Jarkko Moilanen, Petteri Kivimäki
Unveiling the Open Data Product Specification ...
Unveiling the Open Data Product Specification (ODPS): A Holistic Approach to Data Products
Petteri Kivimäki
NIIS Announces Proof of Concept for ...
NIIS Announces Proof of Concept for Revolutionary X-Road 8 “Spaceship” 🚀
Petteri Kivimäki
New X-Road® Central Server UI and management ...
New X-Road® Central Server UI and management REST API are here!
Andrius Matšenas
Unravelling the Complexities of National Data ...
Unravelling the Complexities of National Data Exchange Networks: A Network Science Approach
Petteri Kivimäki
Database, dataset, data service, or service? ...
Database, dataset, data service, or service? Getting to know X-Road services.

From connectivity between databases towards an ecosystem of ecosystems

From connectivity between databases towards an ecosystem of ecosystems

The challenges that X-Road® addressed in Estonia in 2001 included the lack of private networks – which resulted in developing secure data exchange over the public Internet – and connectivity (between databases) rather than data availability and discovery for the cross-use of data, including operational data of the ecosystem.

The operational data generated in over twenty X-Road environments worldwide is gradually emerging as a significant digital asset and should be better utilised for creating insights and optimal decisions, enhancing the processes and, thereby, the product.

In the future, X-Road as a connected ecosystem of ecosystems could get System of Systems (SoS) characteristics, which require thinking beyond questions usually associated with engineering. In this blog post, we’ll get food for thought about what the data-enabled future of X-Road could look like.

Additional Building Blocks of an X-Road Ecosystem

X-Road® is open-source software and ecosystem solution that provides unified and secure data exchange between organisations. X-Road is based on a distributed model, and it enables decentralised data management and data sovereignty within the ecosystem. Every organization is in full control of its data and services, and data is always exchanged directly between two trusted members without third parties having access to it.

X-Road operator is the owner of the X-Road ecosystem and is responsible for all the aspects of the operations. The responsibilities include defining regulations and practices, accepting new members, providing support for members, and operating the central components of the X-Road software. X-Road members are organizations that have joined the ecosystem and produce and/or consume services with other members. A member organization can be a service provider, a service consumer, or both. Also, a functioning X-Road ecosystem requires two types of trust services: 1) time-stamping authority (TSA) and 2) certification authority (CA). Trust service providers are organizations providing these services.

Technically, the X-Road core consists of a Central Server and Security Server that are the foundational building blocks of the ecosystem. These components are required together with the trust services to establish a trusted network of organisations and enable secure data exchange between its members.

Besides the core and trust services, building a functional and scalable ecosystem requires some additional building blocks that support the operations and use of the ecosystem. These building blocks provide member management and onboarding capabilities, service discovery, metrics collection and reporting, and technical monitoring. The X-Road core doesn't currently offer the capabilities, and therefore, additional building blocks are required. In general, implementing and maintaining these building blocks is the responsibility of the X-Road operator. Next, let's take a closer look at these building blocks.

Service management portal

A service management portal or a self-service portal is a web portal for managing the administrative details of the ecosystem membership. The administrative tasks related to the membership and its management are usually completed using the portal. For example, new members must first send a membership application and, once it has been approved, sign a membership agreement where they agree to follow the terms and conditions of the ecosystem. Also, the portal doesn't have to be limited to the administrative level, and it may cover some technical configuration steps, e.g., requesting certificates, and provide ecosystem-specific documentation and instructions. Depending on the implementation, some parts of the process may be automated, while others require manual input. Also, the portal may provide separate interfaces for the representatives of the member organisations and the X-Road operator.

The Central Server contains a registry of X-Road member organisations and their Security Servers. The information managed by the Central Server is technical and doesn't overlap with the data managed by the service management portal. Also, the service management portal may support the technical onboarding process by automating parts that are not directly covered by the Central Server, e.g., requesting certificates. Since there's a strong connection between the technical and administrative information, the portal and Central Server may be connected. However, a management REST API for the Central Server that enables a seamless integration is a work in progress currently.

An alternative to the service management portal is to manage the membership information in a system that members cannot access directly and use email (or some other channel) for communications. For example, maintain the member information in an Excel file or an internal wiki page, and receive service requests by email. It is a quick and easy way to get started with the ecosystem, but it doesn't scale very well, provides little support for automation, and is not very user-friendly. Therefore, implementing a service management portal is highly recommended.

Currently, there’s no off-the-shelf open-source component available that could be used as a service management portal for X-Road. In general, a service management portal is a custom component, and it may also support a broader range of digital services. Also, it is often connected to ecosystem-specific backend services and registries, such as business registry, service catalog, authorisation service, etc. The Estonian and Finnish service management portals are good examples of how the portal can be implemented.

Service catalog

A service catalog is a web portal that contains descriptions of all the services available in the ecosystem. The primary purpose of the service catalog is to provide a user-friendly channel to search and discover available services. Also, the catalog may provide additional features to support the use of the services, e.g., request access to a service, sign a service agreement, etc. The service catalog is targeted at both business and technical users.

