/
20160202 - Meeting minutes, Tuesday, February 2nd February, 2016 - OpenNCP Task Force - Security

20160202 - Meeting minutes, Tuesday, February 2nd February, 2016 - OpenNCP Task Force - Security

Sept 06, 2016

OpenNCP Task Force - Security

Feb 2, 2016 

Estimated - 13:30 to 14:30 CET

Performed - 13:30 to 14:30 CET

AGENDA

0. Housekeeping (Jerome)

1. Relaxation?

2. Technical vulnerabilities and remediation

3. AOB

4. Next meeting

 

LOCATION 

Adobe Connect: http://ec-wacs.adobeconnect.com/openncp/

Room Passcode:  (Ask if necessary)

----------------

If you have never attended an Adobe Connect meeting before:

Test your connection: http://ec-wacs.adobeconnect.com/common/help/en/support/meeting_test.htm

Get a quick overview: http://www.adobe.com/products/adobeconnect.html

Adobe, the Adobe logo, Acrobat and Adobe Connect are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.

PARTICIPANTS

Today's Meeting Participants:

@S

@Joao Cunha

@Kostas Karkaletsis

@Massimiliano Masi

@Stéphane Spahni

@michele.foucart

@Nathan TAKU

 

MEETING NOTES:

 

  1. Housekeeping (Jerome):

  • @S Security task force is the group in charge of fixing known security issues, and providing security policies document in order to improve the scalability of OpenNCP components.

  • A first testing session (security and load) has been run from a end to end flow (client --> NCPB --> NCPA).

3. AOB

  1. What is the status on the version number of certificates? It should be 5 according to Massi

    1. This has also to be communicated to the Member States

  2. Do we need more certificates for the use of SMP/SML?

    1. SMP puts the signature on the metadata => against epSOS current model

    2. According to Massi, we may need additional certificates. Joao also refers to DIGIT impact analysis

 

4. Next meeting

Will be organized ad hoc

5. Next steps

  • List pro's and con's for message signature: Open discussion - Security task force members@S, @Joao Cunha@Kostas Karkaletsis@Massimiliano Masi@Stéphane Spahni@Nathan TAKU, @Heiko Zimmermann

  • @Massimiliano Masi will start a document with the functional requirements regarding the integration with the national connector on the national infrastructure side. This document will be shared with Kostas, Joao and Jerôme

  • @S will make a list of issues and a first proposition of prioritization