As pointed out in the previous post, federating UXP/X-Road instances for cross-border process optimisation relies on a strong bilateral agreement between the respective Governing Authorities (GA) and other relevant governmental bodies.
The GA of any UXP/X-Road instance is of crucial importance, as it supervises and administrates local UXP/X-Road deployments and operations. It coordinates the implementation of the technology, establishes membership rules for stable operation and administers the members. The GA also monitors the data exchange layer and is responsible for updates and technical maintenance.
Schema of UXP System
Before concluding a bilateral agreement, there must obviously be strong political will and vision to provide reasoning for federating data exchange instances. Thinking of State A and B from the first blogpost, it’s very unlikely that State B is willing to embark on this endeavour with State A if there’s nothing in it for State B. In that sense the preceding negotiations are of utmost importance for the bilateral agreement between the two instances’ GAs.
The bilateral agreement is necessary as the two players need to establish grounds on which they can trust each other. The agreement needs to outline rights and responsibilities, provide reasoning and pinpoint relevant regulations in regard to processing (personal) data, information security, information, identification and trust services et al.
A very central issue in creating trust via a bilateral agreement is the issue of identification and trust services and certification policy. After all, a UXP/X-Road member needs to be able to trust the source and the data from abroad. That is managed via specified qualified signature creation devices and a specific certification policy, that in the best-case scenario, apply to the same international standards, so that there wouldn’t be a discrepancy between the two instances’ mechanisms (see Freudenthal, Willemson, 2014, pg. 8).
As Finland and Estonia have in fact federated their X-Road instances, the agreement of these two states can act as a prototype for future endeavours. A certainly very striking issue is that the dispute resolution needs to be specified, as well – Estonia and Finland decided that it is in fact the Estonian legal system that was selected for dispute resolution (see PRC/RIA, 2016, § 11). In general, the agreement consists of a framework agreement, a document specifying responsibilities, a service level agreement, and an implementation schedule.
As outlined above, the bilateral federation agreement is the first step. It requires strong political will and an understanding of what issues the federation is supposed to solve. Once the agreement is in place, the GAs start harmonising their instances on the organisational, semantical, and technical levels. An essential fact about a UXP/X-Road federation is that it does not change anything about UXP’s/X-Road’s key promise: data is exchanged peer-to-peer without intermediary. The GAs are not involved in data exchange and different instances’ members can exchange information directly across jurisdictional borders.
UXP Federation Concept
The next blog post takes a closer look at the technical peculiarities of federating a UXP instance with an X-Road instance, the Estonian-Finnish Service Level Agreement, and provides and outlook for federating data exchange infrastructure.
Written by Tobias Koch
Freudenthal, M., Willemson, J.: Challenges of Federating National Data Access Infrastructures. In: 2017 International Conference for Information Technology and Communications. Springer, Cham.
PRC 2286/2401/16; RIA 16-0448-001: TRUST FEDERATION OF ESTONIAN X-TEE AND FINNISH PALVELUVÄYLÄ, General Agreement between Estonian Information System Authority and Finnish Population Register Centre, 2016.