X-Road. egovernment interoperability framework

Similar documents
Interoperability Support systems Nationwide components (Estonia)

Government Service Bus

Data Sheet Netrounds Control Center

MS 20342B: Advanced Solutions of Microsoft Exchange Server 2013

GE Measurement & Control. Cyber Security for NEI 08-09

Advanced Solutions of Microsoft Exchange Server 2013

20342 Advanced Solutions of Microsoft Exchange Server

Embedding digital signature technology to other systems - Estonian practice. Urmo Keskel SK, DigiDoc Product Manager

White Paper. Simplify SSL Certificate Management Across the Enterprise

1. Lifecycle of a certificate

IBM Tivoli Access Manager and VeriSign Managed Strong Authentication Services. Combine resources for one complete online business security solution.

MS Advanced Solutions of Microsoft Exchange Server 2013

SSDG Operational Manual Draft version: 0.1. Operational Manual For SSDG

Enabling the SmartGrid through Cloud Computing

WEB SERVICES SECURITY

The Way to SOA Concept, Architectural Components and Organization

Information Security Basic Concepts

eauthentication in Estonia and beyond Tarvi Martens SK

How to Select the Right Remote Support Tool

Windows 7, Enterprise Desktop Support Technician

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

Patient-Centric Secure-and-Privacy-Preserving Service-Oriented Architecture for Health Information Integration and Exchange

Simplify SSL Certificate Management Across the Enterprise

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

"Charting the Course to Your Success!" MOC D Windows 7 Enterprise Desktop Support Technician Course Summary

API Management: Powered by SOA Software Dedicated Cloud

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

Using Entrust certificates with VPN

Vodafone Total Managed Mobility

Reliable DNS and DHCP for Microsoft Active Directory

GlobalSign Enterprise Solutions

Digital Signatures in Reality. Tarvi Martens SK

Core Solutions of Microsoft Lync Server 2013

Microsoft Exchange Load Balancing. Unique Applied Patent Technology By XRoads Networks

Cisco AON Secure File Transfer Extension Module

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

Manage all your Office365 users and licenses

HOBCOM and HOBLink J-Term

RSA SecurID Two-factor Authentication

Processo Civile Telematico (On-line Civil Trial)

Module 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed.

Reliable DNS and DHCP for Microsoft Active Directory Protecting and Extending Active Directory Infrastructure with Infoblox Appliances

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

Managing and Maintaining a Windows Server 2003 Network Environment

המרכז ללימודי חוץ המכללה האקדמית ספיר. ד.נ חוף אשקלון טל' פקס בשיתוף עם מכללת הנגב ע"ש ספיר

PKI Adoption Case Study (for the OASIS PKIA TC) ClinPhone Complies with FDA Regulations Using PKIbased Digital Signatures

Exploring ADSS Server Signing Services

IDENTITY ANYONE CAN TRUST

Simplify SSL Certificate Management Across the Enterprise

Vistara Lifecycle Management

Device Lifecycle Management

CHAPTER 1 INTRODUCTION

EXCHANGE SERVER 2013 MESSAGING

Egyptian Best Practices Securing E-Services

The IDG 9074 Remote Access Controller

How much do you pay for your PKI solution?

A Framework for egovernment Operations and Research (vs.0.70-mmx)

Course Overview. What You Will Learn

M6419 Configuring, Managing and Maintaining Windows Server 2008 Servers

Module 2: Deploying and Managing Active Directory Certificate Services

Course Outline. Course 20336B: Core Solutions of Microsoft Lync Server Duration: 5 Days

Course Outline. Core Solutions of Microsoft Lync Server 2013 Course 20336B: 5 days Instructor Led. About this Course.

