Like any other application, X-Road is producing logs that contain information about how different components of the application are operating. Application logs can be used for multiple purposes, e.g. monitoring, debugging error conditions, verifying transactions etc. In general, application logs can be divided in three different groups: technical logs, business logs and audit logs. X-Road produces logs in all the three categories.

Technical logs

X-Road consists of three main components: Central Server, Configuration Proxy and Security Server. Each of these components is internally divided into several lower level components or modules – some of which are shared between the main components. For example, Security Server’s main components are proxy, signer and confclient. Proxy is a Security Server specific component whereas signer is used by all the main components. When it comes to technical logs each component has its own log file where it writes information regarding its operations. The level of detail can be configured using configuration files – each lower level component has its own configuration file. Technical log files are stored in /var/log/xroad directory. More information about the technical logs can be found at:

https://github.com/ria-ee/X-Road/blob/develop/doc/Manuals/ug-ss_x-road_6_security_server_user_guide.md#17-logs-and-system-services

Business logs

Security Server’s business log is stored in the message log database which contains all the messages processed by the Security Server. Each message is time-stamped and signed which makes it possible to verify the message content afterwards. However, verifying a message requires that the message payload has been logged – logging message payload can also be disabled. By default, time-stamped messages are archived from the database to disk every six hours. Time-stamped and archived messages are kept in the message log database for 30 days until they are removed automatically. Different intervals regarding archiving of messages can be configured through configuration files. More information about the message log can be found at:

https://github.com/ria-ee/X-Road/blob/develop/doc/Manuals/ug-ss_x-road_6_security_server_user_guide.md#11-message-log

Audit log

Security Server’s audit log is stored on the disk and it contains information about all the actions completed by an administrator through the Security Server UI. In this way all the actions that change the configuration or state of the Security Server are logged and they can be traced afterwards. The audit log is stored in /var/log/xroad directory. More information about the audit log can be found at:

https://github.com/ria-ee/X-Road/blob/develop/doc/Manuals/ug-ss_x-road_6_security_server_user_guide.md#12-audit-log

Archiving logs

It is worth mentioning that all the logs produced by the Security Server are local – also in clustered environments. This means that log records are not replicated inside Security Server cluster. In addition, log records are not automatically transferred to an external host or log storage for archiving purposes.

In most cases there are both business and legal requirements regarding the retention period of different types of logs. X-Road produces the logs, but it is the administrator’s responsibility to configure the transfer of the logs to a long-term storage. This is strongly recommended for saving hard disk space and avoiding loss of log records during Security Server crash. Therefore, it is a good idea to transfer the logs to a centralized logging system or log storage rather than storing them locally on Security Server. 

Technical logs and audit log can be configured to be redirected to an external location using rsyslog. In this case a batch type of transfer is not required as rsyslog forwards the log messages nearly real time. However, is not possible to use rsyslog for transferring archived message log record files so a batch transfer must be used. This can be implemented using a transfer script shipped with the Security Server or using rsync.

Please don’t forget disk space

Another reason why it is highly recommended to transfer log records to an external storage rather than storing them locally is hard disk space that they consume. Especially message log database and message log archive files may consume a significant amount of disk space on high traffic Security Servers.

Each SOAP request contains 9.5 kB of metadata (SOAP namespace definitions, headers, signatures) and response message contains around 11.2 kB of metadata. Based on this, each successful query produces around 21 kB of metadata in the message log. In addition, once in a minute security server batch time-stamps all the messages processed since the previous time-stamp operation which generates additional 3.6 kB of metadata per minute.

Message log space requirements can be estimated using the formula below:

3.6kB + N * (21kB + R + A) = S

• N = number of requests per minute

• R = size of request payload in kB

• A = size of response payload in kB

• S = disk usage per minute (kB / min)

Example

Let's assume that a system receives 100 requests per minute. Request payload size is 4 kB and response payload size is 8 kB.

3.6 kB + 100 * (21 kB + 4 kB + 8 kB) = 3303.6 kB / min = 3.3 MB / min

This makes 4.8 GB per day and 143 GB per month.

In addition, archived message log records require around 43 % of the space required by the active message log records so the required disk space in total is:

• 4.8 + 2.1 GB = 6.9 GB / day

• 143 + 61 GB = 204 GB / month

• 1716 + 738 GB = 2454 GB / year

When looking at the example above it is easy to understand why handling and archiving of log records should be planned in advance. Message log may generate a huge amount of data and no one wants to end up in a situation where a full disk causes a service break in a critical business system.

What next?

Many of you may ask what’s the sense of collecting and archiving all these logs. Wouldn’t it be easier to free up disk space by just deleting them? The features related to logging are not a coincidence and they are there for a reason. In the next blog post regarding the X-Road logs I will give more insights on the background of the message log and why it’s working the way it is.

