/
20151015 - Meeting minutes, Thursday, October 15th, 2015 - OpenNCP integration with SMP

20151015 - Meeting minutes, Thursday, October 15th, 2015 - OpenNCP integration with SMP

Oct 19, 2015

OpenNCP integration with SMP

Oct 15, 2015 

Estimated - 15:30 to 17:30 CEST

Performed - 15:30 to 17:30 CEST

AGENDA

1. Discussion about open issues that are halting us from progressing with this e-SENS BB

 

LOCATION

  •   DG-DIGIT office: DIGIT ROOM B-28 2/SDR1 AUDIO

PARTICIPANTS

 

Today's Meeting Participants:

@Rui Alves (Unlicensed) 

@Joao Cunha

@Alexandre Santos

@S

Adrien Ferial (DG DIGIT)

Sandro D'Orazio (DG DIGIT)

@Massimiliano Masi

 

Invited Members List:

Uwe Roth

MEETING NOTES

1. Discussion

  • Each NI trusts its own NCP

    • How this is established is not defined by epSOS but by national infrastructure of each country (each MS is sovereign)

    • The Framework Agreement (FWA) states that the only trusted actors are the NCPs

  • Each country has a Trusted List (TL-A and TL-B) that directly trust themselves

    • Each TL has a list of CAs

  • IdA is signed by the certificate issued by CA in TL

  • TSL has been defined to be signed by a certificate issued by CA in TL

  • TSL file integrity is verified by checking the signature

  • TSL file authentication is verified since it is signed with a certificate being issued by CA in TL

  • Current TSL file has a digital signature (that is not an aDES) because it's currently signed by NCP Signature certificate

  • Each NI trusts its own NCP as a data processor, not the SMP (by the FWA). From a technical point of view, it is acceptable that the SMP signs the SMP files (there's no security degradation) but not from a legal point of view

  • A single PKI model doesn't fit eHealth because some countries need their certificates to be issued by specific national CAs

    • To go for a PKI model we have to reach a consensus among the MS

  • SMP files can only have one signature (one single <Signature> element), by SMP spec

  • Can we redefine the FWA to include SMP as a trusted node? Can we do that within the timeframe of e-SENS? DIGIT has someone that can help...

  • New information: HTTP GET can be done via HTTPS (1-one way SSL). (PUT is done via 2-way SSL)

  • If FWA changes, SMP would be kept in Trust Zone II

 

2. Actions agreed

In order to keep the epSOS trust model we have 3 possibilities:

  1. Try to change the FWA (DG-SANTE)

  2. Have multiple signatures on the SMP files (OASIS to change the SMP spec)

    1. Would conflict with other domains due to changes in the XSD

  3. Try to use extensions, putting the signature in the extension

    1. No need to change the SMP spec (but we should confirm with OASIS)

    2. Predicted workflow:

      1. NCP-A signs SMP file with trusted certificate and PUTs it in SMP

      2. SMP verifies signature of SMP file

      3. SMP puts the NCP signature in the extension

      4. SMP signs the SMP file with its own certificate

      5. NCP-B fetches SMP file

      6. NCP-B verifies SMP signature

      7. NCP-B changes the SMP file to replace the SMP signature with the NCP-A signature that is stored in the extension

      8. NCP-B verifies the SMP file (now signed with NCP-A certificate)


    We can try to address #1 and #2 in parallel and leave option #3 as a fallback solution if #1 or #2 fail.

 

  • We'll have SMP/SML centralized in September 2016 in Production environment (DIGIT)

  • None of the actions previously agreed will be ready until the end of this year (DIGIT)

  • As for the pilot, we have 2 scenarios:

 

Photos of the whiteboard: