What level of investment is needed to be able to implement X-Road?
Thanks to its distributed architecture, X-Road is highly scalable and is, therefore, a good fit for all sizes of implementations. It also enables different approaches when it comes to the speed and scale of the implementation – starting small with few member organisations and services, or going live with a big bang with a bunch of members and connected systems.
From technical perspective, implementing X-Road requires setting up the central components of X-Road and trust services. These components are always needed regardless of the number of the X-Road member organisations. Infrastructure and technical maintenance costs of these components are fixed, and they do not change based on the number of the X-Road member organisations. The number of servers we’re talking about is typically between 2 and 10. Also, implementing a new certificate profile and/or a country-specific meta package may be required.
Each X-Road member organisation must implement one or more X-Road Security Server and integrate its information systems to X-Road. The amount of effort required to integrate an information system to X-Road depends on the role of the information system (consumer / provider) and the technology that the information system is using (SOAP / REST). X-Road member organisations are responsible for covering their own implementation costs. However, the adoption of X-Road may be accelerated by providing public funding to cover the implementation costs of the member organisations.
In addition to the technical efforts, there are several other things that must be considered for the implementation, for example:
define usage policies and rules for the ecosystem
define management processes for the ecosystem
define onboarding process of new X-Road members
who is the X-Road operator?
who is the Certification Authority?
who is the Time-stamping Authority?