Glossary
This page contains a glossary of the Suomi.fi Data Exchange Layer.
Adapter service
fi Sovitinpalvelu
sv Adaptertjänst
A data source-specific component that adapts the SOAP services offered by the information system to the format required by the Data Exchange Layer. The adapter service is not a ready-made component included with the Data Exchange Layer, but must be implemented separately for each system that is to be connected. The implementation of the adapter service is the responsibility of the organisation joining the Data Exchange Layer.
API Catalogue
fi Liityntäkatalogi
sv API-katalog
A service that presents the subsystems and services (interfaces) available through the Data Exchange Layer in a human-readable format. In addition, the API Catalogue contains the interface descriptions, additional technical information, information contents and the contact details of the administrators for each service. The subsystems’ information is updated automatically from the security servers to the API Catalogue every night. The production of the subsystem descriptions in the API Catalogue is the responsibility of the owner organisation of each subsystem. The services presented in the API Catalogue can be implemented after this has been agreed upon with the service provider. For more information about implementing services, see the related support article.
Authentication certificate
fi Autentikointivarmenne
sv Autentiseringscertifikat
The certificate used to authenticate connections between security servers. The authentication certificate is specific to the security server and is registered to the central server as part of the security server deployment process. The security servers receive the hashes of all security server authentication certificates that have been linked to the Data Exchange Layer through the configuration data downloaded from the configuration server. The security servers use the OCSP service to verify the validity of the certificates.
The validity period of authentication certificates varies depending on the environment. In the production environment, the authentication certificate is valid for six months, and in the test environment for one year. Occasionally, the term “server certificate” may be used when referring to authentication certificates.
Central server
fi Keskuspalvelin
sv Centralserver
A central component of the Data Exchange Layer that contains information about all security servers connected to the Data Exchange Layer and the organisations that use them. This information is stored as regularly updated local copies into each security server, so that the security servers do not have to communicate with the central server when sending messages. Before any new security servers or organisations can be added, the Data Exchange Layer administrator must always approve them on the central server. The Suomi.fi Data Exchange Layer is maintained by the Digital and Population Data Services Agency.
Certificate Authority (CA)
fi Varmennepalvelu
sv Certifikattjänst
A service maintained by a trusted entity that provides certificates for security servers and the organisations using them. The validity of certificates is verified through the Online Certificate Status Protocol (OCSP) service provided by the certificate authority. The certificate authority of the test and production environments of the Data Exchange Layer is the Digital and Population Data Services Agency.
Client certificate
fi Asiakasvarmenne
sv Kundcertifikat
A certificate used for the HTTPS connections between security servers and the information systems of organisations that wish to utilise services. The security server uses a client certificate to authenticate an information system. The client certificate is subsystem-specific, and the default settings of the security server necessitate the use of a client certificate for new subsystems.
Configuration anchor
fi Konfiguraatioankkuri
sv Konfigurationsankare
An XML file that is provided when the implementation application is approved, containing the configuration information that the security server needs to connect to the central server. Without the configuration anchor, the security server cannot connect to the central server.
Host/Hosting server
fi Alustapalvelin
sv Plattformsserver
The terms host/hosting server refer to the server where the security server software is to be installed. The host/hosting server must meet the security server’s technical requirements. Once the security server software has been installed on the host/hosting server, it becomes a security server.
In some cases, several information systems that form a single logical entity can also use the same subsystem to call services. In other words, a subsystem is a unique identifier for the information system or logical information system entity in the Data Exchange Layer.
Information system
fi Asiakasjärjestelmä (tietojärjestelmä)
sv Informationssystem
The customer (member) organisation’s information system to which the security server is connected to facilitate the connection to the Data Exchange Layer. The services provided by the organisation are located in the information system, from which they are called through the subsystem. The term “information system” refers to the information systems of both service providers and service users.
Interface
fi Rajapinta
sv Gränssnitt
See “Service”.
Intermediary
fi Välitoimija
sv Mellanaktör
An organisation acting on behalf of another organisation. For example, an intermediary may submit an application for a use permit and arrange for the deployment of the Data Exchange Layer on behalf of another organisation. The organisation on whose behalf the intermediary acts is referred to as the customer organisation. The responsibilities of the intermediary and its customer organisation depend on agreements between the organisations.
Internal certificate
fi Sisäinen varmenne
sv Internt certifikat
The security server’s internal certificate is used for HTTPS connections between the security server and information systems. The internal certificate is a signed by the security server itself and is created during the security server installation process.
Meta services
fi Metapalvelut
sv Metatjänster
Services provided by the security server that provide information about the organisations that have joined the Data Exchange Layer and the services they provide. The purpose of meta services is to improve the discoverability of the services connected to the Data Exchange Layer and to facilitate their implementation. For more information about meta services, see the related support article.
OpenAPI Specification (OAS)
fi OpenAPI Specification (OAS)
sv OpenAPI Specification (OAS)
A method used to describe programming interfaces that are based on the REST architecture model. The descriptions are written in the JSON or YAML format. The Data Exchange Layer supports version 3 of the OAS.
OCSP (Online Certificate Status Protocol)
fi OCSP (Online Certificate Status Protocol)
sv OCSP (Online Certificate Status Protocol)
A protocol used to verify the validity of security server and organisation certificates. The OCSP follows the RFC 6960 specification.
