Automated Trust Management Using Self-sovereign Identity, the case of X-Road

Abstract

The University of Tartu is running a research project with the Nordic Institute for Interoperability Solutions (NIIS) to take trust management of the X-Road data exchange layer towards full automation. X-Road is used by many organizations and communities, including the Estonian government, to secure and automate the exchange of messages between their information systems.

 The objective of this project is to reboot the trust model and management in X-Road embracing the principles and following the standards of Self-sovereign Identity (SSI)

 What is X-Road? 

X-Road® is open-source software and ecosystem solution that provides unified and secure data exchange between organizations. Currently, X-Road constitutes the backbone of Estonia, Iceland, and Finland's digital government infrastructures. Moreover, it has been fostering the digital government revolution in several other countries around the world. 

Let's start with the roles played by the different entities in the X-Road ecosystem [3].

  • X-Road Operators: As the owner of the X-Road ecosystem, the Operator is responsible for all the aspects of the operations. The responsibilities include defining regulations and practices, accepting new members, providing support for Members, and operating the central components of the X-Road software.
  • X-Road Members: X-Road Members are organizations that have joined the ecosystem and produce and/or consume services with other Members. A Member organization can be a service provider, a service consumer, or both.
  • Trust Service Providers: A functioning X-Road ecosystem requires two types of trust services: 1) time-stamping authority (TSA) and 2) certification authority (CA). Trust Service Providers are organizations providing these services. Trust Service Providers may be commercial third parties, or the services can be provided and maintained by the X-Road Operator too. 

Especially, onboarding new members is a lengthy process as it is dependent on the speed of processing certificate signing requests (CSR) from third-party certificate authorities. This process includes several manual steps, and it might require days, weeks, or even months to complete.

 The use of SSI is intended to speed up this step by using decentralized identifiers. However, the level of security and trust provided by X-Road must not be compromised.

  Objectives: 

The ultimate objective of this thesis is to propose a decentralized and automatic approach for trust management. The starting point is embracing the principles of self-sovereign identity (SSI). 

Out of the evolving body of standards and technologies supporting SSI, this study has to identify fitting technologies and processes to embrace SSI principles in the next version of X-Road trust. Moreover, the study has to reflect on the current X-Road architecture suggesting where changes have to take place. Although not necessary, a demo showing how the SSI-based process should work is preferable. 

Qualifications: 

A candidate student for this master thesis project is expected to have: 

  1. Solid background in public-key cryptography: SSI and its family of standards and practices is based on public-key cryptography and a suitable background in this topic will speed up the starting of the actual work,
  2. Background about distributed systems architectures
  3. Knowledge of Java (the language in which X-Road is written)
  4. Knowledge about distributed ledgers and blockchains is a plus 

Duties and time scope: 

  1. Understand the current X-Road trust model (expected 3 months)
    1. X-Road academic process
    2. Report on the current model
    3. Overview of X-Road codebase, with special emphasis on trust management
  2. Embrace the SSI family of technologies and standards to build the next generation X-Road trust model (3 months)
    1. New X-Road member onboarding process
    2. Onboarding Security Server
  3. Propose an updated trust model that reflects on the current components of X-Road (3 months) 

The overall duration is expected to be 9 months.

Benefits: 

  • Working on a remarkable project with international collaboration,
  • Contribute to the development of a digital public good,
  • Exploring an interesting area and guiding the upgrade of the X-Road trust model with several other application domains,
  • Earn money for the work,
  • An interesting topic for your thesis

 

If you are interested, do not hesitate to ask for more information

Ahmed Awad

ahmed dot]  awad [2] ut.ee

Useful resources