2025-03-17

1

Summary of development activities

Summary of ongoing development activities.

2

X-Road 8 status update

• All the changes to the X-Road architecture have been migrated from the edc-poc branch to the develop-8.x branch.

• Nevertheless, the develop-8.x doesn't include changes related to the data spaces yet, e.g., support for the Decentralised Claims Protocol (DCP) and Data Space Protocol (DSP), define access rights using ODRL, publish service meta data using DCAT, etc.

• Data space related changes will be migrated to the develop-8.x branch once architecture and container support related changes have been completed.

• Aslo, additional architecture planning regarding integrating the EDC into X-Road is required in order to support the current Security Server multi tenancy model (=one Security Server can be shared by multiple member organisations).

  • IdentityHub

    • Currently, there's 1:1 mapping between IdentityHub and Security Server - each Security Server has its own IdentityHub instance and sharing an IdentityHub instance between multiple Security Servers and multiple member organisations is not supported.

    • The goal is that one IdentityHub instance can be shared by multiple Security Servers and it can host multiple member organisations.

  • Connector

    • Currently, the EDC connector can only be tied to one member organisation and multiple members cannot share the same connector instance.

    • This means that hosting multiple members on the same Security Server requires running one connector instance per member. This is a significant scalability issue on Security Servers hosting tens of members.

    • The goal is to have one connector instance per Security Server that’s shared by all the member and clients sharing the Security Server.

      • For example, there's already only one xroad-proxy instance per Security Server that's shared by all the members and clients.

3

X-Road and X-Road Metrics hotfixes

In X-Road version 7.6.0, support for including the restPath variable in operational monitoring (opmon) data was introduced. While this feature anonymized REST paths based on OpenAPI definitions, it posed a risk of leaking information when:

• A REST service was not defined by an OpenAPI definition.

• An undocumented path was used.

To mitigate this risk, we decided to take the following action:

1. Temporary Disablement

   • A hotfix for X-Road Metrics was released to temporarily disable restPath inclusion in operational monitoring data.

2. Upcoming X-Road Hotfix

   • A second hotfix will be released for X-Road with the following changes:

     • Filtering Support: The X-Road version will be included in opmon data to allow version-based filtering.

     • Controlled Path Inclusion: The restPath will be included only if:

       • It is explicitly defined in an OpenAPI definition.

       • It belongs to a non-OpenAPI service and is listed in the endpoints list.

       • In both cases, the path will be anonymized according to the definition.

     • Consumer-Side Restriction: The restPath will never be included in opmon data on the consumer side, as it lacks knowledge of paths and endpoints.

3. Metrics Update for Safe Handling

   • A new X-Road Metrics version will be released that will determine if restPath can be safely included by checking the X-Road version.

4

Open topics

Discussion on open topics.

Next meetings

• Meeting 33, April 15 2025, 15:00-16:00 (EEST, UTC+3)

• Meeting 34, May 15 2025, 15:00-16:00 (EEST, UTC+3)

• Meeting 35, June 18 2025, 15:00-16:00 (EEST, UTC+3)

• Meeting 36, August 20 2025, 15:00-16:00 (EEST, UTC+3)

• Meeting 37, September 17 2025, 15:00-16:00 (EEST, UTC+3)

• Meeting 38, October 22 2025, 15:00-16:00 (EEST, UTC+3)

• Meeting 39, November 19 2025, 15:00-16:00 (EET, UTC+2)

• Meeting 40, December 17 2025, 15:00-16:00 (EET, UTC+2)

• Meeting 41, January 21 2026, 15:00-16:00 (EET, UTC+2)

• Meeting 42, February 18 2026, 15:00-16:00 (EET, UTC+2)

• Meeting 43, March 18 2026, 15:00-16:00 (EET, UTC+2)