The NIIS organized an X-Road REST support ideation and planning workshop on 8th May in Tallinn. The workshop was targeted for the participants of the previously implemented REST survey who expressed their interest towards the workshop and further involvement in the planning process. The aim of the workshop was to get more insight on implementing REST support from real X-Road users.

Workshop agenda

The workshop had around 20 participants from Estonia and Finland who were representing different public and private sector organizations. The program of the workshop was built around three themes:

• X-Road REST support survey results

• REST support implementation alternatives

• Next generation X-Road

The format of the workshop allowed the participants to have time for discussions and group working. Each section started with an introductory presentation on the topic which was followed by a group assignment and a joint discussion.

X-Road REST support survey results

The first part concentrated on the X-Road REST support survey results. Overall, the participants’ opinions were aligned with the survey results – basic support which means consuming and producing SOAP and REST services using their native implementations is enough. Automatic conversion between different service types is not required.

The most intensive discussion was about defining REST in the context of the X-Road. Unlike SOAP that is a protocol with a detailed specification, REST is an architectural style consisting of the best practices and guidelines. Instead of talking about REST in general it should be defined in more detail what does supporting REST actually mean – in the X-Road’s case a loose definition would be supporting JSON and/or XML over HTTP. Obviously, more detailed guidelines regarding the API provided by the X-Road will be defined during the next steps of the process.

Another hot topic was service descriptions of REST services. The discussion was about the technique or language used for producing the descriptions and if service descriptions should be optional or mandatory. The current idea is to produce REST service descriptions using the OpenAPI Specification (OAS), but more insights about different alternatives was requested by the participants. REST service descriptions should be mandatory just like SOAP service descriptions currently are. Their role is essential for a service consumer and their quality can make a huge difference on a time that is required for implementing a client application consuming the service. Till what extent the X-Road will validate the content of service descriptions, will be defined later.

REST support implementation alternatives

In the beginning of the second part two alternative basic implementation approaches were presented to the participants whose task then was to comment on them and/or present their own ideas and visions. In addition, a list of open issues to consider was given to the participants as an input for the assignment, e.g. how query parameters are handled, how HTTP headers are handled, how to transfer X-Road specific request/response data, which parts of the message must/should be signed etc.

The first approach was about adding an additional rest proxy component to the security server that just wraps REST messages inside SOAP. This approach does not require changing the X-Road transport message protocol, but it adds more overhead to REST messages compared to SOAP.

The second approach was about changing the X-Road message transport protocol to support generic message payloads instead of the current SOAP payload. This approach makes it easier to support other message formats in the future and it also makes processing REST messages faster compared to SOAP, but it requires major changes to X-Road transport message protocol and many existing key components.

The assignment generated many new ideas and approaches. Some groups used one of the two presented alternatives as a starting point and then there were groups that defined their own approach from clean table. Some approaches required changes to existing security server proxy components and others were based on adding new components and a parallel communication channel between security servers. The most radical idea was to implement security server as a software library and redesign the X-Road communication model. However, two things were commonly agreed: 1) REST support should be native and implemented on the transport protocol level and not wrap REST messages inside of SOAP and 2) the changes must be backwards compatible and they should not affect existing SOAP services.

Next generation X-Road

In the beginning of the third part the NIIS technical roadmap for 2018 and some possible future enhancement ideas were presented. Then it was the participants turn to share their vision regarding the future of the X-Road.

The main theme was to make the use of the X-Road easier and streamline both member and security server registration process. Developers were not forgotten either - a developer version of the security server that can be set up in minutes and that does not require registration was discussed too.

When it comes to the technology, supporting containers and better support for cloud platforms were on top of the wish list. Blockchain – a technology that the X-Road is not based on or that is does not currently use internally – was also discussed as an alternative for distributing global configuration. In addition, possibility to join the X-Road using a custom endpoint based on a software library implementing the required protocol stack instead of the official security server software package was discussed too.

To summarize, the next generation X-Road should be a well maintained and interoperable, platform independent solution.

What next?

The outcome of the workshop exceeded the expectations clearly. The workshop provided active discussion, intensive group working, fresh ideas and valuable input for the next phase of the planning process. A big thanks to all the participants.

The NIIS will continue planning in more detailed level, based on the input received from the workshop. New blog posts regarding the topic and the next steps will be published during the next months.

The Nordic Institute for Interoperability Solutions (NIIS) did a survey regarding REST support for the X-Road. The results don’t leave any room for doubts – 93 % of the participants want the X-Road to support REST. Only 7 % of the participants are not interested in REST at all. The X-Road community has spoken.

