/
Information Mediator Working Group Meeting memos

Information Mediator Working Group Meeting memos

Meeting Day/Time: Thursday biweekly 10:00 UTC / 12:00 CET

Calendar invitation: https://calendar.app.google/ALX6ZSwwps4JxHVw9

Slack channel: https://govstack.slack.com/archives/C02UH7E6U94

Friday, 5th of December, 2025
Attendees:
Maksim Ovtsinnikov
Tõnis Pihlakas

Topics discussed:
* Tõnis has reviewed the commit made by Maksim regarding the data spaces concept. We have discussed the comments made by Tõnis, Maksim agrees with all the proposed changes and will implement them before the next meeting.
* Discussed which trust services can be used for X-Road. Tõnis suggested to play with AWS Certificate Manager if X-Road test trust services are not sufficient.

 

Tuesday, 25th of November, 2025
Attendees:
Maksim Ovtsinnikov
Aleksander Reitsakas
Tõnis Pihlakas
Farai Mutero

Topics discussed:

* Maksim has guided the working group through the changes he pushed to the specification branch 1.1 regarding Data Spaces concept. We discussed some of the changes, but the working group needs more time to review the changes properly, so we will do a proper review before the next meeting.
* Aleksander did an update for the UNICC project he’s working on.


Wednesday, 12th of November, 2025

Attendees:

Maksim Ovtsinnikov
Aleksander Reitsakas
Tõnis Pihlakas
Farai Mutero
Dr. Ramkumar

Topics discussed:
* Aleksander briefed the working group about the Assembly project run by UNICC. It is a new sandbox-type solution to demo the GovStack-compliant software. Aleksander is currently working on the information mediator setup there (using X-Road), Aare Lapõnin is working on use-case implementation for demo purposes, etc. The working group is interested in learning more and getting hands-on experience with that sandbox once it is made publicly available.
* The working group has also discussed ways to showcase the demo of information mediator, workflow and other components that was made for the DPI Summit by Maksim, Farai and Anziz from Benin.
* AWS initiative presented at the DPI Summit. AWS wants to build a sort of stack/toolbox of open-source e-governance solutions available on the AWS (not just the marketplace, but also supplying it with AWS automation tools such as Terraform scripts for easier configuration). The working group thinks that it is a good idea to promote GovStack-labeled software there and explore other ways to cooperate with AWS on this initiative to promote GovStack and the software that complies with our specifications. Tõnis will facilitate communication between Maksim and responsible AWS team members.

Thursday, 23rd of October, 2025

Attendees:
Maksim Ovtsinnikov
Aleksander Reitsakas
Tõnis Pihlakas
Farai Mutero

Topics discussed:

  • Updates regarding Global DPI Summit and GovStack’s participation in it. Maksim gave an overview of the GovStack interoperability-related session and the content of the session.

  • Discussed the recent AWS outage

 

Thursday, 9th of October, 2025

Attendees:
Tõnis Pihlakas
Aleksander Reitsakas
Farai Mutero

Topics discussed:
* AI readiness of information mediator specification

Thursday, 23rd of September, 2025

Attendees:
Maksim Ovtsinnikov
Aleksander Reitsakas
Tõnis Pihlakas
Ali Gonzalez
Farai Mutero
Topics discussed:

  • Machine-readable version of the specification: should we use JSON, YAML or something else?
    After discussion, Ali said that there will be one schema created for all the working groups and all the specifications, so Maksim won’t create anything on his own, but can contribute to creation of this schema.

  • Adapters. Maksim had a question whether there is a need to create an adapter between, for example, each compliant workflow software solution and information mediator, so that this adapter would translate workflow payload into X-Road message standard and vice versa.
    After discussion, it became clear that there are two standard setups that we cover: one is when different building blocks sit in the same security domain, so they communicate directly, without information mediator, and second is when workflow sits behind a security server, so security servers communicate with each other and there is no need for an adapter.

  • Ali brought out the request from CMS group regarding an adapter, also the need for creating a list / a registry of adapters for different building blocks was discussed.

    Next meeting: 9th of October, 13:00 UTC / 15:00 CET.

