SlideShare uma empresa Scribd logo

X-Road as a Platform to Exchange MyData

Petteri Kivimäki
Petteri Kivimäki

X-Road is an open source data exchange layer solution used by the national governments in Estonia and Finland. This presentation explains a concept how X-Road can be used as a technical platform to exchange MyData. In addition to the technology, also common principles and guidelines required by the concept are discussed.

Internet
1 de 15
Baixar para ler offline
X-Road as a Platform to Exchange MyData PETTERI KIVIMÄKI, CTO 29TH AUGUST 2018
Table of Contents u MyData Roles u How Does X-Road Work? u X-Road as a Technical Platform for MyData u MyData via X-Road u What X-Road Does and Does Not Provide
MyData Roles Digital Identity MyData Operator Data Consent Consent Individual Consent • Individual – a person who authorizes data flows with consent. • MyData Operator – provides a MyData accounts that enable digital consent management. • Data Source – provides data about individuals. • Data Using Service – uses the data provided by data sources. Data Source Data Using Service Access Logs
How Does X-Road Work? Security Server Security Server Service Consumer Service Provider Signature and time-stamping of messages, logging Verify incoming messages, time-spamping, logging, access rights Central Services Registry of trusted parties (organizations, servers) Trust Services Validity of certificates (auth, sign) Time-stamping of messages X-Road Core Trust Services
X-Road as a Technical Platform for MyData Digital Identity MyData Operator Access Logs Consent Consent Individual Access Logs X-Road Security Server Data • Both consent and data are transferred via X-Road. • X-Road logs all the requests and the logs are used for providing a centralized view to access logs where the individual can see who has accessed his or her data. • X-Road provides • Organization level authentication • Machine to machine authentication • Standardized messaging model • Non-repudiation of messages • Access rights management • Address management and message routing • Transportation level encryption. Data Source Data Using Service
MyData via X-Road Security Server Security Server Data Source 3. Check access rights (global group) MyData Operator 1. Check consent (*) 4. Return response 2. Send request Access logs (*) Data Using Service 3.1 Check consent (*) (optional) Access logs (*) * Checking consents and transfering access logs is done via X-Road. All the registered data using services have access to all the registered data sources. Consents are used for managing authorizations to access the data of individuals.
MyData via X-Road u Consents are managed by the MyData Operator. u Every data source and data using service must implement the required MyData APIs and enable their services to be connected with MyData accounts. u X-Road client/service identifier must be stored by the MyData Operator. u Access rights to data sources are managed using X-Road global groups that are centrally managed by the X-Road operator. u Registered data using services are added as members of the global group by the X-Road operator. u Data sources grant the MyData global group access to their MyData services – all the members of the group then have access to the services.
MyData via X-Road u All the registered data using services have access to all the registered data sources. Consents are used for managing authorizations to access the data of individuals. u Data using service is responsible for checking the consent before sending a request. u No consent is found => no request is sent. u Consent is found => request is sent and the ID of the consent is included in the request (with other required parameters, e.g. user ID). u Data source trusts the data using service and does not re-check the validity of the consent. u Alternatively, data source may re-check the validity of the consent. Increases trust – and overhead.
MyData via X-Road u All the requests and responses are logged by X-Road. u Information related to MyData requests/responses (consent ID, data using service, data source, user ID identifying the individual, date/time etc.) is made accessible to the MyData Operator. u Individuals can view who has accessed their information through their MyData account. u Unauthorized use of individuals’ data can be automatically detected by analyzing the logs and is subject to penalties, e.g. exclusion from the service etc.
MyData via X-Road MyData Operator Data SourceData Using Service Central Server • Register data using service (subsystem): FI.COM.12345-6.Client • Add subsystem to MyData Clients global group • Publish data source: FI.COM.65432-1.Service.getData.v1 • Register data using service: FI.COM.12345-6.Client • Register data source: FI.COM.65432-1.Service.getData.v1 Certification Authority (CA) Security Server Security Server• Get auth and sign certificates. • Check validity. FI.COM.12345-6.Client FI.COM.65432-1.Service.getData.v1 MyData Clients (global group): FI.COM.12345-6.Client FI.GOV.XXXX.XXX FI.COM.XXXX.XXX . . Grant MyData Clients access to: FI.COM.65432-1.Service.getData.v1
MyData Account and Consents ID Individual Data Using Service Data Source User ID Validity Label Consent ID – random string Social security number X-Road client identifier of the data using service X-Road service identifier of the data source The ID identifying the individual in the data source, e.g. social security number, Facebook ID, Google ID etc. The period when the consent is valid. Example 619KOZDLS2 121275-123A FI.COM.12345-6.Client FI.COM.65432-1.Service.getData.v1 121275-123A 1.3.2018-31.12.2018 u Individuals manage consents through a MyData account. u X-Road identifiers are used for identifyind the data using service and data source (not visible to the user). u If social media user ID is used, the social media account must be confirmed and linked to the MyData account. In addition, the data source must define the ID that’s used for identifying the user. By default social security number is used.
X-Road Provides u Organization level authentication u Machine to machine authentication u Standardized messaging model u Non-repudiation of messages u Logging of messages u Access rights management u Address management and message routing u Transportation level encryption.
X-Road Does Not Provide u Semantic interoperability u Common business data models u Standardized business APIs u Implementation of the MyData Operator u Consent verification.
Questions?
WWW.NIIS.ORG petteri.kivimaki@niis.org +372 7130 802

