Date

Attendees

Discussion items

ItemNotes
Approval of Previous meeting minutes
Agenda Approval

The following agenda for the meeting was approved without comments:

  1. Roll call
  2. Approval of the agenda
  3. Approval of the minutes of last meeting
  4. Progress update and discussion items
  5. AOB
Conformance and connectivity testing updates
  • MD reported that the conformance test platform was updated with new versions of Minder and Kerkovi
    • Minder 2.5.1
    • Kerkovi 1.9.1
  • The conformance test platform was updated with
    • a new test suite covering the SBDH profile extension
  • MD re-invited solution providers with an exposure to the ENTSOG community to perform the specific ENTSOG module.
  • MD reported there was a continuous steady grow of conformant solutions, with 25 being conformant and several others in the progress of testing.
  • Additionally, in the context of the connectivity testing, around 50 connectivity tests have been performed since last meeting.
API and Blockchain study
  • DG and IC reported that the ISA2 work programme for 2020 was approved in March 2020 and that the Innovative Public Services action includes work related to eDelivery.
  • The work will be carried out by DIGIT, JRC and CNECT with the support of a group of MSs representatives part of the Informal Cooperation Network for eDelivery.  More context is available in the text below:

About the ISA² action on Innovative Public Services (future of CEF eDelivery):

For the current year, this action has, among others, the objective of developing relevant legal, organisational and technical artefacts trialled through an extension and combination of the CEF eDelivery building block with blockchain based transactions’ log and a REST-based profile (a.k.a. APIs approach), that support new patterns of data access by request and data sharing.

The work related to the REST-based profile will take as input the JRC study on APIs4DGov that analysed the API technological landscape and  its standards and technical specifications for general purpose use. This aims to support the definition of stable APIs for digital government services, avoiding the need to develop ad hoc solutions and helping stakeholders in the identification and selection of such solutions.

The scope of the ISA² action will be to develop the following:

  • A set of guidelines and specifications for establishing interoperable REST-based APIs for service invocation and publication of both open and protected data. Sample library implementation for API’s as well as software supporting central/core services such as service catalogues and service discovery could be also in scope.
  • Extension of eDelivery with other building blocks and innovative technical approaches such as blockchain and APIs. Should the pilots be successful, the CEF eDelivery building block will be enriched with a REST-based profile and a blockchain-based log of transactions. Every element will be modular so that it can be used in combination with the existing AS4-profile (of eDelivery) or on its own.
  • DG clarified the reason behind this action as there are situations for message or data exchange where REST based APIs seem to be a better fit than the eDelivery AS4 profile. This is confirmed by recurring requests from public administrations in Member States to add complementary message exchange patterns.
  • BD added that the work is still being scoped and that is it not currently the intention to change the eDelivery AS4 profile or to update the sample software. Instead it is expected that this new work is a parallel track to the current track to cover the cases where REST APIs are a better fit.  
Onboarding race update


