Adobe, the Adobe logo, Acrobat and Adobe Connect are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. ----------------
This is an e-SENS task that is being supported by EXPAND/OpenNCP Community.
We MUST make sure that everyone understands that the request is an e-SENS pilot request and not something that the OpenNCP just decided to do.
Good approach, instead of stop everything, work for clarifying what opportunities are there to use the SMP as bridge to remove relaxations adopted during epSOS.
Joao Cunha Provide an overview on the work done so far:
Joao Cunha and @Uwe did a MAGNIFICENT work on recovering information and making it available for all of us that use the services but never went down there do understand how they have been implement.
Technical discussion about the open questions about the document...
1) How is the update of the SMP file of a country going to be made? TSL-Editor to produce SMP files and integrate a REST client in the TSL-Editor to communicate with the SMP server?
Answer: A short-term solution would be:
i) Use the TSL-Editor to create TSL files as it currently happens;
ii) Create a script to run in the NCP to transform TSL files in SMP (1 to 1 mapping).
iii) Create an app to communicate with the rest client from DIGIT which is running in the SMP server.
A long-term solution would be to refactor TSL-Editor to be a component that generates SMP files natively and speak REST to the DIGIT client. It must be noted that TSL-Editor was created to not infringe security rules (we must not break the circle of trust). It must not be used in real cases, only test environment.
2) How will the workflow be regarding the storage of configurations and their refresh after being modified?
Answer: TSL-Sync won't be needed anymore. SMP clients are expected to retrieve the metadata and store it in cache (e.g. for 1 hour). A cache invalidation algorithm must be applied to detect changes and perform a new lookup.
3) In TSL files, certificates are associated to NCP-Gateway (encryption+signature), VPN-Gateway and Signature. In SMP files we have 1 certificate per service. Are they for encryption or signature? TLS or WS?
Answer: To be used by gateway, do whatever you want, not restricted to signing or encryption
- The purpose of the certificates is not defined in the SMP spec.
4) Is DocumentIdentifier mapped with epSOS EventIDs (D3.4.2 - 4.5.8.1)?
Answer: yes.
5) SAMLIssueServiceInformation.xml: extension with certificate from IdP-B, STS SAML issuer and trusted STSs
Answer: Proposed idea for automatic configuration of NCP (with establishment of trust between STS), but is out of scope.
Other Questions)
- DNS domain name (single domain name? one per country?) - Massi to explain in a document or email
- 1 SMP with a single node (University of Piraeus)
4. AOB
Many questions, doubts, still needs to be adressed and answered before we can proceed to conclude the document.
Next meeting ASAP is needed to proceed.
Today's meeting actions and next meeting:
Rui Alves (Unlicensed): Follow up minutes + Schedule next meeting (Next SMP/SML 14h00 CEST).
