Roadmap
General Principles
UXP roadmap is maintained for one year ahead. It is reviewed quarterly and it can change
depending on shift in priorities. For the nearer future the roadmap is more precise, for the
farther future it is more inexact.
Cybernetica aims to create three releases of UXP Core per year. The other components are
updated when necessary.
1. UXP Portal 2.1 — November 2019
2. UXP Connector 1.6 — December 2019
3. UXP Core 1.12 — December 2019
4. UXP Monitoring 2.2 — December 2019
5. Personal Data Usage Monitor 1.0 — March 2020
6. UXP Core 1.13 — May 2020
7. UXP Core 1.14 — October 2020
8. UXP Core 2.0 — December 2020
Version 2.1 will be the first public release of the reworked UXP Portal product (the version 2.0 was unpublished beta release). The new Portal features:
completely rewritten user interface;
support for much wider range of services and XML elements;
comprehensive management interface for Portal configuration.
UXP Connector 1.6 will be mostly maintenance release, incorporating mainly bug fixes and small improvements.
UXP Core version 1.12 will be mainly a maintenance release. The main change will be support of Java 11 that replaces the soon to be deprecated Java 8. In addition, UXP Core 1.12 will contain the following changes.
Added support for Elasticsearch version 7 and above (for local monitoring).
Support for Ubuntu 16.04 is now deprecated. The Ubuntu 16.04 LTS has reached its end of life and is no longer supported by UXP.
New feature: GUI for verifying signatures created by UXP. The new user interface allows the user to search for a transaction from the security server’s message log. When found, transaction is verified (the signature and the timestamp are checked) and displayed to the user. User can also download the signed transaction to their computer and verify it offline.
Security server performance will be improved based on the results of the performance testing.
The main new feature of the UXP Monitoring version 2.2 will be the transaction statistics visualization tool. Previously, the statistics could be viewed by the monitoring server manager using the Kibana tool. The new monitoring server publishes the transaction statistics as open data. It also comes with a built-in user interface for visualizing the connections between the organizations, services, etc. The user interface is intended to be used as a public tool that can be used by citizens to learn about the UXP usage.
In addition, UXP Monitoring 2.2 will include support for Elasticsearch version 7 as well as other minor improvements.
The UXP Personal Data Usage Monitor will be a new UXP component that will provide the citizen the means to monitor the access to their data. The Personal Data Usage Monitor tool will act as a proxy between the security server and the information system (database containing personal data) and log all the accesses to the personal data. The tool will provide log viewer that can be used by the organization’s security officer to audit the personal data usage. However, its main function is to implement services that are called by the citizen portal (or other similar component) to provide the citizen view about who has accessed their data and for what reason.
UXP Core version 1.13 will include mainly technical improvements that will simplify implementation of UXP as well as make it more secure.
Service client library will simplify creating client information systems that invoke UXP services.
Optional timestamping makes it easier to deploy UXP in environment where timestamping service is not available or not required by the security policy.
Support for TLS version 1.3 brings the secure communication to the new level, implementing the latest and the most secure communication protocol. TLS 1.3 will bring superior privacy, security and performance. Together with support for new TLS version, new algorithms for authentication keys (for example, ECDSA) will be supported.
Support for arbitrarily long cryptographic keys for situations where the default key length is not enough.
High availability solution for UXP Security Server will make it simple for the Security Server administrator to configure high availability setup. The setup implements automatic failover in case one of the security servers in the cluster becomes unresponsive.
UXP Core version 1.14 will start the major rework of the UXP product, culminating with the UXP version 2.0. The main changes are the following.
High availability solution for the UXP Registry will be reimplemented using the etcd tool. This makes it possible to dynamically manage Registry Server clusters. When some of the server in the cluster go down, the other servers in the cluster detect this and reconfigure their connections. When the previously unresponsive servers become operational again they will receive the updated data and can continue responding to client requests.
Registry Server functionality is accessible over an API in addition to user interface. This makes it possible to create custom user interfaces for the Registry as well as automate registration and management tasks using the API.
Load balancing support for security servers. This makes it possible to use external load balancers to distribute the load between several security servers belonging to the organization. This improves both the performance and the realiability of the security server cluster.
UXP components will start migrating to OpenID Connect for authentication. This makes it possible to manage the UXP administration and management accounts using existing identity management systems used by the organization. In addition, this makes the UXP security policy flexible as the hosting organization can decide different user management mechanisms depending on the existing configuration and the security policy.
Support for Ubuntu 20.04 LTS ensures that UXP will run on the most recent hardware and will include the latest performance and security improvements.
UXP Core version 2.0 will bring together the rework effort started in UXP Core 1.14. The most significant changes introduced in this version are the following.
Security Server functionality is accessible over an API in addition to user interface. This makes it possible to create custom user interfaces for the Security Server as well as automate management tasks using the API.
UXP will support additional protection of the UXP transactions using post-quantum encryption algorithms. This is critical for organizations that exchange data with high confidentiality requirements, especially in cases where the confidentiality of the exchanged data must be retained for many years. Using post-quantum encryption algorithms now ensures that the confidentiality is assured even when the quantum computers become feasible.
UXP will use distributed blockchain as an additional measure of protecting long-term proof value of UXP transactions. Currently, PKIX timestamping protocol is used to provide long-term validation of transaction. In addition, the Security Server administrator can enable blockchain-based timestamping that is based on different security assumptions and thus adding another layer of security.
