20150309 - Meeting minutes, Friday March 9th, 2015 - OpenNCP Community: Dev meeting
OpenNCP Community: DEV meeting
9th March
Estimated - 14:30 to 16:00 CET
Performed - 14:30 to 15:15 CET
AGENDA
a) BB Specification Progress;
b) Non-Repudiation BB development progress;
c) Non-Repudiation BB integration with OpenNCP;
d) Non-Repudiation BB test plans.
- Wiki+ WorkBench + GoToMeeting
- GoToMeeting:
1. Please join my meeting, 9th March 2015 at 14:30 CET
https://global.gotomeeting.com/join/786815133
2. Use your microphone and speakers (VoIP) - a headset is recommended. Or, call in using your telephone.
Austria: +43 (0) 7 2088 0716
Australia: +61 2 9091 7603
Belgium: +32 (0) 28 08 4372
Canada: +1 (647) 497-9380
Denmark: +45 (0) 69 91 84 58
Finland: +358 (0) 931 58 1773
France: +33 (0) 170 950 590
Germany: +49 (0) 692 5736 7300
Ireland: +353 (0) 15 133 006
Italy: +39 0 699 26 68 65
Netherlands: +31 (0) 208 080 759
New Zealand: +64 (0) 9 974 9579
Norway: +47 21 04 30 59
Spain: +34 931 76 1534
Sweden: +46 (0) 852 500 691
Switzerland: +41 (0) 435 0026 89
United Kingdom: +44 (0) 20 3713 5011
United States: +1 (312) 757-3119
Access Code: 786-815-133
Audio PIN: Shown after joining the meeting
Meeting ID: 786-815-133
GoToMeeting®
Online Meetings Made Easy®
Not at your computer? Click the link to join this meeting from your iPhone®, iPad®, Android® or Windows Phone® device via the GoToMeeting app.
PARTICIPANTS
Today's Meeting Participants:
Licínio kustra Mano <licinio.mano@spms.min-saude.pt>,
Rui Alves <rui.alves@spms.min-saude.pt>,
Massimiliano Masi <massimiliano.masi@tiani-spirit.com>,
Heiko Zimmermann <Heiko.Zimmermann@agence-esante.lu>,
Stéphane Spahni <stephane.spahni@hcuge.ch>,
Konstantin Hypponen <konstantin.hypponen@kela.fi>,
Markus Kalliola <markus.kalliola@ec.europa.eu>,
(note able to attend) Marko Peric <marko.peric@hzzo.hr>,
(note able to attend) Kostas Karkaletsis <k.karkaletsis@gnomon.com.gr>,
Invited Members List:
Licínio kustra Mano <licinio.mano@spms.min-saude.pt>,
Rui Alves <rui.alves@spms.min-saude.pt>,
Rui Pinto <rui.pinto@spms.min-saude.pt>,
Massimiliano Masi <massimiliano.masi@tiani-spirit.com>,
Heiko Zimmermann <Heiko.Zimmermann@agence-esante.lu>,
Stéphane Spahni <stephane.spahni@hcuge.ch>,
Konstantin Hypponen <konstantin.hypponen@kela.fi>,
Markus Kalliola <markus.kalliola@ec.europa.eu>,
Yacoubou Waolany <yacoubou.waolany@ext.ec.europa.eu>,
Jerome Subiger <jerome.subiger@ext.ec.europa.eu>,
Ioannis Petrakis <petrakis@ics.forth.gr>,
Marko Peric <marko.peric@hzzo.hr>,
Kostas Karkaletsis <k.karkaletsis@gnomon.com.gr>,
Isabel Cruz <isabel.cruz@iuz.pt>,
Ljubi Igor <Igor.Ljubi@hzzo.hr>,
Alen Vrecko <Alen.Vrecko@nijz.si>,
Alexander Berler <a.berler@gnomon.com.gr>,
Marcello Melgara <Marcello.Melgara@cnt.lispa.it>,
Gwenaelle Quivy <Gwenaelle.QUIVY@ext.ec.europa.eu>
Marcelo Fonseca <marcelo.fonseca@iuz.pt>,
Michele Foucard <Michele.FOUCART@ext.ec.europa.eu>,
Gottfried Heider <gottfried.heider@ehealthcon.at>,
Ivo Pinheiro <ivo.pinheiro@iuz.pt>,
