20160202 - Meeting minutes, Tuesday, February 2nd February, 2016 - OpenNCP Task Force - Security

OpenNCP Task Force - Security

 

Estimated - 13:30 to 14:30 CET

Performed - 13:30 to 14:30 CET

AGENDA

0. Housekeeping (Jerome)

1. Relaxation?

2. Technical vulnerabilities and remediation

3. AOB

4. Next meeting

 

LOCATION 

Room Passcode:  (Ask if necessary)

----------------

If you have never attended an Adobe Connect meeting before:

Test your connection: http://ec-wacs.adobeconnect.com/common/help/en/support/meeting_test.htm

Get a quick overview: http://www.adobe.com/products/adobeconnect.html

Adobe, the Adobe logo, Acrobat and Adobe Connect are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.

PARTICIPANTS

Today's Meeting Participants:

S

Joao Cunha

Kostas Karkaletsis

Massimiliano Masi

Stéphane Spahni

michele.foucart

Nathan TAKU


MEETING NOTES:

  1. Housekeeping (Jerome):
  • S Security task force is the group in charge of fixing known security issues, and providing security policies document in order to improve the scalability of OpenNCP components.
  • A first testing session (security and load) has been run from a end to end flow (client --> NCPB --> NCPA).
  1. Technical vulnerabilities and remediation
    1. Background:
      1. Decision has been made to fix the clients in order to provide safe clients even if not part of OpenNCP
      1. Then we'll start again the security test and execute component per component testing
    2. Liferay:
      1. Kostas Karkaletsis has solved already a number of issues & installed a new version of Liferay 6.2.0-CE-GA1).
        • has solved some of the issues in the current version (Liferay 6.2.0-CE-GA1) and results are here: https://openncp.atlassian.net/wiki/display/ncp/Liferay+Security+Issues
        • has installed locally the version 6.2-CE-GA6 (which seems to have solved some of the security issues)
        • trying to migrate the installation from previous version to the new one
          • S is asking if we are expecting issues with the migration?
            • Normally it should be easy. Kostas will probably be finished by tomorrow evening
            • Database:no update script, this is done automatically
        • has installed https://portswigger.net/burp/ which is a web application security testing tool in order to be able to do this testing my own, before sending it to your team in order to have faster results
          1. Nathan TAKU:
            1. Good idea to use the burp suit
          • Nathan TAKU will be available next week to work on those issues. Kostas will contact Nathan as soon as ready
          1. Nathan recommends to have a look at the recommendations for fixes
      2. When can we execute a new test session?
        1. Only one server in DG SANTE so we need to have a look at the calendar to plan the tests
        2. Kostas Karkaletsis: as from end of next week (15/02)
          • S will check the availability of the server and will check with Marco to follow the same process and planning for the other portal
          • Is it possible to have a public installation? Server not available at the moment. But Jerôme will organize a quick call with Kostas
  2. Relaxations
    1. Massimiliano Masi: The biggest problem we have is regarding the integration with the national connector on the national infrastructure side
      1. It make sense to write a document with functional requirements and then handover it to Kostas, Joao and Jerôme
        • Massimiliano Masi proposes to start a kick off document trying to formalizing the discussions by e-mail
      1. What Massi needs is a fresh version of deliverable - Please see section /wiki/spaces/ncp/pages/72417298 where the document "epSOS Security Deviations Fact Sheet" is displayed
    2. How to implement and to deal with message signature?
      1. epSOS approach
      2. Current version of OpenNCP: no message signature, only assertions
      3. Question is : Do we have a secure conversation (sign every message but without the key) between NCPs? Or xml digital signature (each message is signed using the key of the identity provider)
        1. Secure conversation is relevant if we have a real conversation
        2. xml digital signature is good if we have only a few conversations => Ok for Massi because at the end we do not exchange that much messages (experience from the pilot)
      4. Massimiliano Masi: VPN = secure network, TLS = host-to-host security, we need application-to-application security
        1. Reference to document D 3.A EED v0.8 section 4.3.5.2
      5. How/who can we decide on this topic? 
        1. Proposition of Massi:
          1. Analyse the implications of both approach
          2. Present and discuss at the Technical Committee meeting and then decide by voting
            1. need for a comparison between both approach before voting => need to prepare a document before the Technical Committee
        2. Proposition Kostas:
          1. Better to have a list of all the issues and then prioritize them
            • S will make the list and prepare a proposition for this Technical Committee on  
        3. Both approaches could be in parallel. Choice of how to implement and priority
      6. List pros and con's on the wiki for discussions, from the page dedicated on security
        1. To be discussed/decided to the next Technical Committee meeting on  .
    3. Workflow manager:
      1. Component that keeps OpenNCP stateless
      2. Part of the national connector discussion.
      3. STS implementation => To be included in the priority list of issues

3. AOB

  1. What is the status on the version number of certificates? It should be 5 according to Massi
    1. This has also to be communicated to the Member States
  2. Do we need more certificates for the use of SMP/SML?
    1. SMP puts the signature on the metadata => against epSOS current model
    2. According to Massi, we may need additional certificates. Joao also refers to DIGIT impact analysis


4. Next meeting

Will be organized ad hoc

5. Next steps