Adobe, the Adobe logo, Acrobat and Adobe Connect are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.
Digital signature is easier to put in place and by doing this we would be compliant with the specifications.
Heiko Zimmermann is also in favour of the digital signature, which is already working on SANTE platform.
Stéphane Spahni: if xml digital signature is successful in Luxembourg, we can use it too.
From the developpers point of view it is ok to use digital signature. Massimiliano Masi: epsos specs 3.8.7 already defined the algorithm and thus there is nothing to do on the specifications point of view.
What about performance?
Heiko Zimmermann: we can only estimate regarding the performance. Are there experience? No.
According to Sit should not be a problem because we don't exchange a lot of messages
Stéphane Spahni: it might happen if the machine has a too low load. He experienced problems with creating certificates with new machines which are more powerful.
Massimiliano Masi: we should be worried about performance in case of denial of services, but the risk is very low. Should not be a performance issue.
There were question regarding secure conversation but there have been some improvements on the solution which is now mature.
Decision to go with xml digital signature.
Cache mechanism:
A discussion was initiated by e-mail regarding performance issue. The question is how do we work with the cache?
Joao made an analysis on the use of cache. Problem is to create a distributed cache or configuration manager as standalone component. There are a lot of possible solution of distributed cache. It merges the need for SMP/SML and config manager.
2 kinds of properties have to be distinguished and skip them in files and some to be kept in database (url point)
Trusted node and how to access NCP in a secured way. In order to have a secure node we should have in a database => to be checked with Marcello Melgara
S: we don't need a full cache. How do we maintain different properties values between components?
How many accesses will we have?
Massimiliano Masi: The caching mechanism was introduced to have the SMP querying to the DNS cache
Distributed cache is complex => point of failure
2 solutions: using 1 tool (Jgroup or other...), creating another standalone component for configuration manager. The easiest according to S would be to use a tool
Massimiliano Masi: why don't we just create interfaces and MS decide to implement what they want? and eventually give a reference implementation Jgroup or other as a plug-in
Joao Cunha: do we have a need from the MS? Apparently yes.
Conclusion?
In order to have a secure node we should have in a database - to be validated with Marcello Melgara
In any case we need a cache => List all the tool that exist in open source, then organize a vote on a discussion page
CDA: alignment of xml file with the CDA implementation guide => Point added to the "proposed agenda"
Question from Heiko Zimmermann: Are the modifications in the CDA implementation guide, which has been revised in Expand, implementing compliance to the current version of the EU Guidelines on Patient Summary
Specification deviations draft => Massimiliano Masi : the document is available on the security task force, comments from Joao and Marcello => epsos specs 3.8
Could Kostas check before the next security? 1pm
TSL editor – Naming of the NCP Service Status List: do we really need syntax over it?” problem with specs and implementation;