 

 

Thursday, September 11th, 2025

Attendees:
Maksim Ovtsinnikov
Aleksander Reitsakas
Ali Gonzalez
Farai Mutero

Topics discussed:
* X-Road is now officially compliant with IM BB specification
* What software could be the next compliant one? Maksim will be in touch with Cybernetica regarding UXP. Maksim has also done research regarding e-Delivery specification, first results are here: https://govstack-global.atlassian.net/wiki/spaces/GH/pages/1459453956/Information+Mediator+vs.+e-Delivery?atl_f=PAGETREE
Maksim will be in touch with RIA to learn more about how they convert X-Road messages into Harmony (e-Delivery compliant software) messages and vice versa. Ideally, we would get technical description of the solution from RIA.
* Next meeting: Tuesday, 23rd of September, 2025

 

Thursday, August 28th, 2025

Attendees:
Maksim Ovtsinnikov
Aleksander Reitsakas
Tõnis Pihlakas

The meeting took place asynchronously because of scheduling conflicts.
Maksim gave an overview of the current status of development branch.
We also discussed the information mediator-related question that is seen as a major security risk by German government looking to implement interoperability platform nation-wide. The risk is that the X-Road security server can see the payload of the message and it is not encrypted. The obvious solution here is to encrypt both on the application layer and on the security server layer, however, it is not considered a best practice. Another option is to set up a security server for each application.

 

 

Thursday, August 14th, 2025

Attendees:
Maksim Ovtsinnikov
Aleksander Reitsakas
Farai Mutero
Ali Gonzalez
Tõnis Pihlakas
Ramkumar

Topics discussed:
1. Aleksander gave an overview of Nortal’s PoC pub-sub implementation in X-Road vs. current version of the spec. Then we discussed how to move forward with pub-sub topic. Should it be a separate building block or a separate layer/add-on of IM building block? Maybe an extension of IM building block?
2. Support of agentic workflows. Has Model-Context-Protocol (MCP) ever come up as an extension of IM at any point in the bigger architecture forum?


Action points:
1. Maksim to do cherry-picking from published version 1.1 to development branch

 

Thursday, July 31st, 2025

Attendees:
Maksim Ovtsinnikov
Aleksander Reitsakas
Farai Mutero
Ali Gonzalez
Tõnis Pihlakas

Topics discussed:
1. Implementation guide for IM BB (presented by Tõnis)
2. Where to keep implementation guide: Confluence or github or somewhere else?

Action points:
1. Tõnis to migrate implementation guide from github to Confluence
https://govstack-global.atlassian.net/wiki/spaces/GH/pages/1412497409

Thursday, July 17th, 2025

Attendees:
Maksim Ovtsinnikov
Aleksander Reitsakas
Farai Mutero
Ali Gonzalez
Tõnis Pihlakas

Agenda/discussion points:

* Current status of the spec release, technical problems with releasing new versions of the spec (Gitbook issues, etc.)
* Discussion regarding the scope of the next release (Q3 2025, scheduled for end of September)

TO-DO for next meeting:
* Maksim will prepare an overview of data spaces concept
* Everyone will read the current version of the spec and propose topics to be added to backlog and specifically Q3 release
* Tõnis creates a document describing the implementation-related topics that need to be covered somewhere (maybe not in the spec, but in the accompanying documents)
* Bashar will give an updated on Registry + Service Directory topic

 

Thursday, June 26th, 2025

Attendees:
Maksim Ovtsinnikov
Aleksander Reitsakas
Farai Mutero
Bashar Abdul Qayiume

Agenda/discussion points:

1. Maksim gave an overview of the Q2 2025 spec release
2. Maksim will get in touch with NIIS as soon as Q2 2025 version is published to start the self-assessment process
3. Maksim briefly covered the topics for the Q3 2025 spec release:
* Pub-sub implementation review and update
* Creating IM BB implementation guide
* Replacing Service Directory with Registry BB


Thursday, June 12th, 2025

Attendees:
Maksim Ovtsinnikov
Aleksandr Reitsakas
Tõnis Pihlakas
Bashar Abdul Qayiume

Agenda/discussion points:
1. Discussion of https://govstack-global.atlassian.net/browse/IM-138
2. Discussion on the changes to the specification in light of https://govstack-global.atlassian.net/browse/IM-138
3. Discussion on the scope of the next release

TODO before next meeting:
1. Maksim to interview Payment BB working group regarding pub-sub (Arnold was on leave during week 24)
2. Aleksander to work on https://govstack-global.atlassian.net/browse/IM-136
3. Maksim to do changes in the spec regarding X-Road compliance

Next meeting: Thursday, 26th of June, 12:00 CET

Thursday, June 5th, 2025

Attendees:
Maksim Ovtsinnikov
Aleksandr Reitsakas
Tõnis Pihlakas

Agenda/discussion points:

1. Review and discussion of https://govstack-global.atlassian.net/wiki/spaces/GH/pages/1315700817/Information+Mediator+-+Pub+Sub+use+cases?atl_f=PAGETREE
2. Review and discussion of https://govstack-global.atlassian.net/wiki/spaces/GH/pages/1319632902
3. Defining tasks for next time (see Jira)
4. Next meeting: Jun 12, 2025

