Swissdec Challenge from the GovTech Hackathon 2024

Challenge description: https://hack.opendata.ch/project/1099/challenge

Challenge outcome: https://hack.opendata.ch/project/1099

SUA specification: https://www.swissdec.ch/sua

Resources

The resources folder contains the following artifacts:

• security: needed certificates
  • for signing (client.p12, info.txt contains the password)
  • for encryption (server.crt)
• wsdl: the soap interface description with XML schemas
  • OrganizationAuthenticationService.wsdl: endpoint description for registration process
  • OrganizationAuthenticationRenewService.wsdl: endpoint description for reissuing the certificates
  • *.xsd: datastructure description in xml

Dokumente

Detailspezifikation Unternehmens-Authentifizierung

Testsystems

Service endpoint: https://tst.itserve.ch/swissdec/refapps/stable/receiver/services/OrganizationAuthenticationService20230301

Service endpoint renew: https://tst.itserve.ch/swissdec/refapps/stable/receiver/services/OrganizationAuthenticationRenewService20230301

The Challenge: Feedback Tag 1

Interesse der Mentoren und Organisatoren, aber schwierig, Teilnehmer für das "unsexy" Thema der grundlegenden Sozialversicherungsleistungen zu rekrutieren. Jeder möchte (offene) Daten erhalten - nur wenige wissen, wie man effektiv (sensible) Daten sendet, insbesondere über einen langen Zeitraum (vertraglicher/rechtlicher Rahmen).

• Besseres Verständnis dafür, wie man bei einem Hackathon pitcht
• Bessere Außenperspektive auf die Situation gewinnen
• Erfahren Sie mehr über technologische Entwicklungen und "Life Hacks".

The Check-in: Projekt am Tag 2

• Eine alte App-Client-Version gefunden, die nicht mehr brauchbar, aber hilfreich ist
• Wir haben viel am Code herumgeschraubt, um einen neuen .NET-Client zum Laufen zu bringen
• SOAP 1.2-Update, um zu sehen, ob wir die Zugriffsanforderungen vereinfachen können
• Einen einfachen Python Client steht ebenfalls zur Verüfgung die der Anmeldung zeigt
• Wir empfehlen auch ein paar weitere Tools (Postman, Workspaces) zu vorkonfigurieren
• Hinterfragen des Workflow-Designs bei der Übertragung einer großen Menge an 1 Tag

Story

AHV: "Zentrale Kontrolle, dezentrale Durchführung"

Swiss Government PKI: "Kernstück der Bundes-Trust-Services"

Demo

• [x] Samples security for .NET community - issue with WCF deprecation
• [x] Oxygen https://www.oxygenxml.com/
• [x] Python / Zeep https://docs.python-zeep.org/ + https://pypi.org/search/?q=pkcs
• [ ] Set up Codespace or Gitpod
• [ ] Postman https://blog.postman.com/postman-now-supports-wsdl/
• [ ] Python client app using Kivy https://kivy.org/doc/

Modern data sharing design

All systems are green today at itServe - how does the roadmap look tomorrow?

The current solution is based on SOAP / WSDL. We discussed at the hackathon what developers are using today for the problem of secure and reliable transfers.

Streaming protocols (MQTT) have low packet sizes issue, so do not work well in the business context. As an alternative we discussed gRPC - MSDN based on Protobuf, or a different stack with Apache Avro.

See also Aviary, StackOverflow, Aklivity if you are interested in this topic. There is a comparison of Data Serialization Formats on Wikipedia.

Let's Encrypt Chain of Trust as inspiration for the certificate issuing and distribution.

Modern open source ERP

Because not everyone at a hackathon is familiar with ERP (that's Enterprise-Resource-Planning for you), we quickly installed an instance of Odoo community edition ERP system from the official Docker image.

It is interesting as a case study, because you can see how the standard Payroll module (Source) does not match Swiss legal requirements. Several vendors have provided implementations: Giordano (Wiki), Braintec, Open Net.

See a conference talk and think about some predictive features that could generate interest in going down this route.