Recomendados

X-Road – Open Source Data Exchange Layer
X-Road – Open Source Data Exchange LayerX-Road – Open Source Data Exchange Layer
X-Road – Open Source Data Exchange LayerNordic APIs
 
Introduction to DDS
Introduction to DDSIntroduction to DDS
Introduction to DDSRick Warren
 
Using Performance Insights to Optimize Database Performance (DAT402) - AWS re...
Using Performance Insights to Optimize Database Performance (DAT402) - AWS re...Using Performance Insights to Optimize Database Performance (DAT402) - AWS re...
Using Performance Insights to Optimize Database Performance (DAT402) - AWS re...Amazon Web Services
 
Graph based real-time inventory and topology for network automation - webinar...
Graph based real-time inventory and topology for network automation - webinar...Graph based real-time inventory and topology for network automation - webinar...
Graph based real-time inventory and topology for network automation - webinar...Neo4j
 
DNS AND DDNS
DNS AND DDNSDNS AND DDNS
DNS AND DDNSVirendra thakur
 
A10 Capabilities Overview(2015-05-29)
A10 Capabilities Overview(2015-05-29)A10 Capabilities Overview(2015-05-29)
A10 Capabilities Overview(2015-05-29)David Ayoub
 
How to build a powerfull open source soc4
How to build a powerfull open source soc4How to build a powerfull open source soc4
How to build a powerfull open source soc4Jaime Restrepo
 
Content Localization Exercise in Telekom Malaysia by MUSLINA DEVI Nurhemdi
Content Localization Exercise in Telekom Malaysia by MUSLINA DEVI NurhemdiContent Localization Exercise in Telekom Malaysia by MUSLINA DEVI Nurhemdi
Content Localization Exercise in Telekom Malaysia by MUSLINA DEVI NurhemdiMyNOG
 

Recomendados

X-Road – Open Source Data Exchange Layer
X-Road – Open Source Data Exchange LayerX-Road – Open Source Data Exchange Layer
X-Road – Open Source Data Exchange LayerNordic APIs
 
Introduction to DDS
Introduction to DDSIntroduction to DDS
Introduction to DDSRick Warren
 
Using Performance Insights to Optimize Database Performance (DAT402) - AWS re...
Using Performance Insights to Optimize Database Performance (DAT402) - AWS re...Using Performance Insights to Optimize Database Performance (DAT402) - AWS re...
Using Performance Insights to Optimize Database Performance (DAT402) - AWS re...Amazon Web Services
 
Graph based real-time inventory and topology for network automation - webinar...
Graph based real-time inventory and topology for network automation - webinar...Graph based real-time inventory and topology for network automation - webinar...
Graph based real-time inventory and topology for network automation - webinar...Neo4j
 
DNS AND DDNS
DNS AND DDNSDNS AND DDNS
DNS AND DDNSVirendra thakur
 
A10 Capabilities Overview(2015-05-29)
A10 Capabilities Overview(2015-05-29)A10 Capabilities Overview(2015-05-29)
A10 Capabilities Overview(2015-05-29)David Ayoub
 
How to build a powerfull open source soc4
How to build a powerfull open source soc4How to build a powerfull open source soc4
How to build a powerfull open source soc4Jaime Restrepo
 
Content Localization Exercise in Telekom Malaysia by MUSLINA DEVI Nurhemdi
Content Localization Exercise in Telekom Malaysia by MUSLINA DEVI NurhemdiContent Localization Exercise in Telekom Malaysia by MUSLINA DEVI Nurhemdi
Content Localization Exercise in Telekom Malaysia by MUSLINA DEVI NurhemdiMyNOG
 
Microsoft Teams in the Modern Workplace
Microsoft Teams in the Modern WorkplaceMicrosoft Teams in the Modern Workplace
Microsoft Teams in the Modern WorkplaceJoanne Klein
 
Azure Pipelines Multistage YAML - Top 10 Features
Azure Pipelines Multistage YAML - Top 10 FeaturesAzure Pipelines Multistage YAML - Top 10 Features
Azure Pipelines Multistage YAML - Top 10 FeaturesMarc Müller
 
BGP.HE.NET by Walt Wollny
BGP.HE.NET by Walt WollnyBGP.HE.NET by Walt Wollny
BGP.HE.NET by Walt WollnyMyNOG
 
Dagster - DataOps and MLOps for Machine Learning Engineers.pdf
Dagster - DataOps and MLOps for Machine Learning Engineers.pdfDagster - DataOps and MLOps for Machine Learning Engineers.pdf
Dagster - DataOps and MLOps for Machine Learning Engineers.pdfHong Ong
 
The DDS Tutorial - Part I
The DDS Tutorial - Part IThe DDS Tutorial - Part I
The DDS Tutorial - Part IAngelo Corsaro
 
OSI model (Tamil)
OSI model (Tamil)OSI model (Tamil)
OSI model (Tamil)Nifras Ismail
 
DSpace Workshop
DSpace Workshop DSpace Workshop
DSpace Workshop CSUC - Consorci de Serveis Universitaris de Catalunya
 
(BDT318) How Netflix Handles Up To 8 Million Events Per Second
(BDT318) How Netflix Handles Up To 8 Million Events Per Second(BDT318) How Netflix Handles Up To 8 Million Events Per Second
(BDT318) How Netflix Handles Up To 8 Million Events Per SecondAmazon Web Services
 
Confluent Partner Tech Talk with BearingPoint
Confluent Partner Tech Talk with BearingPointConfluent Partner Tech Talk with BearingPoint
Confluent Partner Tech Talk with BearingPointconfluent
 
بیگ دیتا
بیگ دیتابیگ دیتا
بیگ دیتاHamed Azizi
 
Mule SFTP connector
Mule SFTP connectorMule SFTP connector
Mule SFTP connectorAnkush Sharma
 
BKK16-205 RDK-B IoT
BKK16-205 RDK-B IoTBKK16-205 RDK-B IoT
BKK16-205 RDK-B IoTLinaro
 
Packet light short1
Packet light short1Packet light short1
Packet light short1Kurt Rahrig
 
TCP Vs UDP
TCP Vs UDP TCP Vs UDP
TCP Vs UDP Ahmed Elnaggar
 
Talend MDM
Talend MDMTalend MDM
Talend MDMTalend
 
Micro XRCE-DDS: Bringing DDS into microcontrollers
Micro XRCE-DDS: Bringing DDS into microcontrollersMicro XRCE-DDS: Bringing DDS into microcontrollers
Micro XRCE-DDS: Bringing DDS into microcontrollerseProsima
 
Reverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsReverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsThousandEyes
 
