1.3. Security of X-Road

An X-Road member need not develop themselves the solutions needed for ensuring the reliability and authenticity of data. On X-Road, security of a data exchange process is ensured by distributed architecture, security servers and the use of standard technologies. A member must ensure that nothing happens to the message between the security server and information system (e.g. by using TLS).

Figure 7 provides an overview of a security solution of X-Road. X-Road Center handles the registration of members and a member must verify their authenticity to X-Road Center (on the figure: registration of members). Only registered members to whom the authority providing data has granted the relevant right can request data on X-Road.

Figure 7 Security solution of X-Road

On X-Road, confidentiality is guaranteed with the condition that encrypted data are exchanged directly between members and do not pass through any third parties. As the parties exchange data directly, availability of data exchange is practically independent of X-Road and its central components. Integrity of data is ensured by digital stamping of all messages (e-stamp) and timestamping. For affiliation of membership, it is necessary to obtain an e-stamp certificate and certificate validation service from the external providers of trust services (on the figure: certification service provider) as well as a timestamp service (on the figure: timestamp service provider). Security servers of members report in response to the request of the central monitoring component about the use of metainformation dataservices to central monitoring, which enables X-Road Center to verify that the established rules are followed on X-Road, and to collect statistical data about the ecosystem of X-Road.

Last modified: Tuesday, 16 May 2017, 10:20 AM