When services are connected to X-Road, their service descriptions are published on the Security Server by the Security Server administrator. The service descriptions can then be accessed using a service discovery mechanism provided by X-Road. However, the mechanism is very technical and requires direct access to the Security Server's messaging interface. Also, getting a list of all services available in the ecosystem would require querying each Security Server separately. Therefore, a more user-friendly service catalog is needed.

When implementing the service catalog, collecting the service descriptions from the Security Servers can be automated. In that way, the descriptions need to be maintained in a single place only, and all the changes in the source are automatically updated to the catalog. Nevertheless, additional metadata must be manually added and maintained on the catalog by a service administrator representing the organisation owning the service. The metadata may include any information related to the service and its use, e.g., a more detailed description of the data set, terms and conditions, contact information, pricing information, SLAs, etc.  

The Estonian, Finnish and Icelandic (only in Icelandic) service catalogs serve as examples of how the catalog can be implemented. The source code of the Finnish catalog is freely available on GitHub, and it consists of two separate components: a service catalog portal and a collector to read the service descriptions from Security Servers and store them centrally. Currently, NIIS doesn’t provide a service catalog component for X-Road.

Reporting and metrics

Reporting and metrics mean collecting usage statistics and metrics from an X-Road ecosystem. The metrics include service usage statistics, response times, request sizes, service health data, etc. The metrics can be used to measure the size and activity of the ecosystem, and they also provide interesting information about the relationships between different member organisations and their services. The information enables the X-Road operator to overview the ecosystem's state and measure its growth. Thanks to the data, the X-Road operator can make informed decisions on the development and governance of the ecosystem.

To get an overview of the whole ecosystem, the raw metrics must first be read from all Security Servers and then stored and analysed centrally. However, it’s important to remember that the metrics do not contain data that is exchanged by the members, only metadata about the use of the services. Collecting the information requires installing the operational monitoring add-on on the Security Servers. The add-on collects the raw metrics data locally and makes it available through a query interface. Nevertheless, access to the interface is restricted so that only the X-Road operator can access the data of all member organisations. Regular members can access their data only.

X-Road Metrics is an open-source component maintained by NIIS to centrally collect, store, process, and publish the data provided by the operational monitoring add-on. X-Road Metrics consists of multiple modules, and its features include but are not limited to publishing the data as open data (from the Estonian ecosystem), generating a dependency graph of member organisations (from the Estonian ecosystem), and providing statistical reports to members. However, making other implementations that utilise the operational monitoring data is also possible since all the documentation and source code are publicly available. Of course, member organisations are free to use the data in their reporting and monitoring systems.

Technical monitoring

Technical monitoring means collecting technical monitoring and health data from an X-Road ecosystem. The data can be used to monitor the Security Server's health. The data includes system metrics (CPU load, free memory, available disk space, etc.), running processes list, X-Road version information, certificated details, etc. Also, the data can be used to recognise potential future problems and maintenance needs before they affect the operations of the Security Server, e.g., detect certificates that are about to expire, detect Security Server versions that are no longer supported. The information enables the X-Road operator to get an overview of the ecosystem’s health and monitor the maintenance of individual Security Servers.

At first, technical and operational monitoring may sound like the same thing or very similar. The difference is that technical monitoring concentrates on the Security Server while operational monitoring is about monitoring services connected to X-Road. However, the way how data is recorded on the Security Server and then collected and analyzed centrally is very similar.

To technically monitor the whole ecosystem, the raw monitoring data must first be read from all Security Servers and then stored and analysed centrally. The technical monitoring data doesn’t include sensitive information, only technical monitoring data. Also, the Security Server administrator can configure the data set that can be collected centrally. Collecting the information requires installing the environmental monitoring add-on on the Security Servers. The add-on collects the raw data locally and makes it available through a query interface. Like with operational monitoring, access to the interface is restricted so that only the X-Road operator can access the data of all Security Servers. Regular members can access their own Security Servers’ data only.

A common approach is to use existing monitoring tools and platforms to centrally store, analyse and visualize the technical monitoring data, e.g., Elasticsearch and Kibana. However, an X-Road-specific component is needed to read raw data from Security Servers. The Finnish Digital Agency has implemented such a component, and they've published it on GitHub under the MIT license. Currently, NIIS doesn’t provide a central environmental monitoring component for X-Road that could be used to monitor the ecosystem's health.

Where do I find the specifications?

Service management portal, service catalog, reporting and metrics, and technical monitoring building blocks offer capabilities that aren’t currently provided by the X-Road core. Those capabilities are not required when setting up a new X-Road ecosystem, but they certainly make operating and developing the ecosystem easier. First and foremost, they provide the X-Road operator with additional tools for informed decision-making and automating management processes.

The building blocks mentioned in this blog post are described on a conceptual level, and there's no formal specification for them. Therefore, every implementation of the building blocks is different and may not always provide the same set of features. However, how the building blocks are technically connected to X-Road must be based on the X-Road protocols and interfaces. Therefore, replacing one implementation with another should be possible if connections to other backend systems are ignored.

Currently, NIIS provides the implementation of the reporting and metrics building block in the form of X-Road Metrics. Also, implementations of the service catalog and technical monitoring building blocks are available as open-source. The service management portal is the only building block that doesn’t have open-source implementations available. More implementations are likely to become available in the future, and the technical specifications of the concepts will be defined in more detail.

