Versions Compared

Old Version 8

changes.mady.by.user Rui Alves (Unlicensed)

Saved on

compared with

New Version 9

changes.mady.by.user Rui Alves (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

OpenNCP integration with SMP

...

Rui Alves (Unlicensed)

S

Stéphane Spahni

Uwe @Uwe Roth

Markus (Unlicensed)

Massimiliano Masi Masi

Adrien Ferial , (DG Digit)

michele.foucart

Gwen (EC)@Gwenaelle Quivy

Marcello Melgara

 

Invited Members List:

@François

Natasha Carl

Alexandre Santos

Kostas Karkaletsis Karkaletsis

Heiko Zimmermann

Ortwin Donak Donak

 

MEETING NOTES

0. Overview

...

2. Spec, design and Development

  • Licinio Kustra Mano: overarching approach for the e-SENS document:
    • epSOS Central Configuration Services - Specifications
      • It was never implemented. But even so, the specified solution is referenced in the epSOS Deliverables;
    • epSOS Central Configuration Services - As IS
      • A simplified solution was adopted, but needs to be better described for further enhancements and improvements.
      • Improve Massi document... that was no officially released.....
    • Gap between Specs. and As IS scenarios towards an OPERATION READY scenario
      • ...
    • How can we use SMP/SML to close some of the gap and open issues  
      • What current limitations or relaxations ca be resolved with moving to an SMP/SML.
  • Markus (Unlicensed):
    • This is an e-SENS task that is being supported by EXPAND/OpenNCP Community.
      • We MUST make sure that everyone understands that the request is an e-SENS pilot request and not something that the OpenNCP just decided to do.
    • Good approach, instead of stop everything, work for clarifying what opportunities are there to use the SMP as bridge to remove relaxations adopted during epSOS.
  • Joao Cunha Provide an overview on the work done so far:

 

Tip
titleCONGRATULATIONS and thank you!

Joao Cunha and @Uwe did a MAGNIFICENT work on recovering information and making it available for all of us that use the services but never went down there do understand how they have been implement.

Thank you so much guys and please keep digging (wink)

    • The current implementation is not the one specified in epSOS. It has relaxations that nee to be understood.
    • The current implementation:
      • CONET is the current provider. they are responsible for: 
        • Infrastructure, 
        • Interfaces for NSL, 
        • VPN connection between MS and Central Services  (it is planned and tested, but never entered Operation mode)
      • MS: connect by SFTP to services and upload there TSL files to a private are
      • In Central Server: there is a script that validates, create an audit log, and moves to the public section where it can be downloaded by NCPs to support local configuration.
        • Joao Cunha will try obtain the source code for this script and share with S
      • MAIN CONCLUSION
        • Regarding the sharing of certificates and endpoints, the central configuration services are used only for storing the TSL files
          • OpenNCP used components: TSL-Editor and TSL-Sync;
          • Certificates are included in the TSL files;
          • International Search mask: are not included in the TSL files, and by now the knowledge collected points out to the fact this token of information is being exchanged by email. No automatic solution is there or at least was not found evidence on how this can be done automatically with current implementation.
      • MAIN RELAXATIONS
        • Identified and described with big detail on document;
          • VPN between Central Services and NCPs
          • Certificate relaxations, can be adopted by PPT but not on OPERATION.
          • NCPs were not an ATNA secure node... because we need to access manually to the NCP to activate the TSL-sync mechanism.
            • Something more is needed to allow automatic configuration and remove the need for manual intervention at NCP level;
          • epSOS Trust Bootstrap relaxation,  there isn't a service (trust service provider) for assure truste between NCPs.
            • This is based on a EC directive. Is there any kind of service in each country that can perform this service/role???
          • Missing eID for Patient.
    • Introduction to SMP and SML specification:
      • SML: Based on DNS, resolves to an URL that points to an SMP server; 
      • SMP: each MS would have the capabilities of their NCP; 
      • The proposed SMP SML solution architecture would be in a 1s stage in a centralised way.
      • Certificates are not naturally exchanged by SMP. In the future, maybe an hybrid solution may be needed to assure the privacy of certain information tokens (e.g. certificates)
    • Markus (Unlicensed) in the meeting of  there are a set of questions open (20150722 - Meeting minutes, Wednesday, July 22nd, 2015 - OpenNCP integration with SMP)
      • Licinio Kustra Mano: It is important to make sure that the document we're preparing now, includes the best possible answers by now.

2. Spec, design and Development: 

3. Document on SMP:

Draft version shared for comments: e-SENS-eHealth-SMP_SML-v02-Draft_ForComments.docx

...

    • How will we do the creation/update for SMP file for the country: update the TSL-Editor?
      • Masi: 
        • Define the scope. If we agree on priority to have SMP initially to private TSL - yes.
        • Stephane: Propose to have two phases. Do not change tsl for now... Later we can refactor design TSL-Editor...
        • Masi: (CONET?) is giving us a REST client
        • Stephane: we can provide an application with TSL.Editor... View filename
      • 20150616_Masi_SMP-TRUST.docx
        • height250

 

4. AOB

Many questions, doubts, still needs to be adressed and answered before we can proceed to conclude the document.

Next meeting ASAP is needed to proceed.


Today's meeting actions and next meeting:

    •  Rui Alves (Unlicensed): Follow up minutes + Schedule next meeting (Next SMP/SML  14h00 CEST).
    •  

...