15

Swissdec

Swissdec / itServe AG

⛶  Fullscreen ↓  Download
Demo

Swissdec Challenge from the GovTech Hackathon 2024

Challenge description: https://hack.opendata.ch/project/1099/challenge

Challenge outcome: https://hack.opendata.ch/project/1099

SUA specification: https://www.swissdec.ch/sua

Resources

The resources folder contains the following artifacts:

  • security: needed certificates
    • for signing (client.p12, info.txt contains the password)
    • for encryption (server.crt)
  • wsdl: the soap interface description with XML schemas
    • OrganizationAuthenticationService.wsdl: endpoint description for registration process
    • OrganizationAuthenticationRenewService.wsdl: endpoint description for reissuing the certificates
    • *.xsd: datastructure description in xml

Dokumente

Detailspezifikation Unternehmens-Authentifizierung

Testsystems

Service endpoint: https://tst.itserve.ch/swissdec/refapps/stable/receiver/services/OrganizationAuthenticationService20230301

Service endpoint renew: https://tst.itserve.ch/swissdec/refapps/stable/receiver/services/OrganizationAuthenticationRenewService20230301


The Challenge: Feedback Tag 1

Interesse der Mentoren und Organisatoren, aber schwierig, Teilnehmer für das "unsexy" Thema der grundlegenden Sozialversicherungsleistungen zu rekrutieren. Jeder möchte (offene) Daten erhalten - nur wenige wissen, wie man effektiv (sensible) Daten sendet, insbesondere über einen langen Zeitraum (vertraglicher/rechtlicher Rahmen).

  • Besseres Verständnis dafür, wie man bei einem Hackathon pitcht
  • Bessere Außenperspektive auf die Situation gewinnen
  • Erfahren Sie mehr über technologische Entwicklungen und "Life Hacks". 1710446987654

The Check-in: Projekt am Tag 2

  • Eine alte App-Client-Version gefunden, die nicht mehr brauchbar, aber hilfreich ist
  • Wir haben viel am Code herumgeschraubt, um einen neuen .NET-Client zum Laufen zu bringen
  • SOAP 1.2-Update, um zu sehen, ob wir die Zugriffsanforderungen vereinfachen können
  • Einen einfachen Python Client steht ebenfalls zur Verüfgung die der Anmeldung zeigt
  • Wir empfehlen auch ein paar weitere Tools (Postman, Workspaces) zu vorkonfigurieren
  • Hinterfragen des Workflow-Designs bei der Übertragung einer großen Menge an 1 Tag

IMG_20240314_115035

Story

AHV: "Zentrale Kontrolle, dezentrale Durchführung"

Swiss Government PKI: "Kernstück der Bundes-Trust-Services"

Demo

Modern data sharing design

All systems are green today at itServe - how does the roadmap look tomorrow?

The current solution is based on SOAP / WSDL. We discussed at the hackathon what developers are using today for the problem of secure and reliable transfers.

Streaming protocols (MQTT) have low packet sizes issue, so do not work well in the business context. As an alternative we discussed gRPC - MSDN based on Protobuf, or a different stack with Apache Avro.

See also Aviary, StackOverflow, Aklivity if you are interested in this topic. There is a comparison of Data Serialization Formats on Wikipedia.

Let's Encrypt Chain of Trust as inspiration for the certificate issuing and distribution.

Modern open source ERP

Because not everyone at a hackathon is familiar with ERP (that's Enterprise-Resource-Planning for you), we quickly installed an instance of Odoo community edition ERP system from the official Docker image.

It is interesting as a case study, because you can see how the standard Payroll module (Source) does not match Swiss legal requirements. Several vendors have provided implementations: Giordano (Wiki), Braintec, Open Net.

See a conference talk and think about some predictive features that could generate interest in going down this route.

This content is a preview from an external site.
 

Event finish

unsecured client key/cert (@marcostettler)

README.md (@marcostettler)

Edited (version 30)

9 months ago ~ loleg

Research

Screenshot Oxygen was quick to install, and easy to use for this project.

9 months ago ~ loleg

Python app and notes

Reminder: Let's Encrypt will be shortening the Chain of Trust by September 30, 2024 - time to switch to ISRG Root X1.

9 months ago ~ loleg

Launch

PoC UI Screenshot (@marcostettler)

Scoping is not easy, in fact it's probably the skill to develop at hackathons. Main thing is to immerse yourself into the subject and keep an eye out for the show-stoppers and dead-ends as you go.

9 months ago ~ loleg

Prototype

Repository updated

9 months ago ~ loleg

Sketching

Edited (version 22)

9 months ago ~ loleg

Python app added which gets me a nice CheckInteroperability error

9 months ago ~ loleg

Python demo

doc & samples (@marcostettler)

Hello world!

9 months ago ~ loleg

Research

Merge remote-tracking branch 'origin/main' (@marcostettler)

doc & samples (@marcostettler)

Joined the team

9 months ago ~ loleg

Updated README. (@Sandro Galfo)

Updated gitignore. (@Sandro Galfo)

Joined the team

9 months ago ~ h0r41i0

Start

Edited (version 15)

9 months ago ~ sub

Edited (version 12)

9 months ago ~ sub

Edited (version 10)

9 months ago ~ sub

Edited (version 9)

9 months ago ~ sub

Edited (version 8)

9 months ago ~ sub

Edited (version 7)

9 months ago ~ sub

Edited (version 6)

9 months ago ~ sub

Edited (version 5)

9 months ago ~ sub

Edited (version 4)

9 months ago ~ sub

Edited (version 3)

9 months ago ~ sub

Edited (version 2)

9 months ago ~ gaston_wey

Edited (version 1)

10 months ago ~ sub

Joined the team

10 months ago ~ sub
 
Alle Teilnehmer*innen, Sponsor, Partner, Freiwilligen und Mitarbeiter*innen unseres Hackathons sind verpflichtet, dem Hack Code of Conduct zuzustimmen. Die Organisatoren werden diesen Kodex während der gesamten Veranstaltung durchsetzen. Wir erwarten die Zusammenarbeit aller Teilnehmer*innen, um eine sichere Umgebung für alle zu gewährleisten. Mehr Details befinden sich im Hackathon Handbook.

Tous les participant-es, sponsors, partenaires, bénévoles et collaborateurs/collaboratrices de notre hackathon sont tenus d'accepter le Hack Code of Conduct. Les organisateurs feront appliquer ce code tout au long de l'événement. Nous attendons de tous les participants qu'ils coopèrent afin de garantir un environnement sûr pour tous. Pour plus de détails, veuillez consulter le Hackathon Handbook.

Creative Commons LicenceDie Inhalte dieser Website stehen, sofern nicht anders angegeben, unter einer Creative Commons Attribution 4.0 International License | Le contenu de ce site web est, sauf indication contraire, sous licence Creative Commons Attribution 4.0 International.