The Message Room Concept in Practise

This is a series of blog posts about the Message Room concept. The first part provides an introduction to synchronous and asynchronous data exchange. The second part concentrates on life-event-based services and potential implementation alternatives. Three alternative implementation approaches are discussed in more detail in the third part.

In my previous blog post, I covered five different ways how the Message Room concept could be implemented. In this blog post, I will explain in more detail how NIIS has approached three of the five alternatives at a more practical level. During the last two years, NIIS has conducted multiple research and development activities that have concentrated on alternatives 1-3 (built-in, integrated, connected).

Integrating Apache Kafka into X-Road (integrated)

In collaboration with the University of Tartu, NIIS conducted a research project on supporting event-driven architecture in the context of X-Road. The study consisted of two parts that were completed in 2020-2021. The final report is available in the X-Road Document Library.

The first part of the project produced a report (requirement analysis and feasibility study) and a proof-of-concept implementation which brought a subset of Apache Kafka's capabilities into X-Road. The second part studied Apache Kafka's integration into X-Road further and explored topics that must be covered in a production level integration, for example, high availability, authentication, access rights management, and service discovery. Implementing Kafka management operations in X-Road was out of the project’s scope.

Image 1. Integrating Apache Kafka into X-Road (integrated).

The integration is based on the idea that the existing X-Road protocols are used for a handshake to establish an asynchronous communication channel between the message exchange parties. The asynchronous communication is implemented by the new XGate add-on developed in the project. First, the service consumer sends a regular X-Road request to the service provider using the X-Road Message Protocol for REST (1.). The request is transmitted between the Security Servers using the X-Road Message Transport Protocol. The service provider receives the message, instantiates an interface for asynchronous communication, and adds routing information in the response (2.). The service consumer reads the routing information from the response, establishes a connection to the interface (3.), and reads data from it (4.). More detailed description of the implementation is available in the final report.

The adapter service approach (connected)

X-Road-Kafka Adapter is an adapter component that connects Apache Kafka topics to X-Road. The Adapter supports both producing and consuming data over a simple REST API. The producers publish data to a topic, and the consumers poll the topic and pull data from it. The Adapter sits between the Security Server and Apache Kafka and converts messages between the X-Road message protocol for REST and Kafka protocol. However, the Adapter doesn’t support streaming. 

Image 2. The adapter service approach (connected).

In practice, both producers and consumers may use Kafka's native API directly, or alternatively, they can use a REST API provided by the Adapter over X-Road. In real life, producers and consumers owned by the organisation running Kafka would probably use the native API, whereas external producers and consumers would connect to Kafka through X-Road. However, all the Kafka management and maintenance operations must be done using the native API since the Adapter only supports a limited subset of operations for producing and consuming messages.

More detailed information about the Adapter is available on GitHub. The Adapter is currently on a proof-of-concept level and requires further development before it can be used to run production workloads. The source code is licensed under the MIT open-source license and anyone interested in the Adapter is welcome to contribute to its development.

The X-Road way (built-in)

NIIS is currently working on a proof-of-concept (PoC) level implementation of the built-in approach. The goal of the PoC is to implement the Message Room concept as a Security Server proxy add-on (like messagelog, metaservice, op-monitoring, etc.). In that way, the implementation is modular and can be installed on selected Security Servers only. However, the add-on needs to be installed only on Security Servers that are acting as publishers. No code changes are required on Security Servers acting as subscribers, which means that all existing supported Security Server versions can act as subscribers.

It must be noted that the features included in the PoC are just a narrow subset of potential features of a production-level implementation. The PoC aims to test the concept with minimum viable features, and therefore, many features and functionalities are left out on purpose. The PoC implementation covers the following functionality:

  • Push-push publish/subscribe model.

    • Publishers push messages to a Message Room.

    • A Message Room pushes messages to subscribers - subscribers don't need to poll the Message Room.

  • One publisher per Message Room.

  • One publisher Security Server per Message Room.

  • Multiple subscribers per Message Room.

  • Message Rooms are public - anyone can subscribe to them.

  • Security Server provides the required interfaces to:

    • Publish messages to a Message Room.

    • Subscribe to a Message Room.

    • Unsubscribe from a Message Room.

  • Support for federation.

  • Message Rooms are content-type and payload agnostic.

    • Messages that are published to a Message Room can be of any content-type, e.g., XML, JSON, text, binary, etc.

  • All X-Road security guarantees (except access control for Message Rooms) are supported.

The following restrictions apply to the PoC implementation:

  • Pulling data from a Message Room is not supported.

    • In push-pull model publishers push messages to a Message Room, and subscribers pull the messages from the Message Room.

  • Private Message Rooms are not supported.

    • It's not possible to control who's allowed to subscribe to a Message Room.

  • Internal load-balancing is not supported.

    • It's not possible to publish messages to a Message Room from multiple Security Servers.

    • A Message Room is coupled with a single Security Server.

  • No error handling.

    • If the recipient is not available, the message is lost.

    • If publisher's Security Server crashes, (some) messages are lost.

  • No support for service discovery.

    • There's no automated way to discover what Message Rooms are available.

    • Potential subscribers must know the subsystem code of the Message Room when subscribing to it.

  • No changes to the Security Server UI and management REST API.

