Versions Compared

Old Version 1

changes.mady.by.user Licinio Kustra Mano

Saved on

compared with

New Version 2

changes.mady.by.user Alexandre Santos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Estimated - 14:00 to 14:30 CEST

Performed -  13:00 to 14:30 CEST

AGENDA

a) Progress monitoring towards LARMS stable release;

...

Today's Meeting Participants:

 

 

Invited Members List:

 

Alexandre Santos <alexandre.santos@spms.min-saude.pt>

João Gonçalves <joao.cunha@spms.min-saude.pt>

 

Jerome Subiger <jerome.subiger@ext.ec.europa.eu> 

Michele Foucard <Michele.FOUCART@ext.ec.europa.eu>

 

Massimiliano Masi <massimiliano.masi@tiani-spirit.com>

 

Robert Scharinger <Robert.Scharinger@bmg.gv.at>

 

Sören Bittins <soeren.bittins@fokus.fraunhofer.de>de>

 Alexandre Santos <alexandre.santos@spms.min-saude.pt>

Invited Members List:

 

Tomé Vardasca <tome.vardasca@spms.min-saude.pt> 

Ioannis Petrakis <petrakis@ics.forth.gr>

(Holidays) Rui Alves <rui.alves@spms.min-saude.pt>,

(Holidays) Licinio Mano <licinio.mano@spms.min-saude.pt>,

(Holidays) Stéphane Spahni <stephane.spahni@hcuge.ch>,

...

Daniele Crespi <Daniele.Crespi@lispa.it>,

(Holidays) Markus Kalliola <markus.kalliola@ec.europa.eu>,

...

Level (Requirements)ModePilotAction by PatAttributes 
Level 0Manual input in the portal.epSOSMinimum D3.6.2  

Level 1

(disconnected mode possible)

LARMS

?? (eSENS eHeath OpenNCP 2.3.0 – floting  componento any portal

Pat gives card, does not type; 

Surname given name gender unique (health) identifier; Varies with each country*

RISK: not 100% sure individual ID

Level 3

(connection to internet and to Country A is needed/national PKIs via centraized service)

LAMb+Pat action

 

Patient confirms (mobile key; Pins of the card)

 

Allows “signed consent”

Authetication is possible

Level 4

(Does not use local functions of the card, uses online “information”; access to PEP)

DCA  Distributed CrossB Authentication

Stork II

Patient confirms (mobile key; Pins of the card) in a PC at the PoCare)

(atributes in the “assertion are the key issue”)

Confirms with National PKI everything;

Confirmes eIDAS.

Level 5

.Advanced Mobile APP solution  (AMAPP)

 

Use their mobile phone for full autentication without card need

  



2. Meeting Minutes:

      • Alexandre Santos: lists the developments from last week and further work for next week

...

Marcello Melgara: ask Alexandre Santos if it is possible to deliver a new version of OpenNCP until 31 of July. Alexandre Santos explains that this LARMS implementation is only  available to the frontend, so it will be implemented only on the Portal. Countries like Italy (or Lombardia Region) that do not use the OpenNCP Portal won't see any change on the OpenNCP itself. It will be an implementation that will be decided and developed by the local teams.

Soeren Bittins: for now only the LARMS is included for deployment, next steps like LAM will come later. Further developments must be done to solve some problems like some IE versions used in Italy.

Soeren Bittins: the actual licence of the LARMS/FutureID Client is GPLv3 which is a problem for now. It will be changed to ASL in the future, it is being considered by the Fraunhofer team.

Soeren Bittins: the version of the client made available this week is production ready. There maybe some problems with countries that have more than one version of their eCard, the tests made by the development team was based only on the tests cards provided to them - it is necessary that all coutries test with all versions of each card and provide feedback.