Juergen Wehnert <juergen.wehnert@gematik.de>,
Dimitrios G. Katehakis <katehaki@ics.forth.gr>,
Olaf Rode <olaf.rode@fokus.fraunhofer.de>,
Thomas Fleischmann <thomas.fleischmann@bmg.gv.at>,
Robert Scharinger' <Robert.Scharinger@bmg.gv.at>,
Agius Muscat Hugo at MEH-IMU-Health <hugo.agius-muscat@gov.mt>,
Kenn Schultz Nielsen <KSN@ssi.dk>,
Sören Bittins <soeren.bittins@fokus.fraunhofer.de>,
Gareth Woodham <Gareth.Woodham@ehalsomyndigheten.se>,
Fredrik Linden <fredriklinden1@gmail.com>,
Karima Bourquard <karima.bourquard@ihe-europe.net>,
Samuel Danhardt <Samuel.Danhardt@agence-esante.lu>,
Giorgio Cangioli <giorgio.cangioli@gmail.com>,
Jussi Lemmetty <jussi.lemmetty@kela.fi>
Aarne Roosi <Aarne.Roosi@affecto.com>,
Arnaud Gaudinat <arnaud.gaudinat@hesge.ch>,
Belani Hrvoje <Hrvoje.Belani@hzzo.hr>,
Gergely Heja <heja.gergely@eski.hu>,
Oskari Kettinen <oskari.kettinen@kela.fi>,
Maarten Festen <maarten.festen@ihe-europe.net>
Mate Beštek <mate.bestek@gmail.com>,
Norbert Repas <norbert.repas@elga.gv.at>,
Patrick Ruch <Patrick.Ruch@unige.ch>,
Tomaz Cebular <Tomaz.Cebular@ivz-rs.si>,
Steen Manniche <steen@manniche.net>,
Catherine Chronaki<chronaki@gmail.com>,
Matic Meglic<matic.meglic@nijz.si>,
Mate Beštek <matebestekpro@gmail.com>,
Merik Seven <seven@nictiz.nl>,
João Francisco Marques <joaof.marques@spms.min-saude.pt>,
Gwenaelle Quivy <Gwenaelle.QUIVY@ext.ec.europa.eu>,
Philippe Loopuyt <Philippe.Loopuyt@ec.europa.eu>,
EXPAND Wp5 <expand-wp5@spms.min-saude.pt>,
Guido Bosch <guido.bosch@list.lu>,
Stathis Andronikos <stathis.andronikos@gmail.com>,
MEETING NOTES
a) BB specification progress
- OpenNCP specification Page - https://openncp.atlassian.net/wiki/x/i4DyAg
- 20150303_Non-rep.pptx - Notes and some questions about the Non-Rep. BB, provided by Konstantin Hyppönen.
- Brief description provided by Konstantin Hyppönen.
- We are expecting a response from ETSI-REM with some input (Massimiliano Masi).
- Possibility to skip ETSI-REM if no solution is provided??
- 20150303_Non-rep.pptx - Notes and some questions about the Non-Rep. BB, provided by Konstantin Hyppönen.
- Files provided by Heiko Zimmermann:
- 06032015_dicom.xsd
- 06032015_dicomModified.xsd
- 06032015_healthcare-security-audit.xsd
- 06032015_OpenNCP-ATNA-RFC3881_to_DICOM_Analysis.docx
- Brief Description about documents was provided by Heiko Zimmermann.
- So we expect to have the changes for changing the ATNA compliance into DICOM compliance - Therefore we expect to have changes in audit manager and do JAXB from modified dicom schema.
- Files provided by Heiko Zimmermann:
- Massimiliano Masi provided a document about DICOM:
- Massimiliano Masi provided a document about DICOM:
What we need to do?
- See files provided 06032015_OpenNCP-ATNA-RFC3881_to_DICOM_Analysis.docx and IHE_ITI_TF_Vol2a.pdf Chapter 3.20.7
- Modification of implementation of component "auditmanager"
- JAXB generation from dicomModified.xsd
- ...
b) BB development progress
(FROM LAST MEETING):
Can we???
