UXP roadmap is maintained for one year ahead. It is reviewed quarterly and it can change depending on shift in priorities. For the nearer future the roadmap is more precise, for the farther future it is more inexact. Cybernetica aims to create three releases of UXP Core per year. The other components are updated when necessary.
1. Personal Data Usage Monitor 1.0 — November 2020
2. UXP Consent Management 1.0 — November 2020
The UXP Personal Data Usage Monitor will be a new UXP component that will provide the citizen the means to monitor the access to their data. The Personal Data Usage Monitor tool will act as a proxy between the security server and the information system (database containing personal data) and log all the accesses to the personal data. The tool will provide log viewer that can be used by the organization’s security officer to audit the personal data usage. However, its main function is to implement services that are called by the citizen portal (or other similar component) to provide the citizen view about who has accessed their data and for what reason.
The UXP Consent Management will be a new UXP component that will provide the citizen (data owner) the means to control access to the protected personal data. Using the UXP Consent management tool, the data service providers can quickly implement consent-based access rules for the protected data. The data owner is firmly in control of the data distribution. The Consent Management tool helps in managing the data usage consents given by the data owners, as well as checking the consent when data clients access the data. Finally, the data owner is provided with the log of data access events, so that they are able to monitor the usage of their data and detect any irregularities.
UXP Core version 1.14 will start the major rework of the UXP product, culminating with the UXP version 2.0. The main changes are the following.
High availability solution for the UXP Registry will be reimplemented using the etcd tool. This makes it possible to dynamically manage Registry Server clusters. When some of the server in the cluster go down, the other servers in the cluster detect this and reconfigure their connections. When the previously unresponsive servers become operational again they will receive the updated data and can continue responding to client requests.
Registry Server functionality is accessible over an API in addition to user interface. This makes it possible to create custom user interfaces for the Registry as well as automate registration and management tasks using the API.
Load balancing support for security servers. This makes it possible to use external load balancers to distribute the load between several security servers belonging to the organization. This improves both the performance and the realiability of the security server cluster.
UXP components will start migrating to OpenID Connect for authentication. This makes it possible to manage the UXP administration and management accounts using existing identity management systems used by the organization. In addition, this makes the UXP security policy flexible as the hosting organization can decide different user management mechanisms depending on the existing configuration and the security policy.
Support for Ubuntu 20.04 LTS ensures that UXP will run on the most recent hardware and will include the latest performance and security improvements.
UXP Core version 2.0 will bring together the rework effort started in UXP Core 1.14. The most significant changes introduced in this version are the following.
Security Server functionality is accessible over an API in addition to user interface. This makes it possible to create custom user interfaces for the Security Server as well as automate management tasks using the API.
UXP will support additional protection of the UXP transactions using post-quantum encryption algorithms. This is critical for organizations that exchange data with high confidentiality requirements, especially in cases where the confidentiality of the exchanged data must be retained for many years. Using post-quantum encryption algorithms now ensures that the confidentiality is assured even when the quantum computers become feasible.
UXP will use distributed blockchain as an additional measure of protecting long-term proof value of UXP transactions. Currently, PKIX timestamping protocol is used to provide long-term validation of transaction. In addition, the Security Server administrator can enable blockchain-based timestamping that is based on different security assumptions and thus adding another layer of security.
For more details of the August 2020 release, see the blog post.
Added support for elliptic curve (EC) keys for software token and hardware tokens (EC keys as security server encryption keys are currently not supported).
Added support for EC keys for nginx and internal TLS certificates.
Added support for longer (3072 and 4096 bit) RSA keys.
Improved TLS communication.
Added support for TLS 1.3 (now a default protocol). TLS 1.2 is still supported by default for backward compatibility.
Added stronger default enabled TLS cipher suites.
It is now possible to configure enabled cipher suites for TLS communication between security server and information system.
Improved procedure for changing the security server internal TLS certificate.
It is now possible to change the certificate smoothly.
It is now possible to import a certificate (generated by an external certificate authority) and the corresponding private key as a PKCS#12 keystore.
