20150626 - Meeting minutes, Tuesday, June 26th, 2015 - OpenNCP integration with SMP

Owned by Licinio Kustra Mano

Last updated: Mar 08, 2016 by Kostas KarkaletsisVersion comment

3 min read

OpenNCP integration with SMP

26th June

Estimated - 13:00 to 14:00 CEST

Performed - 13:00 to 14:00 CEST

AGENDA

1.Central Configuration Service Refactoring

2. AOB

3. Next meetings

LOCATION

- Wiki+ WorkBench + AdobeConnect

Development Board: https://openncp.atlassian.net/secure/RapidBoard.jspa?rapidView=1
AdobeConnect:
- http://ec-wacs.adobeconnect.com/openncp/
  Room Passcode: ask Rui Alves (Unlicensed) or markus.kalliola
  ----------------
  If you have never attended an Adobe Connect meeting before:
  Test your connection: http://ec-wacs.adobeconnect.com/common/help/en/support/meeting_test.htm
  Get a quick overview: http://www.adobe.com/products/adobeconnect.html
  Adobe, the Adobe logo, Acrobat and Adobe Connect are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.
  ----------------

PARTICIPANTS

Today's Meeting Participants:

Licinio Mano <licinio.mano@spms.min-saude.pt>,

Markus Kalliola <markus.kalliola@ec.europa.eu>,

Jerome Subiger <jerome.subiger@ext.ec.europa.eu>,

Michele Foucard <Michele.FOUCART@ext.ec.europa.eu>,

Kostas Karkaletsis <k.karkaletsis@gnomon.com.gr>,

João Cunha <joao.cunha@spms.min-saude.pt>,

Marcello Melgara <Marcello.Melgara@cnt.lispa.it>,

Invited Members List:

