OpenNCP integration with eID

Estimated - 14:00 to 14:30 CEST

Performed - 14:00 to 15:10 CEST

AGENDA

a) Progress monitoring towards LARMS stable release;

b) Progress monitoring towards LARMS integration into OpenNCP bundle and release;

c) Early preparations for 2.3.0-RC1 (includes LARMS and other bug fixes - made since last release)

d) AOB: Scheduling f next meting, preferably during next week.

LOCATION

- Wiki+ WorkBench + AdobeConnect

Development Board: https://openncp.atlassian.net/secure/RapidBoard.jspa?rapidView=1
AdobeConnect:
- http://ec-wacs.adobeconnect.com/openncp/
  Room Passcode: ask Rui Alves (Unlicensed) or markus.kalliola
  ----------------
  If you have never attended an Adobe Connect meeting before:
  Test your connection: http://ec-wacs.adobeconnect.com/common/help/en/support/meeting_test.htm
  Get a quick overview: http://www.adobe.com/products/adobeconnect.html
  Adobe, the Adobe logo, Acrobat and Adobe Connect are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.
  ----------------

PARTICIPANTS

Today's Meeting Participants:

João Gonçalves <joao.cunha@spms.min-saude.pt>

Jerome Subiger <jerome.subiger@ext.ec.europa.eu>

Michele Foucard <Michele.FOUCART@ext.ec.europa.eu>

Massimiliano Masi <massimiliano.masi@tiani-spirit.com>

Robert Scharinger <Robert.Scharinger@bmg.gv.at>

Sören Bittins <soeren.bittins@fokus.fraunhofer.de>

Alexandre Santos <alexandre.santos@spms.min-saude.pt>

Tomé Vardasca <tome.vardasca@spms.min-saude.pt>

Ioannis Petrakis <petrakis@ics.forth.gr>

Invited Members List:

Rui Alves <rui.alves@spms.min-saude.pt>,

Licinio Mano <licinio.mano@spms.min-saude.pt>,

Stéphane Spahni <stephane.spahni@hcuge.ch>,

Kostas Karkaletsis <k.karkaletsis@gnomon.com.gr>,

Daniele Crespi <Daniele.Crespi@lispa.it>,

Markus Kalliola <markus.kalliola@ec.europa.eu>,

MEETING NOTES

0. Overview

- - Work Scope
    - Understand the scope of the integration of eID (from e-SENS) into OpenNCP.
  - Time Scope:

- - - OpenNCP Release with LARMS integrated (Level 1) until End of July.

1. Relevant Documentation (What's gathered so far)

- e-SENS Video: Short demonstration of the eID use-case from e-SENS (LARMS): to be made available.

The eID approach: The different levels

Level (Requirements)	Mode	Pilot	Action by Pat	Attributes
Level 0	Manual input in the portal.	epSOS	Minimum D3.6.2
Level 1 (disconnected mode possible)	LARMS	?? (eSENS eHeath OpenNCP 2.3.0 – floting componento any portal	Pat gives card, does not type;	Surname given name gender unique (health) identifier; Varies with each country*	RISK: not 100% sure individual ID
Level 3 (connection to internet and to Country A is needed/national PKIs via centraized service)	LAMb+Pat action		Patient confirms (mobile key; Pins of the card)		Allows “signed consent” Authetication is possible
Level 4 (Does not use local functions of the card, uses online “information”; access to PEP)	DCA Distributed CrossB Authentication	Stork II	Patient confirms (mobile key; Pins of the card) in a PC at the PoCare)	(atributes in the “assertion are the key issue”)	Confirms with National PKI everything; Confirmes eIDAS.
Level 5	.Advanced Mobile APP solution (AMAPP)		Use their mobile phone for full autentication without card need

2. Meeting Minutes:

Alexandre Santos: lists the developments from last week and further work for next week

Soeren Bittinshas provided the source code for the LARMS and LAM addon to FutureID client, based on the Open eCard Framework (http://www.openecard.org/en/startpage/) as well the source code for the test page already showed to the group (http://jnlp.fokus.fraunhofer.de/)
Alexandre Santos has uploaded both projects to BitBucket, both on private repositories only available to the OpenNCP Team members
Alexandre Santos informs the group that work is being prepared for a first release of OpenNCP Portal including this modules until the end of July

Marcello Melgara: ask Alexandre Santos if it is possible to deliver a new version of OpenNCP until 31 of July. Alexandre Santos explains that this LARMS implementation is only available to the frontend, so it will be implemented only on the Portal. Countries like Italy (or Lombardia Region) that do not use the OpenNCP Portal won't see any change on the OpenNCP itself. It will be an implementation that will be decided and developed by the local teams.

Soeren Bittins: for now only the LARMS is included for deployment, next steps like LAM will come later. Further developments must be done to solve some problems like some IE versions used in Italy.

Soeren Bittins: the actual licence of the LARMS/FutureID Client is GPLv3 which is a problem for now. It will be changed to ASL in the future, it is being considered by the Fraunhofer team.

Soeren Bittins: the version of the client made available this week is production ready. There maybe some problems with countries that have more than one version of their eCard, the tests made by the development team was based only on the tests cards provided to them - it is necessary that all coutries test with all versions of each card and provide feedback.

Soeren Bittins: the next steps, i.e. LAM, will have a great impact on OpenNCP itself. Massi's email of the 21th of July explains what the OpenNCP team must look at. There are some more problems like the way OpenNCP validates Certificates, a problem already discussed with Licinio Kustra Mano (not validating the DN and only the CN)

Soeren Bittins: there were some relaxations made in 2010 for epSOS and it's time now (2015) to address those issues. Countries are using IdP, for instance.

Soeren Bittins: confronts Alexandre Santos with the fact that not all countries are using the Portal and ask if it makes sense to have that effort. Alexandre Santos states that this is a frontend only implementation and it's a proof of concept/reference for other countries to look at.

Massimiliano Masi: shares with the group the link for the White Paper that influenced the epSOS Access Control - http://www.ihe.net/Technical_Framework/upload/IHE_ITI_TF_WhitePaper_AccessControl_2009-09-28.pdf

Soeren Bittins: the steps needed for going live are on the White Paper, specially for Portugal

Soeren Bittins: LAM module is active and mature and will be realased in the second week of August. We need the TRC-STS issue on openNCP solved, Massi email.

Soeren Bittins: There is an issue that the assertion made by the LAM is correct on NCP-B but sometimes fails on NCP-A. Massimiliano Masi informs that this issue about certificates not being known by the OpenNCP-A can be solved with the SMP solution. Soeren Bittins retrieves with the fact that there is no SMP services and implementation in 3 weeks time. Massimiliano Masi agrees with the time frame being to short for SMP services being available for countries.

Soeren Bittins: each OpenNCP has it's own trust store, which is a problem for certificates management. This a problem from epSOS v1, not a OpenNCP created one. Must be address.

3. AOB

NEXT MEETING - Thursday, Jul 30th 2015 14:00 CEST - 30 min call.

- - - Alexandre Santos - prepare the new OpenNCP Portal Release with LARMS
    - Continue with the discussion about implementing LAM
    - Try to involve Konstantin on this discussion