The OOTS reuses the eDelivery Building Block and uses its Access Point specification for the evidence exchange process. Being connected to the eDelivery network of nodes with an Access Point set up is a prerequisite to implementing the OOTS in your Member State. An Access Point in the Once-Only Technical System performs key security and reliability functions. It signs and encrypts messages and, in a delegated role, provides integrity, confidentiality, authenticity and non-repudiation of origin and receipt as explained in the Security Controls guidance document.

The eDelivery Access Points will enable the secure exchange of evidence between European countries required in administrative procedures (such as birth certificates, university diplomas and alike) with one another.

You can access the eDelivery building block here:

eDelivery building block

To secure Access Point messaging, you can choose to use your certificate. Otherwise, you can request an X.509 certificate from the eDelivery PKI.

To do this, you should follow the instructions detailed in the OOTS Onboarding Toolkit

If you are not yet connected to the eDelivery network of nodes with an Access Point set up or need support with regards to your eDelivery Access Point, please contact the eDelivery Service Desk

In the execution of an electronic procedure, there are two situations in which the user has to be identified and authenticated:

• to use the procedure and;
• to use the Once-Only Technical System to retrieve a particular evidence for use in that procedure.

The Once-Only Technical System uses the eID Building Block, as it is today, to identify and authenticate the user. Should the eID building block change, the technical specifications would be adapted to support the changes. Specifically, it uses the assured eIDAS user identity attributes obtained from the user authentication in evidence requests. It may also be used by the Data Service if the user is asked to re-authenticate.

eIDAS eID

An intermediary platform (Implementing Act, Article 1(6)) is a technical solution through which evidence providers or evidence requesters connect to the common services referred to in Article 4(1) (i.e., the Evidence Broker and Data Service Directory) or to evidence providers or evidence requesters from the other Member States.

Intermediary Platforms are a component of the OOTS architecture that is optional and serves the purpose of providing integration interfaces to evidence providers and/or requesters. This helps them to integrate into the system without having to know the intricate technical details of OOTS, reducing the complexity and investment required.

An intermediary platform can provide integration services to either evidence providers, evidence requesters, or both. In a member state, there might be multiple intermediary platforms that offer services to different groups of evidence providers and/or requesters, depending on the level of regional or domain decentralization. For example, there may be a dedicated service organisation in a Member State that stores and makes available, on request, educational evidences on behalf of many educational institutions, such as universities.

OOTS high-level architecture

To support the exchange of evidences between Data Services and Online Procedure Portals, the Once-Only Technical System uses Once-Only supporting services. Article 4 of the draft Implementing Act refers to these services as the Common Services. The Common Services do not process data about citizens or businesses. Instead, they contain and serve operational data parameters that support the operation of the Once-Only technical system. The Common Services are:

• Evidence Broker;
• Data Service Directory;
• Semantic Repository.

If you implement your own Common Services instance, you need to request the OOTS support team to configure the evidence requests received by your country to be forwarded to your national Data Service Directory.

Common Services Configuration

The Data Service Directory is a registry containing the list of evidence providers, and the evidence types they issue together with the relevant accompanying information, such as geolocation so that the OOTS can support the user in selecting the correct evidence provider.

Data Service Directory

The Evidence Broker is a common service allowing an evidence requester to determine which evidence type from other Member States is equivalent to the evidence that it requires for the purposes of its national procedure.

Evidence Broker

The Semantic Repository is a collection of semantic specifications, linked to the evidence broker and the data service directory, composed of machine-readable definitions of names, data types, and data elements associated with specific evidence types to ensure mutual understanding and cross-lingual interpretation for evidence providers, evidence requesters, and users, when exchanging evidence through the OOTS.

Semantic Repository

The OOTS Common Services Administration Tool allows Member States to create and manage configurations related to the procedures in scope of the OOTS. The following procedures can be carried out using the Tool:

Evidence Providers can:

• Create a data service
• Create an evidence provider
• Create an evidence type
• Link an evidence provider to an evidence type
• Link an evidence type to a requirement
• Link a requirement to a group of evidence types

Evidence Requesters can:

• Link a procedure to requirement(s)

Member States can also create and manage configurations related to the procedures in scope of the OOTS using the LCM APIs provided by Common Services.

Data Services Directory LCM Interface Specifications

Evidence Broker LCM Interface Specifications

Testing services are a useful resource for development teams in the Member States while developing their OOTS components or integrations. E.g. the testing services allow developers to have a look at how the interfaces look like and what the expected behaviour is of the different components. They can start with the sample projects in the testing tools while their components are under development and gradually replace the testing tools with their own components.

The details of the testing service will further be discussed and elaborated in the testing and deployment sub-group.

The testing information currently available is intended as testing services for Member State teams:

• to get early access to the services and tools as prepared by the EC team.
• to familiarise yourselves with the testing approach and to see if this fits within their development and integration procedures.
• to provide feedback and think about further improvements or additions, to be picked up by the testing and deployment sub-group.

OOTS Testing Services

For both Evidence Requesters and Evidence Providers, once you have explored the standalone tests that you can execute at any time, in any order and on your own against the Test Platform, the following step is to attend one or more Projectathon events. These events bring together teams, either physically, virtually or in a hybrid format, to ensure functionality, interoperability and production-like scenarios and data flows.

All relevant information to plan and prepare your participation to a Projectathon is available via the link below:

Participate in Projectathons

OOTS provides information on security policy and objectives, as mandated by the legal framework. Each security objective is mapped to either a system functionality or a responsible for procedural or operational arrangement. Information on OOTS security policy and objectives is available via:

OOTS Security Policy

OOTS also provides recommendations on security and policy requirements for the management of eDelivery Access Points. The recommendations on security for the management of eDelivery Access Points is available via:

eDelivery Security Requirements

ANNEX: Security Framework

Operation of OOTS infrastructure and applications will require Member States to adhere to some basic processes in order to facilitate coordination between Common Services components managed by European Commission and OOTS components managed by Member States.