Versions Compared

Old Version 2

changes.mady.by.user Petteri Kivimäki

Saved on

compared with

New Version Current

changes.mady.by.user Petteri Kivimäki

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Petteri Kivimäki (NIIS)

  • Raido Kaju (NIIS)

  • Aivar Meisterson

  • Balamurali Pandranki

  • Juhani Nuorteva

  • Kevin Jiménez

  • Teemu Theqvist

  • Tõnis Pihlakas

Discussion items

#

Item

Notes

1

Summary of development activities

Summary of ongoing development activities.

2

X-Road 8 status update

  • In September, the X-Road Technical Committee decided that X-Road 8 will support both batch and non-batch signatures.

    • Using batch signatures might be required because of performance reasons, e.g., USB HSM devices with poor performance.

    • When non-batch signatures are used by both message exchange parties, the generated message log records are eIDAS compliant.

    • If at least one message exchange party uses batch signatures, the generated message log records are not eIDAS compliant.

    • Backwards compatibility requires adding partial support for non-batch signatures in X-Road 7.

    • The support will be added in version 7.6.0 and it doesn't affect the performance of X-Road 7.

      • Thanks to the changes, X-Road 8 will be backwards compatible with X-Road 7 starting from version 7.6.0.

  • Make the Security Server architecture more modular.

    • Make different Security Server modules more loosely coupled so that they can be deployed and scaled independently.

    • Support for running different Security Server modules (e.g., proxy, signer, confclient) in separate Docker containers.

    • Some minor improvements are included already in X-Road 7.6.0, but most of the changes are included in X-Road 8.0.0.

  • Provide better support for cloud platforms.

    • For example, enable the use of external configuration management services instead of storing configuration files locally on the Security Server.

    • Migrate configuration from ini files to yaml files.

    • The current native deployment options (Ubuntu + RHEL) will be supported too - users are not forced to use cloud and/or containers.

3

Open topics

  • X-Road Community Event 2024 presentations are available on YouTube.

  • The Security Server security assessment is currently ongoing. The assessment is conducted by a third-party and it covers architecture review, threat modeling and penetration testing.

  • On the X-Road Community Slack it’s possible to provide feedback on what additional information should be shown about the information system certificate under the “Internal Servers” view of a subsystem on the Security Server. Please post your feedback to this thread on the X-Road Community Slack.


Next meetings

  • Meeting 28, November 20 2024, 15:00-16:00 (EET, UTC +2)

  • Meeting 29, December 18 2024, 15:00-16:00 (EET, UTC +2)

  • Meeting 30, January 22 2025, 15:00-16:00 (EET, UTC +2)

  • Meeting 31, February 19 2025, 15:00-16:00 (EET, UTC +2)

  • Meeting 32, March 19 2025, 15:00-16:00 (EET, UTC +2)