Content Assessment: The Root of Trust? Rebooting Trust Management in X-Road
Information - 95%
Insight - 96%
Relevance - 93%
Objectivity - 92%
Authority - 94%
A short percentage-based assessment of the qualitative benefit of the article highlighting the importance of trust in business and security as shared through the lens of X-Road technology in this paper from the Nordic Institute for Interoperability Solutions (NIIS).
Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from cyber, data, and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.
To submit recommendations for consideration and inclusion in ComplexDiscovery’s cyber, data, and legal discovery-centric service, product, or research announcements, contact us today.
Background Note: The public report “Rebooting Trust Management in X-Road” addresses the centralization of trust and identity management in X-Road, a widely-used open-source software and ecosystem solution for secure data exchange between organizations. X-Road serves as the backbone for digital government infrastructures in Estonia, Iceland, and Finland, and has also played a role in the digital government revolutions of other countries. This report is relevant for cybersecurity, information governance, and legal discovery professionals who are working with enterprise information systems and technologies.
Public Report – Nordic Institute for Interoperability Solutions*
Rebooting Trust Management in X-Road
By Mariia Bakhtina, Prof. Dr. Raimundas Matuleviciuus, Prof. Dr. Ahmed Awad, and Petteri Kivimaki
Trust is the basic concept around which business and information security is formed. Like most systems, currently, X-Road uses a centralized root of trust to manage identities. The report presents the results of the research on migrating X-Road towards self-sovereign identity (SSI) management.
The report compares the centralized and decentralized identity management approaches to illustrate how systems should be changed to enable SSI. Additionally, the report discusses how the shift to the decentralized public key infrastructure can contribute to the X-Road trust model and member management.
Enabled by rapid digitization, organizations strive to benefit from collaborative work to get a competitive advantage by delivering unique products for end customers. Businesses create supply chains to deliver products and services. Governmental agencies collaborate to provide services that help the nation’s well-being. What unites them is a business need for communication with external entities to deliver the expected value. Organizations need to know with which entities they exchange information, and to be sure that the communicating party is the one it claims to be. In turn, communication between organizations per se and their information systems (ISs) requires trust.
Trust is one of the basic concepts around which businesses and security are formed. A root of trust (RoT) is an axiomatically accepted point to be trusted. The most commonly used centralized RoT assumes that there is a third-party centralized authority the organizations choose to trust. Such authority is the key enabler and assurance of the security of the organizations’ ISs. The authority claims which entities can be trusted, and organizations rely on the accreditation and quality of the authority’s staff. The security of ISs heavily depends on the cryptography that is built over the root of trust. As a result, organizations that use ISs based on the centralized RoT are prone to a single point of failure.
Recent works have focused on developing the alternative to the centralized RoT – the self-sovereign identity (SSI) ecosystem. Self-sovereign identities are managed in a decentralized manner without relying on a single provider for storing and managing the identity’s data. The algorithmic root of trust is decentralized and founded on the trust in the cryptographic mechanisms and the algorithms’ correctness in the information system.
X-Road© is open-source software and ecosystem solution that provides unified and secure data exchange between organizations. In essence, X-Road is a data exchange layer between information systems that enables organizations to communicate securely. X-Road serves as the backbone of the Estonian, Icelandic, and Finnish digital government infrastructures. Moreover, it has been facilitating the digital government revolution in several other countries worldwide. Currently, X-Road relies on a centralized root of trust and identity management. Our goal is to propose a decentralized approach for identity management in X-Road by embracing the SSI principles. The report presents the enterprise modelling results from the perspectives of functions, processes, resources, and trust. The lessons learnt are threefold. First, we have observed how embracing SSI through decentralized IdM could affect the trustworthiness of the secure data exchange system. Second, we have defined which enterprise system components and processes should be changed to enable automated identity management. Lastly, the results show how conceptual modeling supports the current state analysis and the transformation to be made in X-Road on the path toward SSI.
NIIS - Rebooting Trust Management in X-Road
- Shared with permission (Creative Commons CC BY-SA 4.0)
Article Citation: Bakhtina, M., Matulevicius, R., Awad, A., & Kivimaki, P. (2022). (rep.). Rebooting Trust Management in X-Road. Nordic Institute for Interoperability Solutions (NIIS). Retrieved December 31, 2022, from https://static1.squarespace.com/static/59ba41ee64b05fd6531f498d/t/63995ef38a2c171209e0a703/1670995705500/Rebooting_Trust_Management_in_X-Road.FINAL.pdf.
- Considering Cross-Border Data Exchange? The European Interoperability Landscape Report from NIIS
- From X-Road to LEX Road? Confidentiality, Integrity, and Interoperability with the X-Road Open Source Data Exchange Layer
Have a Request?
If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.
ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.
ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.