20151029 - Meeting minutes, Thursday, October 29th, 2015 - OpenNCP integration with eID
OpenNCP integration with eID
Estimated - 13:00 to 14:00 CET
Performed - 13:00 to 13:40 CET
AGENDA
a) Status of eID
b) Next Steps
- Wiki+ WorkBench + AdobeConnect
- AdobeConnect:
http://ec-wacs.adobeconnect.com/openncp/
Room Passcode: ask Rui Alves (Unlicensed) or markus.kalliola
----------------
If you have never attended an Adobe Connect meeting before:
Test your connection: http://ec-wacs.adobeconnect.com/common/help/en/support/meeting_test.htm
Get a quick overview: http://www.adobe.com/products/adobeconnect.html
Adobe, the Adobe logo, Acrobat and Adobe Connect are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.
----------------
PARTICIPANTS
Today's Meeting Participants:
@Robert Scharinger
(Not Able Attend: Licinio Kustra Mano)
Invited Members List:
@Alice Vasilescu (DG-DIGIT - eID)
@François
Daniele Crespi
@Tomé Vardasca
MEETING NOTES
0. Overview
Work Scope
- Understand the scope of the integration of eID (from e-SENS) into OpenNCP.
- Time Scope:
OpenNCP Release with LARMS integrated (Level 1) until End of July - Integrated.
OpenNCP Release with LAM integrated (Level 2) - ??
1. Relevant Documentation (What's gathered so far)
- e-SENS Video: Short demonstration of the eID use-case from e-SENS (LARMS): to be made available.
- e-SENS eHealth - eID Sub-Group Meeting Slides from Soeren Bittins and Massimiliano Masi:
The eID approach: The different levels
| Level (Requirements) | Mode | Pilot | Action by Pat | Attributes | |
|---|---|---|---|---|---|
| Level 0 | Manual input in the portal. | epSOS | Minimum D3.6.2 | ||
Level 1 (disconnected mode possible) | LARMS | ?? (eSENS eHeath OpenNCP 2.3.0 – floting componento any portal | Pat gives card, does not type; | Surname given name gender unique (health) identifier; Varies with each country* | RISK: not 100% sure individual ID |
Level 3 (connection to internet and to Country A is needed/national PKIs via centraized service) | LAMb+Pat action | Patient confirms (mobile key; Pins of the card) | Allows “signed consent” Authetication is possible | ||
Level 4 (Does not use local functions of the card, uses online “information”; access to PEP) | DCA Distributed CrossB Authentication | Stork II | Patient confirms (mobile key; Pins of the card) in a PC at the PoCare) | (atributes in the “assertion are the key issue”) | Confirms with National PKI everything; Confirmes eIDAS. |
Level 5 | .Advanced Mobile APP solution (AMAPP) | Use their mobile phone for full autentication without card need |
2. Meeting Minutes:
Alexandre Santos (briefing):
- Three main points to discuss here today: Soeren was supposed to present us the new developments. Masi told us he is not the official representative od the eID development team in e-SENS.
- At least Soeren is the representative in OpenNCP.
- We will try to get some updates...
- From e-mails you might have received from Soeren:
- There are new components from Fraunhofer.
- These new components adds certificates available inside the smartcards;
- After choosing certificates, we can sign the assertion/message received from the component;
- We get a new window with info received from smartcard; Patient accepts the access to info; PIN-pad as a security step to sign information-
- This is LAM-component (level 2)
- Now the same information that was beeing received (LARMS -Level 1) is being signed...
- We have been making tests with PT Portal and Italian Smartcard...
- Issue found with IT card being solved by Soeren and Marcello
- Regarding OpenNCP, no developments made so far...
- Most important development on the OpenNCP: using the smartcard certificates to sign the TRC assertion, as it was intended in the epSOS.
- This development is being developed by Fraunhofer, on their OpenNCP
- We expect feedback at any time of new components, and this new TRC-STS, also the developments needed for the way the Portal works...
- Rui Alves (Unlicensed): My concern are the timings...
- Alexandre Santos: Demo of developments made by the Fraunhofer...at all levels (domain) in e-SENS. eH was selected because it is the most "difficult one" due to security reasons.
- This gives me hope to have something working... and eID will be a reality in e-SENS.
- My question is: what can be tested in the EXPANDATHON in terms of eID.
- Masi is one of the interested parts...
- How can we introduce and test this new BB.
- Rui Alves (Unlicensed) and Alexandre Santos to be present at 14:00 CET in the e-SENS WP 5.2 Meeting (hopefully with the eID team of e-SENS).
- Adress these concerns to the eID team.
- Adress these concerns to the eID team.
- Markus (Unlicensed): How to get this eID in the EXPANDATHON (related to Marcello comment yesterday), and how to get this approved.
- Alexandre Santos: This has been in hands of the teams developing the BBs.
- Markus (Unlicensed): About the process... Timeline, what to do, what to test.
- Alexandre Santos: No, I don't know how the process, who sends this request. We need to ask to Soeren what is the strategy. Technically we are trying to implement this component, but not sure about testing.
- Markus (Unlicensed): Align with EXPAND/e-SENS what to do about this.
- Rui Alves (Unlicensed): Steering committee meeting with EXPAND members. We could address this then, but not sure about the timings.
- Rui Alves (Unlicensed) send an e-mail to Soeren asking about new components and testing strategy for EXPANDATHON,
- Is there anybody else testing eID and the smartcards besides PT and IT? Is there any issues?
- Ortwin Donak: The issue with the LUX card remains... Ministry wants to wait for req from European Progress.
- We cannot sign any TRC with our smartcard.
TO DO's:
- Alexandre Santos or Rui Alves (Unlicensed) to sent this e-mail.
- Alexandre Santos or Rui Alves (Unlicensed) to sent this e-mail.
3. AOB
NEXT MEETING
- Rui Alves (Unlicensed): SCHEDULE NEXT MEETING: 13:00 CET
- Rui Alves (Unlicensed): SCHEDULE NEXT MEETING: 13:00 CET