Graph Analytics with ArangoDB
Graph Analytics with ArangoDBGraph Analytics with ArangoDB
Graph Analytics with ArangoDBArangoDB Database
 
Enterprise Data Management
Enterprise Data ManagementEnterprise Data Management
Enterprise Data ManagementBhavendra Chavan
 
Observability at Spotify
Observability at SpotifyObservability at Spotify
Observability at SpotifyAleksandr Kuboskin, CFA
 
180926 ihan webinar 2
180926 ihan webinar 2180926 ihan webinar 2
180926 ihan webinar 2Sitra the Finnish Innovation Fund
 
Product Identification Service
Product Identification ServiceProduct Identification Service
Product Identification ServiceSergeyWalsh
 

Mais conteúdo relacionado

Mais procurados

Microsoft Teams in the Modern Workplace
Microsoft Teams in the Modern WorkplaceMicrosoft Teams in the Modern Workplace
Microsoft Teams in the Modern WorkplaceJoanne Klein
 
Azure Pipelines Multistage YAML - Top 10 Features
Azure Pipelines Multistage YAML - Top 10 FeaturesAzure Pipelines Multistage YAML - Top 10 Features
Azure Pipelines Multistage YAML - Top 10 FeaturesMarc Müller
 
BGP.HE.NET by Walt Wollny
BGP.HE.NET by Walt WollnyBGP.HE.NET by Walt Wollny
BGP.HE.NET by Walt WollnyMyNOG
 
Dagster - DataOps and MLOps for Machine Learning Engineers.pdf
Dagster - DataOps and MLOps for Machine Learning Engineers.pdfDagster - DataOps and MLOps for Machine Learning Engineers.pdf
Dagster - DataOps and MLOps for Machine Learning Engineers.pdfHong Ong
 
The DDS Tutorial - Part I
The DDS Tutorial - Part IThe DDS Tutorial - Part I
The DDS Tutorial - Part IAngelo Corsaro
 
(BDT318) How Netflix Handles Up To 8 Million Events Per Second
(BDT318) How Netflix Handles Up To 8 Million Events Per Second(BDT318) How Netflix Handles Up To 8 Million Events Per Second
(BDT318) How Netflix Handles Up To 8 Million Events Per SecondAmazon Web Services
 
Confluent Partner Tech Talk with BearingPoint
Confluent Partner Tech Talk with BearingPointConfluent Partner Tech Talk with BearingPoint
Confluent Partner Tech Talk with BearingPointconfluent
 
BKK16-205 RDK-B IoT
BKK16-205 RDK-B IoTBKK16-205 RDK-B IoT
BKK16-205 RDK-B IoTLinaro
 
Packet light short1
Packet light short1Packet light short1
Packet light short1Kurt Rahrig
 
Talend MDM
Talend MDMTalend MDM
Talend MDMTalend
 
Micro XRCE-DDS: Bringing DDS into microcontrollers
Micro XRCE-DDS: Bringing DDS into microcontrollersMicro XRCE-DDS: Bringing DDS into microcontrollers
Micro XRCE-DDS: Bringing DDS into microcontrollerseProsima
 
Reverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsReverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsThousandEyes
 
Graph Analytics with ArangoDB
Graph Analytics with ArangoDBGraph Analytics with ArangoDB
Graph Analytics with ArangoDBArangoDB Database
 
Enterprise Data Management
Enterprise Data ManagementEnterprise Data Management
Enterprise Data ManagementBhavendra Chavan
 

Mais procurados (20)

Microsoft Teams in the Modern Workplace
Microsoft Teams in the Modern WorkplaceMicrosoft Teams in the Modern Workplace
Microsoft Teams in the Modern Workplace
 
Azure Pipelines Multistage YAML - Top 10 Features
Azure Pipelines Multistage YAML - Top 10 FeaturesAzure Pipelines Multistage YAML - Top 10 Features
Azure Pipelines Multistage YAML - Top 10 Features
 
BGP.HE.NET by Walt Wollny
BGP.HE.NET by Walt WollnyBGP.HE.NET by Walt Wollny
BGP.HE.NET by Walt Wollny
 
Dagster - DataOps and MLOps for Machine Learning Engineers.pdf
Dagster - DataOps and MLOps for Machine Learning Engineers.pdfDagster - DataOps and MLOps for Machine Learning Engineers.pdf
Dagster - DataOps and MLOps for Machine Learning Engineers.pdf
 
The DDS Tutorial - Part I
The DDS Tutorial - Part IThe DDS Tutorial - Part I
The DDS Tutorial - Part I
 
OSI model (Tamil)
OSI model (Tamil)OSI model (Tamil)
OSI model (Tamil)
 
DSpace Workshop
DSpace Workshop DSpace Workshop
DSpace Workshop
 
(BDT318) How Netflix Handles Up To 8 Million Events Per Second
(BDT318) How Netflix Handles Up To 8 Million Events Per Second(BDT318) How Netflix Handles Up To 8 Million Events Per Second
(BDT318) How Netflix Handles Up To 8 Million Events Per Second
 
Confluent Partner Tech Talk with BearingPoint
Confluent Partner Tech Talk with BearingPointConfluent Partner Tech Talk with BearingPoint
Confluent Partner Tech Talk with BearingPoint
 
بیگ دیتا
بیگ دیتابیگ دیتا
بیگ دیتا
 
Mule SFTP connector
Mule SFTP connectorMule SFTP connector
Mule SFTP connector
 
BKK16-205 RDK-B IoT
BKK16-205 RDK-B IoTBKK16-205 RDK-B IoT
BKK16-205 RDK-B IoT
 
Packet light short1
Packet light short1Packet light short1
Packet light short1
 
TCP Vs UDP
TCP Vs UDP TCP Vs UDP
TCP Vs UDP
 
Talend MDM
Talend MDMTalend MDM
Talend MDM
 
Micro XRCE-DDS: Bringing DDS into microcontrollers
Micro XRCE-DDS: Bringing DDS into microcontrollersMicro XRCE-DDS: Bringing DDS into microcontrollers
Micro XRCE-DDS: Bringing DDS into microcontrollers
 
Reverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent TestsReverse Path Visibility with Agent-to-Agent Tests
Reverse Path Visibility with Agent-to-Agent Tests
 
Graph Analytics with ArangoDB
Graph Analytics with ArangoDBGraph Analytics with ArangoDB
Graph Analytics with ArangoDB
 
Enterprise Data Management
Enterprise Data ManagementEnterprise Data Management
Enterprise Data Management
 
Observability at Spotify
Observability at SpotifyObservability at Spotify
Observability at Spotify
 

Semelhante a X-Road as a Platform to Exchange MyData

Product Identification Service
Product Identification ServiceProduct Identification Service
Product Identification ServiceSergeyWalsh
 
Product Identification Service
Product Identification ServiceProduct Identification Service
Product Identification ServiceSergeyWalsh
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Practical Federated Identity
Practical Federated Identity Practical Federated Identity
Practical Federated Identity WSO2
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial ServicesCloudera, Inc.
 
Managing Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldManaging Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldApigee | Google Cloud
 
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...gueste4e93e3
 
IDM in telecom industry
IDM in telecom industryIDM in telecom industry
IDM in telecom industryAjit Dadresa
 
Truzzt whitepaper a4_einzel_20200311
Truzzt whitepaper a4_einzel_20200311Truzzt whitepaper a4_einzel_20200311
Truzzt whitepaper a4_einzel_20200311h-bauer2014
 
Trust Your Supplier - trust your product in the supply chain
Trust Your Supplier - trust your product in the supply chain Trust Your Supplier - trust your product in the supply chain
Trust Your Supplier - trust your product in the supply chain Mohan Venkataraman
 
Resilient Network Systems - Trust Network Overview Slides - July 2014
Resilient Network Systems - Trust Network Overview Slides - July 2014Resilient Network Systems - Trust Network Overview Slides - July 2014
Resilient Network Systems - Trust Network Overview Slides - July 2014Resilient Network Systems
 