Administering Windows Server 2012

Authentication, Access Control, Auditing and Non-Repudiation

Role Based Identity and Access Management Basic Infrastructure for New Citizen Services and Lean Internal Administration

BT Unified Trading communication. The Future Delivered

Core Solutions of Microsoft Lync Server 2013

Administering Microsoft Exchange Server ; 5 Days, Instructor-led

KIBS Certification Practice Statement for non-qualified Certificates

Presented by Philippe Bogaerts Senior Field Systems Engineer Securing application delivery in the cloud

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS

MS-6421A - Confgure and Troubleshoot a Windows Server 2008 Network Infrastructure

70-685: Enterprise Desktop Support Technician

Service-Oriented Architecture and Software Engineering

Managing Office 365 Identities and Services 20346C; 5 Days, Instructor-led

MS Implementing Active Directory Federation Services 2.0 for Windows Server 2008

How to Select the Right Remote Support Tool:

Configuring and Troubleshooting Identity and Access Solutions with Windows Server 2008 Active Directory

CLOUDSERVICES

Certificate Authority Product Overview Technology White Paper

Course 20336: Core Solutions of Microsoft Lync Server 2013

Course 20346: Managing Office 365 Identities and Services

ADMINISTERING MICROSOFT EXCHANGE SERVER 2016

Cisco UCS Central Software

API-Security Gateway Dirk Krafzig

Quest InTrust. Version 8.0. What's New. Active Directory Exchange Windows

Service Oriented Architecture 1 COMPILED BY BJ

A Technical White Paper

InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures

PortWise Access Management Suite

Installing, Configuring, and Managing a Microsoft Active Directory

WebSphere Portal Server and Web Services Whitepaper

Managing Office 365 Identities and Services

The Estonian ID Card and Digital Signature Concept

Enterprise Solution for Remote Desktop Services System Administration Server Management Server Management (Continued)...

MassTransit vs. FTP Comparison

Transcription:

X-Road egovernment interoperability framework

Serving e-nation over 10 years Backbone of the Estonian egovernment 12 years of active duty, no downtime Over 2000 connected e-services More than 900 connected organizations, public registers and databases Over 350 million transactions in 2013 Survived the first nationwide cyber-attack on the Estonian information infrastructure in 2007

X-road highlights X-Road provides a distributed, secure, unified web-services based inter-organizational data exchange framework. Distributed X-Road is a completely distributed, resilient system with distributed management. X-Road does not centralize the data and does not change the ownership of the data. Heterogeneous X-Road connects information systems built on any IT platform. X-Road does not prescribe any tools and technologies for intra-organizational use. Secure designed to satisfy the security requirements of the inter-organizational communicationby ensuring the: authenticity, integrity and non-repudiation of exchanged data high availability of services confidentiality of exchanged data Reliable the system does not have a single point of failure. All components of the system can be made redundant for high resiliency against failures and attacks. Components that are available over shared or public network employ protective measures against denial of service (DoS) attacks. Federation support X-Road supports Bi-lateral agreements between X-Road Centre s Easy to implement X-Road infrastructure deployment is fast and efficient. Several deployment options are available, including managed infrastructure. Supports heterogeneous environments, including cloud-hosted information systems. Consultation and system support are available for the development of organizational procedures and legal framework. Easy to use X-Road is easy to adapt All communication is based on web-services and can therefore easily used by all developers. Access to all other organizations is unified there is only one API and one set of rules that must be followed by developers. Secure services publication and management requires a minimum effort from the data owner. Automated e-services user interface generation reduces the amount of tedious coding. Remote administration service (optional) X-Road technology can be provided as a fully administered service based on the SaaS (Software as a Service) model.

Overview X-Road is a technology that provides all the necessary components for integration of inter-organizational e-services. X-Road can also be provided in the form of Software as a Service, which is fully managed by Service Provider. Such service makes instant technical implementation possible.

