Versions Compared

Old Version 3

changes.mady.by.user Licinio Kustra Mano

Saved on

compared with

New Version Current

changes.mady.by.user Alexandre Santos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

OpenNCP integration with eID

 

 

Estimated - 14:00 to 14:30 CEST

Performed -  14:00 to 15:10 CEST

AGENDA

a) Progress monitoring towards LARMS stable release;

...

PARTICIPANTS

Today's Meeting Participants:

 

 

Invited Members List:

Rui Alves <rui.alves@spms.min-saude.pt>,

Licinio Mano <licinio.mano@spms.min-saude.pt>,

Joao Goncalves João Gonçalves <joao.cunha@spms.min-saude.pt>

Jerome Subiger <jerome.subiger@ext.ec.europa.eu>,

Stéphane Spahni <stephane.spahni@hcuge.ch>,

Kostas Karkaletsis <k.karkaletsis@gnomon.com.gr>,

Ioannis Petrakis <petrakis@ics.forth.gr>, 

Michele Foucard <Michele.FOUCART@ext.ec.europa.eu>,

Massimiliano Masi <massimiliano.masi@tiani-spirit.com>,

Robert Scharinger <Robert.Scharinger@bmg.gv.at>,

Sören Bittins <soeren.bittins@fokus.fraunhofer.de>,Daniele Crespi <Daniele.Crespi@lispa.it>,

Alexandre Santos <alexandre.santos@spms.min-saude.pt>,

Tomé Vardasca <tome.vardasca@spms.min-saude.pt>

Ioannis Petrakis <petrakis@ics.forth.gr>

 

Invited Members List:

Rui Alves <rui.alves@spms.min-saude.pt>,

Licinio Mano <licinio.mano@spms.min-saude.pt>,

Stéphane Spahni <stephane.spahni@hcuge.ch>,

Kostas Karkaletsis <k.karkaletsis@gnomon.com.gr>,

Daniele Crespi <Daniele.Crespi@lispa.it>,

Markus Kalliola <markus.kalliola@ec.europa.eu>,

MEETING NOTES

 

0. Overview

      • Work Scope

        • Understand the scope of the integration of eID (from e-SENS) into OpenNCP.
      • Time Scope: 

        • OpenNCP Release with LARMS integrated (Level 1) until End of July.New release OpenNCP 2.X.X, foreseen for __________ 2015.


1. Relevant Documentation (What's gathered so far)

    • e-SENS Video: Short demonstration of the eID use-case from e-SENS (LARMS): to be made available.

The eID approach: The different levels

 

Level (Requirements)ModePilotAction by PatAttributes 
Level 0Manual input in the portal.epSOSMinimum D3.6.2  

Level 1

(disconnected mode possible)

LARMS

?? (eSENS eHeath OpenNCP 2.3.0 – floting  componento any portal

Pat gives card, does not type; 

Surname given name gender unique (health) identifier; Varies with each country*

RISK: not 100% sure individual ID

Level 3

(connection to internet and to Country A is needed/national PKIs via centraized service)

LAMb+Pat action

 

Patient confirms (mobile key; Pins of the card)

 

Allows “signed consent”

Authetication is possible

Level 4

(Does not use local functions of the card, uses online “information”; access to PEP)

DCA  Distributed CrossB Authentication

Stork II

Patient confirms (mobile key; Pins of the card) in a PC at the PoCare)

(atributes in the “assertion are the key issue”)

Confirms with National PKI everything;

Confirmes eIDAS.

Level 5

.Advanced Mobile APP solution  (AMAPP)

 

Use their mobile phone for full autentication without card need

  



2.

...

 

Level 1 (LARMS): Read attributes from patient's cards (through card readers at the Point of Care) and place those attributes in the patient search mask fields of the portal so that the professional doesn't need to enter manually the patient's identifiers.

Stéphane Spahni: Question is: how long will last the smart cards?

Licinio Kustra Mano We would need to jump to level 3 or 4...

Stéphane Spahni: in the future we need to consider non-smart-cards scenarios...

 

Licinio Kustra Mano: Comments?

Kostas Karkaletsis: Might be an overlapping between e-SENS and STORK.

This is for Patient Identification not Professional...

Licinio Kustra Mano: Not totally working at the level of browser. In the video there is a download of an agent... It is able to connect to the card reader and sends that info to the Portal.

The LARMS It's independent and needs to be downloaded (http that provides the Portal for instance). Local standalone mode.

Ioannis Petrakis: Is LARMS able to extract info from cards that require PIN for data extraction?

Licinio Kustra Mano: We need to move to other level - with private attributes. Patient may need to enter the PIN - card readers need to be more sofisticated. We need to go to Level 2. Here we have a security enhancement.

It may free some private info on the cards, if needed.

Stéphane Spahni: It is built on top of LARMS?

Licinio Kustra Mano: Level 2 is built upon LARMS with a new component... coming from e-SENS. Level 3 needs a third party confirmation...

