DSIG, 2016-07-04, Henrik Eriksson
Non-repudiationAbility to deliver digital signature as a service
Östergötland
• Östergötland is the fourth mostpopulous region of Sweden
• Approximately 442,000 peoplecall Östergötland their home
• The region houses 13 differentmunicipalities
Responsibilitiesof Region Östergötland
• Most of the health care that inhabitants need
• Public transport• Promotion of culture, urban development
and the private sector
How Region Östergötland is governed
• Region Östergötland is a democratically governed organisation
• The region's model is client/provider-based
• The highest decision making body is the Regional Council consisting of 101 elected officials
5
The ChallengeMust be able to deliver new
functionality in order to to be able to digitally sign data!
Primarily:• Legal Agreement• Electronic Health Records• Social Care
§
6
• We needed a service that could meet the current and even future demands for use in the mobile world.
• The service needed to support use with both legacy systems and modern apps.
What did we need?
7
1. First we signed a contract with a partner who offered service for digital signing.
2. Then we changed the system so it could make the necessary API-call to that service.
What we did!
Done!
8
Now the problem arose!
9
The problems
?
10
Next step - Take control over the API
APIGatewa
y
ProductionAPI key
ProductionAPI key
ProductionAPI key
UniqueAPI key
UniqueAPI key
UniqueAPI key
Managem
ent
Cost
11
Design goal
12
Result
SwaggerSpecification
APIdocumentation
Back-end Front-endAPI API
13
Our responsibility - Our infrastructure
Security
Availibility Traceability Confidentiality
14
Documentation with Swagger
Swagger RESTful API Documentation Specification
http://swagger.io/specification/+
ToolsTool Description
Swagger Core Java-related libraries for generating and reading Swagger definitions
Swagger Codegen
Command-line tool for generating both client and server side code from a Swagger definition
Swagger UI Browser based UI for exploring a Swagger defined API
Swagger EditorBrowser based editor for authoring Swagger definitions in YAML or JSON format
15
Documentation with Swagger
Write API specs in YAML/JSON……Preview documentation in Swagger
16
ConclusionsControl of security
Easy to implement for developers
Manageability
Lower and predictable costs
Thank you!
Henrik [email protected]