Soeren Bittins: the next steps, i.e. LAM, will have a great impact on OpenNCP itself. Massi's email of the 21th of July explains what the OpenNCP team must look at. There are some more problems like the way OpenNCP validates Certificates, a problem already discussed with Licinio Kustra Mano (not validating the DN and only the CN)

Soeren Bittins: there were some relaxations made in 2010 for epSOS and it's time now (2015) to address those issues. Countries are using IdP, for instance.

Soeren Bittins: confronts Alexandre Santos with the fact that not all countries are using the Portal and ask if it makes sense to have that effort. Alexandre Santos states that this is a frontend only implementation and it's a proof of concept/reference for other countries to look at.

Massimiliano Masi: shares with the group the link for the White Paper that influenced the epSOS Access Control  - http://www.ihe.net/Technical_Framework/upload/IHE_ITI_TF_WhitePaper_AccessControl_2009-09-28.pdf

Soeren Bittins: the steps needed for going live are on the White Paper, specially for Portugal

Soeren Bittins: LAM module is active and mature and will be realased in the second week of August. We need the TRC-STS issue on openNCP solved, Massi email.

Soeren Bittins: There is an issue that the assertion made by the LAM is correct on NCP-B but sometimes fails on NCP-A. Massimiliano Masi informs that this issue about certificates not being known by the OpenNCP-A can be solved with the SMP solution. Soeren Bittins retrieves with the fact that there is no SMP services and implementation in 3 weeks time. Massimiliano Masi agrees with the time frame being to short for SMP services being available for countries.

...

      • :
        • There are 2 tasks on OpenNCP Agile Board: 
          Jira Legacy
          serverJIRA (openncp.atlassian.net)
          serverId5eab37ce-f509-3cbb-9925-c13d0f8d6d44
          keyGPB-65
           and 
          Jira Legacy
          serverJIRA (openncp.atlassian.net)
          columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
          serverId5eab37ce-f509-3cbb-9925-c13d0f8d6d44
          keyGPB-64
        • The GPB-64 has one comment about the hosting of the FutureID client not being at the NCP-B but instead on the Liferay Tomcat
        • The GPB-65 is still under development and will delay, almost for sure, the availability of the new release on the 31 of July. There are issues with the use of JS (JQuery) with Liferay and JSF server-side pages.
        • The source code is under https://bitbucket.org/alexandresantos72/openncp-portal
      • Alexandre Santos: the next release will be postponed for 1 week, will inform all by email if there are good news about it.
      • Soeren Bittins: there were some problems in Italy with JQuery and old IE versions
      • Soeren Bittins: next Friday we'll have more news about the licencing of the FutureID client. There will be tomorrow a conference call with the team of Open eCard. No problem with eSens pilots but other entities that are not on eSens might have issues using the FutureID client.
      • Soeren Bittins: Liferay workflow (WorkFlow Manager) and session handling will be a problem. As an example, the same TRC can be used several times because it is cached on the Liferay. Another example is the Liferay orchestration of the business which is a security problem also.
      • Soeren Bittins: Italy is not using Portal so they are hard-coding/using hard-wiring orchestration. Along Italy, further eID implementations (new Levels) demand a new look towards the actual design of the OpenNCP.
      • Soeren Bittins: When we put all the orchestration in the OpenNCP Portal there are security problems that arise from that design. To complete the entire workflow (IHE workflows) there is the need to contact the Portal, which is not part of the NCP.
      • Massimiliano Masi: The email is explained about Direct Broker. The JS code is an example of how we can call a servlet to get an assertion. The need to get the eIdA with JS from the portal. See the last email from Masi.
      • Soeren Bittins: There will be a meeting on the 25th and it would be important for the OpenNCP community to be there.

3. AOB

NEXT MEETING - Thursday, Jul 30th 2015  14:00 CEST - 30 min call. Start a DOODLE for the next meeting - August (smile)

        •  Alexandre Santos - prepare the new OpenNCP Portal Release with LARMS
        •  Continue with the discussion about implementing LAM
        •  Try to involve Konstantin on this discussion