20150805 - Meeting minutes, Wednesday, August 5th, 2015 - OpenNCP integration with SMP
OpenNCP integration with SMP
Estimated - 13:00 to 14:00 CEST
Performed - 13:00 to 14:30 CEST
AGENDA
- Overview
- Spec, design and Development
- AOB
LOCATION
- Wiki+ WorkBench + AdobeConnect
- AdobeConnect:
http://ec-wacs.adobeconnect.com/openncp/
Room Passcode: ask Rui Alves (Unlicensed) or markus.kalliola
----------------
If you have never attended an Adobe Connect meeting before:
Test your connection: http://ec-wacs.adobeconnect.com/common/help/en/support/meeting_test.htm
Get a quick overview: http://www.adobe.com/products/adobeconnect.html
Adobe, the Adobe logo, Acrobat and Adobe Connect are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.
----------------
PARTICIPANTS
Today's Meeting Participants:
@Uwe Roth
@François
[holidays] Stéphane Spahni
Invited Members List:
Massimiliano Masi
Alexandre Santos
Kostas Karkaletsis
Heiko Zimmermann
Ortwin Donak
MEETING NOTES
0. Overview
Work Scope
- USE SMP to convey public information of TSL (Certificates, End Points) and International Patient Search Mask;
- TSL files should be removed and replaced by SMP Signed Information files.
- (Maybe not to delete the TSL EDITOR, explore TSL EDITOR to prepare the information to submit to the SMP )
- INTEGRATE a REST client to CRUD the information...
- About "International Patient Search Mask", how to include on the SMP configs
- Can be a child on an XML node on the SMP file.
- USE SMP to the establishment of VPN?
- Certificates, End Points and OpenSwan Config (PRIVATE)
- OUT OF SCOPE BY NOW - Automate the configuration of OpenNCP
- USE SMP to convey public information of TSL (Certificates, End Points) and International Patient Search Mask;
Time Scope:
New release OpenNCP 2.3.0, foreseen for September 2015. on hold
Relevant Documentation:
- SMP:
- White paper on SMP and requirements for eHealth:
- Examples of SMP files:
- FinIdentityByTraitsServiceInformationSigned.xml
- OrderServiceServiceInformation.xml
- PatientServiceListServiceInformation.xml
- SAMLIssueServiceInformation.xml
- BDXR:
2. Spec, design and Development
- Licinio Kustra Mano: overarching approach for the e-SENS document:
- epSOS Central Configuration Services - Specifications
- It was never implemented. But even so, the specified solution is referenced in the epSOS Deliverables;
- epSOS Central Configuration Services - As IS
- A simplified solution was adopted, but needs to be better described for further enhancements and improvements.
- Improve Massi document... that was no officially released.....
- Gap between Specs. and As IS scenarios towards an OPERATION READY scenario
- ...
- ...
- How can we use SMP/SML to close some of the gap and open issues
- What current limitations or relaxations ca be resolved with moving to an SMP/SML.
- epSOS Central Configuration Services - Specifications
- Markus (Unlicensed):
- This is an e-SENS task that is being supported by EXPAND/OpenNCP Community.
- We MUST make sure that everyone understands that the request is an e-SENS pilot request and not something that the OpenNCP just decided to do.
- Good approach, instead of stop everything, work for clarifying what opportunities are there to use the SMP as bridge to remove relaxations adopted during epSOS.
- This is an e-SENS task that is being supported by EXPAND/OpenNCP Community.
- Joao Cunha Provide an overview on the work done so far:
CONGRATULATIONS and thank you!
Joao Cunha and @Uwe did a MAGNIFICENT work on recovering information and making it available for all of us that use the services but never went down there do understand how they have been implement.
Thank you so much guys and please keep digging 
- The current implementation is not the one specified in epSOS. It has relaxations that nee to be understood.
- The current implementation:
- CONET is the current provider. they are responsible for:
- Infrastructure,
- Interfaces for NSL,
- VPN connection between MS and Central Services (it is planned and tested, but never entered Operation mode)
- MS: connect by SFTP to services and upload there TSL files to a private are
- In Central Server: there is a script that validates, create an audit log, and moves to the public section where it can be downloaded by NCPs to support local configuration.
- Joao Cunha will try obtain the source code for this script and share with S
- Joao Cunha will try obtain the source code for this script and share with S
- MAIN CONCLUSION
- Regarding the sharing of certificates and endpoints, the central configuration services are used only for storing the TSL files
- OpenNCP used components: TSL-Editor and TSL-Sync;
- Certificates are included in the TSL files;
- International Search mask: are not included in the TSL files, and by now the knowledge collected points out to the fact this token of information is being exchanged by email. No automatic solution is there or at least was not found evidence on how this can be done automatically with current implementation.
- markus.kalliola: confirm that this information is stored in the public:
- Joao Cunha: confirms that the information is there (centrally) but there is no awareness on how it is uploaded and downloaded. But for sure it's a manual process.
- Regarding the sharing of certificates and endpoints, the central configuration services are used only for storing the TSL files
- MAIN RELAXATIONS
- Identified and described with big detail on document;
- VPN between Central Services and NCPs
- Certificate relaxations, can be adopted by PPT but not on OPERATION.
- NCPs were not an ATNA secure node... because we need to access manually to the NCP to activate the TSL-sync mechanism.
- Something more is needed to allow automatic configuration and remove the need for manual intervention at NCP level;
- epSOS Trust Bootstrap relaxation, there isn't a service (trust service provider) for assure truste between NCPs.
- This is based on a EC directive. Is there any kind of service in each country that can perform this service/role???
- Missing eID for Patient.
- Identified and described with big detail on document;
- CONET is the current provider. they are responsible for:
- Introduction to SMP and SML specification:
- SML: Based on DNS, resolves to an URL that points to an SMP server;
- SMP: each MS would have the capabilities of their NCP;
- The proposed SMP SML solution architecture would be in a 1s stage in a centralised way.
- Certificates are not naturally exchanged by SMP. In the future, maybe an hybrid solution may be needed to assure the privacy of certain information tokens (e.g. certificates)
- Markus (Unlicensed) in the meeting of there are a set of questions open (20150722 - Meeting minutes, Wednesday, July 22nd, 2015 - OpenNCP integration with SMP)
- Licinio Kustra Mano: It is important to make sure that the document we're preparing now, includes the best possible answers by now.
4. AOB
- Nothing to declare.
Today's meeting actions
- Rui Alves (Unlicensed): Follow up minutes + Schedule next meetings (Next SMP/SML 13h00 CET).
- Licinio Kustra Mano: Update e-SENS 5.2.1 on the progress achieved so far.
- Joao Cunha + @Uwe: distribute a 1st draft version of the document been prepared for task force discussion ;