Item | Time | Who | Presentations | Notes |
Welcome and introduction | 10 mins | Maya Madrid (CEF eDelivery Business Owner, DG CNECT H4) |
| - Maya Madrid welcomed the participants, introduced the agenda and provided a brief overview of the action’s objectives, previous and upcoming work.
|
Update on ISA² IPS REST API profile: - Presentation of new sections of the profile
- Timeline and next steps
| 80 mins | Bogdan Dumitriu, Jerry Dimitriou, Vlad Veduta (CEF eDelivery Technical team, DIGIT D3) | - Bogdan Dumitriu introduced the work that was done on the REST API profile since the previous meeting and gave the floor to Jerry Dimitriou who presented the new sections of the REST API profile (the OpenAPI Specification v3 Profile and the Messaging API Specification) from a technical perspective (cf. slides).
- Bogdan Dumitriu provided an update on the pilot (objectives, architecture overview and functionality) (cf. slides). Bogdan shared the timelineshared the updated timeline and informed the group that the team aims to share a new version of the profile, including the work presented during this meeting, towards the end of March - beginning of April 2021. The work would be shared once it reaches a stable state.
- Roberto Polli asked whether Jades define a way to provide "Signature" in multipart.
- Bogdan Dumitriu Jerry Dimitriou confirmed
|
Q&A | 15 mins |
| - Philip Helger asked whether the long term goal of the EC was to provide a long-term maintenance for of the specifications and thus establishing the EC as a specification standardisation organisation, or to hand over the maintenance to other another organisation.
- Bogdan Dumitriu precised that other stakeholders are involved to understand how this will be handled in the future. replied that the profile was not a standard as such, but a collection of references to standards and guidelines for using them, therefore the EC would in any case not take the role of a standardisation organisation. As to the long-term maintenance of the profiles, Bogdan Dumitriu explained that this was a matter for future policy decision making. DIGIT, in its technical role, would be able to ensure the work, given the creation of a policy context, and invited Member States to raise the issue in the appropriate policy working groups.
- Maya Madrid confirmed this comment.Maya Madrid agreed
- Christophe Gaie asked whether the EC will share the products of the pilot project with the governments to test them.
- Bogdan Dumitriu precised that it Dumitriu confirmed, indicating that, as the work is publicly funded work so the part 1 was already shared and the rest will , the deliverables would be fully available by June/July . 2021. He further added that part 1 of the profile (the Core Profile) was already shared with the working group in January 2021.
|
Break (15 mins) |
Pilot Domibus integration with CEF EBSI (blockchain): | 10 mins | Bogdan Dumitriu (CEF eDelivery Technical team, DIGIT D3) | CEFeDeliveryWorkingGroupMeeting11032021.pptx | - presented the update on Integration with CEF EBSI (Blockchain) (cf. slides).
|
Update on JRC's work on API guidelines for government - Status update
- Technical essentials updates about security and privacy aspects
- Interactive session on security and privacy
| 20 mins | Monica Posada, Mark Boyd (JRC B6) | 20210311_API4IPS_WG-5_JRC_final.pdf EDeliveryWG5_JRC_II.pdf | - Monica Posada presented an update on the JRC’s work on API guidelines for government (cf. slides). Monica also presented the indicative timeline.
- Mark Boyd then provided information on best practices in API lifecycle management (cf.slides). Mark precised that the key lifecycle issues regarding APIs are security and traceability.
- Mark then started the interactive session on security and privacy asking first what were the main security threats faced by the countries.
- Roberto Polli explained that in Italy security threats are mainly linked to information accidentally exposed by APIs which do not implement double checks.
- Monica Posada asked Roberto whether it would be possible for his organisation to set up a security audit process.
- Roberto replied that the problem is not only to establish processes but having thousands of agencies is complex for them to implement. Some agencies have the advantage of having great structures and lot of money to implement the security assessment, which is not the case for smaller agencies.
- Mark Boyd then asked whether countries put in place traceability measures.
- Manne Andersson answered that at the Swedish eHealth Agency, they are currently looking at profile APIs and talking about traceability over many APIs over many organisations because they see the need for that, but never deep into this. Manne added that this regards public sector but also private sector.
- Maya Madrid finally thanked all participants and closed the meeting.
|