Non-repudiation: Ability to leverage digital signature as a service

DSIG, 2016-07-04, Henrik Eriksson

Non-repudiationAbility to deliver digital signature as a service

Östergötland

• Östergötland is the fourth mostpopulous region of Sweden

• Approximately 442,000 peoplecall Östergötland their home

• The region houses 13 differentmunicipalities

Responsibilitiesof Region Östergötland

• Most of the health care that inhabitants need

• Public transport• Promotion of culture, urban development

and the private sector

How Region Östergötland is governed

• Region Östergötland is a democratically governed organisation

• The region's model is client/provider-based

• The highest decision making body is the Regional Council consisting of 101 elected officials

5

The ChallengeMust be able to deliver new

functionality in order to to be able to digitally sign data!

Primarily:• Legal Agreement• Electronic Health Records• Social Care

§

6

• We needed a service that could meet the current and even future demands for use in the mobile world.

• The service needed to support use with both legacy systems and modern apps.

What did we need?

7

1. First we signed a contract with a partner who offered service for digital signing.

2. Then we changed the system so it could make the necessary API-call to that service.

What we did!

Done!

8

Now the problem arose!

9

The problems

?

10

Next step - Take control over the API

APIGatewa

y

ProductionAPI key

ProductionAPI key

ProductionAPI key

UniqueAPI key

UniqueAPI key

UniqueAPI key

Managem

ent

Cost

11

Design goal

12

Result

SwaggerSpecification

APIdocumentation

Back-end Front-endAPI API

13

Our responsibility - Our infrastructure

Security

Availibility Traceability Confidentiality

14

Documentation with Swagger

Swagger RESTful API Documentation Specification

http://swagger.io/specification/+

ToolsTool Description

Swagger Core Java-related libraries for generating and reading Swagger definitions

Swagger Codegen

Command-line tool for generating both client and server side code from a Swagger definition

Swagger UI Browser based UI for exploring a Swagger defined API

Swagger EditorBrowser based editor for authoring Swagger definitions in YAML or JSON format

15

Documentation with Swagger

Write API specs in YAML/JSON……Preview documentation in Swagger

16

ConclusionsControl of security

Easy to implement for developers

Manageability

Lower and predictable costs

Thank you!

Henrik Erikssonhenrik.eriksson@regionostergotland.se