20160218 - Meeting minutes, Thursday, February 18th, 2016 - OpenNCP Technical Committee Meeting

OpenNCP Technical Committee Meeting

 

Estimated - 13:00 to 14:00 CET

Performed - 13:00  to 14:20 CET

AGENDA

  1. Relaxation topics: Decision on how to implement and to deal with message signature è https://openncp.atlassian.net/wiki/display/ncp/Open+discussion
  2. Cache mechanism:
    1. SMP/SML cache mechanism
    2. Configuration manager cache mechanism
  3. Release roadmap
    1. Security release?
    2. epSOS Web and portal?
    3. SMP
  4. CDA: alignment of xml file with the CDA implementation guide => Point added to the "proposed agenda"
  5. Specification deviations draft
  6. TSL editor – Naming of the NCP Service Status List: do we really need syntax over it?”
  7. List of issues – back log
  8. Change proposal template review/comments? => Bi-weekly
  9. Participation Connectathon Bochum 11-15/04
  10. Next meeting
    1. National connector IHE compliant => Marcello Melgara


 

LOCATION

  Adobe Connect

http://ec-wacs.adobeconnect.com/openncp/

Room Passcode:  markus.kalliola or Licinio Kustra Mano

----------------

If you have never attended an Adobe Connect meeting before:

Test your connection: http://ec-wacs.adobeconnect.com/common/help/en/support/meeting_test.htm

Get a quick overview: http://www.adobe.com/products/adobeconnect.html

Adobe, the Adobe logo, Acrobat and Adobe Connect are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.

PARTICIPANTS

Today's Meeting Participants:

Heiko Zimmermann

S

Joao Cunha

Kostas Karkaletsis

Massimiliano Masi

Mustafa Yuksel

Stéphane Spahni

michele.foucart

MEETING NOTES

  1. Relaxation topics: Decision on how to implement and to deal with message signature: https://openncp.atlassian.net/wiki/display/ncp/Open+discussion
    1. Digital signature is easier to put in place and by doing this we would be compliant with the specifications.
      1. Heiko Zimmermann is also in favour of the digital signature, which is already working on SANTE platform.
      2. Stéphane Spahni: if xml digital signature is successful in Luxembourg, we can use it too.

      3. From the developpers point of view it is ok to use digital signature. Massimiliano Masi: epsos specs 3.8.7 already defined the algorithm and thus there is nothing to do on the specifications point of view.

      4. What about performance?

        1. Heiko Zimmermann: we can only estimate regarding the performance. Are there experience? No.

        2. According to Sit should not be a problem because we don't exchange a lot of messages

        3. Stéphane Spahni: it might happen if the machine has a too low load. He experienced problems with creating certificates with new machines which are more powerful.

        4. Massimiliano Masi: we should be worried about performance in case of denial of services, but the risk is very low. Should not be a performance issue.

    2. There were question regarding secure conversation but there have been some improvements on the solution which is now mature.
    3. Decision to go with xml digital signature.
  2. Cache mechanism:
    1. A discussion was initiated by e-mail regarding performance issue. The question is how do we work with the cache?
      1. Joao made an analysis on the use of cache. Problem is to create a distributed cache or configuration manager as standalone component.
        There are a lot of possible solution of distributed cache. It merges the need for SMP/SML and config manager.
        1. Joao Cunha We'll need a database
      2. 2 kinds of properties have to be distinguished and skip them in files and some to be kept in database (url point)
        1. Trusted node and how to access NCP in a secured way. In order to have a secure node we should have in a database => to be checked with Marcello Melgara
        2. Massimiliano Masi: the idea was to have also the value in cache.
        3. S: we don't need a full cache. How do we maintain different properties values between components?
          1. How many accesses will we have?
          2. Massimiliano Masi: The caching mechanism was introduced to have the SMP querying to the DNS cache
      3. Distributed cache is complex => point of failure
      4. 2 solutions: using 1 tool (Jgroup or other...), creating another standalone component for configuration manager. The easiest according to S would be to use a tool
      5. Massimiliano Masi: why don't we just create interfaces and MS decide to implement what they want? and eventually give a reference implementation Jgroup or other as a plug-in
        1. Joao Cunha: do we have a need from the MS? Apparently yes.
      6. Conclusion?
        1. In order to have a secure node we should have in a database - to be validated with Marcello Melgara
        2. In any case we need a cache => List all the tool that exist in open source, then organize a vote on a discussion page
        3. ? Timeline Connectathon
          1. Massimiliano Masi: Jgroup
  3. Release roadmap
    1. Can we release 2.4.0 and include the security fixes?
      1. Wait for the end of tests between Portugal and CH.Stéphane Spahni2.4.0 RC 0 is the latest version. And will not be installed before the end of March
          1. Merge RC 1 + secu fixes which are mainly configuration actions. to be included in R2.4.0 RC0
          2. Stéphane SpahniHeiko Zimmermann is also in favour of merging both releases
            1. Developments SMP/SML holding decision on cache mechanism, thus it is not sure it would be ready for end of March.
      2. epSOS Web and portal?
        1. Kostas Karkaletsis did already the fixes that we still need to test
      3. SMP => See previous point
  4. CDA: alignment of xml file with the CDA implementation guide => Point added to the "proposed agenda"
    1. Question from Heiko Zimmermann: Are the modifications in the CDA implementation guide, which has been revised in Expand, implementing compliance to the current version of the EU Guidelines on Patient Summary
    2. Michele to ask to Marcello Melgara
  5. Specification deviations draft => Massimiliano Masi : the document is available on the security  task force, comments from Joao and Marcello => epsos specs 3.8
    1. Could Kostas check before the next security? 1pm
  6. TSL editor – Naming of the NCP Service Status List: do we really need syntax over it?” problem with specs and implementation;
    1. Joao also finds a list of issues that he puts in comment in a page on the wiki meeting minutes deviation see the differences : 20160113 - Meeting minutes, Wednesday January 13th 2016 - OpenNCP Specifications and Implementations Deviations
    2. Not to be included in this release but next one 2.4.1  with SMP/SML, TSL and other fixes
  7. List of issues – back log
    1. Proposition of Kostas to work on a Agile way
    2. Good idea because we've lots of issues, proposition to separate issues in epic ...
    3. Is the Community ok to work in this mode?
    4. S will organize a meeting/task to organize the issues
  8. Change proposal template review/comments? => Bi-weekly
  9. Participation Connectathon Bochum 11-15/04 - No updateNext meeting
  10. Next meetings
    1. National connector IHE compliant => Marcello Melgara
    2. next security. 1pm
    3. next technical 1 pm