X-Road Myth Busting – Part 1

Earlier this year I wrote a blog post about X-Road and blockchain which aim was to prove that there’s no blockchain in X-Road. The reason for writing the blog post was that many different sources were claiming X-Road to be a blockchain based technology – which is not true. The case around X-Road and blockchain should be closed now so it’s a good moment to bust some other myths and misunderstandings regarding X-Road.

X-Road origins

The X-Road was originally developed by the Estonian State Information Systems Department (at the Ministry of Economy and Communications) and the first version was launched in 2001. Many individuals from multiple organization were involved in the original implementation project. The creation of X-Road was a joint effort and multiple persons and organizations have contributed to it over the years. Therefore, calling a single person or an organization as the creator of X-Road would be an understatement for all the other contributors and participants. X-Road being created by a single individual or a single organization is clearly a myth.

Since the first version of X-Road the implementation technologies and software versions have changed as the years have gone by. X-Road is not based on any other data exchange solution or software – the current version 6 is based on Java 8, Ruby, Akka and several other technologies. X-Road is released under the MIT licence and is available free of charge for any individual or organization. The MIT licence is a permissive free software licence that puts only very limited restriction on reuse – also reuse in closed commercial products is permitted. However, X-Road is a registered trademark of the Estonian Information System Authority (RIA) and the trademark can only be used under a licence granted by RIA. Therefore, any derivative works and services based on X-Road software cannot use the name X-Road without a proper licence granted by RIA.

There are commercial data exchange layer products that are based on X-Road and provide X-Road compatible protocols. Some of these products are claiming to be the core technology of X-Road even if their first versions have been released after the first version of X-Road saw daylight. Based on this, X-Road using another data exchange solution or software as its core technology is a myth.

Distributed ledgers and databases

Some sources have claimed X-Road to be a distributed ledger or a distributed database. The key idea behind both technologies is that they are used for storing data in a distributed way – the data is shared across multiple nodes and all the nodes have their own identical copy of the data. All the changes in the data are replicated to all the nodes in the network. Technical implementation details and data replication mechanisms vary between distributed ledgers and distributed databases, so they should not be understood as synonyms. Underlying distributed ledger is blockchain, whereas distributed databases are based on different kind of database management systems.

X-Road is a centrally managed distributed data exchange layer between information systems. Identities of message exchange parties are maintained centrally, but all the data is exchanged directly between a consumer and provider. Central Server contains a registry of X-Road members and their Security Servers. Central Server can be clustered and in that case the contents of the registry are replicated across all the Central Server nodes using database replication techniques. The registry is based on a relational database and there’s no blockchain in its implementation.

The key idea of X-Road is to support decentralized data management. It means that each service provider owns its data and instead of maintaining multiple copies of the data across different information systems the data should be requested from the owning data source directly. The data is always transferred between a service consumer and service provider, and it is not stored centrally or replicated between Security Servers.

The common factor between distributed ledgers, distributed databases and X-Road is distributed architecture. Despite the same architectural model and some shared design goals like high availability and security, distributed architecture is used for implementing very different features and functionalities. Distributed ledgers and distributed databases are used for storing data and they replicate it across multiple nodes, whereas X-Road itself does not store data – it provides a secure data exchange channel between the owner of the data and multiple consumers. X-Road uses distributed database technologies within its clustered components for high availability, but the replication covers configuration data only. For these reasons, X-Road being a distributed ledger or a distributed database is a myth too.

End-user authentication

As already described before, X-Road is a data exchange layer between information systems. Among other things, X-Road provides organization level and machine level authentication that is based on Public Key Infrastructure (PKI). The identity of each organization and Security Server is verified using certificates that are issued by a trusted Certification Authority (CA) when an organization joins an X-Road ecosystem.

In case X-Road is used as a data exchange layer in a process that involves end-users and require their authentication, service consumer and service provider are responsible for the authentication of the end-user. Usually, the service consumer must authenticate the user before sending a request via X-Road and then it’s up to the service provider to decide whether it requires some evidence regarding the authentication to be sent as a part of the service request, e.g. authentication token, session context etc. From X-Road’s point of view end-user authentication is completely transparent and in case some data regarding the authentication is sent within the messages X-Road does not verify or validate it in any way.

As also in the previous cases, X-Road implementing end-user authentication is a myth.

There is more?

In this blog post I have covered some most common myths and misunderstandings that we at NIIS face on a regular basis. There are probably more of them and new ones are also born now and then. Therefore, this post is titled as X-Road Myth Busting – Part 1. The series of X-Road myth busting will probably continue in the future.