OpenNCP integration with SMP
...
Uwe @Uwe Roth
Massimiliano Masi Masi
Adrien Ferial , (DG Digit)
Gwen (EC)@Gwenaelle Quivy
Invited Members List:
@François
Kostas Karkaletsis Karkaletsis
MEETING NOTES
0. Overview
...
- White paper on SMP and requirements for eHealth:
- Examples of SMP files:
- FinIdentityByTraitsServiceInformationSigned.xml
- OrderServiceServiceInformation.xml
- PatientServiceListServiceInformation.xml
- SAMLIssueServiceInformation.xml
- BDXR:
2. Spec, design and Development
- Licinio Kustra Mano: overarching approach for the e-SENS document:
- epSOS Central Configuration Services - Specifications
- It was never implemented. But even so, the specified solution is referenced in the epSOS Deliverables;
- epSOS Central Configuration Services - As IS
- A simplified solution was adopted, but needs to be better described for further enhancements and improvements.
- Improve Massi document... that was no officially released.....
- Gap between Specs. and As IS scenarios towards an OPERATION READY scenario
- ...
- ...
- How can we use SMP/SML to close some of the gap and open issues
- What current limitations or relaxations ca be resolved with moving to an SMP/SML.
- epSOS Central Configuration Services - Specifications
- Markus (Unlicensed):
- This is an e-SENS task that is being supported by EXPAND/OpenNCP Community.
- We MUST make sure that everyone understands that the request is an e-SENS pilot request and not something that the OpenNCP just decided to do.
- Good approach, instead of stop everything, work for clarifying what opportunities are there to use the SMP as bridge to remove relaxations adopted during epSOS.
- This is an e-SENS task that is being supported by EXPAND/OpenNCP Community.
- Joao Cunha Provide an overview on the work done so far:
Tip | ||
---|---|---|
| ||
Joao Cunha and @Uwe did a MAGNIFICENT work on recovering information and making it available for all of us that use the services but never went down there do understand how they have been implement. Thank you so much guys and please keep digging |
- The current implementation is not the one specified in epSOS. It has relaxations that nee to be understood.
- The current implementation:
- CONET is the current provider. they are responsible for:
- Infrastructure,
- Interfaces for NSL,
- VPN connection between MS and Central Services (it is planned and tested, but never entered Operation mode)
- MS: connect by SFTP to services and upload there TSL files to a private are
- In Central Server: there is a script that validates, create an audit log, and moves to the public section where it can be downloaded by NCPs to support local configuration.
- Joao Cunha will try obtain the source code for this script and share with S
- Joao Cunha will try obtain the source code for this script and share with S
- MAIN CONCLUSION
- Regarding the sharing of certificates and endpoints, the central configuration services are used only for storing the TSL files
- OpenNCP used components: TSL-Editor and TSL-Sync;
- Certificates are included in the TSL files;
- International Search mask: are not included in the TSL files, and by now the knowledge collected points out to the fact this token of information is being exchanged by email. No automatic solution is there or at least was not found evidence on how this can be done automatically with current implementation.
- markus.kalliola: confirm that this information is stored in the public:
- Joao Cunha: confirms that the information is there (centrally) but there is no awareness on how it is uploaded and downloaded. But for sure it's a manual process.
- Regarding the sharing of certificates and endpoints, the central configuration services are used only for storing the TSL files
- MAIN RELAXATIONS
- Identified and described with big detail on document;
- VPN between Central Services and NCPs
- Certificate relaxations, can be adopted by PPT but not on OPERATION.
- NCPs were not an ATNA secure node... because we need to access manually to the NCP to activate the TSL-sync mechanism.
- Something more is needed to allow automatic configuration and remove the need for manual intervention at NCP level;
- epSOS Trust Bootstrap relaxation, there isn't a service (trust service provider) for assure truste between NCPs.
- This is based on a EC directive. Is there any kind of service in each country that can perform this service/role???
- Missing eID for Patient.
- Identified and described with big detail on document;
- CONET is the current provider. they are responsible for:
- Introduction to SMP and SML specification:
- SML: Based on DNS, resolves to an URL that points to an SMP server;
- SMP: each MS would have the capabilities of their NCP;
- The proposed SMP SML solution architecture would be in a 1s stage in a centralised way.
- Certificates are not naturally exchanged by SMP. In the future, maybe an hybrid solution may be needed to assure the privacy of certain information tokens (e.g. certificates)
- Markus (Unlicensed) in the meeting of there are a set of questions open (20150722 - Meeting minutes, Wednesday, July 22nd, 2015 - OpenNCP integration with SMP)
- Licinio Kustra Mano: It is important to make sure that the document we're preparing now, includes the best possible answers by now.
2. Spec, design and Development:
3. Document on SMP:
Draft version shared for comments: e-SENS-eHealth-SMP_SML-v02-Draft_ForComments.docx
...
- How will we do the creation/update for SMP file for the country: update the TSL-Editor?
- Masi:
- Define the scope. If we agree on priority to have SMP initially to private TSL - yes.
- Stephane: Propose to have two phases. Do not change tsl for now... Later we can refactor design TSL-Editor...
- Masi: (CONET?) is giving us a REST client
- Stephane: we can provide an application with TSL.Editor...
View file name
- 20150616_Masi_SMP-TRUST.docx
height 250 - Masi:
- How will we do the creation/update for SMP file for the country: update the TSL-Editor?
4. AOB
Many questions, doubts, still needs to be adressed and answered before we can proceed to conclude the document.
Next meeting ASAP is needed to proceed.
Today's meeting actions and next meeting:
- Rui Alves (Unlicensed): Follow up minutes + Schedule next meeting (Next SMP/SML 14h00 CEST).
-
...