    • If new configuration items are introduced, they're values are configured using configuration files or database queries.

  • Subscribe and unsubscribe interfaces support only REST. SOAP is not supported.

The Message Room add-on

The Message Room PoC is implemented as a Security Server add-on.

Image 3. The X-Road way (built-in).

The add-on includes three new interfaces:

  • Publish - publish messages to a Message Room.

  • Subscribe - subscribe to a Message Room.

  • Unsubscribe - unsubscribe from a Message Room. 

The publish interface is used by internal clients to publish messages to a Message Room. The publisher of the message is defined using the "X-Road-Client" HTTP header. The message body is fully data format-agnostic, just like the REST interface. The Message Room where the message is published is the same as the client subsystem. However, only subsystems with a special Message Room status can be used as a Message Room. 

The subscribe and unsubscribe interfaces are used by external clients to manage their subscriptions to a Message Room. The subscribe interface is used to subscribe to a Message Room. Similarly, the unsubscribe interface is used to unsubscribe from a Message Room. In the PoC implementation, the interfaces are accessible by anyone, and there's no access control to them. For example, listMethods and listAllowedMethods metaservices work in the same way.

The message body of the subscribe interface must contain the service ID where messages published to the Message Room are sent. Also, the service must be owned by the same client who sends the subscribe message. The same applies to unsubscribe requests, too - the sender of the request must be the owner of the service specified in the request body. Also, subscribers must allow the publisher to send messages to the service specified in the subscribe message.

Image 4. The message flow using the built-in approach.

The basic message flow for publishing messages is explained in the diagram above:

  1. A publisher publishes a message to a Message Room using the publish endpoint.

  2. The proxy stores the message in memory and returns an acknowledgment message to the publisher.

  3. A scheduled Message Room Processor reads new unprocessed messages from memory and reads the subscriber service IDs from the serverconf database.

  4. The Message Room Processor sends the message to the subscribers as a regular X-Road message. For example, if there are 5  subscribers, 5 messages - one for each subscriber - are sent. The Message Room subsystem is used as the sending client, and the messages are signed with the publisher member's signing key. Each message is logged independently by the proxy. Steps 6-9 are repeated for each subscriber. If there are no subscribers, the message is removed without further processing.

  5. The proxy sends the message to a subscriber.

  6. The subscriber's Security Server processes the message and forwards it to the service (subscriber) defined in the request.

  7. The service returns a confirmation that it has received the message.

  8. The confirmation is returned as a regular X-Road response.

  9. The Message Room Processor receives the response. The content of the response is ignored. However, if the response contains an error, the error is logged in the proxy log.

What’s next?

Based on the results provided by different approaches, the built-in approach has proven to be the most prominent. It can offer the same security guarantees that X-Road currently provides, including authentication, identity management, message logging, signing, and timestamping. Also, it can be expanded to a decentralized publish-subscribe implementation that enables many-to-many communication without a centralized message broker. Therefore, the next step is to test the PoC implementation of the built-in approach with a couple of selected use cases in Estonia and Finland during the first half of 2022. More information about the potential use cases is available in the previous blog post by Petri Kettunen.

Nevertheless, the NIIS members have not decided whether a production-level implementation of the Message Room concept will be included in X-Road. The PoC use cases implemented in Estonia and Finland will provide valuable information to support the decision-making. Once the PoC use case implementations have been completed, a decision regarding the production level implementation will be taken by the NIIS members. Meanwhile, NIIS participates in the implementation of the PoC use-cases and continues to develop the concept further.

The Message Room Concept Implementation Alternatives

This is a series of blog posts about the Message Room concept. The first part provides an introduction to synchronous and asynchronous data exchange. The second part concentrates on life-event-based services and potential implementation alternatives. Three alternative implementation approaches are discussed in more detail in the third part.

The Message Room concept was first introduced by Kristo Vaher, the government CTO of Estonia, in his paper Next Generation Digital Government Architecture in 2020. However, in the paper, the name X-Room was also used about the concept. In the latter design work conducted by NIIS, the name Message Room has been used, and therefore, I'm going to use it from here on.

According to the Next Generation Digital Government Architecture paper, the Message Room concept provides different administration sectors with an asynchronous communication channel that is the technical enabler for implementing life event-based services. In practice, the implementation would follow the publish-subscribe pattern, and it would be based on X-Road, including all X-Road's existing security guarantees. In that way, the existing infrastructure and data exchange ecosystem are utilized instead of reinventing the wheel and building everything from scratch.

What are life event-based services?

The idea behind life event-based services is that an event happens in a person's life and is registered by an information system. Then the information system notifies other information systems about the event that have registered their interest to receive updates on that specific event type. Based on the event, various processes are then triggered to provide the citizen with services related to the event. In this way, it is possible to offer or suggest services to citizens automatically instead of the citizens having to apply for them separately. For example, social benefits could be automatically offered to parents when a child is born.

What is a Message Room?

Generally, Message Room is an asynchronous messaging concept that decouples message producers and consumers and enables publishing messages and events to multiple consumers. Instead of sending messages directly between two information systems, message producers publish their messages to a Message Room with any number of consumers. The number of message publishers is not limited either, and a single Message Room can have one or more publishers.

Image 1. The Message Room concept.

