Under the "File" option in the menu bar, you can find the "SMP" option, which will open a new window where you can perform all tasks related to the new central services based on Service Metadata Publishing (SMP).
In this new window, you'll be able to:
To generate signed SMP files from a TSL file you should:
A confirmation dialog will pop-up, prompting the scheme operator to confirm that he wants to apply his signature (ideally, a QES) to the content of the different SMP files:
Note: Currently, only XML Digital Signatures are supported. Further discussion/development is needed before being able to apply a XaDES.
After confirmation, the files will be generated. As a result, a folder named CC (with "CC" being the uppercase two-letter country code of your country, e.g., LU for Luxembourg, MT for Malta, etc) can now be found under the chosen output folder, containing the SMP files for the services declared by the TSL file. Following is a list of possible files that may be found, depending on the TSL file configuration:
The signature that is applied is the scheme operator's and it is stored under the Endpoint/Extension element of the file. So, even if those SMP files contain a Signature element, they are not SignedServiceMetadata but just ServiceMetadata (see following sample file). The SignedServiceMetadata will be created when the SMP server applies its signature to the uploaded file.
<?xml version="1.0" encoding="UTF-8"?><ServiceMetadata xmlns="http://busdox.org/serviceMetadata/publishing/1.0/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ids="http://busdox.org/transport/identifiers/1.0/" xmlns:ns="urn:esens:smp" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <ServiceInformation> <ids:ParticipantIdentifier scheme="ehealth-actorid-qns">urn:ehealth:pt:ncpb-idp</ids:ParticipantIdentifier> <ids:DocumentIdentifier scheme="ehealth-resid-qns">urn::epsos##services:extended:epsos::52</ids:DocumentIdentifier> <ProcessList> <Process> <ids:ProcessIdentifier scheme="ehealth-procid-qns">urn:epsosConsentService::Discard</ids:ProcessIdentifier> <ServiceEndpointList> <Endpoint transportProfile="urn:ihe:iti:2013:xdr"> <wsa:EndpointReference> <wsa:Address>https://qaepsos.min-saude.pt:8443/epsos-ws-server/services/XDR_Service</wsa:Address> </wsa:EndpointReference> <RequireBusinessLevelSignature>false</RequireBusinessLevelSignature> <MinimumAuthenticationLevel>urn:epSOS:loa:1</MinimumAuthenticationLevel> <ServiceActivationDate>2016-06-06T11:06:51.000+02:00</ServiceActivationDate> <ServiceExpirationDate>2026-06-06T11:06:51+02:00</ServiceExpirationDate> <Certificate>MIID7jCCA1egAwIBAgICA+YwDQYJKoZIhvcNAQENBQAwOjELMAkGA1UEBhMCRlIxEzARBgNVBAoMCklIRSBFdXJvcGUxFjAUBgNVBAMMDUlIRSBFdXJvcGUgQ0EwHhcNMTYwNjAxMTQzNTUzWhcNMjYwNjAxMTQzNTUzWjCBgzELMAkGA1UEBhMCUFQxDDAKBgNVBAoMA01vSDENMAsGA1UECwwEU1BNUzENMAsGA1UEKgwESm9hbzEOMAwGA1UEBRMFQ3VuaGExHTAbBgNVBAMMFHFhZXBzb3MubWluLXNhdWRlLnB0MRkwFwYDVQQMDBBTZXJ2aWNlIFByb3ZpZGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1eN4qPSSRZqjVFG9TlcPlxf2WiSimQK9L1nf9Z/s0ezeGQjCukDeDq/Wzqd9fpHhaMMq+XSSOtyEtIr5K/As4kFrViONUUkG12J6UllSWogp0NYFwA4wIqKSFiTnQS5/nRTs05oONCCGILCyJNNeO53JzPlaq3/QbPLssuSAr6XucPE8wBBGM8b/TsB2G/zjG8yuSTgGbhaZekq/Vnf9ftj1fr/vJDDAQgH6Yvzd88Z0DACJPHfW1p4F/OWLI386Bq7g/bo1DUPAyEwlf+CkLgJWRKki3yJlOCIZ9enMA5O7rfeG3rXdgYGmWS7tNEgKXxgC+heiYvi7ZWd7M+/SUwIDAQABo4IBMzCCAS8wPgYDVR0fBDcwNTAzoDGgL4YtaHR0cHM6Ly9nYXplbGxlLmloZS5uZXQvcGtpL2NybC82NDMvY2FjcmwuY3JsMDwGCWCGSAGG+EIBBAQvFi1odHRwczovL2dhemVsbGUuaWhlLm5ldC9wa2kvY3JsLzY0My9jYWNybC5jcmwwPAYJYIZIAYb4QgEDBC8WLWh0dHBzOi8vZ2F6ZWxsZS5paGUubmV0L3BraS9jcmwvNjQzL2NhY3JsLmNybDAfBgNVHSMEGDAWgBTsMw4TyCJeouFrr0N7el3Sd3MdfjAdBgNVHQ4EFgQU1GQ/K1ykIwWFgiONzWJLQzufF/8wDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBSAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQENBQADgYEAZ7t1Qkr9wz3q6+WcF6p/YX7Jr0CzVe7w58FvJFk2AsHeYkSlOyO5hxNpQbs1L1v6JrcqziNFrh2QKGT2v6iPdWtdCT8HBLjmuvVWxxnfzYjdQ0J+kdKMAEV6EtWU78OqL60CCtUZKXE/NKJUq7TTUCFP2fwiARy/t1dTD2NZo8c=</Certificate> <ServiceDescription>This is the epSOS Consent Service Discard of the PT NCP</ServiceDescription> <TechnicalContactUrl>licinio.mano@spms.min-saude.pt</TechnicalContactUrl> <TechnicalInformationUrl>licinio.mano@spms.min-saude.pt</TechnicalInformationUrl> <Extension><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>XsO4xndDzhkLVWWlG8mbPMkeV3KaIkAvSJUmKs5vXCs=</DigestValue></Reference></SignedInfo><SignatureValue>eLm+Zd9hAqkrvX9TUXmD3gmDRtk2PXNvfLKswA9nkAJguZuvks4Iky+kRGVG9Fu5bDybRYPh2ydG X0EyQmfPFa43lfDQcSExUGuYNNyH4zlDyWpPErrW8+tHPqjqOQ7DVsGjgozvWSXDd8rFTGK5ZQQX jwy9v56BGD91URrRkYOl9IT39mUiEfv7CBjxBPxiGm1IyN8u3hjbjy1TbXhbOZQFcCijhn3KfzZI stO0LPgjBsgW8+S6vjMvUjSpillCAqQLN1pYFA2bcVQ5DlisrKD5X2/Q+xwhTkZG4ef0xfDH24Ay PhCj31nq0OhfhN0HlraxZOT7ZN070PHB/k88Nw==</SignatureValue><KeyInfo><X509Data><X509SubjectName>2.5.4.12=#130d4e4350205369676e6174757265,CN=qaepsos.min-saude.pt,2.5.4.4=#130543756e6861,2.5.4.42=#13044a6f616f,OU=SPMS,O=MoH,C=PT</X509SubjectName><X509Certificate>MIIFfjCCA2agAwIBAgIJANRiin1jp/saMA0GCSqGSIb3DQEBDQUAMIGWMQswCQYDVQQGEwJQVDEO MAwGA1UECAwFUG9ydG8xDjAMBgNVBAcMBVBvcnRvMQwwCgYDVQQKDANNb0gxDTALBgNVBAsMBFNQ TVMxHTAbBgNVBAMMFHFhZXBzb3MubWluLXNhdWRlLnB0MSswKQYJKoZIhvcNAQkBFhxqb2FvLmN1 bmhhQHNwbXMubWluLXNhdWRlLnB0MB4XDTE2MDUzMTA4MTQzMloXDTE3MDUzMTA4MTQzMlowgYAx CzAJBgNVBAYTAlBUMQwwCgYDVQQKEwNNb0gxDTALBgNVBAsTBFNQTVMxDTALBgNVBCoTBEpvYW8x DjAMBgNVBAQTBUN1bmhhMR0wGwYDVQQDExRxYWVwc29zLm1pbi1zYXVkZS5wdDEWMBQGA1UEDBMN TkNQIFNpZ25hdHVyZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOUtgZmteNoj8wiV VUiJkm3UW4zHuzcMFFlLNi+x8CXOPbH6k7EtDSt0GPi5zeyjmptrT4XlQ/8qbCnhbO3HkI2IbobL