| | |
|---|
1 | Summary of development activities | Summary of ongoing development activities. |
2 | X-Road 8 status update | Latest news on X-Road 8 development. Message logging Making the message log implementation eIDAS compliant requires disabling batch signatures. According to initial performance tests: Non-batch signatures are about 10% slower than batch signatures (with soft token) when using X-Road’s own implementation. If the Digital Signature Service (DSS) library by the European Commission is used for signing, non-batch signatures are about 30% slower than batch signatures. Also several other factors (e.g., the data space protocol, changes to trust framework, making the architecture cloud native) will impact on the X-Road 8 performance which is why more effort will be put on the overall performance later.
To minimise the impact on the performance, we have decided to use the DSS library for signature verification only and use X-Road's own implementation for signing. Verifying a non-batch signature afterwards requires that all the message parts are included in the message log database and ASiC container. X-Road 7 can continue to use batch-signatures, but being interoperable with X-Road 8 requires supporting non-batch signatures that can be achieved by implementing two changes: The changes in X-Road 7 do not: Affect the Security Server performance between two X-Road 7 Security Servers. Make X-Road 7 ASiC containers eIDAS compliant. Limit the available logging configuration options (full logging / metadata logging / no logging).
X-Road 8 is backwards compatible with X-Road 7 starting from the version that includes the changes. For example, if the changes are included in version 7.6.0, X-Road 8 is backwards compatible with X-Road 7 starting from version 7.6.0. Instead, older versions are not backwards compatible with X-Road 8.
Making the message log implementation eIDAS compliant in X-Road 8 does not affect the available logging configuration options (full logging / metadata logging / no logging). X-Road 8 will continue to support the same logging configuration options already supported by X-Road 7. Message log records produced by X-Road 8 are eIDAS compliant only when full logging is enabled and both message exchange parties use X-Road 8 Security Server.
Instead, based on the current understanding, batch timestamping can still be used in X-Road 8.
Changes to the X-Road architecture Initial plan (that is subject to change) of the X-Road 8 Security Server architecture has been created. One goal is to improve X-Road’s cloud compatibility and make using X-Road easier in the cloud. For example, support scaling the Security Server on a component level (e.g., signer, proxy), enable the use of services provided by cloud platforms (e.g., secret storage).
The current deployment options (Ubuntu + RHEL) will be supported too - users are not forced to use cloud and/or containers. Some changes may be introduced already in X-Road 7 and they don’t affect existing users.
The X-Road JIRA has a detailed list of ongoing tasks. |
3 | Open topics | |
| Next meetings | Meeting 26, September 18 2024, 15:00-16:00 (EEST, UTC +3) Meeting 27, October 23 2024, 15:00-16:00 (EEST, UTC +3) Meeting 28, November 20 2024, 15:00-16:00 (EET, UTC +2) Meeting 29, December 18 2024, 15:00-16:00 (EET, UTC +2) Meeting 30, January 22 2025, 15:00-16:00 (EET, UTC +2) Meeting 31, February 19 2025, 15:00-16:00 (EET, UTC +2) Meeting 32, March 19 2025, 15:00-16:00 (EET, UTC +2)
|