Extend the ParticipantObjectIdentification, to see if we can add info about the content?
- 1) Massimiliano Masi: Talk to ETSI REM to find if they have a solution for eHealth Use cases (PS and eP);
- Expecting feedback briefly;
- 2) Licinio Kustra Mano: EXPAND L&O: Decide what information MUST be stored on the audit logs (which are the disputes possible on eHealth).
- 3) Licinio Kustra Mano: EXPAND L&O: Check the legal implications of the proposed audit storage. (provided by the eSENS basecamp)
- 4) OpenNCP: Decide what schema should be used for transferring/storing the non-repudiation evidences. (e.g. ETSI REM and extend ATNA)
- Study the standards;
- Study how to store signatures;
- Study the non-repudiation framework (source code) provided and check how to integrate it on the OpenNCP (based on facades) without having for now the legal basis that may come further.
- 5) OpenNCP: Decide what must be signed in the exchange and how to implement signatures.
6) OpenNCP: Prepare the change request and process (Design how to implement!)
7) EXPAND Spec: Process the change request in the specification maintenance shop
- 8) OpenNCP: IMPLEMENT
- 9) OpenNCP: Test at IHE 2015 CAT (20 April)
c) Non-Repudiation BB integration with OpenNCP
- ...
d) Non-Repudiation BB test plans
Today's meeting actions:
- Licinio Kustra Mano: Write Change Proposal (CP) to epSOS 3.4.
- Rui Alves (Unlicensed): Attend L&O Meeting next Friday and expose the situation that we are facing in the implementation of this BB
- Decide what information MUST be stored on the audit logs (which are the disputes possible on eHealth);
- Decide where should the audit logs be stored: in the NCP? In the National Infrastructure (NI)? What are the legal constraints?
- Prepare a brief context document to provide in the meeting with some use cases (not going deep with the standards and technical aspects).
- Rui Alves (Unlicensed): Move the inputs/documents provided to theNon-Rep BB Spec and Design Page: https://openncp.atlassian.net/wiki/x/i4DyAg
- Heiko Zimmermann and Stéphane Spahni (if possible): Prepare Central Services for “dummies”. Which are the Endpoints? How to connect?
- A Confluence page was created to help us on this topic: https://openncp.atlassian.net/wiki/x/ZYAQAw
- Rui Alves (Unlicensed) will also try to add some content.
- Rui Alves (Unlicensed) will also try to add some content.
- A Confluence page was created to help us on this topic: https://openncp.atlassian.net/wiki/x/ZYAQAw
- Massimiliano Masi: Talk to ESTI REM to find if they have a solution for eHealth Use cases (PS and eP);
- Expecting feedback briefly;
- Licínio kustra Mano: EXPAND L&O: Decide what information MUST be stored on the audit logs (which are the disputes possible on eHealth).
- Licínio kustra Mano: EXPAND L&O: Check the legal implications of the proposed audit storage. (provided by the eSENS basecamp
Related DEV Meetings
- 20150227 - Meeting minutes, Thursday February 27th, 2015 - OpenNCP Community: Dev meeting
- 20150219 - Meeting minutes, Thursday February 19th, 2015 - OpenNCP Community: Dev meeting
- 20150206 - Meeting minutes, Friday 6th, 2015 - OpenNCP Community: Dev meeting
Related Documentation
- 20150303_Non-rep.pptx - Notes and some questions about the Non-Rep. BB, provided by Konstantin Hyppönen.
- Files provided by Heiko Zimmermann:
- Provided by Massimiliano Masi about the DICOM Audit Message Format:
- IHE_ITI_TF_Vol2a.pdf - see line 3940.
http://wiki.ds.unipi.gr/display/ESENS/SAT+-+Non+Repudiation
http://wiki.ds.unipi.gr/display/ESENS/Whitepaper+-+Non+Repudiation
See e.g., epSOS D3.4.2, Section 4.5.6 Audit Trail Data for Non-Repudiation
http://ec.europa.eu/digital-agenda/en/trust-services-and-eid (e-IDAS)