OpenNCP Community: DEV meeting

9th March

Estimated - 14:30 to 16:00 CET

Performed - 14:30 to 15:15 CET

AGENDA

a) BB Specification Progress;

b) Non-Repudiation BB development progress;

c) Non-Repudiation BB integration with OpenNCP;

d) Non-Repudiation BB test plans.

- Wiki+ WorkBench + GoToMeeting

PARTICIPANTS

Today's Meeting Participants:

Licínio kustra Mano <licinio.mano@spms.min-saude.pt>,

Rui Alves <rui.alves@spms.min-saude.pt>,

Massimiliano Masi <massimiliano.masi@tiani-spirit.com>,

Heiko Zimmermann <Heiko.Zimmermann@agence-esante.lu>,

Stéphane Spahni <stephane.spahni@hcuge.ch>,

Konstantin Hypponen <konstantin.hypponen@kela.fi>,

Markus Kalliola <markus.kalliola@ec.europa.eu>,

(note able to attend) Marko Peric <marko.peric@hzzo.hr>,

(note able to attend) Kostas Karkaletsis <k.karkaletsis@gnomon.com.gr>,

Invited Members List:

Licínio kustra Mano <licinio.mano@spms.min-saude.pt>,

Rui Alves <rui.alves@spms.min-saude.pt>,

Rui Pinto <rui.pinto@spms.min-saude.pt>,

Massimiliano Masi <massimiliano.masi@tiani-spirit.com>,

Heiko Zimmermann <Heiko.Zimmermann@agence-esante.lu>,

Stéphane Spahni <stephane.spahni@hcuge.ch>,

Konstantin Hypponen <konstantin.hypponen@kela.fi>,

Markus Kalliola <markus.kalliola@ec.europa.eu>,

Yacoubou Waolany <yacoubou.waolany@ext.ec.europa.eu>,

Jerome Subiger <jerome.subiger@ext.ec.europa.eu>,

Ioannis Petrakis <petrakis@ics.forth.gr>, 

Marko Peric <marko.peric@hzzo.hr>,

Kostas Karkaletsis <k.karkaletsis@gnomon.com.gr>,

Isabel Cruz <isabel.cruz@iuz.pt>,

Ljubi Igor <Igor.Ljubi@hzzo.hr>,

Alen Vrecko <Alen.Vrecko@nijz.si>,

Alexander Berler <a.berler@gnomon.com.gr>,

Marcello Melgara <Marcello.Melgara@cnt.lispa.it>,

Gwenaelle Quivy <Gwenaelle.QUIVY@ext.ec.europa.eu>

Marcelo Fonseca <marcelo.fonseca@iuz.pt>,

Michele Foucard <Michele.FOUCART@ext.ec.europa.eu>,

Gottfried Heider <gottfried.heider@ehealthcon.at>,

Ivo Pinheiro <ivo.pinheiro@iuz.pt>, 

Juergen Wehnert <juergen.wehnert@gematik.de>,

Dimitrios G. Katehakis <katehaki@ics.forth.gr>,

Olaf Rode <olaf.rode@fokus.fraunhofer.de>,

Thomas Fleischmann <thomas.fleischmann@bmg.gv.at>,

Robert Scharinger' <Robert.Scharinger@bmg.gv.at>,

Agius Muscat Hugo at MEH-IMU-Health <hugo.agius-muscat@gov.mt>,

Kenn Schultz Nielsen <KSN@ssi.dk>,

Sören Bittins <soeren.bittins@fokus.fraunhofer.de>,

Gareth Woodham <Gareth.Woodham@ehalsomyndigheten.se>,

Fredrik Linden <fredriklinden1@gmail.com>,

Karima Bourquard <karima.bourquard@ihe-europe.net>,

Samuel Danhardt <Samuel.Danhardt@agence-esante.lu>,

Giorgio Cangioli <giorgio.cangioli@gmail.com>,

Jussi Lemmetty <jussi.lemmetty@kela.fi>

Aarne Roosi <Aarne.Roosi@affecto.com>,

Arnaud Gaudinat <arnaud.gaudinat@hesge.ch>,

Belani Hrvoje <Hrvoje.Belani@hzzo.hr>,

Gergely Heja <heja.gergely@eski.hu>,

Oskari Kettinen <oskari.kettinen@kela.fi>,

Maarten Festen <maarten.festen@ihe-europe.net>

Mate Beštek <mate.bestek@gmail.com>,

Norbert Repas <norbert.repas@elga.gv.at>,

Patrick Ruch <Patrick.Ruch@unige.ch>,

Tomaz Cebular <Tomaz.Cebular@ivz-rs.si>,

Steen Manniche <steen@manniche.net>,

Catherine Chronaki<chronaki@gmail.com>,

Matic Meglic<matic.meglic@nijz.si>,

Mate Beštek <matebestekpro@gmail.com>,

Merik Seven <seven@nictiz.nl>,

João Francisco Marques <joaof.marques@spms.min-saude.pt>,

Gwenaelle Quivy <Gwenaelle.QUIVY@ext.ec.europa.eu>,

Philippe Loopuyt <Philippe.Loopuyt@ec.europa.eu>,

EXPAND Wp5 <expand-wp5@spms.min-saude.pt>,

Guido Bosch <guido.bosch@list.lu>,

Stathis Andronikos <stathis.andronikos@gmail.com>,

MEETING NOTES

a) BB specification progress

• OpenNCP specification Page - https://openncp.atlassian.net/wiki/x/i4DyAg
  • 20150303_Non-rep.pptx - Notes and some questions about the Non-Rep. BB, provided by Konstantin Hyppönen.
    • Brief description provided by Konstantin Hyppönen.
    • We are expecting a response from ETSI-REM with some input (Massimiliano Masi). 