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...Amazon Web Services
 
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...CloudIDSummit
 
Iiw east openidentityforopengovfinal
Iiw east openidentityforopengovfinalIiw east openidentityforopengovfinal
Iiw east openidentityforopengovfinalMaryIIW
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementseadeloitte
 
Building Enterprise Solutions with Blockchain and Ledger Technology - SVC202 ...
Building Enterprise Solutions with Blockchain and Ledger Technology - SVC202 ...Building Enterprise Solutions with Blockchain and Ledger Technology - SVC202 ...
Building Enterprise Solutions with Blockchain and Ledger Technology - SVC202 ...Amazon Web Services
 
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...APIsecure_ Official
 

Semelhante a X-Road as a Platform to Exchange MyData (20)

180926 ihan webinar 2
180926 ihan webinar 2180926 ihan webinar 2
180926 ihan webinar 2
 
Product Identification Service
Product Identification ServiceProduct Identification Service
Product Identification Service
 
Product Identification Service
Product Identification ServiceProduct Identification Service
Product Identification Service
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.
 
Practical Federated Identity
Practical Federated Identity Practical Federated Identity
Practical Federated Identity
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial Services
 
Managing Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldManaging Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices World
 
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
The Future of Identity in the Cloud: Requirements, Risks and Opportunities - ...
 
IDM in telecom industry
IDM in telecom industryIDM in telecom industry
IDM in telecom industry
 
Truzzt whitepaper a4_einzel_20200311
Truzzt whitepaper a4_einzel_20200311Truzzt whitepaper a4_einzel_20200311
Truzzt whitepaper a4_einzel_20200311
 
Trust Your Supplier - trust your product in the supply chain
Trust Your Supplier - trust your product in the supply chain Trust Your Supplier - trust your product in the supply chain
Trust Your Supplier - trust your product in the supply chain
 
Resilient Network Systems - Trust Network Overview Slides - July 2014
Resilient Network Systems - Trust Network Overview Slides - July 2014Resilient Network Systems - Trust Network Overview Slides - July 2014
Resilient Network Systems - Trust Network Overview Slides - July 2014
 
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...
Disrupting Traditional Payment Systems Architecture with AWS (FSV320) - AWS r...
 
Final Poster C4 G
Final Poster C4 GFinal Poster C4 G
Final Poster C4 G
 
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
 
Iiw east openidentityforopengovfinal
Iiw east openidentityforopengovfinalIiw east openidentityforopengovfinal
Iiw east openidentityforopengovfinal
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access management
 
Building Enterprise Solutions with Blockchain and Ledger Technology - SVC202 ...
Building Enterprise Solutions with Blockchain and Ledger Technology - SVC202 ...Building Enterprise Solutions with Blockchain and Ledger Technology - SVC202 ...
Building Enterprise Solutions with Blockchain and Ledger Technology - SVC202 ...
 
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
2022 APIsecure_API Abuse - How data breaches now and in the future will use A...
 

Mais de Petteri Kivimäki

2016-09-16-NationalArchitectureForDigitalServices
2016-09-16-NationalArchitectureForDigitalServices2016-09-16-NationalArchitectureForDigitalServices
2016-09-16-NationalArchitectureForDigitalServicesPetteri Kivimäki
 
2016-09-23-KaPA ja avoin lähdekoodi
2016-09-23-KaPA ja avoin lähdekoodi2016-09-23-KaPA ja avoin lähdekoodi
2016-09-23-KaPA ja avoin lähdekoodiPetteri Kivimäki
 
2015-11-20-Avoimet lisenssit ja parhaat käytännöt julkisen hallinnon ICTssä -...
2015-11-20-Avoimet lisenssit ja parhaat käytännöt julkisen hallinnon ICTssä -...2015-11-20-Avoimet lisenssit ja parhaat käytännöt julkisen hallinnon ICTssä -...
2015-11-20-Avoimet lisenssit ja parhaat käytännöt julkisen hallinnon ICTssä -...Petteri Kivimäki
 
X-Road in Finland & REST Gateway
X-Road in Finland & REST GatewayX-Road in Finland & REST Gateway
X-Road in Finland & REST GatewayPetteri Kivimäki
 
