3.3.1. Estonian Government ICT Architecture Overview

Before elaborating on the technical specifics of the research project further, it is important to understand the evolution of the Estonian ICT environment. Over the last 20 years, Estonia achieved tremendous success in combining various technologies with effective, efficient local and central governance. Starting

from the ambitious “Tiger Leap” program in 1997, which kick-started Estonia’s e-transformation, and continuing with the development of inter- organizational data exchange layer “X-Road”, Estonia has invested smartly in developing a fully functional e-infrastructure. The existing e-government services allow

Estonian citizens to electronically manage a substantial portion of their interactions with the government.

Figure 2: Architecture of the X-road Currently, the Estonian e-government system is built around a three-tier architecture defined by: Services,

which use presentation and application programming interfaces; Data Transport (X-Road); and, Databases. It utilizes a well-designed public key infrastructure, which allows the government to securely encrypt, transport, and store information from a variety of government data registries. The core platform is built around a data transport system, which provides a distributed connectivity platform to prevent any single point of failure and which supports multiple data protocols, including SOAP, XML RPC, LDAP, etc. The system relies on a primary certificate authority for the Data Transport (X-Road), while communication between organizations happens at a peer to peer level. Each major e-government service has a data registry supported by one or more databases that are connected to X-Road via a standard gateway called Security Server and custom service adapters. The Database tier is a vendor agnostic model and supports multiple commercial and open source databases including Oracle, MySQL, and PostgreSQL.

The collective e-government system allows Estonian citizens to utilize a citizen-facing portal to manage a substantial portion of their interactions with the government via electronic means. Estonia has invested considerable resources in extending the capabilities of the current web platform to support digital signatures via multiple web browsers, so that interactions with the aforementioned systems can be authorized and digitally signed. However, while the current e-government framework represents a solid foundation, the government came to the realization that it needs to evolve to ensure it can utilize global cloud computing resources in the implementation of the Data Embassy Initiative. To this end, the principles outlined below have been developed to ensure Estonia can keep in step with the fast evolving technology developments, not just for this project, but for the future:

 Single digital identity: Each citizen should at birth be assigned a unique identifier that is associated with that person’s rights and obligation within the government framework. This identified should be linked to a secure digital identity that the citizen uses in execution of their rights and obligations.

 Citizen control of data: Each citizen should have control over his or her data and should be given information about how it is being used and when is it being accessed. Exceptions should be allowed for criminal investigations.

 Collect once, use many: Government agencies should only collect information from the citizen once and be ready and able to share information with other government agencies, when required.

 Central catalog of ICT systems: All government information systems should be cataloged and registered centrally. Information should be made public to the extent possible.

 X-Road usage mandatory: X-Road should represent the main and only channel of communication among the different agencies.

 No legacy systems. The government should be vigilant to ensure that any government ICT systems approaching the end of their lifecycle, e.g. 13 years, are phased out as soon as possible.

The following sections explore how the Virtual Data Embassy Solution could be implemented within the context of the current Estonian government ICT architecture. The implementation process and the steps taken are elaborated, followed by a section that compares and contrasts the results of the testing that was conducted, before ending with findings that were considered significant in the process.