A Message Room can be public or private. Anyone can publish and/or consume messages from public rooms, but private rooms can be accessed by authorized parties only. It is also possible that only authorized parties can publish messages, but consuming is allowed for anyone or vice versa.

Technically, a Message Room is an implementation of the publish-subscribe communication pattern. In other words, a Message Room can be considered a topic with multiple subscribers. A Message Room enables one-to-many and many-to-many communication.

Implementation alternatives

From a technical perspective, there are different ways to implement the Message Room concept. Every alternative has its pros and cons, and also the constraints and supported features vary between the alternatives. The implementation alternatives can be divided into five high-level categories:

  • built-in

  • integrated

  • connected

  • standalone

  • standardization.

It must be noted that the categories are not mutually exclusive, and they're partly overlapping. A potential outcome might very well be a combination of multiple categories. 

Built-in

The idea of the built-in approach is that required features are implemented around the existing X-Road concepts, components, and protocols. In practice, it means extending the current protocols, introducing new entities, and expanding the functionalities of different components. Everything is designed and implemented using the "X-Road way," which means that the implementation provides all the same security guarantees that are provided to synchronous messages. At the same time, the implementation also has to deal with the constraints caused by the same security guarantees.

Integrated

Integrated means taking an existing open-source messaging solution (e.g., Apache Kafka, RabbitMQ) and integrating it into X-Road. In this way, the existing solution provides most of the messaging features, and there's no need to implement them separately. Some changes/additions to the X-Road protocols are likely to be required, but the data exchange inside a message room is based on the protocol(s) supported by the selected solution. Also, the integration covers most of the management-related tasks so that they can be completed using X-Road provided components, e.g., the Security Server UI and management API.

However, integrating the solution into X-Road requires potentially a significant effort, and there's a tight coupling between X-Road and the selected solution. Another downside is that X-Road becomes highly dependent on an external solution which future development and roadmap are out of NIIS's control. Also, it's very likely that providing all the same security guarantees provided by synchronous messages isn't possible, e.g., signing and timestamping all the data processed by a Message Room.

Connected

The connected approach uses X-Road to establish a connection between the data exchange parties and implement the actual data exchange through an external channel outside of X-Road. In this case, X-Road provides a secure channel for the initial handshake that includes exchanging the details of the external channel.

The handshake is a regular X-Road message in which headers and/or body include the required details. The external channel doesn't directly connect with X-Road, so it may use any data exchange protocol. In this way, the approach is not coupled with any specific solution or technology, and it can be used to support multiple different solutions and use cases. For example, different messaging solutions like Apache Kafka, Rabbit MQ, and Apache ActiveMQ could all be supported. However, the external solution is managed independent of X-Road, and all configuration tasks must be done using the native interfaces and tools provided by the solution. Also, the X-Road security guarantees are provided for the handshake but not for the data exchange.

Standalone

Standalone means implementing Message Rooms as a standalone, fully independent solution that can be connected to X-Road. In this way, the solution can be used together with X-Road, but also without it. Connecting the solution to X-Road could be done using the integrated or connected approach.

An existing open-source messaging platform, such as Apache Kafka, could be taken as a basis and developed further if needed. No additional development is required in the best case, and an existing solution can be used as-is. Also, the solution could be implemented using an existing standard or a set of standards that would support interoperability on a broader scale.

Standardization

Standardization is about creating a protocol stack based on a standard or a set of standards that define all the aspects of the communications required by a Message Room. In practice, it means leveraging existing standards and creating new ones in case they are needed. This approach would make Message Rooms both technology and solution agnostic. The first step would be to study whether suitable standards that meet the requirements already exist and participate in their development. For example, the Message Room concept could be connected to data spaces, e.g., an asynchronous communication method within a data space and across different data spaces.

Requirements for the implementation

In theory, all the described implementation alternatives are technically feasible, but there are various differences when looking into them in more detail. Eventually, the choice between the alternatives boils down to the expectations, requirements, and constraints for the Message Room implementation.

One of the recognized requirements for the implementation is a reuse of existing infrastructure and X-Road principles. In practice, it means utilizing X-Road's existing security mechanisms, including authentication, identity management, message logging, signing, and timestamping. Also, the Message Room concept implementation should be based on a decentralized architecture, and therefore, it must not include any centralized components.

All the Message Room-related research and development activities conducted by NIIS have concentrated on categories 1-3 (built-in, integrated, connected) since they directly include X-Road and, therefore, provide the most logical starting point for the implementation. The different activities will be covered in more detail in my next blog post.

Synchronous or Asynchronous Messaging?

The previous blog post by Petri Kettunen provided insights on the Message Room use case study conducted by the University of Helsinki. This is the first part of a series of blog posts about the Message Room concept, and it provides an introduction to synchronous and asynchronous data exchange. The second part concentrates on life-event-based services and potential implementation alternatives. Three alternative implementation approaches are discussed in more detail in the third part.

In 2020, NIIS conducted an X-Road feature study to identify the needs and challenges of X-Road operators and members in Estonia, Finland, and Iceland. Information was gathered via 20 interviews (26 participants) and supplemented with an online questionnaire in Estonia (29 respondents). In addition, two innovation workshops were organized to collect further details on selected topics. 

