20160906 - Meeting minutes, Monday, September 06th, 2016 - OpenNCP Community meeting (BiWeekly)

OpenNCP Community meeting (BiWeekly)

 

Estimated - 13:00 to 14:00 CET.

Performed - 13:00 to 14:06 CET.

Agenda:

  1. Housekeeping
  2. Collaborative platform (Atlassian onDemand):
    1. Anonymous comments on the OpenNCP wiki
    2. Violation report and security advices
  3. Status task forces
    1. SMP/SML
    2. eID and eSignature
    3. Migration to CEF Digital
    4. Security and Load testing
    5. Terminology server
  4. AOB
  5. Next meeting
    1. SMP/SML meeting?
    2. Technical Committee?
    3. Next bi-weekly meeting

Location:

Adobe Connect: http://ec-wacs.adobeconnect.com/openncp/

Room Passcode:  markus.kalliola or Licinio Kustra Mano

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

If you have never attended an Adobe Connect meeting before:

Test your connection: http://ec-wacs.adobeconnect.com/common/help/en/support/meeting_test.htm

Get a quick overview: http://www.adobe.com/products/adobeconnect.html

Adobe, the Adobe logo, Acrobat and Adobe Connect are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Participants:

S

Christophe.DUMONT

Joao Cunha

Stéphane Spahni

Heiko Zimmermann

@juan pablo Martinez

@maid erovic

RenaudS

robert.spiteri-staines

@jonathan

Antoine.chaudieres

Sara.terraz

@celia

Massimiliano Masi

Marcello Melgara

Dimiter Petrov

b

Meeting Notes:

  1. Housekeeping
    1. This is the first meeting after the Summer break
    2. We will provide a status on the ongoing activities but it has to be noted that more information will follow. Indeed Licinio, who could exceptionally not attend to the meeting, will provide additional information regarding the activities that have taken place during the holidays.
  2. Collaborative platform (Atlassian onDemand):
    1. Anonymous comments:
      1. An anonymous comment was posted on Monday 5/9 on the OpenNCP wiki and deleted by the admin.
      2. For the future, should we block anonymous users to comments on the current wiki?
        1. This is an exceptional situation which can be managed by surveying closely the wiki
        2. It has to be checked if this kind of problem can also arise with the new wiki on the CEF platform
    2. Violation report and security advices:
      1. During the summer Austria encountered a security issue with a firewall that was open and the Tomcat server was corrupted.
      2. Massimiliano Masi could reproduce the attack. The use of weak password should be further investigated. Obviously the breach was linked to the Tomcat and not to the OpenNCP portal
      3. Proposition was made to add information in the installation manual on how to secure Tomcat (default security rules, add links to useful information...). There should be a disclaimer saying that the OpenNCP software is secure and the recommendations provided are not exhaustive. Indeed this is not the responsibility of OpenNCP Community to explain in detail how to secure the Tomcat
      4. There is also work ongoing @EC regarding a security check list. Stéphane Spahni is mentioning a check-list made by the security officer of his organization with a set of recommendations available. If this check-list can be circulated, it could enrich the work ongoing.
  3. Status task forces
    1. SMP/SML
      1. DIGIT provided an analysis regarding the eHealth specificities, the different trust models we have in eHealth and how we would use the building blocks in OpenNCP environment
      2. A solution was developed regarding the trust model to include the multiple signature in the SMP file...Now we can upload SMP files in the scheme operator.
      3. Bugs: It appeared that the SMP file retrieved was different from the one previously uploaded.
        1. The team has been working with DIGIT to solve the "bug", which was rather related to how the SMP server was implemented.
        2. Indeed the behaviour is not similar as with an xml file. The file is reconstructed and returned to the client. There is therefore no guarantee that the uploaded file and downloaded file are exactly equal.
        3. It need to be analysed how to proceed with the implementation
      4. In parallel, Massimiliano Masihas started implementing the caching mechanism
        1. Synchronization and hash map are already included
        2. Still need to include SML to the code. Massimiliano Masi was missing some credentials (now resolved) and he is expected to retart soon, having it probably ready in a week
          1. There is an issue on which code sample to use, but this can be resolved
      5. Questions received from Adrien on Oasis specifications. This will be managed within the task force
      6. Resource: Jerôme suggests that Demeter could work with Joao and Massi on the implementation. Initially it was foreseen to work on SMP editor, but the specifications are not ready yet. Stéphane Spahni would see Demeter preferably working on OpenNCP separated elements
    2. eID and eSignature
      1. There has been a lot of progress on eID on eSENS side, bilateral meetings between Italy and Austria... eSENS task 5.2 circulated a document on patient identification, working closely with EIDAS, trying to establish eID level 4.
      2. The plan is to present the outcome of the work at the next eSENS eID meeting
      3. michele.foucart adds that DIGIT will share with us the eID draft final report this week, more information will follow
    3. Migration to CEF Digital
      1. The migration of Confluence has been done, now we are validating the migrated data
      2. JIRA had to be restructured to comply with CEF guidelines (change of JIRA keys...)
      3. The mapping of the users is ongoing, in order to keep the link between the users and their history on the new platform.
        1. A mail was sent some weeks ago asking OpenNCP users to create an ECAS account and to provide their details in order to do the above mentioned matching
        2. Deadline is on the 16th September. Once final back-up provided, we will not be able to change the mapping any more
      4. Overview planning
        1. 26/8: Providing the Jira backup and  the partial Ecast users list He have to merge all current projects in one => Done
        2. 29/8 - 2/9: JIRA & Confluence migration on CEF TST - DG DIGIT => Done
        3. 5/8 - 9/9: Validation of the migrated data, JIRA & Confluence - DG SANTE => Done
        4. 16/9: Set to read only mode the current OpenNCP Community, provide full backup of Jira and Confluence and full Ecas users list. - DG SANTE =>in preparation
        5. 26/9 - 30/9: JIRA & Confluence migration on CEF PROD - DG DIGIT => Anticipated 1 week to (new date 19/9 - 23/9)
        6. 3/10 - 7/10: Acceptance of the migrated data (in operation) and start using the new platform - DG SANTE => Anticipated 1 week to (new date 26/9 - 30/9)
    1. Security and Load testing - No update
    2. Terminology server
      1. Different implementation scenarios were identified
      2. A white paper with scenarios analysis is being prepared for wide consultation (MS and Communities) to clearly depict the most sustainable scenario.
  4. AOB
    1. Marcello Melgara: Has there been any update regarding the sub-group semantic (eHMSEG) or regarding the terminology server?
      1. The task force should restart soon, more information will follow.
  5. Next meeting
    1. SMP/SML meeting : 13/09 from 15:00 to 16:00 CET
    2. Technical Committee: 22/09 from11:00 to 12:00 CET
    3. Next bi-weekly meeting: 20/09 from 13:00 to 14:00 CET
    • S: Could you schedule the meetings in Confluence's agenda? Thanks in advance