  • IC reported the last updates to the eDelivery onboarding race (available here).
  • She indicated the fact that the uptake of eDelivery has been increasing and highlighted the following projects:
    • EPREL
    • EUDAMED
    • Increase in projects in DG MOVE and TAXUD considering reusing eDelivery
    • EESPA in the procurement domain.
      • MG highlighted that the EESPA team is in contact with the CEF eDelivery team to set up an EESPA subdomain for the SML and that they expect to be in production by the end of 2020. Currently a pilot for dynamic discovery is ongoing while the pilot with static discovery was successfully concluded in 2019. MG also reported some concerns about validation artefacts, the interaction between the CIUS and extensions and market knowledge about software components (e.g. Oxalis).
      • PH answered that a new community around Oxalis is being set up and underlined that Oxalis is not an official component from the PEPPOL network (and that the PEPPOL team does not provide software components), but is provided by this independent community. He also indicated that he participated to a recent TC 434 workshop where changes to the validation artefact structure were being discussed.
      • MD answered that eInvoice specific topics (CIUS, formats, validation artefacts) can best be brought to the attention of the CEF eInvoicing Building Block as eDelivery is business domain agnostic.
  • Additionally IC reported that the monitoring dashboard has been revamped.
  • MD indicated that EU SEND is the secure messaging exchange service offering by DIGIT for EU Institutions and agencies. It consists of both a GUI based interface and a machine to machine interface based on eDelivery AS4.
  • In production, the service is being used by EPREL.
  • In Acceptance, the service is being used by EUDAMED, TACHONET, IRI and EPREL.
  • Service providers in the market can expect that some of their customers might need to connect to this service if they are operating in the above business domains.
  • MD reported that the PEPPOL network performed the AS2 to AS4 migration in February 2020, now making the AS4 profile the mandatory transport protocol in the PEPPOL network.
  • PH and MG asked if the CEF eDelivery team is already planning an upgrade from the OASIS SMP 1.0 to 2.0 specifications.
  • MD answered that the team did not yet get any request from the community to support the OASIS SMP 2.0 specs and will only act if there is a clear need. Therefore the community is suggested to submit change requests if they think support for the new specs should be provided.
  • PH asked whether any work is ongoing for supporting a federated or distributed SML. MD responded that although informal discussions were held on the topic over the last years, there was no concrete user request yet and therefore this is not yet being planned.


INEA calls for proposals
eDelivery components
  • MD reported on relevant updates for the eDelivery components:
  • For the BDMSL component:
  • On 17/06/2019 there was a production release of BDMSL 4.0.0 with:
    - Redesign and optimization of the database
     - Separation of Administration services and user services and block access to administration services from internet
     - Added new web-service tool for administration:
            - subdomain management
            - domain certificate management
            - Custom DNS record management
     - Adding data auditing
     - Update HTTPS TLS Suites so that SML https get A grade in SSLabs
  • On 3/7/2020, DNSSEC was enabled in the in acceptance SMK
  • On 02/10/2019 there was a production release of BDMSL 4.0.1 with several security enhancements:
        - Improve SML security recommended by SA
        - Enable use of stronger Cryptographic Ciphers for password encryption
        - Remove/replace outdated vulnerable components
        - Improve initial password generation
        - Deploy on webLogic 12.2.1.3 (Weblogic 12.1.3 is not supported anymore)
  • In January 2020 there was a load test on Acceptance by a PEPPOL national authority where 400K participants were added and deleted
  • On 12/02/2020, DNSSEC was enabled in the in the production SML
  • On 18/02/2020 there was a production release of BDMSL 4.0.2:
         - Performance improvements for handling up to 4.000.000 participants
         - Redesign of Inconsistency report
         - Option to disable service "edelivery-sml/listDNS"
         - New simple tool for participant DNS record verification  
         - Implementation support for certificates with multivalued rDN
  • On 14/4/2020, there was an upgrade of the TLS Suites to keep SML HTTPS in A grade by SSLabs.
  • For the eDelivery SMP component, the current version of the sample software is eDelivery SMP 4.1.1, released on 10/10/2019.
Single Digital Gateway Regulation (SDGR) and alignment with relevant Large Scale Pilots (LSPs)
  • MD reported that DG GROW, DG CONNECT and DIGIT teams are working, together with Member States on the implementation of components relevant for the Single Digital Gateway Regulation (SDGR).
  • In the same context, there is an ongoing alignment with relevant Large Scale Pilots (LSPs) such as TOOP (ongoing since several years and planned to finalise in September 2020) and DE4A (recently started beginning 2020 and planned to run for several years to come).
  • Two major milestones are the Implementing Act for article 14 of the SDGR with a deadline of Summer 2021 and the go-live of the technical OOP system for the SDGR by end 2023.
Informal Cooperation Network for eDelivery
AoB
  • No AoB topics were discussed.