Messaging patterns were one of the topics included in the study. Currently, X-Road only supports synchronous request-response messaging. Still, the need for asynchronous messaging had been recognized based on user feedback and some new use cases, such as proactive life event-based services. Therefore, additional information and insights on the actual needs and requirements were needed to make more concrete plans regarding the next steps.

Synchronous and asynchronous messaging

An excellent way to understand the difference between synchronous and asynchronous messaging is to compare a phone and an email. A phone call is synchronous – both parties must be available for it, and you have to wait for an answer when asking questions on the call. Instead, an email is asynchronous – you can send an email when you want, and the recipient is free to choose when to read it and respond.

Currently, X-Road is based on synchronous communication suited for real-time data and document exchange. Synchronous data is exchanged via request-response pairs. On a simplified level, a service consumer sends out a request and then waits for a service provider's response. When the request is sent, the service consumer waits for the response until it is received or a timeout occurs. Synchronous messaging creates a tight coupling between the data exchange parties since the consumer is always dependent on the availability and performance of the provider. Also, changes on either side easily break down the connection.

In the case of asynchronous messages, a service consumer sends a request and continues processing other tasks. The service provider sends a response later once it has processed the request or, depending on the type of asynchronous messaging pattern, it may not send a response at all. Asynchronous messaging creates only a loose coupling between the data exchange parties, making them less dependent on each other.

From message exchange patterns to communication patterns

In practice, there are several message exchange patterns how asynchronous messaging can be implemented. Asynchronous messaging can be one-way or two-way, and it can be based on different combinations of push and pull, for example:

  • send a message with no response (push)

  • send a message with no response (pull)

  • send a message with an asynchronous response (push and pull)

  • send a message with an asynchronous response (pull and push).

The asynchronous message exchange patterns and their different combinations are used in various communication patterns. The publish-subscribe and message queue communication patterns were included in the X-Road feature study together with the asynchronous request-response message exchange pattern.

Asynchronous request-response

A service consumer sends a request and continues processing with other tasks. The service provider sends a response later once it has processed the request. The consumer may include in the request a destination for the provider to send a message with the response.

Publish-subscribe

A service provider publishes messages (publisher), and any number of service consumers will receive them (subscribers). Service consumers that are interested in a publisher’s messages “subscribe” to a predefined channel that they know publishers will be sending messages to. When an event happens, a message is sent to all the service consumers who have subscribed to the channel. Many publishers and subscribers can use the channel, and each message is delivered to all the subscribers.

Message queue

A message queue is an asynchronous communication channel where service producers and consumers do not interact simultaneously. Service producers push messages onto a queue, and consumers read the messages from the queue. Only one consumer gets a particular message, no matter how many consumers read messages from that queue. Many producers and consumers can use the queue, but each message is processed only once by a single consumer.

What do the users truly desire?

According to the X-Road feature study results, the publish-subscribe pattern is the most preferred option for implementing life-event-based services. Also, according to the MoSCoW methodology, it’s a MUST together with asynchronous messaging. Instead, message queues and data streaming were mentioned in the study as well, and they were considered essential by many participants. According to the MoSCoW methodology, they were both SHOULD.

After the feature study, interactive innovation workshops were organized with participants from Estonia, Finland, and Iceland. According to the results, the publish-subscribe pattern got the highest priority in expanding X-Road's current message exchange capabilities. Also, the results strengthen the image of the pattern's role in implementing the proactive life event-based services. Therefore, it is logical to concentrate on the publish-subscribe communication pattern. However, it doesn't mean that the other alternatives are forgotten or mutually exclusive. In the long term, different options remain open even if the publish-subscribe pattern is prioritized first.

Also, the goal is not to replace the currently supported synchronous request-response pattern with asynchronous messaging. Instead, the aim is to extend X-Road’s messaging capabilities with asynchronous messaging.

Message Rooms Use Case Study: Should X-Road Support Asynchronous Messaging?

Message Rooms is a proposed X-Road publish/subscribe concept that decouples message producers and consumers for data exchange in interconnected information systems. In the University of Helsinki (Department of Computer Science) contract research project, the need and feasibility of asynchronous messaging with the Message Rooms concept were analyzed with respect to its potential benefits and implementation realization. The analysis was based on selected use cases.

This research project aimed to recognize, document, and analyze the intended use cases in Estonia, Finland, and Iceland. Initial sources of the use cases included in the study were the X-Road Feature Study (2020), the Estonian KrattAI, and the Finnish AuroraAI. The expected result of the research was to provide to the NIIS members information for informed decision-making regarding the further steps and the potential continuation of the Message Rooms related work. The implementation of the Message Rooms had not been decided yet, but several implementation alternatives were under comparative discussion.

Background

In the prior X-Road Feature Study (2020), synchronous request-response messaging was suggested to be a MUST. However, also asynchronous messaging was a MUST. In general, the publish and subscribe pattern was a MUST since it is the most preferred option for implementing life event-based services.

In the Feature Study, particular business/use cases were not analyzed in detail. “Message Rooms” or “X-Rooms” were not explicitly mentioned. Overall, asynchronous messaging was concluded to mean a paradigm shift in the context of X-Road.