Thursday, May 22nd, 2025

Attendees:
Maksim Ovtsinnikov
Aleksandr Reitsakas
Tõnis Pihlakas

Agenda/discussion points:
* Pub-sub / X-Road compliance related changes to the specification + possible re-design of the technical solution?
** TO-DO:
a) analyze Nortal PoC vs. current spec: Aleksandr
b) describe a couple of use-cases for pub-sub (e.g. near-real-time delivery; fan out; asynchronous reply): Tõnis
c) explore existing pub-sub products: Maksim
* Decentralized architecture (current approach) vs. ESB vs. API gateway. We should elaborate more on this topic in the specification. Where?
** Maksim to share thoughts on X-Road vs. ESB
** X-Road and API gateway: Tõnis, Aleksandr.
** Rate limiting. Should it be part of the IM spec scope? Reverse proxy; nginx;.. SLA management is the broader topic here.
* Service catalogue vs. Registry BB. Service catalogue could implement Registry, because it is a Registry in nature.
** TO-DO: analyze Registry BB spec and get an understanding whether we can use it as-is. If not, maybe Registry BB needs to be updated? - Bashar will do this.
* Central/control BB or finding the right place for Central Server in the specification?
* More distant future: harmonizing IM BB specification with the data spaces concept

TODO: Maksim to create new sprint in Jira for the next 2 weeks and tasks.


Next meeting: Thursday, June 5th, 2025 @ 10:00 UTC / 12:00 CET
https://calendar.app.google/pbsNwi94DqqCCw2x7

Thursday, May 8th, 2025

Attendees:
Maksim Ovtsinnikov
Tõnis Pihlakas
Eric Ramirez
Anita Mittal
Bashar Abdul Qaiyume
Jihene Louati
Vivek Manoharan
Tanvir Quader
Taavi Toomere

Agenda

1. Short introduction of Maksim and his role
2. Introduction round-table
3. Overview of short-term and long(er)-term plans with GovStack IM BB specification
4. Questions round
5. Wrap-up.

Next meeting: Thursday, May 22nd, 10:00 UTC

Action items before next meeting:
1. Participants join Slack channel
2. Participants review the current status of the specification
3. Maksim to find the Facilitator / Technical Lead for the working group
4. Maksim to start working on updating specification (re-labeling the requirements, making pub-sub / asynchronous message exchange requirements optional)

Wednesday, March 29th, 2023

Attendees:

  1. @Taylor Downs

  2. @Aleksander Reitsakas

  3. Ramkumar

Agenda

Review affiliations
Move future scope to Readme or Confluence

Next Steps & Action Items

Wednesday, March 22nd, 2023

Attendees:

  1. @Taylor Downs

  2. @Tonis Pihlakas

  3. Ramkumar

Agenda

  1. @Tonis Pihlakas wondering about API authentication

    1. https://www.keycloak.org/

    2. https://www.id.ee/en/article/trust-services-authentication-services/

    3. https://app.gitbook.com/o/pxmRWOPoaU8fUAbbcrus/s/39QVhd0jD6S29Isr7KGF/architecture-and-nonfunctional-requirements/6-onboarding#6.2-api-gateways - Ramkumar points to this doc to explain the auth/api gateway strategy.

Action Items

Taylor to add auth convo to tech committee
Ramkumar to add comments to GitBook spec before next week

Wednesday, March 1st, 2023

Attendees

  1. Aleksander

  2. Tõnis

  3. Taylor

  4. Ramkumar

Team Focus

We need to define service APIs so we can validate candidate applications to play the role of Information Mediator.

Agenda

  1. API for Registering Members/Applications with the IM

    1. @Taylor Downs “Are there two different applications with two different APIs that must be defined? The central-server and the security-server?”

    2. For the purposes of this conversation, we assume that a central-server has already been deployed and a security-server is already running and in communication with that central server. Now we discuss adding a member to that security server and registering applications/services.

    3. If a member has been registered with a central-server , the security-server should provide an API which allows you to add/enable that member on the security-server.

      1. post to /api/members with << WHAT DETAILS >> in order to register a new member with the IM

  2. Tõnis' proposed changes/comments for the spec

Next Steps

@Aleksander Reitsakas and Tõnis to draft service API and present to Taylor and Ramkumar at next meeting
Review BB spec issues: https://govstack-global.atlassian.net/browse/IM-28; tag those that require technical knowledge; tag those that do not and can be handled by a tech writer. @Aleksander Reitsakas

Old Meeting Notes