 

Level 4: How can we jump to STORK? Needs a STORK National Portal... Does not use local functions of the card, uses online "information"; access to PEP.

Concern: Integration with STORK.

Physicians enter the Portal, identifies the country...

Soeren Bittins: There is no need for this international search mask beacuse the background system will identify automatically this...

Licinio Kustra Mano: We still count on Smart Cards right?

Soeren Bittins: Yes. They would have to identify the country of affiliation... 

Licinio Kustra Mano: How can we achieve the level 4?

Soeren Bittins: If we can connect to STORK, we can connect to eIDAS...

Licinio Kustra Mano: What is needed on the OpenNCP side to have LARMS available.

Next month: work on the next levels...

What could be the integration strategy? LARMS has an exe file and needs to be connected to a tool (Card reader)...

Kostas Karkaletsis This is a client implementation - only for the Portal, not a new component...

Countries that does not use Reference OpenNCP Portal will not be able to use...

Licinio Kustra Mano: this is a component that works independently.

Stéphane Spahni: The info extracted has to be placed in the Search Mask, and this link is .. with the Portal

Licinio Kustra Mano: The ones that use specific portals, will have an integration on that portal. Doesn't rely on Liferay, relies on the component... It is used by the Portal.

How can the community access to code, ...

Soeren Bittins: I am waiting for the PNs to test, about the browsers. As soon as I got the OK, we will hand it over perhaps in the next week.

Licinio Kustra Mano: Can we start using the current version?

Rui Alves (Unlicensed): Put the information in the minutes: links... Request to Soeren: where to direct people to this information and materials?

Licinio Kustra ManoStéphane SpahniKostas Karkaletsis and Alexandre Santos will work on the integration...

...

Meeting Minutes:

Alexandre Santos: lists the developments from last week and further work for next week

Marcello Melgara: ask Alexandre Santos if it is possible to deliver a new version of OpenNCP until 31 of July. Alexandre Santos explains that this LARMS implementation is only  available to the frontend, so it will be implemented only on the Portal. Countries like Italy (or Lombardia Region) that do not use the OpenNCP Portal won't see any change on the OpenNCP itself. It will be an implementation that will be decided and developed by the local teams.

Soeren Bittins: for now only the LARMS is included for deployment, next steps like LAM will come later. Further developments must be done to solve some problems like some IE versions used in Italy.

Soeren Bittins: the actual licence of the LARMS/FutureID Client is GPLv3 which is a problem for now. It will be changed to ASL in the future, it is being considered by the Fraunhofer team.

Soeren Bittins: the version of the client made available this week is production ready. There maybe some problems with countries that have more than one version of their eCard, the tests made by the development team was based only on the tests cards provided to them - it is necessary that all coutries test with all versions of each card and provide feedback.

Soeren Bittins: the next steps, i.e. LAM, will have a great impact on OpenNCP itself. Massi's email of the 21th of July explains what the OpenNCP team must look at. There are some more problems like the way OpenNCP validates Certificates, a problem already discussed with Licinio Kustra Mano (not validating the DN and only the CN)

Soeren Bittins: there were some relaxations made in 2010 for epSOS and it's time now (2015) to address those issues. Countries are using IdP, for instance.

Soeren Bittins: confronts Alexandre Santos with the fact that not all countries are using the Portal and ask if it makes sense to have that effort. Alexandre Santos states that this is a frontend only implementation and it's a proof of concept/reference for other countries to look at.

Massimiliano Masi: shares with the group the link for the White Paper that influenced the epSOS Access Control  - http://www.ihe.net/Technical_Framework/upload/IHE_ITI_TF_WhitePaper_AccessControl_2009-09-28.pdf

Soeren Bittins: the steps needed for going live are on the White Paper, specially for Portugal

Soeren Bittins: LAM module is active and mature and will be realased in the second week of August. We need the TRC-STS issue on openNCP solved, Massi email.

Soeren Bittins: There is an issue that the assertion made by the LAM is correct on NCP-B but sometimes fails on NCP-A. Massimiliano Masi informs that this issue about certificates not being known by the OpenNCP-A can be solved with the SMP solution. Soeren Bittins retrieves with the fact that there is no SMP services and implementation in 3 weeks time. Massimiliano Masi agrees with the time frame being to short for SMP services being available for countries.

Soeren Bittins: each OpenNCP has it's own trust store, which is a problem for certificates management. This a problem from epSOS v1, not a OpenNCP created one. Must be address.

3. AOB

NEXT MEETING - Thursday, Jul 23rd 30th 2015  14:00 CEST - 30 min call.

...

 

Let's wait until we have inputs from Soeren.

Today's meeting actions

        • Alexandre Santos - prepare the new OpenNCP Portal Release with LARMS
        •  Continue with the discussion about implementing LAM
        •  Try to involve Konstantin on this discussion