2014-12-01-Kansallinen palveluväylä
2014-12-01-Kansallinen palveluväylä2014-12-01-Kansallinen palveluväylä
2014-12-01-Kansallinen palveluväyläPetteri Kivimäki
 
Evaluating Open Source Software - New Library Sytem for Finnish Libraries in ...
Evaluating Open Source Software - New Library Sytem for Finnish Libraries in ...Evaluating Open Source Software - New Library Sytem for Finnish Libraries in ...
Evaluating Open Source Software - New Library Sytem for Finnish Libraries in ...Petteri Kivimäki
 

Mais de Petteri Kivimäki (6)

2016-09-16-NationalArchitectureForDigitalServices
2016-09-16-NationalArchitectureForDigitalServices2016-09-16-NationalArchitectureForDigitalServices
2016-09-16-NationalArchitectureForDigitalServices
 
2016-09-23-KaPA ja avoin lähdekoodi
2016-09-23-KaPA ja avoin lähdekoodi2016-09-23-KaPA ja avoin lähdekoodi
2016-09-23-KaPA ja avoin lähdekoodi
 
2015-11-20-Avoimet lisenssit ja parhaat käytännöt julkisen hallinnon ICTssä -...
2015-11-20-Avoimet lisenssit ja parhaat käytännöt julkisen hallinnon ICTssä -...2015-11-20-Avoimet lisenssit ja parhaat käytännöt julkisen hallinnon ICTssä -...
2015-11-20-Avoimet lisenssit ja parhaat käytännöt julkisen hallinnon ICTssä -...
 
X-Road in Finland & REST Gateway
X-Road in Finland & REST GatewayX-Road in Finland & REST Gateway
X-Road in Finland & REST Gateway
 
2014-12-01-Kansallinen palveluväylä
2014-12-01-Kansallinen palveluväylä2014-12-01-Kansallinen palveluväylä
2014-12-01-Kansallinen palveluväylä
 
Evaluating Open Source Software - New Library Sytem for Finnish Libraries in ...
Evaluating Open Source Software - New Library Sytem for Finnish Libraries in ...Evaluating Open Source Software - New Library Sytem for Finnish Libraries in ...
Evaluating Open Source Software - New Library Sytem for Finnish Libraries in ...
 

Último

20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolinonuriaiuzzolino1
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制pxcywzqs
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Roommeghakumariji156
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxgalaxypingy
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查ydyuyu
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsMonica Sydney
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdfMatthew Sinclair
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.krishnachandrapal52
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样ayvbos
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...kajalverma014
 

Último (20)

20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Power point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria IuzzolinoPower point inglese - educazione civica di Nuria Iuzzolino
Power point inglese - educazione civica di Nuria Iuzzolino
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
PowerDirector Explination Process...pptx
PowerDirector Explination Process...pptxPowerDirector Explination Process...pptx
PowerDirector Explination Process...pptx
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 

