Item | Time | Who | Presentations | Notes |
Welcome and introduction | 10 mins | Maya Madrid (CEF eDelivery Business Owner, DG CNECT H4) |
View file |
---|
name | CEFeDeliveryWorkingGroupMeeting28062021.pdf |
---|
height | 250 |
---|
|
| - Maya Madrid welcomed the participants, introduced the agenda and provided a brief overview of the action’s objectives, previous and upcoming work.
|
Update on ISA² IPS REST API profile: - Presentation of the changes since last meeting
- Round table for feedback
- Timeline and next steps
| 40 mins | Bogdan Dumitriu, Jerry Dimitriou, Vlad Veduta (CEF eDelivery Technical team, DIGIT D3) | - Bogdan Dumitriu introduced the work that was done on the REST API profile since the previous meeting and gave the floor to Jerry Dimitriou who presented the editorial and substantive modifications REST API profile (API Documentation alignment with the API Core Profile, JAdES signature specifications, Common Semantics, Multipart, mapping of Message Exchange Patterns to the endpoints of the Messaging API, definition of User and Signal Message) from a technical perspective (cf. slides).
- Roberto Polli remarked that content-type and content-length also need to be added to the JAdES message signature. Jerry confirmed.
- During the round table, Roberto commented that it is quite hard to distinguish the normative from the informative parts of the document and reiterated that the document should not explain how HTTP and REST work, and instead only focus on the normative parts. Roberto suggested that DIGIT do some work to separate the explanation about how HTTP and REST works by design, and which are the actual requirements for the implementation. He also suggested to do additional work on the security side (e.g., HTTP Origin & other headers should be imposed).
- In reply to Roberto's comments, Bogdan explained that the profile was created with the target audience in mind. Bogdan explained that it might be useful for people that are not experts in reading standards to repeat and point out the most important rules concerning HTTP & REST. Bogdan added that a certain profiling of HTTP was done (e.g., which status codes can and cannot be used). Jerry confirmed and asked Roberto if his suggestion is to remove and just provide references or even to avoid to profile HTTP/REST.
- Roberto explained that, in an Italian context, profiling HTTP proved impractical due to the fact that implementers often rely on frameworks that, obviously, are not aligned with national standards. He further suggested to split the document with an introductory part (that can be descriptive) and having the normative part shorter.
- Sven Rasmussen pointed out that the document provides relevant information to guidelines and specifications. Sven reinforced Roberto's remarks on the normative vs informative approach by explaining that DK finds the profile a little too descriptive and would have preferred it to be more normative in some areas. Sven added that it's a good specification but more work should be done on it (it's a bit unclear how work such as the open data directive implementation on APIs could benefit from this). Sven explained that a number of choices should be made to make it really helpful for cross-border interoperability.
- Bogdan explained that the team analysed the topic of open data, but eventually realised that it is a different topic from REST APIs, warranting its own separate investigation. Bogdan stated that work can be done in the area of open data relatively independently from the REST API topic and that specifications stemming from such work should interplay coherently with the REST API specifications developed under this action.
- Bogdan finished the agenda point by presenting the timeline (cf. slides).
|
REST API Pilot: | 30 mins | Bogdan Dumitriu, Joze Rihtarsic (CEF eDelivery Technical team, DIGIT D3) | - Bogdan conducted a practical demonstration of the REST API Pilot.
- Roberto explained that Italy is looking for a way to safely exchange with clients credentials without using passwords. implement the client credentials flow by using a JSON web token instead of passwords.
- In reply, Vlad Veduta explained that client credentials should also work with asymmetric keys for identifying and authorising the client application and that passwords were only used due to simplicity. Vlad suggested a bilateral meeting to discuss the topic further with Roberto.
- Roberto asked whether it could be possible to see the code. Bogdan answered that it will be shared by end of July/mid August.
|
Break (10 mins) |
Pilot Domibus integration with CEF EBSI (blockchain): | 30 mins | Bogdan Dumitriu, Joze Rihtarsic (CEF eDelivery Technical team, DIGIT D3) | View file |
---|
name | CEFeDeliveryWorkingGroupMeeting28062021.pdf |
---|
height | 250 |
---|
|
| - Bogdan conducted a practical demonstration of the pilot Domibus integration with CEF EBSI.
|
Update on JRC's work on API guidelines for government: - Security & Privacy essentials highlights
- Empirical analysis contractual conditions of APIs
| 60 mins | Monica Posada (JRC B6), Lorenzino Vaccari (Consultant) | View file |
---|
name | 20210628_API4IPS_WG6_final.pdf |
---|
height | 250 |
---|
|
30min: MP: | - Monica Posada presented an update on the JRC’s work on API guidelines for government. Monica also presented the indicative timeline . and the accomplishments of 2021. (cf. slides).
- Lorenzino Vaccari presented the work done on API technical essentials (Security, Privacy, and Traceability) and the APIs on API privacy and traceability.
- Monica then presented the Legal and organisational essentials (API Legal legal and organisational considerations, legal framework, and API terms of service) (cf. slides).
- Maya and Bogdan finally thanked all participants and closed this last working group meeting.
|