Non-repudiation: Ability to leverage digital signature as a service
-
Upload
nordic-apis -
Category
Technology
-
view
54 -
download
0
Transcript of Non-repudiation: Ability to leverage digital signature as a service
![Page 1: Non-repudiation: Ability to leverage digital signature as a service](https://reader036.fdocuments.in/reader036/viewer/2022070518/58e5954b1a28abdd148b5d27/html5/thumbnails/1.jpg)
DSIG, 2016-07-04, Henrik Eriksson
Non-repudiationAbility to deliver digital signature as a service
![Page 2: Non-repudiation: Ability to leverage digital signature as a service](https://reader036.fdocuments.in/reader036/viewer/2022070518/58e5954b1a28abdd148b5d27/html5/thumbnails/2.jpg)
Östergötland
• Östergötland is the fourth mostpopulous region of Sweden
• Approximately 442,000 peoplecall Östergötland their home
• The region houses 13 differentmunicipalities
![Page 3: Non-repudiation: Ability to leverage digital signature as a service](https://reader036.fdocuments.in/reader036/viewer/2022070518/58e5954b1a28abdd148b5d27/html5/thumbnails/3.jpg)
Responsibilitiesof Region Östergötland
• Most of the health care that inhabitants need
• Public transport• Promotion of culture, urban development
and the private sector
![Page 4: Non-repudiation: Ability to leverage digital signature as a service](https://reader036.fdocuments.in/reader036/viewer/2022070518/58e5954b1a28abdd148b5d27/html5/thumbnails/4.jpg)
How Region Östergötland is governed
• Region Östergötland is a democratically governed organisation
• The region's model is client/provider-based
• The highest decision making body is the Regional Council consisting of 101 elected officials
![Page 5: Non-repudiation: Ability to leverage digital signature as a service](https://reader036.fdocuments.in/reader036/viewer/2022070518/58e5954b1a28abdd148b5d27/html5/thumbnails/5.jpg)
5
The ChallengeMust be able to deliver new
functionality in order to to be able to digitally sign data!
Primarily:• Legal Agreement• Electronic Health Records• Social Care
§
![Page 6: Non-repudiation: Ability to leverage digital signature as a service](https://reader036.fdocuments.in/reader036/viewer/2022070518/58e5954b1a28abdd148b5d27/html5/thumbnails/6.jpg)
6
• We needed a service that could meet the current and even future demands for use in the mobile world.
• The service needed to support use with both legacy systems and modern apps.
What did we need?
![Page 7: Non-repudiation: Ability to leverage digital signature as a service](https://reader036.fdocuments.in/reader036/viewer/2022070518/58e5954b1a28abdd148b5d27/html5/thumbnails/7.jpg)
7
1. First we signed a contract with a partner who offered service for digital signing.
2. Then we changed the system so it could make the necessary API-call to that service.
What we did!
Done!
![Page 8: Non-repudiation: Ability to leverage digital signature as a service](https://reader036.fdocuments.in/reader036/viewer/2022070518/58e5954b1a28abdd148b5d27/html5/thumbnails/8.jpg)
8
Now the problem arose!
![Page 9: Non-repudiation: Ability to leverage digital signature as a service](https://reader036.fdocuments.in/reader036/viewer/2022070518/58e5954b1a28abdd148b5d27/html5/thumbnails/9.jpg)
9
The problems
?
![Page 10: Non-repudiation: Ability to leverage digital signature as a service](https://reader036.fdocuments.in/reader036/viewer/2022070518/58e5954b1a28abdd148b5d27/html5/thumbnails/10.jpg)
10
Next step - Take control over the API
APIGatewa
y
ProductionAPI key
ProductionAPI key
ProductionAPI key
UniqueAPI key
UniqueAPI key
UniqueAPI key
Managem
ent
Cost
![Page 11: Non-repudiation: Ability to leverage digital signature as a service](https://reader036.fdocuments.in/reader036/viewer/2022070518/58e5954b1a28abdd148b5d27/html5/thumbnails/11.jpg)
11
Design goal
![Page 12: Non-repudiation: Ability to leverage digital signature as a service](https://reader036.fdocuments.in/reader036/viewer/2022070518/58e5954b1a28abdd148b5d27/html5/thumbnails/12.jpg)
12
Result
SwaggerSpecification
APIdocumentation
Back-end Front-endAPI API
![Page 13: Non-repudiation: Ability to leverage digital signature as a service](https://reader036.fdocuments.in/reader036/viewer/2022070518/58e5954b1a28abdd148b5d27/html5/thumbnails/13.jpg)
13
Our responsibility - Our infrastructure
Security
Availibility Traceability Confidentiality
![Page 14: Non-repudiation: Ability to leverage digital signature as a service](https://reader036.fdocuments.in/reader036/viewer/2022070518/58e5954b1a28abdd148b5d27/html5/thumbnails/14.jpg)
14
Documentation with Swagger
Swagger RESTful API Documentation Specification
http://swagger.io/specification/+
ToolsTool Description
Swagger Core Java-related libraries for generating and reading Swagger definitions
Swagger Codegen
Command-line tool for generating both client and server side code from a Swagger definition
Swagger UI Browser based UI for exploring a Swagger defined API
Swagger EditorBrowser based editor for authoring Swagger definitions in YAML or JSON format
![Page 15: Non-repudiation: Ability to leverage digital signature as a service](https://reader036.fdocuments.in/reader036/viewer/2022070518/58e5954b1a28abdd148b5d27/html5/thumbnails/15.jpg)
15
Documentation with Swagger
Write API specs in YAML/JSON……Preview documentation in Swagger
![Page 16: Non-repudiation: Ability to leverage digital signature as a service](https://reader036.fdocuments.in/reader036/viewer/2022070518/58e5954b1a28abdd148b5d27/html5/thumbnails/16.jpg)
16
ConclusionsControl of security
Easy to implement for developers
Manageability
Lower and predictable costs