X-Road as a Platform to Exchange MyData

  • 1. X-Road as a Platform to Exchange MyData PETTERI KIVIMÄKI, CTO 29TH AUGUST 2018
  • 2. Table of Contents u MyData Roles u How Does X-Road Work? u X-Road as a Technical Platform for MyData u MyData via X-Road u What X-Road Does and Does Not Provide
  • 3. MyData Roles Digital Identity MyData Operator Data Consent Consent Individual Consent • Individual – a person who authorizes data flows with consent. • MyData Operator – provides a MyData accounts that enable digital consent management. • Data Source – provides data about individuals. • Data Using Service – uses the data provided by data sources. Data Source Data Using Service Access Logs
  • 4. How Does X-Road Work? Security Server Security Server Service Consumer Service Provider Signature and time-stamping of messages, logging Verify incoming messages, time-spamping, logging, access rights Central Services Registry of trusted parties (organizations, servers) Trust Services Validity of certificates (auth, sign) Time-stamping of messages X-Road Core Trust Services
  • 5. X-Road as a Technical Platform for MyData Digital Identity MyData Operator Access Logs Consent Consent Individual Access Logs X-Road Security Server Data • Both consent and data are transferred via X-Road. • X-Road logs all the requests and the logs are used for providing a centralized view to access logs where the individual can see who has accessed his or her data. • X-Road provides • Organization level authentication • Machine to machine authentication • Standardized messaging model • Non-repudiation of messages • Access rights management • Address management and message routing • Transportation level encryption. Data Source Data Using Service
  • 6. MyData via X-Road Security Server Security Server Data Source 3. Check access rights (global group) MyData Operator 1. Check consent (*) 4. Return response 2. Send request Access logs (*) Data Using Service 3.1 Check consent (*) (optional) Access logs (*) * Checking consents and transfering access logs is done via X-Road. All the registered data using services have access to all the registered data sources. Consents are used for managing authorizations to access the data of individuals.
  • 7. MyData via X-Road u Consents are managed by the MyData Operator. u Every data source and data using service must implement the required MyData APIs and enable their services to be connected with MyData accounts. u X-Road client/service identifier must be stored by the MyData Operator. u Access rights to data sources are managed using X-Road global groups that are centrally managed by the X-Road operator. u Registered data using services are added as members of the global group by the X-Road operator. u Data sources grant the MyData global group access to their MyData services – all the members of the group then have access to the services.
  • 8. MyData via X-Road u All the registered data using services have access to all the registered data sources. Consents are used for managing authorizations to access the data of individuals. u Data using service is responsible for checking the consent before sending a request. u No consent is found => no request is sent. u Consent is found => request is sent and the ID of the consent is included in the request (with other required parameters, e.g. user ID). u Data source trusts the data using service and does not re-check the validity of the consent. u Alternatively, data source may re-check the validity of the consent. Increases trust – and overhead.
  • 9. MyData via X-Road u All the requests and responses are logged by X-Road. u Information related to MyData requests/responses (consent ID, data using service, data source, user ID identifying the individual, date/time etc.) is made accessible to the MyData Operator. u Individuals can view who has accessed their information through their MyData account. u Unauthorized use of individuals’ data can be automatically detected by analyzing the logs and is subject to penalties, e.g. exclusion from the service etc.
  • 10. MyData via X-Road MyData Operator Data SourceData Using Service Central Server • Register data using service (subsystem): FI.COM.12345-6.Client • Add subsystem to MyData Clients global group • Publish data source: FI.COM.65432-1.Service.getData.v1 • Register data using service: FI.COM.12345-6.Client • Register data source: FI.COM.65432-1.Service.getData.v1 Certification Authority (CA) Security Server Security Server• Get auth and sign certificates. • Check validity. FI.COM.12345-6.Client FI.COM.65432-1.Service.getData.v1 MyData Clients (global group): FI.COM.12345-6.Client FI.GOV.XXXX.XXX FI.COM.XXXX.XXX . . Grant MyData Clients access to: FI.COM.65432-1.Service.getData.v1
  • 11. MyData Account and Consents ID Individual Data Using Service Data Source User ID Validity Label Consent ID – random string Social security number X-Road client identifier of the data using service X-Road service identifier of the data source The ID identifying the individual in the data source, e.g. social security number, Facebook ID, Google ID etc. The period when the consent is valid. Example 619KOZDLS2 121275-123A FI.COM.12345-6.Client FI.COM.65432-1.Service.getData.v1 121275-123A 1.3.2018-31.12.2018 u Individuals manage consents through a MyData account. u X-Road identifiers are used for identifyind the data using service and data source (not visible to the user). u If social media user ID is used, the social media account must be confirmed and linked to the MyData account. In addition, the data source must define the ID that’s used for identifying the user. By default social security number is used.
  • 12. X-Road Provides u Organization level authentication u Machine to machine authentication u Standardized messaging model u Non-repudiation of messages u Logging of messages u Access rights management u Address management and message routing u Transportation level encryption.
  • 13. X-Road Does Not Provide u Semantic interoperability u Common business data models u Standardized business APIs u Implementation of the MyData Operator u Consent verification.