2025-01-22

1

Summary of development activities

Summary of ongoing development activities.

2

X-Road 8 status update

Changes to the Security Server add-ons

Separate add-on packages will be removed and all add-ons are packaged with the Security Server core. Add-ons are enabled/disabled using system properties and it will be possible to see a list of available add-ons and their statuses (enabled/disabled) on the Security Server UI. In this way, add-ons can be implemented using the same approach regardless of the Security Server deployment platform (native / container).

Security Server resource utilisation optimisation

Currently, all modules use Spring Boot in X-Road 8 which increases the resource consumption of different modules and the overall resource consumption of the Central Server and Security Server. We're looking into alternatives to reduce the resource utilisation by reviewing the current dependencies and configuration, and trying to replace Spring Boot with the Quarkus framework. Initial results with the Security Server's log archiver module look promising and therefore, we're trying Quarkus with the Security Server's proxy module too. However, when comparing Spring Boot and Quarkus, we also have to consider other things besides resource consumption. For example, the overall performance, availability of extensions / components and ease of maintenance / development.

Trust framework

Currently, the EDC uses the Decentralised Claims Protocol (DCP) as the trust protocol - the protocol to issue and share verified credentials. The DCP is one of the Eclipse's data space standardisation initiatives and it should become an official ISO standard. However, the protocol is currently used only by a few data space initiatives (e.g., Catena-X) while several data space initiatives are looking into the OpenID for Verified Credentials (OID4VC) protocol.

One major difference between the DCP and the OID4VC is that the OID4VC supports EUDI wallets while the DCP doesn't. Currently, X-Road 8 is using the DCP protocol since the EDC supports it. Nevertheless, NIIS is currently actively following the discussion around the two protocols and the option of switching to the OID4VC protocol is also on the table. For X-Road 8 it's important to be aligned with the majority of the data space initiatives since support for the same trust protocol is required for cross-data space interoperability.

3

X-Road 7 development roadmap for 2025

Version 7.7.0

Summary of changes included in version 7.7.0:

• Support for removing HSM tokens using the Security Server UI and REST management API.

• Streamline customising the Security Server configuration during the installation.

• Support for defining a full name for subsystems.

• Support for automatically activating authentication and sign certificate on the Security Server when they have been automatically renewed using ACME.

• Support for disabling all subsystems of a Security Server together and putting a Security Server in a maintenance mode.

• Support for automatically adjusting the memory allocation of the proxy component during Security Server initialization.

• Visualize subsystem and service usage metrics in the Security Server UI.

• Minor enhancements and bug fixes based on user feedback.

Version 7.8.0

Summary of changes included in version 7.8.0:

• Support for synchronising service access permissions between non-clustered Security Servers.

• Support for selecting between free and paid OCSP and timestamping services on the Security Server.

• Support for automatically picking up the supported Certificate Signing Request (CSR) format (pem / der) for the selected CA when generating a CSR for authentication or sign certificate on the Security Server.

• Support for sending e-mail notifications about technical issues on the Security Server.

• Support for versioning the Central Server and Security Server backup files to prevent restoring an incompatible backup file.

• Make the Security Server health check interface more reliable.

• Minor enhancements and bug fixes based on user feedback.

4

Open topics

Discussion on open topics.

Next meetings

• Meeting 31, February 19 2025, 15:00-16:00 (EET, UTC +2)

• Meeting 32, March 17 2025, 15:00-16:00 (EET, UTC +2)