About the survey

The survey was open from 19th March till 13th April and it was promoted through different social media channels of the NIIS. In addition, all the Estonian X-tee members and Finnish Suomi.fi Data Exchange Layer (Suomi.fi-palveluväylä) members were invited to answer the questions. The survey collected 75 responses of which 32 are from the Suomi.fi Data Exchange Layer members, 24 are from the X-tee members and 19 are from other parties interested in the X-Road.

Summary

One thing is sure – the answers show without a doubt that REST support is wanted by the X-Road community. According to the majority of the participants it’s enough to support consuming and producing services using their native implementation. It is also enough to have the service descriptions available based on the native implementation of the service – WSDL or OpenAPI specification. Automatic SOAP-REST conversion is not expected which means that if a service provider wants to provide both SOAP and REST versions of the same service the provider must implement both versions.

In many questions the differences between answers are not big and it must be also considered that part of the participants did not express their opinion. If all the “I don’t know / I’m not sure” answers were added to the answer that came second, the first and the second answer would be even. This does not change the fact that REST is wanted, but it has an effect on the level of the support that is expected. On the other, if all the “I don’t know / I’m not sure” answers were added to the answer that came first, the difference would be even clearer than it is now.

It is also worth noting that more than half (61 %) of the participants is interested in how the X-Road handles SOAP and REST messages internally. In addition, the information also effects on their decisions when planning how to integrate their services. Based on this it is not indifferent how the REST support is implemented.

Results

The questions and their answers are presented below.

What next?

The survey provided more insight regarding expectations for the X-Road REST support and the results serve as a great input for the next phase of planning.

The NIIS will organize an X-Road REST workshop in Tallinn in May. The workshop is targeted for the participants of the survey who expressed their interest towards the workshop and left their contact information when they completed the survey. More information regarding the REST support and the outcome of the workshop will be available in May. The road towards REST will continue.

X-Road is an open source data exchange layer solution that enables organizations to exchange information over the Internet. More information about the X-Road is available at:

https://www.niis.org/data-exchange-layer-x-road/

The X-Road and REST have been a topic in public discussion for quite some time already. Today the X-Road does not have a built-in support for REST, but that does not mean anything has happened regarding the topic in the recent years. And there’s even more to come later this year...

At the moment REST services can be produced and consumed over the X-Road using the REST Adapter Service component. The service supports a limited set of use cases so it’s not an answer to all X-Road REST integration questions. However, it is an off-the-shelf component that provides an X-Road compatible REST-SOAP converter, and it can be implemented over configuration – no coding is needed. Compared to a custom-built solution it can save a great deal of effort.

https://github.com/vrk-kpa/REST-adapter-service

How does it work today?

X-Road message exchange protocol is based on SOAP and all the information systems and services that exchange data over the X-Road must implement the protocol. For older SOAP based information systems and systems that have been using the X-Road for years this is not a problem as the systems already have a working implementation of the X-Road message exchange protocol.

For new information systems and new X-Road user organizations things might not be that simple because nowadays the most APIs are RESTful in nature and use JSON instead of XML. This means that an additional REST-SOAP adapter service must be implemented between the information system and the X-Road Security Server. The REST Adapter Service component is one alternative or organizations may implement their own custom-built solutions. Either way, it is technically doable, but not a very compelling alternative for organizations that have already moved away from SOAP and have implemented their APIs using REST and JSON. In addition, all the extra components in the stack bring more overhead, delay, maintenance work, costs etc.

What do the numbers say?

ProgrammableWeb is one of the largest information and news sources about the Web as a programmable platform and it maintains a directory of over 15,500 web APIs. According to its statistics REST is the most common architectural style with the share of 81 % of all the APIs listed in the ProgrammableWeb’s API directory. At the same time RPC’s share, that’s including also SOAP, is only a bit under 9.5 %. These numbers give a good overall picture regarding the popularity of different architectural styles today. The whole article is available at:

https://www.programmableweb.com/news/which-api-types-and-architectural-styles-are-most-used/research/2017/11/26

What next?

Based on available statistics and the public discussion in the recent years, it seems obvious that the X-Road needs a better support for REST than the REST Adapter Service is able to provide now. The lack of the REST support is slowing down the adaption of X-Road and generating unwanted additional work for many X-Road user organizations. However, adding support for REST does not mean dropping support for SOAP – not any time soon, at least. Instead, the two architectural styles can co-exist side by side which means that all the current SOAP services must be supported also after the REST support has been implemented. Then it will be another discussion for how long both SOAP and REST must be supported side by side.

Tell us what you think!

What do you think about the X-Road and REST? The Nordic Institute for Interoperability Solutions (NIIS) is doing a survey regarding REST support for the X-Road. The survey is open until the 13th of April, tell us what you think:

https://buff.ly/2G7wtl9