This Use Case research started with getting an overall understanding of the X-Road context and the Message Room problem space. As a result, a (partial) Message Rooms concept map was compiled. It includes such key concepts as Service capabilities, Data exchange capabilities, Asynchronous loosely coupled communication, Asynchronous messaging, Synchronous communication between services, Publish/subscribe messaging model, Event-driven architectures, Service endpoints, Registry-based data exchange, Cross-border data exchange, and Flexible distributed government service architecture. The wide, even partial concept map suggested that the overall decision-making space has many technical and organizational interrelationships, dependencies, and constraints.

Considering the X-Road usage in the participating countries, Estonia was considered to be "fully X-Road". In Finland, the Suomi.fi Data Exchange Layer ("Suomi.fi-palveluväylä") was noted to be mandatory (obligation to use) for public administration organizations ("Palveluväylän käyttövelvoite"). Notably, Finland's and Estonia's data exchange layers were interconnected in 2018. Iceland was not applicable, and the country was excluded from further analysis.

Use Cases Exploration

In the X-Road Feature Study, most interviewees reported seeing the value of asynchronous communication. However, their organisations did not have specific business cases for asynchronous message exchange at that time.

With that heading, the research problem was defined as to justify implementing the Message Rooms by discovering asynchronous data exchange use cases between certain public sector agencies based on the proposed Message Rooms concept. The context was the X- Road users in Estonia and Finland.

As for the research approach, two different angles to the use case discovery was recognized:

  1. Examine some existing service information systems identifying such information exchanges, which could, in principle, have Message Rooms based implementations.

  2. Identify opportunities for Message Rooms based on implementations in some new service information systems designs.

In practice, the first alternative was seen as more appropriate for the time being – given the limited schedule and resources allowed for the contractual research work.

For the data collection, several expert stakeholder interviews were conducted (in September–November 2021). The Estonian interviewees were governmental digitalization experts. In Finland, they represented the Tax Administration, the Digital and Population Data Services Agency, and the governmental AuroraAI program.

For initial probing, an architectural design scenario was presented. The scenario was as follows:

  1. Some change occurs in some information systems (service) (e.g., a citizen moves to a new home town).

  2. Interested information systems (information producers/consumers) receive event notifications about the change.

The following points were then interrogated: How typical is this scenario? What particular cases are there now / in the (near) future? What are the Information Provider(s) and the Information Consumers/Users?

Several prospective use cases were examined in Estonia and Finland. The Death Of a Closely Related Person was acknowledged as the most viable case that could, in principle, be implemented based on Message Rooms. It was indicated to be so both in Finland and Estonia.

In that use case, a doctor determines the death and registers it to the Population Information System with an application. Government officials and different organizations then receive the information immediately. With respect to asynchronous messaging, this maps into the following:

  1. The hospital information system will announce the fact (i.e., publish).

  2. Population registry, employment registry (n+1) will listen (i.e., subscribe and receive notifications).

Potential Use Cases & Clues

All in all, we recognized a range of potential use cases and prospective avenues for other cases. These include the other citizen life events similar to the Death Of a Closely Related Person case, such as “Birth of a child”. Such cases may be equal with respect to asynchronous information exchanges.

In Estonia, there are many needs for the state's central event service to communicate with the local government event service. The local government finds out that an event (e.g., a death, birth, etc.) has occurred. Subsequently, they could immediately provide services accordingly based on this event information. The forthcoming Government Virtual Assistant #bürokratt will initially involve three agencies (Police and border control, National library, Consumer protection agency) and at least eight more agencies planned with probably thousands of daily users. It also provides services.

Another Estonian case candidate is related to drugs prescription. In that, a need for new drugs prescription is first notified. A consent to other people to purchase the drugs is then granted, and they are then notified of the consent.

In Finland, one of the services where X-Road is being utilised, is Suomi.fi Messages (”Suomi.fi-viestit”) – a service provided for citizens to communicate with authorities. It was opened in 2017, and currently, it has some 750 000 users. Public administration organizations in Finland are obliged to support the service.

In the Suomi.fi Messages message exchange system, when a new message is sent from government agencies to the message box of a citizen, a notification is sent to the citizen's email address. However, currently, such notification messages are only sent by the Tax Administration.

Another potential area in Finland is the search service of the Population Information System (VTJ). Currently, the VTJ query interface is synchronous. The consumer organization gets information (e.g., personal data) from the Population Information System in real-time forms on a continuous (not on a one-off) basis and individually (not in large batches).

In Finland, one more prospect is the Tax Administration Suomi.fi service interface vero_tipa_server_prod ("Veron tietopalvelurajapinnat"). That subsystem provides query services for tax information. However, currently, the services are intended only for certain organizations.

Furthermore, in the Finnish AuroraAI program, additional needs for asynchronous messaging have been recognized: Events trigger activities in the service network. Such new developments are planned for Q1–Q2/2022.

In addition, there are many ongoing and emerging large-scale governmental information systems development projects in Finland. For example, in the new centralized national digital register and data platform for the built environment ("RYTJ"), the information producers send (push) information from their own systems, and the information users retrieve it. Additional asynchronous notification support could be considered.

Conclusions

Overall Findings and Observations

Based on the research work described above, we have drawn the following overall inferences and propositions:

  • What are their really essential, fundamental questions (problem definition)? Is it more about data/information or services?

