20160913 - Meeting minutes, Tuesday September 13th 2016 - Task force SML/SMP

 

Estimated: 15:00 to 16:00 CET.

Performed: 15:04 to 15:58 CET.

Agenda:

  1. Status of activities:
  2. Ongoing Issues:
  3. Implementation, SMP ICD: eHealth specidifities:
    1. Exact same metadata for signature:
    2. Same certificates:
    3. Additional signature:
    4. Cache implementation:
  4. Roadmap:
  5. Next steps:

Location:

  • AdobeConnect:

http://ec-wacs.adobeconnect.com/openncp/
Room Passcode:  markus.kalliola or michele.foucart
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
If you have never attended an Adobe Connect meeting before:
Test your connection: http://ec-wacs.adobeconnect.com/common/help/en/support/meeting_test.htm
Get a quick overview: http://www.adobe.com/products/adobeconnect.html
Adobe, the Adobe logo, Acrobat and Adobe Connect are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Joao Cunha

Dimiter Petrov

Stéphane Spahni

Yves ADAM

S

Massimiliano Masi

Meeting Notes:

  1. Status of activities:
    Housekeeping and general discussion which initiates restarting the task force after the summer holiday break.

  2. Ongoing Issues:
    All the current issues on DIGIT side has been fixed, development tasks on the OpenNCP side.

  3. Implementation, SMP ICD: eHealth specificities:
    1. Exact same metadata for signature:
      There is a risk of interoperability issues by using the SMP's extension mechanism for adding the required extra signatures.
      The SMP SignedServiceMetadata file is submitted throughout the PUT method and never stored as is, when a GET method is called the file is rebuilt from the server with a risk of not being exactly the same.
      To solve this issue, 2 solution are proposed: detaching the signature or applying a XSLT transformation on the SMP file (download and upload).
      Adrien FERIAL has sent a mail to highlight the fact that the first solution will create a new service. "This would impact interoperability and lead to a lock-in to a specific implementation of SMP".
      The group has validated to use the XSLT solution if it solves the issue.
      Joao Cunha has already developed an implementation which should be tested and approved as soon as possible.

    2. Same certificates:
      The is a concern about the certificate validity period. The certificate used to validate the signature must be the same than the one used to sign it. The operator is responsible to make sure that all its meta-data are up-to-date.
      We need to validate as long as we keep the private key, we are able to renew de certificate → signature still valid (to be validated?). If the certificate/private key is revoked?
      Stéphane Spahni proposed to generate 2 certificates with the same private key and validate the signature.
      Joao Cunha will try to validate the scenario.

    3. Additional signature:
      Signature after the Endpoint? If several endpoints then we need to repeat the signature node? The signature should not be in a place where it must be repeated.
      Yves ADAM proposed to add it as high as possible of the structure (for instance extension of the ServiceInformation).
      Joao Cunha proposed to add the signature to the extension of the redirect.

    4. Cache implementation:
      Massimiliano Masi has finished the main changes into the ConfigurationManager which call the SML and retrieve the SMP, for the time being there is a handover between Massimiliano Masi and Joao Cunha in order to finish this implementation.

  4. Roadmap:
    Joao Cunha ask some information regarding the different time line of the SMP/SML integration. This will be clarified during the next bi-weekly meeting.

  5. AOB:
    1. SMP Editor:
      Web - based S prepare doc, links and info for Dimiter Petrov.

  6. Next meeting:
    11AM -12AM.