Outsourcing
Answers to frequently asked questions related to outsourcing have been compiled on this page.
Also familiarise yourself with the support material on the subpages.
Answer depends on who is defined as the owner of the security server. There are two options:
1. IT supplier registers the security server to itself and acquires the authentication and signing certificates in accordance with the joining process.
Organisation that deploys the Data Exchange Layer adds as a separate subsystem to the IT supplier’s security server. An own signing certificate which is used to sign information system messages that sends on behalf of the organisation is requested for the organisation.
2. IT supplier installs the security server, but it is registered in the organisation’s name. Also, authentication and signings certificates are acquired for the organisation.
The representative of the organisation must send the Data Exchange Layer’s user permit application to the Digital and Population Data Services Agency. Other certificates are not required; signing certificate which was acquired for the organisation is used to sign information system messages.
The most important feature of the system joined to the Suomi.fi Data Exchange Layer is the X-Road communication protocol used by the Data Exchange Layer. All systems – both those providing data and those using data provided by others – must be able to implement the communication protocol so that they can use the Data Exchange Layer for data transfer. When you are tendering for an information system, it is a good idea to require the implementation of the Data Exchange Layer communication protocol.
The Data Exchange Layer is a decentralised solution in which the exchange of messages takes place between security servers. Each organisation joining to the Data Exchange Layer needs a security server and is responsible for the installation and maintenance of the security server. The Digital and Population Data Services Agency, on the other hand, maintains and develops software installed on security servers and the central components of the Data Exchange Layer.
The owner of the security server and the party responsible for maintenance may be either the organisation joined to the Data Exchange Layer or a contracting authority responsible for the implementation of the information system, depending on the implementation method of the new information system (on-premise, Software-as-a-Service, etc.). If you wish to outsource the technical implementation of your organisation’s joining process more extensively, the tendering process may also require the supplier to include the implementation, maintenance and operation of the security server as part of the services being procured.