  • What level(s) of the technology stack(s) are most critical (problem-solution)? When is it the transport layer?

  • What/where are the most significant needs and most considerable constraints? Do they concern about the messaging technology or more about the information systems, services, and business processes?

Suggestions for Future work

For further (research) work, we suggest the following:

  • How typical are certain data exchange patterns in current and forthcoming systems? Such patterns could be recognized, for example, from different chatbot services. If such typical patterns can be recognized, useful common asynchronous communication design patterns could be developed for reuse.

  • Identify and describe systematically relevant (future) data exchange scenarios. Assess whether message rooms (asynchronous communication) would be appropriate architectural realizations for the scenarios. For example, the Architecture Tradeoff Analysis Method (ATAM) could be used.

Considering use case discovery and analysis, there are two spheres: current X-Road-based information/service systems and new ones. For the former, would they be willing and able to change to asynchronous communications (Message Rooms) based implementation? For the latter ones, what asynchronous communications (Message Rooms) based solution opportunities would there be in the IS under development / planned?

In more general, considering (governmental) IS analysis and design, the following factors and issues should be assessed and taken into account:

  • In which service/information systems would asynchronous data exchanges be needed and be useful? What are the information and data processing needs?

  • Would asynchronous communications (Message Rooms) based design be the most fitting (even optimal) choice? What is the feasibility (e.g., cost of modifying existing implementations)? What specific constraints are there (e.g., legal limitations such as SSN policies in different X-Road countries)?

The author Petri Kettunen (Docent, University Researcher) joined the University of Helsinki, Department of Computer Science in January 2010. Since then he has been working on a wide range of software engineering research topics in different industry-academia collaboration programs and projects.

Towards a sustainable digital future with X-Road

The EU is fighting climate change and has planned to further cut emissions by 2030. By 2050, Europe aims to become the world's first climate-neutral continent.

NIIS internal primary goal is to achieve carbon neutrality by 2030. With our flagship product, X-Road®, we follow the UN 17 Sustainable Development Goals, and X-Road contributes to specific goals directly or indirectly. X-Road also fulfils the criteria of a Digital Public Good, and it's approved as such by the Digital Public Goods Alliance.

NIIS aims to reduce the environmental impact of X-Road ecosystems and has an ambitious goal that X-Road is the most sustainable data exchange solution by 2030.

Let's look into the steps taken so far and the subsequent phases towards the goals.

How could NIIS become carbon neutral by 2030?

NIIS develops software, so electricity is required for our operations and using the end products. Currently, this involves non-renewable fossil fuels, but we aim to move towards renewable energy at NIIS and decrease the energy consumption of our organisation.

The impacts and dependencies on environmental sustainability happen in both primary and support activities of the NIIS value chain. Software development and procurement are the most efficient functions for NIIS in reducing harmful effects. Our value chain support activities include more aspects such as our office premises, travelling, and other procurement and consumption subjects, which require a mitigation strategy.

Our focus so far has been on assessing impacts on environmental sustainability. To improve our performance in social sustainability, we consider selecting tools and frameworks such as KPIs for linking impacts and dependencies to human and social capital.

Sustainability is included in NIIS values. Our sustainability goals shall be embedded in our strategic objectives during this year. Consequently, incentives for achieving the strategic objectives cover also our sustainability goals.

NIIS can better recognise the planetary boundaries and become carbon neutral by 2030. Generally, we must not prioritise mitigation or adaptation strategy but rather look into the NIIS value chain and identify the possible actions.

How could X-Road become the most sustainable data exchange solution?

We develop software for digital governance infrastructure, which is highly dependent on electricity. The rise in electricity production by renewals, climate change and other contributing factors in the energy sector will increase overall electricity costs also in the future. NIIS shall continue to support reducing electricity consumption in our users’ infrastructures.

X-Road users consume natural resources also through the hardware utilised for running software. The manufacturing of hardware involves mining minerals and metals that are becoming difficult to find. Reducing the number of hardware required to operate the software is another way to impact positively. Therefore, running X-Road on the cloud is the first step for any X-Road operator willing to reduce negative impacts.

NIIS recently completed the first project in which we assessed the energy consumption of the access point component (Security Server) of X-Road. We aim to significantly reduce energy consumption by covering the whole X-Road ecosystem and operations. We have an ambitious goal of making X-Road the most sustainable data exchange solution in digital government by 2030. It's worth adding that this goal is not limited to environmental sustainability only.

We have identified specific SDG's with X-Road contributions to various areas of sustainability. These include SDG's for which we have evidence about direct contribution in the form of a project, platform, network, ecosystem, policy or feature, that involves X-Road. We don't aim to increase the number of contributed SDG's – unless it happens naturally – but rather strengthen the activities in the existing SDG's. We aim to work long-term and support the initiatives utilising X-Road.

From 2022 onwards, NIIS will incrementally introduce new methods for reducing energy consumption in X-Road environments. We cannot guarantee any schedule for the software's sustainability enhancements at this early research phase. Still, we will do our best to advance sustainability and engage different stakeholders in work.

Ville Sirviö is the CEO of NIIS. He studied leading sustainable organisations at the Saïd Business School, University of Oxford, in 2021.