The source code for the X-Road Center was published as FOSS*
To indicate the continuing commitment in the X-Road Co-Development Agreement that Estonia and Finland signed 2014, the source code of the X-Road Central solution was published under MIT license.
The overwhelming amount of data usage within the Estonian Government Sector is happening via X-Road. One of the best ways to raise trust towards such a sensitive IT solution is to publish the principles of its operation, including the source code. Publishing the source code is a wide-spread trust-gaining measure in Estonia. Formerly, the source codes for national ID card software and e-voting software have been published.
Opening the source code will enable third parties to verify whether or not the system does precisely what has been pledged and that no backdoors or unpublished functionalities are present in the solution. It is especially important to open and publish the software in cases that have international interest involved.
Within the X-Road project, the source code has been previously opened for the so called "security server" (appliance) that an institution has to install to interface itself to the X-Road. The security server takes requests from the data access network and forwards these to the local data serving information system. The security server is enforcing the access lists and documenting the access facts with non-repudiation quality.
Regarding the Finnish-Estonian cooperation, the next step was made now – the source code for the Central system of an X-Road instance was published. As X-Road is a distributed system, the requests and answers to these are not passing the Center. The tasks for the Central solution are: assessing the users (i.e. institutions and private companies), productivity monitoring and "phone book" dissemination. By opening the X-Road Central source code we are sending the world a clear signal – the IT pillars supporting e-governance in our countries are really that secure as we claim.
The further development of the X-Road Central solution will be carried out in accordance with the principles of Open Development, and GitHub environment shall be used for the collaboration.
Opening the source code will have several consequences. First, contributors are now enabled to investigate and improve the source code online. Then, the open model of development will likely raise public interest towards X-Road, as an original solution to the problems every Nation State will inevitably meet on its way to a modern e-society.
X-Road is not a database. X-Road is a secure data access layer and an access network enabling data requests against databases of a distributed nature. "Distributed" means such a founding principle of the e-governance where:
- for every database, a dedicated responsible institution exist;
- there are no superdatabases or super institutions;
- requests to the databases are made in real time, and over public Internet (the actual security is hardened for the purpose).
X-Road style novel approach will ensure better security (integrity, confidentiality), it has the potential to avoid big data leakages as well as it enables the citizen to have control over of his/her personal data handed over to the Government.
Joining Estonian and Finnish X-roads into a Federation
So far has X-Road mostly served the interests of the Government and Public sectors. In the future, much more private companies could benefit from the X-Road. Extra care has already been taken while defining the user access limitations and creating a powerful access control layer. This way, there is no additional risk of misuse involved letting the private sector to use X-Road, because the data only becomes available for the particular party that the database owner has explicitly authorized. In Estonia, there are numerous brilliant examples of the public-private partnership on the X-Road, including Health sector (e-prescription, social insurance status check) and Education (checking Student status before issuing a student loan).
Estonia implemented X-Road on 2001-12-17 and since then, it has become the data backbone of our country. Finland implemented a X-Road based solution on 2015-11-18. X-road is called X-tee in Estonian language and Palveluväilä in Finnish.
September 30-th, 2016, Estonian Information System Authority and Finnish Population Register Centre signed an Agreement according to which, first time on the globe, will two countries federate their national data access solutions. Within the Q1 2017, it becomes possible for Government institutions to mutually produce data requests against the databases of another country. That kind of federation implies a very high level of trust between the parties, as well as regarding the IT solution.
It is important to understand - X-Road itself is not a database but only a means to access the databases. That fact will exclude the naïve question whether Estonian data directories and databases will be copied over to Finland and vice versa. They will not.
Still, federating national X-Roads will enable unified cross-border data queries. E.g. when an Estonian visiting Finland earns a speed ticket, it becomes possible for Finnish officials to produce an automated query against Estonian Databases to get information about the persona and vehicle.
Usage principles for the joint X-Road remain similar to these of the Estonian X-Road. Every query made via the X-Road will generate a cryptographically strong evidential proof: this way, it is always possible to revise when and whether a request was made, and who did it on what circumstances. That property of X-Road excludes the misusage of the databases.
* FOSS – free and open source software