20160429 - Meeting minutes, Friday April 29th 2016 - Task force SML/SMP

29 Apr 2016 

Estimated: 13:00 to 14:00 CET.

Performed:13:16 to 14:10 CET

Agenda

1. Connectathon
   1. Feedback tests
   2. agreement on a let-it-fail configuration manager: singletons (O(nsec)) without notifications, allowing bursts
2. Business analysis update
   1. see document "Comments_SMP_ICD_v0 10"
3. Deployment environments: different environments for PPT and Prod or differenciation?
4. Update from Oasis
   1. Source code license of the new OASIS-SMP
   2. Doubt on the usage of extensions for the additional signature
5. Update cache?
6. Updated roadmap?
   1. Projectathon for testing SMP/SML final developments?
   2. e-SENS eHealth pilot timing
      1. NCP autoconfigurationin June
      2. Pilot in October
7. Next steps

Location

• AdobeConnect:

http://ec-wacs.adobeconnect.com/openncp/
Room Passcode:  markus.kalliola or michele.foucart
------------------------------------------------------------------------------------------------
If you have never attended an Adobe Connect meeting before:
Test your connection: http://ec-wacs.adobeconnect.com/common/help/en/support/meeting_test.htm
Get a quick overview: http://www.adobe.com/products/adobeconnect.html
Adobe, the Adobe logo, Acrobat and Adobe Connect are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries.
------------------------------------------------------------------------------------------------

Supporting documents

Participants

Adrien FERIAL, Yves ADAM

Heiko Zimmermann

Joao Cunha

Massimiliano Masi

S

michele.foucart

Meeting Notes

1. Connectathon
   1. Feedback tests:
      
      1. SMP tests performed, similarly as during the Expandathon. It went well for PT and AU.
      2. DG SANTE was not registered on the SMP server and could therefore not perform tests.
         
         
2. Cache and agreement reached
   
   1. Agreement on a let-it-fail configuration manager: singletons (O(nsec)) without notifications, allowing bursts
   2. Massi explains the process (update propertie file etc.) and the fall backs process
   3. Get the date SMP on the fly
   4. Implementation? Massimiliano Masi proposes to start the implementation in +/-2 weeks. As long as SMP query is working, it should take approximately 2 to 3 days. Thanks a lot Massi! 
      
      
3. Business analysis update
    "Comments_SMP_ICD_v0 10"
   1. § 3.5.2.2 (discussed in // with the update of OASIS)
      

      "The SignedServiceMetadata structure holds both a ServiceMetadata structure and the corresponding signature by the receiver to allow the user (or any other user) verifying the authenticity of the information provided by the SMP by using the public key of the receiver before sending him any document" –

       => does this still apply after the analysis of CR from OASIS TC (can we disclose it?)?

   2. §4.1.2
      

      To be updated according to feedback from OASIS TC: use "lax" –

       => Can we already disclose it in this doc? Yes

   3. §4.4.2
      "eHealth will host its SMP instance"  => What does this mean? Will it be an authority different from DIGIT?
      1. owner of environment = DIGIT, the responsible of the service = DS SANTE.
      2. DIGIT will also provide some support, but together with SANTE to ensure that there is a knowledge transfer to SANTE. DIGIT will also provide all the necessary documentation (H2 configure it etc.)
      3. This separation of responsibilities should be documented somewhere. This should be done via a MoU describing the responsibilities amongst DGs.
         
         • michele.foucartwill check if this point is mentioned in the MoU => Update to be done for the next meeting.
      4. If a MS wants to install own SMP server, it will be responsible for installation and operation, but supported by DIGIT (installation manual, source code etc. will be provided)

   4. §4.4.2
      Regarding this note from the previous comments: "This document is a generic one. This choice is left open to the various future implementations and therefore not specified in here."

      =>  maybe include it in the document? Specific case of eHealth, there should not be a separate document.

4. Deployment environments: different environments for PPT and Prod or differenciation?
   1. Context: In eHealth we have pre-pilot environment and prod environment. How will it work with SMP?
   2. In Peppol network it is working as following: SML (in production) and SMK (= acceptance environment). 2 sets of certificates: 1 testing (acceptance) and 1 production. When SMP, you have 2 environment. You register tests in SMK, test certificate with SMK. (It won't work with production certif). ONce in production, prod certificate and register in SML in production. There is a strong isolation between acceptance and production. Similar way of doing with SMP.
   3. Idea would be to reproduce the same model as for Peppol network.
      
      
5. Update from Oasis
   1. § 3.5.2.2 "The SignedServiceMetadata structure holds both a ServiceMetadata structure and the corresponding signature by the receiver to allow the user (or any other user) verifying the authenticity of the information provided by the SMP by using the public key of the receiver before sending him any document"
   2. 1. SMP behaviour should not be changed (specific need of eHealth).
      2. The info provided by the SMP by using the public key of the "SMP" and not of the "receiver"...the sentence is partially correct.
      3. xml signature & place within the signature object. Massimiliano Masi: Will the receiver be able to verify the signature in the case described by Massi? Adrien FERIAL: Maybe the signature should only be on service metadata and exclude extension...? Adrien needs a more concrete example to be able to answer. Massimiliano Masi proposes to simulate with a prototype. We should still be on time with regards to the timeline with Oasis. For the time being there is no direct link with Oasis on this particular case.
   3. Source code license of the new OASIS-SMP - Opensource EUPL1.1.
   4. Doubt on the usage of extensions for the additional signature
   5. EUPL source code license - question to be raised to Soeren Bittins
      
      
6. Updated roadmap?
   1. DIGIT ressources: DIGIT has good news regarding recruitment, they received the application of 1 good candidate.
   2. Projectathon for testing SMP/SML final developments?
      1. We stick on the deadlines communicated to people from open Peppol and EC - no feedback received from the public consultation.
         
         1. SML 31rst of July
         2. SMP production ready: end of November (available for testing before)
      2. Instead of start in August => October (delay of 2 months)
      3. Does DG SANTE is planning to test the final integration work of SMP/SML in a Projectathon?
         1. This discussion/action is currently ongoing within DG SANTE. Feedback is expected the lated for the next eHMSEG meeting (30/6) which also raised the question.
         2. Adrien highlights the importance of making the liaison with DIGIT OMB (Organisational Management Board) to inform eDelivery (planning depedencies with other projects...) of our internal deadlines (CAT/PAT). Markus is present at those meetings. Next OMB meeting in May
   3. e-SENS eHealth pilot timing - Milestones in June, October and February 2017
      1. There will be a simulated encounter in June where eSENS use case will be simulated (eP and PS) to validate the building blocks
         1. Will we have the new SMP ready to be tested in June? It depends on when the new ressource will be available.
      2. NCP autoconfigurationin June
      3. Pilot in October
7. Next meeting: 12 May 2016 11 am