Server side listening port between security servers is now distributed together with security server address via global configuration. It enables to change the listening port of the security server without breaking connections with other security servers. This functionality can be used only after all the registry servers and security servers of the UXP instance are upgraded to current version.
Security server owner connection type for servers in service consumer role are now fixed to HTTPS to improve security.
Ubuntu 20.04 LTS is now a supported (and recommended) platform. See Ubuntu upgrade guide UXP-UPG-UB20.
Multiple minor fixes and improvements.
For more details of the April 2020 release, see the blog post.
UXP Connector keeps now an audit log. The audit log events are generated by the user interface when the user changes system state or configuration. The audit log is located at /var/log/uxp-connector/uxp-connector-audit.log. The audit log events are described in the document “UXP Connector: Audit Log Events”.
The connection security between the UXP Connector and the UXP Security Server has been redesigned. It can be configured via the Connection Security page. This includes the following functionality:
Connector certificate can be downloaded from the user interface.
Connection security mode (whether the client system must be authenticated or not) can be checked from the user interface.
Connection security mode can be turned on and off through the command line interface.
Client system internal certificates are now called trusted certificates and are detached from a subsystem code.
A keystore with a private key and a certificate can be generated for a client system other than security server directly in UXP Connector user interface.
Read more in user guide section “Connection Security”.
While running test queries through UXP Connector the query is now rolled back by default so the query has no effect on the database state. The user can choose to commit the query to keep the changes.
Internal test queries run through Connector are now logged to query log.
Service created using Connector must now be assigned to a WSDL file in order to be published.
Connector users are now managed as UNIX users who belong to a special user group. Similarly to UXP Core components. Read more in user guide section “Managing Connector Administrator Accounts”.
Connector uses now c3p0 library for connection pooling between Connector and database.
Updated versions of JDBC drivers included with Connector.
Reminder for MariaDB driver users: Float comparison has to be done now using the LIKE keyword instead of equals sign (=).
Various smaller improvements and bug fixes.
For more details of the March 2020 release, see the blog post.
There is a new component UXP Verifier. It can be used to view the contents of the message log stored in the security server as well as download and verify individual signed messages.
There is new HTTP header Uxp-Transaction-ID. It is automatically generated by the security server to contain a unique value for every message mediated by the security server. The transaction ID is also saved to the message log and can be used to uniquely identify UXP messages.
There is a new configuration option to disable saving the technical messages (monitoring and metainfo services) to message log. This can help to save disk space if there is no need create proof value for exchanges that do not involve business data.
Java Runtime Environment is upgraded to version 11. The other third-party libraries and components are upgraded as well to ensure security and good performance of the system.
Version 7.x of Elasticsearch and Kibana tools is now supported for local monitoring. Elasticsearch clusters are now supported.
The old Request Statistics Document (the old format for UXP statistics) is no longer supported in local monitoring.
Ubuntu 18.04 is now the oldest supported platform.
It is possible to visualize the data exchange between organizations (who has communicated with who) using either a graph or a heat map.
It is possible to download subset of the data exchange statistics as open data.
The UXP Directory can now be installed in a cluster.
It is now possible to customize the user interface.
Java Runtime Environment was upgraded to version 11.
Java Runtime Environment is upgraded to version 11. The other third-party libraries and components are upgraded as well to ensure security and good performance of the system.
Version 7.x of Elasticsearch and Kibana tools is now supported. Elasticsearch clusters are now supported.
Added monitoring server cluster support. Multiple monitoring servers can be configured to use the same Elasticsearch cluster.
Added email notification support. The Monitoring Server can now send e-mail when collecting monitoring data from security servers fails.
Ubuntu 18.04 LTS is now the oldest supported platform.
Find detailed overview of the release in our Blog.
UXP Directory 2.0 is a rewrite of the previous UXP Service Directory product. The new version is no longer focused only on services but provides a good overview of the whole UXP installation. The main changes are the following.
The user interface is redesigned to be more user friendly. The UI also supports localization.
The Directory provides information about members, subsystems and services. The UI provides visualization of the input and output parameters of the service.
