-Road Webservice Developer Trainings
Traditional developer training Oriented for class room trainings X-Road relevant approach 6 trainings in Estonia in Estonian estim. in March (3) and in April (3) Agreement signed (Tallinna Tehnikaülikool) Koolituse eesmärk on tõsta arendajate oskusi ja teadmisi X-tee liideste arendamisest. Sihtgrupp: X-tee liideste arendajad. Üks konkreetne koolitus viiakse läbi konkreetsel tehnoloogilisel platvormil.Koolitusmaterjalid valmistatakse ette koolitusteks nii JAVA kui ka .NET platvormil. Õpiväljundid Koolituse läbinu: • mõistab x-tee toimimist • mõistab teenusepõhist arhitektuuri • oskab leida X-tee teenuse WSDLi; • oskab lugeda SOAP sõnumeid • oskab realiseeritud teenuse paigaldada ja turvaserveris häälestada • teab, kust leida infot x-tee kohta Koolituse maht Koolituse maht 16 akadeemilist tundi jaotatuna kahele koolituspäevale Optimaalne koolitatavate arv ühel koolitusel on10, maksimaalne 12 osalejat.

21 Output for trainee The training must provide to the trainee the following results: Understands how X-Road works Understands service based approach Knows where to find and how to use X-Road web services descriptions Can work with SOAP messages Can implement, deploy and configure services in security server Knows where to find additional information TEOREETILINE OSA Moodul 1 · X-tee: mis? mIlleks? kellele? · X-tee seletaja (animatsiooni link · X-tee kui riigi selgroog · X-tee turvalisus · X-tee on hajusus · X-tee areng läbi versioonide · vajadus uuele versioonile üleminekuks · lühiülevaade peamistest erinevustest X-tee versioonide 5 ja 6 vahel · Kontrolltest Vajalikud viited: Oodatav tulemus: · mõistab X-tee toimimist. Moodul 2 · Teenustepõhine arhitektuur · SOA struktuur ja rakendamine X-teel · Omadused/eelised · Teenuste projekteerimise alused · Liidestumise mustrid ja metoodika Open SOA Collaboration. · mõistab, mis on teenuspõhise arhitektuuri omadused/eelised; · mõistab teenuste projekteerimise aluseid, oskab kasutada mustreid. Moodul 3 · X-tee sõnumi struktuur ja selle kirjeldus · SOAP protokolli kirjeldus · X-tee ver 6 seotud muudatused: · · Päiste muudatused · · Muudatused seoses hierarhiliste identifikaatoritega · · Sõnumiprotokolli muudatused · Andmekogu WSDL · Tehnilise lahenduse kvaliteet · WSDL valideerimisreeglid · Skeemide kasutamine

22 Management Of X-Road

23 Ecosystem Quality 2/3 of services are not described OK/NOK?
50% of described services are not up to date The privilege for free service descriptions, has it been abused?

24 Security Categories

25 Security Context Goal: X-Road can be used as communication channel for open services Security context changes? Security context switches... Trust Federation Non confidential public data Other channels for data exchange

26 Thank You! Please fill in feedback forms http://ria.ee/x-tee/fact#eng
The learning materials of the X-Road have been compiled with funding from the structural funds support scheme “Raising Public Awareness about the Information Society” of the European Regional Development Fund.

27 X-Road makes the distributed state information system manageable
On a wider scale, such distributes data exchange provides: - Overview and control concerning the participants of the ecosystem and the kind of functions/services offered there. However, no party of the ecosystem has too much strength. Overview of activity between parties: central monitoring concerning meta data of services provides an overview of the connections between parties/members (who is connected to whom and to what extent data is exchanged) Interoperability Universal interoperability is ensured between different members of the X-Road Improving the ecosystem - Provides an opportunity to implement other support systems that help improve the ecosystem (security measures, catalogue of business services and data, etc.) Resource efficiency There is no need to create separate data exchange platforms in different fields, the X- Road can be used across all fields of activity.

28