AU2YCX2xChyZj9CYfpkil5zu5/qnUY8O7Ion7xURv8QGMISG0P+7U45jJACO8gny+VMFdkjsD7Ti 1ue186t3DCe/3XinXUqXErp+8PEo2OlVmdPlwfi5GwqzPHx3/zthSWwuvi+FYWrOGWImxzHamoGr qoFwVpD/QSR0J43QCn1E0797WS+ZDcN3tOEw5FuKhJeSjB+kMA82ZrBBOk9qLA/51blDB2P3cHu1 aIWPAfjP+t/toe8BHJs2HQMCAwEAAaOB4jCB3zAnBgNVHREEIDAegRxqb2FvLmN1bmhhQHNwbXMu bWluLXNhdWRlLnB0MA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBTLgIXwVzdhy0m0xLyIkVrO zAHS3zAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRCLmoQP604l7tdAmhM/E3JM9qehDA+BgNVHR8E NzA1MDOgMaAvhi1odHRwczovL2dhemVsbGUuaWhlLm5ldC9wa2kvY3JsLzY0My9jYWNybC5jcmww FgYDVR0gBA8wDTALBgkrBgEEAbA8CgIwDQYJKoZIhvcNAQENBQADggIBAKGh81RBxSq99c91HAnp ajnRpfgYUqo+B5DQvqB1W5G/AltCy5TOnNZrZZkcksd6RXSiE9KAWTVuCu1rit6Msqx8mC2B+ohE GLIz/14073x7FAb8YjU//dL0qrh3RBmq9p2gahNRQHTKgRVarSJti1/ES4tK4PexAn3OifuiXaYh LV6jL27by90Q4FGI0STB1SnFW0oR62jOljwhw5LBm95jH2JGm8G3flfwSNbHpKUfAEoa8to+de3r CFqO4Efp/FduT/xfWssTZVGeyEucG3pA21QBg5VgtzWywsEI5Xow4rueywRGeA/+z/K080d0s0E4 4isPgYS1bb+KPb5jxV3epjWIxV+bdJqKx2dKXDLySngiXwU46AwLK3+Y8VIG/PSXCn8n62yNcNfI Csk+eNCNUeUdQY6eypq2f958dSdS7ERFs2JqWqWZHlyUJExk5q4yib57WuFb9fg18s8cjdImNRjO uZvsf6BxSCjwV9yokwmXNQJcK64M6i0FwlOeNdo2BelUXiDGv8cb/QJIwuReXhHpYJMPmOikey6A uGeZ2tuxNW0tnk/aEqSrmeSA8fuq95VNLvj9/VY+pAyrfGOl4VL2kyhZHmqYi78gNnt/u9T/l4oV lMnlCv9IyWwfrILBQxs5D8nK0KPXKYjDXv/Sf2GhefCm7boJiMmXjzie</X509Certificate></X509Data></KeyInfo></Signature></Extension> </Endpoint> </ServiceEndpointList> </Process> </ProcessList> </ServiceInformation> </ServiceMetadata> |
Before trying to upload SMP files, you need to request the SMP administrator to register your country in the SMP server, providing the following identificator:
ehealth-actorid-qns::urn:ehealth:<cc>:ncpb-idp |
<cc> should be replaced by the lowercase two-letter code for your country (e.g., for Malta it'd be like: ehealth-actorid-qns::urn:ehealth:mt:ncpb-idp). Upon request, you'll be provided with your username and password.
It's only possible to upload SMP files representing ServiceMetadata, not SignedServiceMetadata. The latter is created by the SMP server itself by applying its own signature to the file. |
To upload the generated SMP files to an SMP server you should:
The current SMP server address is: http://ehealth.smp.e-sens.gr
If the upload is successful, a dialog must be displayed showing the status of the operation as well as URLs pointing to the country's available resources in the SMP server. You'll be provided the following resources:
This resources can be retrieved in a RESTful way by means of an HTTP GET operation (you can simply paste the URL in the browser).
The SMP files retrieved from the server MUST have 2 signatures: 1) The remote scheme operator signature (applied in the Endpoint/Extension element); 2) The SMP server signature, applied to the ServiceMetadata (making it a SignedServiceMetadata). |