1.8. Main differences between X-Road versions 5 and 6
Table 2 Short overview of main differences between X-Road versions 5 and 6
|
v5 |
v6 |
||
|
Message exchange |
Digital stamp added to message in security server (e-stamp) conforms to the Electronic Identification and Trust Services for Electronic Transactions Act |
No |
Yes |
|
Generation and preservation of evidential value |
In cooperation between security server and central server |
Security server ensures evidential value |
|
|
Message log |
Text file |
Database and ASiC-E containers in file system |
|
|
Mssage protocol |
Supported X-Road message protocol versions 2.0, 3.0, 3.1 |
Supported X-Road message protocol version 4.0 |
|
|
Digitas stamp/E-stamp verification capability |
In central server |
Through a verifier component installed with the security server. The .jar file located at the address https://www.x-tee.ee/packages/asicverifier-1.0.jar can also be used without a security server. |
|
|
Description of SOAP profile |
Message header |
Changes related to hierarchical identifier: identifier of subsystem (security server client) and service identifier |
|
|
Message body |
There are no obligatory additional requirements in the content of messages. Version 6.0 has no obligation to use ‘request’ and ‘response’ elements or to duplicate request message in a response message. Namespace of messages is not fixed. |
||
|
Rights and certificates |
Membership |
Differentiation of users and providers of service |
Members are organisations which affiliate just once. Member identifier is hierarchical and includes token of X-Road instance, information about member class (private, public) and registry code of authority. E.g. ‘EE:GOV:xxxxxxxx’. |
|
Service rights/access rights |
Database (e.g. ‘xkogu’) grants access rights to authorities |
Access rights are administered on the level of subsystem. Each subsystem is bound to X-Road member. E.g. 'EE:GOV:xxxxxxxx:xkogu', for use as well as provision of service |
|
|
Subsystem |
Subsystem uses signature certificate of sub-authority |
Subsystem uses an e-stamp certificate of X-Road members |
|
|
Security server identifier |
In X-Road Version 6.0, security servers have a unique identifier independent of the address and certificate of the security server (hierarchical), including the identifier of the owner of security server and security server code. Each security server must have at least one valid authentication certificate, registered in the central server and used for creating secure data exchange channel between security servers. |
||
|
Certificates issued by |
RIA |
Qualified trust service provider |
|
|
Trust services |
Consumption of trust services |
Security server does not perform OCSP and timestamp requests |
Security server performs OCSP and timestamp requests at least with frequency specified in security policy |
|
Asynchronous services |
Supported |
Not supported |
|
|
Other functionality |
Encoding service |
Supported |
Not supported |
|
International universality |
Not supported |
Supported |
|
|
Support of several interfacing components |
Not supported |
Supported |
|