It is possible to upload additional information to directory, such as contact information for members or human-readable documentation for services.
The front page shows a dashboard providing the overview of the most important statistics of the UXP installation.
For every directory entry (member, subsystem, service), the Directory displays statistical information - how many requests are associated with the entry.
Find detailed overview of the release in our Blog.
Full support for IPv6.
Improved Hardware Security Module (HSM) support.
More modular packaging.
Restricted charset of UXP identifiers.
Upgraded versions of third-party libraries.
Implemented various improvements and bug fixes, updated documentation.
UXP Monitoring 2.1 is a maintenance release containing mainly minor enhancements and fixes as well as updated versions of third-party components.
Added support for new monitoring server (version 2.0).
It is now possible to get detailed statistics for central Monitoring Server.
Ubuntu 18.04 is now a supported (and recommended) platform.
Improved SOAP fault handling.
Bug fixes and minor improvements.
Rewrite of the monitoring server.
Support for new monitoring protocol and detailed statistics.
Support for ElasticSearch version series 6.x and Kibana version series 6.x.
Ubuntu 18.04 is now a supported (and recommended) platform.
Bug fixes and minor improvements.
Ubuntu 18.04 is now a supported (and recommended) platform.
Bug fixes and minor improvements.
Licence management system is improved.
It is now possible to delegate license signing to another entity.
Different products installed on the same machine can use separate licenses.
Licenses can be viewed and managed in the user interface.
Monitoring system supports version 6 Elasticsearch and Kibana tools.
Local monitoring provides more detailed transaction statistics.
Ubuntu 14.04 is no longer a supported platform.
User guides and installation guides contain more detailed information and are restructured for better readability.
User guide can also be accessed from the user interface as online help.
Third party libraries and frameworks are updated.
Several smaller usability, performance and security enhancements.
UXP Connector supports the updated UXP license system.
Licenses can be viewed and managed in the user interface.
User guides and installation guides contain more detailed information and are restructured for better readability.
Third party libraries and frameworks are updated.
UXP Portal supports the updated UXP license system.
Licenses can be viewed and managed in the user interface.
User guides and installation guides contain more detailed information and are restructured for better readability.
Third party libraries and frameworks are updated.
UXP now has Azure Key Vault support
UXP has support for additional message encryption (can use encryption algorithms that are not supported by TLS)
It is now possible to configure content-type header used for sending attachments
Added output parameter type FILE. FILE parameters point to files in the file system that are returned as attachments
Added support for authentication plugins
Added support for attachments
Improved multilanguage support
REST APIs can now be provided and consumed over UXP infrastructures
WSDLs containing import statements are now supported
Initial version of the UXP Service Directory
Upgraded to new version of Elasticsearch for collecting monitoring analytics
Security and performance improvements
Improved Registry Server high availability solution
Fixes and improvements added
UXP can now be installed on Ubuntu 16.04 LTS
WSDLs that do not describe response message (push services) are now supported.
UXP Connector can be installed on Ubuntu 16.04 LTS
JDBC drivers for popular databases (PostgreSQL, MySQL/MariaDB, MS SQL, HSQLDB) are packaged with UXP Connector
Updated documentation
UXP Portal can be installed on Ubuntu 16.04 LTS
First release of UXP Portal.
UXP now supports SOAP 1.2 messages
UXP WSDL handling now supports services without UXP/X-Road headers. This allows providing existing SOAP services via UXP without any modification.
Initial version of UXP Certiciation Registration Authority.
UXP supports translation of user interfaces.
Several security improvements.
SOAP attachments are supported.
User interface can be translated to other languages.
Connections with security server are secured using mutually authenticated TLS.
UXP Monitoring Server is introduced.
UXP supports multihomed mode of operation.
Added system status view in security server.
Several bugfixes and enhancements.
First version of UXP Connector.
First release of UXP Core components.
Cybernetica continually improves UXP product according to current and future customer needs. Improvements are based on the latest research and address security, performance, stability and usability improvements.
Cybernetica provides full set of necessary software to establish secure data exchange between organisations and information systems. Here are the details about stable releases by different components.