Date: Thu, 28 Mar 2024 16:08:18 +0000 (UTC) Message-ID: <258534147.21.1711642098511@00981e3dcf14> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_20_1781378494.1711642098511" ------=_Part_20_1781378494.1711642098511 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Welcome to the OpenNCP installation overview. The purpose of this d= ocument is to give an overview of the OpenNCP components and their installa= tion.
OpenNCP is a suite of epSOS NCP software publicly avail= able under Open Source licensing (partly GPL v. 3 and partly ASL v. 2). The= software acts as a bidirectional technical, organisational and legal inter= face between the existing national infrastructures and also acts as a media= tor as far as the legal and regulatory aspects are concerned.
OpenNCP Community is an open group of people orchestrat= ed by an agile software development methodology conducting effort on design= ing, coding, testing and delivering OpenNCP software.
JoinUp is a collaborative platform created by the Europ= ean Commission and funded by the European Union via the Interoperability So= lutions for Public Administrations (ISA) Programme.
Some OpenNCP software components are licensed under the GPL v. 3 license= , and some under the ASL v.2 license. Developers of software components are= given the responsibility to check that no other licensing rights pertain t= o any elements embedded or related to a newly developed component, particul= arly but not limited to libraries.
For connecting the OpenNCP implementation to a participating nation's na= tional infrastructure, a separate national connector must be implemented by= the NCP operator. The connector is not supplied as part of OpenNCP, becaus= e the implementations and functionalities of the national infrastructures d= iffer among the participating nations.
epSOS participating nations and other enquirers are responsible in co-op= eration with the OpenNCP community, to ensure that the licenses of all open= source components used in the project are compatible with the purpose and = scope of the project.
It's highly recommended to have each private key in a seperate keystore = file (one for signature key, one for service provided and one for vpn key)<= /p>
OpenNCP consists of the following components all of which are available = for download at JoinUp.
The core of OpenNCP is the Protocol Terminators and consists of these tw= o components:
These components are packaged as web applications and are deployed to a = servlet container such as Tomcat.
This component is a "Security Token Service" (STS) for issuing =E2= =80=9CTreatment Relationship Confirmation=E2=80=9D (TRC) Assertions. It is = another web application that is deployed to Tomcat. TRC-STS is used by an e= pSOS portal (e.g. OpenNCP portal or epsos-web), which must include the TRC-= STS client for retrieving the TRC assertions from the security token servic= e.
TSL-sync connects to Central Services and downloads the Truste= d Service Lists (TSL) with NCP endpoint addresses and certificates of the o= ther Participating Nations. It is a web application deployed to Tomcat. TSL= -sync may be configured to run for example every night.
The Terminology Service Access Manager (TSAM) Synchronizer is another Op= enNCP component. It is a standalone jar file with configuration files = and a start script. This application may be scheduled to run for example on= a daily basis and will download terminology data from the Central Services= repository into the local database (LTR - Local Terminology Repositor= y).
OpenATNA is an implementation of the Audit Trail and Node Authentication= (ATNA) profile. It is is a web application and is deployed to Tomcat. The = application has two main functionalities: (1) receiving the audits from NCP= components and storing them into the audit repository and (2) getting acce= ss to the stored audits using a web interface.
A local database is required for storing the following information:
The configuration settings also include the endpoint addresses of the ot= her NCPs, received in the form of TSLs from the central services.
There is a choice of two web portals:
Communication between NCPs is secured using HTTPS over IPsec. IPsec= is not part of the OpenNCP software, but it is needed for establishing VPN= connections between epSOS NCPs. Internet Protocol Security (IPsec) is a pr= otocol suite for securing Internet Protocol (IP) communications by aut= henticating and encrypting each IP packet. A common implementation of IPsec= for Linux is Openswan. It must be installed on the NCP machine.
For further in= formation refer to the OpenNCP Installat= ion Manual. It describes the installation of the OpenNCP software in mo= re detail and provides sample configuration files along with tips and trick= s for successful deployment of the NCP.
The OpenNCP Community provides support and other benefits, including: