Versions Compared

Old Version 3

changes.mady.by.user Manon Thonnard

Saved on

compared with

New Version Current

changes.mady.by.user Bogdan DUMITRIU

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
HTML Wrap
padding25px 50px 25px 50px
background-repeatno-repeat
margin0px 0px 25px 0px
source-page-id59192317
background-imageedel_banner2.png
classbanner--background
height200px
Section
source-page-id59192317
HTML
source-page-id59192317
 HTML Wrap
source-page-id59192317
classbanner
CEF DIGITAL
Working group meeting 
 #4 
#6 - APIs4IPS (API strategy essentials and REST-based API extensions and Blockchain) 
28 June 2021 / 10:00 - 13:00
Online meeting via Webex
 Excerpt
hiddentrue
 Page properties
Title
Working group meeting #6 – APIs4IPS (API strategy essentials and REST-based API extensions and Blockchain) 
Excerpt
Working group meeting – focusing on the work on the future of eDelivery
Date
 
Event summary
The CEF eDelivery team is organising the second subgroup meeting focusing on the work on the future of eDelivery. This work will include a focus on REST-based API extensions to eDelivery and possible use of Blockchain technology.
If you have any additional comments or questions on the workshop, or generally concerning CEF eDelivery, the Service Offering or grant funding, please reach out to us via Service Desk.
 Aui button
source-page-id59192317
TitleContact us
URLhttps://ec.europa.eu/digital-building-blocks/tracker/plugins/servlet/desk/portal/2/create/4
You will need to be logged in using an EU Login account to submit a request. Don't have an EU Login account yet? Sign up here.
 
Participants
European CommissionMember States' representatives
  • Maya Madrid (DG CNECT H4) – CEF eDelivery Business Owner
  • Dietmar Gattwinkel (DG CNECT H4)
  • Bogdan Dumitriu (DIGIT D3) – Project Manager « Future of CEF eDelivery »
  • Vlad Veduta (DIGIT D3)
  • Maarten Daniels (DIGIT D3)
  • Amar Deep (DIGIT D3)
  • Arun Raj (DIGIT D3)
  • Joze Rihtarsic (DIGIT D3)
  • Jerry Dimitriou (DIGIT D3)
  • Manon Thonnard (DIGIT D3)
  • Ines Costa (DIGIT D3)
  • Monica Posada (JRC B6) – Project Manager « API guidelines for government »
  • Lorenzino Vaccari (JRC B6)
  • Atte Pirttilä - Finland
  • Frederik Nordlander
  • Georges Lobo
  • Manne Andersson - Swedish eHealth Agency
  • Petteri Kivimäki
  • Philip Helger
  • Priit Kreitzberg
  • Roberto Polli - Italy, Italian Government Digital Team
  • Sven Rasmussen





Draft Agenda 
 Captioned Item
anchor04K7S
nameTable
 safely exchange with clients credentials without using passwords. To answer one question raised by Roberto this would  even  key  ( because it's the simplest to implement)Vlad suggested to set up a call to discuss this  
Item 
Time 
Who 
PresentationsNotes
Welcome and introduction 
10 mins
Maya Madrid (CEF eDelivery Business Owner, DG CNECT H4)



 View file
nameCEFeDeliveryWorkingGroupMeeting28062021.pdf
height250
  • Maya Madrid welcomed the participants, introduced the agenda and provided a brief overview of the action’s objectives, previous and upcoming work.
Update on ISA² IPS REST API profile:
  • Presentation of the changes since last meeting 
  • Round table for feedback
  • Timeline and next steps
40 mins
Bogdan Dumitriu, Jerry Dimitriou, Vlad Veduta (CEF eDelivery Technical team, DIGIT D3)
  • Bogdan Dumitriu introduced the work that was done on the REST API profile since the previous meeting and gave the floor to Jerry Dimitriou who presented the new sections of the editorial and substantive modifications REST API profile (the Editorial and Structural Changes, Signature SupportAPI Documentation alignment with the API Core Profile, JAdES signature specifications, Common Semantics, Multipart, API endpoint mapping with MEP, User Message Definition, mapping of Message Exchange Patterns to the endpoints of the Messaging API, definition of User and Signal Message Definition) from a technical perspective (cf. slides).
  • Roberto Polli asked whether the profile also has content-type. Bogdan confirmed remarked that content-type and content-length also need to be added to the JAdES message signature. Jerry confirmed
  • During the roundtableround table, Roberto explained that about the general layout commented that it is quite hard to distinguish the normative from the informative parts of the document , he think that there is a lot to explain in regards of how HTTP worksand reiterated that the document should not explain how HTTP and REST work, and instead only focus on the normative parts. Roberto suggested that DIGIT do some work to separate the explanation about how HTTP and REST works by design, and which are the actual requirements for the implementation. Roberto explained that he found it really hard to identify which were the normative part and which were the explanations related to the JAVA technology. Roberto He also suggested to do additional work on the security side (regarding HTTP routinee.g., HTTP Origin & other headers should be imposed). 
  • To In reply to Roberto's comments, Bogdan explained that we also tried to have in mind the profile was created with the target audience in mind.   Bogdan explained that it might be useful for people that are not experts in reading standards (developers, etc.), to repeat a bit things and point out the most important rules concerning HTTP & REST. Bogdan added that a profile certain profiling of HTTP was done (e.g., which status quote we recommend to codes can and cannot be used or shouldn't be used). On this points,  Jerry confirmed and asked Roberto if we should his suggestion is to remove and just provide references or being less strict when providing things that come from other standards. even to avoid to profile HTTP/REST.
  • Roberto explained that, in an Italian context, profiling HTTP proved impractical due to the fact that implementers often rely on frameworks that, obviously, are not aligned with national standards. He further suggested to Roberto suggested tp split the document with an introductory part (that can be descriptive) and having the normative part more shortshorter. 
  • Sven Rasmussen pointed out that the document provides relevant information to guidelines and specifications. Regarding Sven reinforced Roberto's remark remarks on normative part, Sven explained that they tend to think that this profile is the normative vs informative approach by explaining that DK finds the profile a little too descriptive and they would have prefer preferred it to be more normative in some areas. Sven added that it's a good specification but more work should be done on it (it's a bit unclear how work such as the open data directive implementation on APIs could benefit from this). Sven explained that a number of choices should be made to make it really helpful for cross-border interoperability. 
  • Bogdan explained that Open data the team analysed the topic of open data, but eventually realised that it is a sample different topic from REST APIs and that the team concentrate mainly on the REST API part but clearly they could be work done on the open data area that can somehow be made coherent with the specifications provided. Bogdan presented the timeline. , warranting its own separate investigation. Bogdan stated that work can be done in the area of open data relatively independently from the REST API topic and that specifications stemming from such work should interplay coherently with the REST API specifications developed under this action.
  • Bogdan finished the agenda point by presenting the timeline (cf. slides).
REST API Pilot:
  • Practical demonstration
30 minsBogdan Dumitriu, Joze Rihtarsic (CEF eDelivery Technical team, DIGIT D3)
  • Bogdan conducted a practical demonstration of the REST API Pilot.
  • Roberto explained that Italy is looking for a way to 
  • implement the client credentials flow by using a JSON web token instead of passwords.
  • In replyVlad Veduta explained that 
  • client credentials should also work with 
  •  asymmetric 
  • keys for identifying and authorising the client application 
  • and that passwords were only used 
  • due to simplicity. Vlad suggested a bilateral meeting to discuss the topic further with Roberto.
REST API Pilot:
  • Practical demonstration
30 minsBogdan Dumitriu, Joze Rihtarsic (CEF eDelivery Technical team, DIGIT D3)
  • Bogdan and Jerry did the demonstration of the REST API Pilot on National Broker. 
  • Roberto asked whether it could be possible to see the code. Bogdan answered that it will be shared by end of July/mid August. 
Break (10 mins)
Pilot Domibus integration with CEF EBSI (blockchain): 
  • Practical demonstration
30 minsBogdan Dumitriu, Joze Rihtarsic (CEF eDelivery Technical team, DIGIT D3)
 View file
nameCEFeDeliveryWorkingGroupMeeting28062021.pdf
height250
  • Bogdan 
 did the 
  • conducted a practical demonstration of the 
 Pilot 
  • pilot Domibus integration 
 on Azure
  • with CEF EBSI.
 
Update on JRC's work on API guidelines for government:
  • Security & Privacy essentials highlights
  • Empirical analysis contractual conditions of APIs
60 minsMonica Posada (JRC B6), Lorenzino Vaccari (Consultant)
 View file
name20210628_API4IPS_WG6_final.pdf
height250
30min: MP: 
  • Monica Posada presented an update on the JRC’s work on API guidelines for government. Monica also presented the indicative timeline . and the accomplishments of 2021. (cf. slides).
  • Lorenzino Vaccari presented the work done on API technical essentials (Security, Privacy, and Traceability) and the APIs on API privacy and traceability.
  • Monica then presented the Legal and organisational essentials (API Legal legal and organisational considerations, legal framework, and API terms of service) (cf. slides). 
  • Maya and Bogdan finally thanked all participants and closed this last working group meeting.

Useful links:
About the ISA² action on Innovative Public Services:
In the ISA² Work Programme for 2020, the action on Innovative Public Services has, among others, the objective of developing relevant legal, organisational and technical artefacts trialled through an extension and combination of the CEF eDelivery building block with blockchain based transactions’ log and a REST-based profile (a.k.a. APIs approach), that support new patterns of data access by request and data sharing.

The work related to the REST-based profile will take as input the JRC study on APIs4DGov that analysed the API technological landscape and its standards and technical specifications for general purpose use. This aims to support the definition of stable APIs for digital government services, avoiding the need to develop ad hoc solutions and helping stakeholders in the identification and selection of such solutions.

The scope of the ISA² action will be to develop the following:
  • A set of guidelines and specifications for establishing interoperable REST-based APIs for service invocation and publication of both open and protected data. Sample library implementation for API’s as well as software supporting central/core services such as service catalogues and service discovery could be also in scope.
  • Extension of eDelivery with other building blocks and innovative technical approaches such as blockchain and APIs. Should the pilots be successful, the CEF eDelivery building block will be enriched with a REST-based profile and a blockchain-based log of transactions. Every element will be modular so that it can be used in combination with the existing AS4-profile (of eDelivery) or on its own.

About CEF eDelivery:
The CEF eDelivery building block helps public administrations and businesses (and indirectly citizens) to participate in eDelivery Messaging Infrastructures which facilitate organisation-to-organisation messaging by enabling their systems to interact with each other in a secure, reliable and trusted way. The Connecting Europe Facility (CEF) Digital Programme, is currently promoting the adoption of common standards in the eDelivery Messaging Infrastructures in different policy domains (Business Registers, eJustice, eProcurement, etc.).