Rui Alves <rui.alves@spms.min-saude.pt>,

Yacoubou Waolany <yacoubou.waolany@ext.ec.europa.eu>,

Stéphane Spahni <stephane.spahni@hcuge.ch>,

Massimiliano Masi <massimiliano.masi@tiani-spirit.com>,

Gwenaelle Quivy <Gwenaelle.QUIVY@ext.ec.europa.eu>,

Isabel Cruz <isabel.cruz@iuz.pt>,

Marko Peric <marko.peric@hzzo.hr>,

Ljubi Igor <Igor.Ljubi@hzzo.hr>,

Heiko Zimmermann <Heiko.Zimmermann@agence-esante.lu>,

Ioannis Petrakis <petrakis@ics.forth.gr>,

Alexandre Santos <alexandre.santos@spms.min-saude.pt>,

Karima Bourquard <karima.bourquard@ihe-europe.net>,

Alexander Berler <a.berler@gnomon.com.gr>,

Steen Manniche <steen@manniche.net>,

Konstantin Hypponen <konstantin.hypponen@kela.fi>,

Alen Vrecko <Alen.Vrecko@nijz.si>,

Marcelo Fonseca <ruimarcelofonseca@gmail.com>,

Gottfried Heider <gottfried.heider@ehealthcon.at>,

Ivo Pinheiro <ivospinheiro@gmail.com>,

Juergen Wehnert <juergen.wehnert@gematik.de>,

Dimitrios G. Katehakis <katehaki@ics.forth.gr>,

Olaf Rode <olaf.rode@fokus.fraunhofer.de>,

Thomas Fleischmann <thomas.fleischmann@bmg.gv.at>,

Robert Scharinger' <Robert.Scharinger@bmg.gv.at>,

Agius Muscat Hugo at MEH-IMU-Health <hugo.agius-muscat@gov.mt>,

Kenn Schultz Nielsen <KSN@ssi.dk>,

Sören Bittins <soeren.bittins@fokus.fraunhofer.de>,

Gareth Woodham <Gareth.Woodham@ehalsomyndigheten.se>,

Fredrik Linden <fredriklinden1@gmail.com>,

Samuel Danhardt <Samuel.Danhardt@agence-esante.lu>,

Giorgio Cangioli <giorgio.cangioli@gmail.com>,

Jussi Lemmetty <jussi.lemmetty@kela.fi>

Aarne Roosi <Aarne.Roosi@affecto.com>,

Arnaud Gaudinat <arnaud.gaudinat@hesge.ch>,

Belani Hrvoje <Hrvoje.Belani@hzzo.hr>,

Gergely Heja <heja.gergely@eski.hu>,

Oskari Kettinen <oskari.kettinen@kela.fi>,

Maarten Festen <maarten.festen@ihe-europe.net>

Mate Beštek <mate.bestek@gmail.com>,

Norbert Repas <norbert.repas@elga.gv.at>,

Patrick Ruch <Patrick.Ruch@unige.ch>,

Tomaz Cebular <Tomaz.Cebular@ivz-rs.si>,

Catherine Chronaki<chronaki@gmail.com>,

Matic Meglic<matic.meglic@nijz.si>,

Mate Beštek <matebestekpro@gmail.com>,

Merik Seven <seven@nictiz.nl>,

João Francisco Marques <joaof.marques@spms.min-saude.pt>,

Gwenaelle Quivy <Gwenaelle.QUIVY@ext.ec.europa.eu>,

Philippe Loopuyt <Philippe.Loopuyt@ec.europa.eu>,

EXPAND Wp5 <expand-wp5@spms.min-saude.pt>,

Stathis Andronikos <stathis.andronikos@gmail.com>,

Luca Pagliara <luca.pagliara@cnt.lispa.it>,

MEETING NOTES

0.Central Configuration Service Refactoring

Today is the first focused meeting on this topic.

1. Specify (what we as an eHealth NCP expect) and test an alternative implementation to the current Central Configuration Services, based on e-SENS ABBs (Capability Lookup and Service Location)
  1. Provided by and EXTERNAL partner (in e-SENS will be a Greek partner, for long term CEF will be DG-DIGIT)
  2. ??? To be conform with ISO 27001---- to be confirmed.
  3. Take in consideration the epSOS security Req&Baselines for central services.
  4. NO responsibility (for OpenNCP) to implement or deploy the Service.
2. Update the OpenNCP to adopt the new Central Configuration Service
  1. To be conform to the definition of ATNA secure node. (epSOS D3.7 - get this deliverable)
    1. PHI - Protected Health Information
  2. New release OpenNCP 2.3.0, foreseen for September 2015.

SMP:

http://wiki.ds.unipi.gr/display/ESENS/ABB+-+Capability+Lookup+-+1.6.0

http://wiki.ds.unipi.gr/display/ESENS/ABB+-+Service+Location+-+1.1.0

White paper on SMP and requirements for eHealth:

20150616_Masi_SMP-TRUST.docx

Examples of SMP files:

BDXR:

https://tools.ietf.org/html/rfc4848

OpenNCP early Analysis: https://openncp.atlassian.net/wiki/x/j4DyAg
GOAL: Replace the current Central Configuration Services (TSL Editor, TSL-Sync, TSL Files)
- USE SMP to convey public information of TSL (Certificates, End Points) and International Patient Search Mask;
  - TSL files should be removed and replaced by SMP Signed Information files.
  - (Maybe not to delete the TSL EDITOR, explore TSL EDITOR to prepare the information to submit to the SMP )
    - INTEGRATE a REST client to CRUD the information...
  - About "International Patient Search Mask", how to include on the SMP configs
    - Can be a child on an XML node on the SMP file.
- USE SMP to the establishment of VPN
  - Certificates, End Points and OpenSwan Config (PRIVATE)
- OUT OF SCOPE BY NOW - Automate the configuration of OpenNCP

Technical Requirements List FROM the eHealth domain, for SMP provision:
- MANDATORY
  - R1. The TSL (Certificates, End Points);
  - R.2 The International Patient Search Mask (what the format intended);
- OPTIONAL
  - R.3 Store OpenSwan Config in PRIVATE area;
  - R.3.1 PRIVATE area means of AuthN & AuthZ;
Technical Requirements List FOR OpenNCP adoption:
- TSL files should be removed and replaced by SMP Signed Information files.
- (Maybe not to delete the TSL EDITOR, explore TSL EDITOR to prepare the information to submit to the SMP )
  - INTEGRATE a REST client to CRUD the information...
- TSL EDITOR should be enhanced for "Configuration Editor" and produce any type of config file "TSL" but we are pointing to the "SMP SignedInformation files"
OpenNCP Technical Specification (refactoring):
OpenNCP modules refactoring:
OpenNCP test plan recommendation:
OpenNCP QA (should be performed by PNs), since no central NCP is available, or maybe we can use the EC NCP for this QA stage before release for PNs.
OpenNCP Release (unleash the e-SENS Health Pilot 2º stage..... as well CEF compliance)

4. AOB

- Massimiliano Masi: Did you think to use any tool like vagrant or puppet for the automagic deployment of the OpenNCP?

5. Next meetings

- OpenNCP - BiWeekly Meeting: Mon, Jun 29th 2015 13:00 CEST
- e-SENS eID Meeting : 2nd of July (all day) Vienna;
- OpenNCP integration with SMP: Friday, Jul 3rd 14:00 CEST

Today's meeting actions

- - Licinio Kustra Mano: Follow up minutes + Schedule next meetings.
  - Licinio Kustra Mano: Communicate out the eHealth Domain requirements for Central Configuration Services, to be assessed by the e-SENS BB team;
  - Kostas Karkaletsis and Joao Cunha: Initiate studying impact and integration strategy in OpenNCP