REST (Representational State Transfer)
fi REST (Representational State Transfer)
sv REST (Representational State Transfer)
An architecture model for implementing programming interfaces that is based on the HTTP protocol. REST does not limit the technologies that can be used in interfaces or the formats in which information may be presented. Currently, the most common data format used in REST applications is JavaScript Object Notation (JSON).
Security server
fi Liityntäpalvelin
sv Anslutningsserver
The customer (member) organisation’s technical access point to the Data Exchange Layer. All messages sent to or received from the Data Exchange Layer are routed through the security server. The security server is responsible for numerous features, including the transmission of service calls between systems, the certificate handshaking process used for service calls, the encryption of communications and messages, logging, and access control. Each organisation that is connected to the Data Exchange Layer must utilise either its own security server or a joint security server with another organisation.
Containerised security server
fi Kontitettu liityntäpalvelin
sv Containrade anslutningsserver
One of the security server options in the Suomi.fi Data Exchange Layer. A Docker container that includes the security server software, its dependencies and everything else that the software needs to function correctly. Containerised security server does not need its own separate host server and it can be installed on any Linux platform.
Security server software
fi Liityntäpalvelinohjelmisto
sv Program för anslutningsservrar
The X-Road security server component that is installed on the host/hosting server. After the security server software has been installed, the host/hosting server becomes the security server.
Service (interface)
fi Palvelu (rajapinta)
sv Tjänst (gränssnitt)
A single service published through a subsystem that can be called. A WSDL description (SOAP) or OpenAPI3 description (REST) is published as an attachment under the subsystem. Services are occasionally referred to as interfaces, especially in the API Catalogue.
Service consumer
fi Palvelun hyödyntäjä
sv Tjänstens användare
An organisation using the services provided by other organisations through the Data Exchange Layer. An organisation can both use and provide services at the same time.
Service provider
fi Palveluntarjoaja
sv Serviceleverantör
An organisation providing services to other organisations through the Data Exchange Layer. An organisation can both use and provide services at the same time.
Signing certificate
fi Allekirjoitusvarmenne
sv Signeringscertifikat
An organisation and security server-specific certificate that is used to sign messages sent through the Data Exchange Layer. If more than one organisation uses the same security server, each organisation is provided with its own signing certificate. Similarly, if one organisation has several security servers, the organisation will have a unique signing certificate for each security server. To verify the validity of certificates, security servers use the OCSP service. The signing certificate must be renewed every two years.
SOAP (Simple Object Access Protocol)
fi SOAP (Simple Object Access Protocol)
sv SOAP (Simple Object Access Protocol)
A communication protocol based on the XML language. The service implementations provided through the Data Exchange Layer may be based on either data transfers conducted in accordance with the SOAP protocol or on a REST architecture model that is independent of the data's presentation format. SOAP works across multiple protocols, but on the Data Exchange Layer, it is used only over HTTP.
Subsystem
fi Alijärjestelmä
sv Subsystem
A set of services (interfaces) that the organisation publishes on the Data Exchange Layer. A subsystem is used to connect systems utilising services to the Data Exchange Layer and publish services on the Data Exchange Layer.
Access rights to the Data Exchange Layer are defined at the subsystem level, which is why the use of information system-specific subsystems is recommended as a starting point. In some cases, one subsystem can be used with multiple services if these services form a logical entity.
Suomi.fi Data Exchange Layer / Data Exchange Layer
fi Suomi.fi-palveluväylä / Palveluväylä
sv Suomi.fi-informationsleden / Informationsleden
A data transfer channel based on the X-Road technology that provides a standardised way of transferring data between organisations and enables the creation of secure service packages. With the help of its open interfaces, the Data Exchange Layer can provide the information needed by various services across different operating environments. The Data Exchange Layer is also connected to the other network and integration solutions provided by public actors. These include VY, KY and TUVE.
Time Stamping Authority (TSA)
fi Aikaleimapalvelu
sv Tidsstämpeltjänst
A separate component from the X-Road solution maintained by a trusted entity that provides a certified service for timestamping messages sent through the Data Exchange Layer. The approved timestamp services used in the Data Exchange Layer are defined centrally from the central server. Message timestamps are stored in security server logs and can be used after the fact to verify that a message was in the possession of a certain party at a specific time. The communications between the security server and the timestamp service take place in accordance with the RFC3161 specification.
WSDL (Web Service Description Language)
fi WSDL (Web Service Description Language)
sv WSDL (Web Service Description Language)
An XML-based language used for the technical descriptions of the SOAP services (interfaces) provided by a subsystem. The descriptions are presented as .WSDL attachments under the subsystems.
X-Road®
fi X-Road®
sv X-Road®
An open source data transfer solution that functions as part of the technical core of the Suomi.fi Data Exchange Layer. X-Road provides a standardised and secure way of transferring data between data resources and the information systems that utilise them. X-Road is developed by the Nordic Institute for Interoperability Solutions (NIIS). For more information, visit: x-road.global.
X-Road® Toolkit
fi X-Road® Toolkit
sv X-Road® Toolkit
A Python-based tool for automatically installing and managing a Security Server. The X-Road Toolkit can be used to define all Security Server options (RHEL, Ubuntu, Docker) for the Data Exchange Layer. It allows you to configure one or more Security Servers at a time.