X-ROAD KEY COMPONENTS Implementation of X-Road does not change the ownership or location of the data. The databases and registers will not be centralized. The data will be managed by the same institutions that manage them currently. X-Road just unifies the access to all e-services and allows secure access to data in databases. Each institution is still responsible for the quality of the data and can determine which other institutions have access to its data. X-Road does not limit how the registries and organizations implement their information systems all platforms and hosting models are supported, including cloud-based setups. Interoperability backbone provides unified access to data. In particular, for interoperability backbone: The receiver of the data can prove to third parties the origin and content of the received data (non-repudiation). The system ensures that all data that is exchanged between institutions and travels over wide-area network (either public, shared or private) is encrypted in order to ensure the confidentiality of the data. The system implements access control mechanisms that allow the service providers to control the access to services on the client institution basis. Integrated Service Portals acts as a single window of access to all public e-services The end-user (a person) is authenticated by the portal. The communication with end user is encrypted. The portals for businesses and governmental institutions support the role-based management of user access rights to invoke services. Authentication of users supports all authentication methods. e-services publication & aggregation Citizen Portal Officials Portal Entrepreneurs Portal Organization Organization Legacy or proprietary System Adapter Registry s e-services

Features and Functions of X-Road components e-services publication & aggregation Central Services and Administration Citizen Portal Officials Portal Entrepreneurs Portal Monitoring Service Organization Organization Certification Service Catalogue of e-services Administration Services Legacy or proprietary System Adapter Registry s e-services Features and functions of Security Servers Security Servers are one of two components of X-Road which should be installed, hosted, and managed in the service provider network. As an alternative, Security Server can be provided as a managed access service to X-Road. Main features Security Servers implement a security gateways for web-services. All web-service requests and responses are digitally signed, timestamped, encrypted and archived by security servers. Security Servers implement organizational level access control for web-services. Security Servers encapsulate all of the complexity of highly available PKI-based infrastructrures and provide developers with transparently secured inter-organizational web services. Security Servers provide meta-services for discovering the structure of the infrastructure, including organizations and services. Secure Messaging Security Servers sign all messages they send to other data providers in X-Road. Security Servers verify all messages they receive from other data providers in X-Road. Security Servers log all query responses to the secure log. Administration web-based administrative interface for performing configuration and maintenance tasks management of e-services access rights archival of exchanged web-service requests and responses in digitally signed form all activities in the administrative interface will be recorded in an audit log one server can support multiple organizations built-in diagnostic tools for troubleshooting network and configuration problems

Additional features (optional) X-Road Premium is a security server add-ons that enhance security server manageability and availability. X-Road Centre X-Road Centre is an organization that creates and maintains an X-Road infrastructure instance and offers services to end-users: trusted third party services: certification of security servers, management of secure directory infrastructure, tamper-proof log service for security servers monitoring service health monitoring of security servers, provides warnings to system administrators in case of error conditions e-service usage monitoring for statistical purposes usage monitoring for detection of suspicious activities (such as unwarranted queries to collect confidential information) Certification Authority Certification Authority offers standard certifications services: Issues certificates for digital signature and for web servers Offers certificate validity checking service using OCSP protocol Offers time-stamping service using RFC 3161 protocol Features and functions of Integrated Service Portals Integrated Service Portals provide a single window for users to access all e-services: provision of e-services for citizens, entrepreneurs and public officials instant automatic publication of new services based on the service description (no programming needed) authentication of users via multitude of authentication mechanisms, including smartcards, mobile-id, federated authentication, etc. With the possibility of adding new authentication methods role-based access control for enterpreneurs and public officials Features and functions of Adapter Servers Adapter is optional custom component that implement web-services that will be shared via X-Road. Adapter provide to developer a toolkit which consists of source codes, manuals, and templates for devoloping a necessary adapter. The platform for Adapters can be freely chosen by the organization to suit its existing platform and IT policies. Adapter Servers have been successfully implemented on.net, JEE, Python, various ESB and other platforms.

Technical implementation services: egovernment management consulting: training and education technology provision, installation, configuration technical online support for administrators remote administration consultations for e-service developers development of Adapter Server software support situation assessment and requirement analysis planning egovernment interoperability management consulting and training legal framework consulting development of organizational processes PKI and digital signature implementation consulting Contacts Cybernetica AS Mäealuse 2/1, 12618 Tallinn, Estonia Phone: +372 6397991 E-mail: info@cyber.ee

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information