      • Possibility to skip ETSI-REM if no solution is provided??

• • Files provided by Heiko Zimmermann:
    • 06032015_dicom.xsd
    • 06032015_dicomModified.xsd
    • 06032015_healthcare-security-audit.xsd
    • 06032015_OpenNCP-ATNA-RFC3881_to_DICOM_Analysis.docx
      • Brief Description about documents was provided by Heiko Zimmermann.
      • So we expect to have the changes for changing the ATNA compliance into DICOM compliance - Therefore we expect to have changes in audit manager and do JAXB from modified dicom schema.

• • Massimiliano Masi provided a document about DICOM:
    
    • http://www.ihe.net/uploadedFiles/Documents/ITI/IHE_ITI_TF_Vol2a.pdf - lines 3940
    • 
      

What we need to do?

• See files provided 06032015_OpenNCP-ATNA-RFC3881_to_DICOM_Analysis.docx and IHE_ITI_TF_Vol2a.pdf Chapter 3.20.7
• Modification of implementation of component "auditmanager"
  • JAXB generation from dicomModified.xsd
  • ...

b) BB development progress

(FROM LAST MEETING):

Can we???

• Extend the ParticipantObjectIdentification, to see if we can add info about the content?

• 1) Massimiliano Masi: Talk to ETSI REM to find if they have a solution for eHealth Use cases (PS and eP);
  • Expecting feedback briefly;
• 2) Licinio Kustra Mano: EXPAND L&O: Decide what information MUST be stored on the audit logs (which are the disputes possible on eHealth).
• 3) Licinio Kustra Mano: EXPAND L&O: Check the legal implications of the proposed audit storage. (provided by the eSENS basecamp)
  
• 4) OpenNCP: Decide what schema should be used for transferring/storing the non-repudiation evidences. (e.g. ETSI REM and extend ATNA)
  • Study the standards;
  • Study how to store signatures;
  • Study the non-repudiation framework (source code) provided and check how to integrate it on the OpenNCP (based on facades) without having for now the legal basis that may come further.
    
• 5) OpenNCP: Decide what must be signed in the exchange and how to implement signatures.

• 6) OpenNCP: Prepare the change request and process (Design how to implement!)

• 7) EXPAND Spec: Process the change request in the specification maintenance shop

• 8) OpenNCP: IMPLEMENT
• 9) OpenNCP: Test at IHE 2015 CAT (20 April)

c) Non-Repudiation BB integration with OpenNCP

• ...

d) Non-Repudiation BB test plans

ACTIONS NEEDED

Today's meeting actions:

• Licinio Kustra Mano: Write Change Proposal (CP) to epSOS 3.4.
• Rui Alves (Unlicensed): Attend L&O Meeting next Friday and expose the situation that we are facing in the implementation of this BB 
  • Decide what information MUST be stored on the audit logs (which are the disputes possible on eHealth); 
  • Decide where should the audit logs be stored: in the NCP? In the National Infrastructure (NI)? What are the legal constraints?
    
  • Prepare a brief context document to provide in the meeting with some use cases (not going deep with the standards and technical aspects).
• Rui Alves (Unlicensed): Move the inputs/documents provided to theNon-Rep BB Spec and Design Page: https://openncp.atlassian.net/wiki/x/i4DyAg
• Heiko Zimmermann and Stéphane Spahni (if possible): Prepare Central Services for “dummies”. Which are the Endpoints? How to connect?
  
  • A Confluence page was created to help us on this topic: https://openncp.atlassian.net/wiki/x/ZYAQAw
    • Rui Alves (Unlicensed) will also try to add some content.
      
      

Previously identified actions - keep track:

• Massimiliano Masi: Talk to ESTI REM to find if they have a solution for eHealth Use cases (PS and eP);
  • Expecting feedback briefly;
• Licínio kustra Mano: EXPAND L&O: Decide what information MUST be stored on the audit logs (which are the disputes possible on eHealth).
• Licínio kustra Mano: EXPAND L&O: Check the legal implications of the proposed audit storage. (provided by the eSENS basecamp