| Table of Contents | ||||
|---|---|---|---|---|
|
In our continuous effort to enhance As part of eDelivery's ongoing commitment to transparency and collaboration with the Interoperability Forum solution providers community, we are sharing here presenting below a list of feature requests user needs for the AS4 implementationssoftware.
These features needs represent the current additional needs feature requests and suggestions from Access Point users. We are pleased to present this list to AS4 software vendors.
We aim to increase awareness of these needs. While some of them may not be implemented in Domibus, the eDelivery sample software, they represent areas that AS4 solution providers might want to explore. For each user need described below, we indicate whether or not it is planned to be included in the eDelivery sample software.
AS4 software providers are encouraged to consider implementing some of Our aim is to inspire providers to consider these enhancements in their solutions. While we communicate that these features are not in our immediate development roadmap, we are open to discussing and sharing more details with any interested parties.
REST Plugin
A request for a RESTful API plugin to facilitate easier integration with Access Point.
Support signing of PMode XML
...
Next, we plan to shift our approach, encouraging Access Point users to express their needs for more functionalities improving AS4 software. We believe this will help solution providers better understand user requirements and focus their efforts accordingly. We are committed to sharing this information openly and transparently to foster a rich market offering.
REST API for backend
| Status | ||||||
|---|---|---|---|---|---|---|
|
Description
The feature request relates to providing a REST API as an integration option between the backend and the Access Point.
The request emphasises that the addition of this feature would greatly improve usability and adoption, particularly among government bodies.
Request source
Feature request submitted on by the Irish Government in the context of Once-Only Technical System.
Support digital signing of PMode configuration
| Status | ||||||||
|---|---|---|---|---|---|---|---|---|
|
Description
...
In digital ecosystems, administrators often prepare the PMode configuration in advance and distribute it through various channels, such as websites. To ensure the security and integrity of these configurations, users need a way to confirm that the PMode has not been altered, either intentionally or by mistake, before it is imported into the Access Point implementation. This requirement leads to the necessity of digitally signing the PMode configurations. Digital signatures can automatically verify the authenticity and integrity of the PMode files during import, whether done manually by an administrator or through an API. This feature ensures that any tampering with the configuration is detected, enhancing the overall security of the Access Point.
The proposal involves adding options for administrators to enforce the digital signing of PMode files within the Access Point implementation. This includes rejecting updates without valid signatures and specifying which certificates or keys should be used for signing. The feature aims to prevent unauthorised changes and supports automated workflows, thus improving the security and reliability of the Access Point's system management.
Request source
Feature request submitted on by a member of the EC team of the Once-Only Technical System.
Keystore Management: Support for PKCS11 (HSM)
| Status | ||||||
|---|---|---|---|---|---|---|
|
Description
This functionality's aim is to enhance the security of the Access Point implementation by supporting PKCS11 for Hardware Security Modules (HSM). Currently, many Access Points store private keys in software keystores on file systems, which are vulnerable to theft. By integrating HSM support, the Access Point implementation would ensure that private keys remain secured within the hardware device itself, never leaving it. This change would bolster the digital signature and authentication processes, as they would be managed directly by the secure HSM.
The original request was to add support for the PKCS11 keystore protocol, allowing users to sign messages using HSM services, which is currently not possible with the existing PKCS12 and JKS keystore formats supported by the eDelivery sample software. The request was made to simplify and secure the process of signing messages.
Request source
Feature request submitted on by a representative of a Polish private company and separately requested by two public administrations participating in the CESOP ecosystem.
Support Prometheus-compatible metrics
Domibus - Keystore Management - add support for PKCS11 (HSM)
Enhancements to support PKCS11 (Hardware Security Module) for better keystore management. This functionality can be covered in a future Domibus version.
| Status | ||||||
|---|---|---|---|---|---|---|
|
Support Prometheus compatible metrics
This request for Prometheus metrics compatibility was deemed too specific and was rejected for the Domibus roadmap.
...
|
Description
The user need is for AS4 software to support exporting metrics in a Prometheus-compatible format. Metrics would include data such as the number of messages exchanged over a period, the time taken to process, send or receive a message, among other technical metrics. This feature would enable more efficient monitoring and management of the Access Point's performance, making it easier for users to obtain and analyse key operational data.
The original request was to include support for Prometheus-compatible metrics, allowing for a broader integration with monitoring tools. This change aims to facilitate detailed tracking and visibility of the Access Point's performance metrics in a widely-used format. The requestor provided a link for reference.
Request source
Feature request submitted on by a representative of a SaaS provider for the pharmaceutical and biopharmaceutical industry.
Scripts for scheduled automated updates of PModes or Trust Stores
| Status | ||||||||
|---|---|---|---|---|---|---|---|---|
|
Description
The request need is for scripts facilitating scheduled automated updates was not accepted for implementation in Domibus. The request came from the OOTS.
Incorporate PostgreSQL support for Domibus (support other DB/application server combinations besides the ones supported by the EC reference implementation)
that can manage scheduled automatic updates of PModes and Trust Stores in an Access Point implementation. In a digital ecosystem where multiple Access Points interact, it is crucial to regularly update the PModes and public certificates to maintain secure and smooth operations. Scheduled updates through scripts allow these changes to occur at specific times, thus minimising disruption to communication between Access Points. These scripts could potentially use APIs provided by the Access Point implementation to manage updates effectively.
The original request highlighted the need for tools to automate and schedule the deployment of PModes and Trust Stores in Access Point implementations to facilitate changes with minimal downtime. This would support networks in implementing updates efficiently and with reduced manual effort. The feature would allow central provision of update files, with Access Point operators downloading and deploying these at a coordinated time, thus ensuring a streamlined update process across the network.
Request source
Feature request submitted on by a member of the EC team of the Once-Only Technical System.
PostgreSQL support
| Status | ||||||||
|---|---|---|---|---|---|---|---|---|
|
Description
The user need is to incorporate support for PostgreSQL in the Access Point implementation.
Request source
Feature request submitted on by a representative of a private company operating in several EU and non-EU countriesThis feature aimed at leveraging cloud-native storage options for payload storage is not planned for implementation.
Capability of storing the payloads in cloud native storage services
| Status | ||||||||
|---|---|---|---|---|---|---|---|---|
|
Description
Users need the Access Point to integrate with cloud services for storing data (e.g., message payloads) in addition to the database or file system. Users would benefit from better integration with cloud services like Amazon S3, which could offer more efficient and scalable storage solutions.
Request source
Internal request from an EC serviceThe request for integration with cloud-native password vaults for secure credential storage will not be implemented.
Capability to use cloud native password vaults
...
| Status | ||||||||
|---|---|---|---|---|---|---|---|---|
|
Description
Users need a more secure way to store secrets, such as passwords. Traditionally, these secrets might be stored in a database (encrypted, of course) or on the file system. But these methods are not always the most secure. By integrating with a cloud-native vault, the security of the secrets used in the Access Point could be significantly improved.
Request source
Internal request from an EC service.
| Html-bobswift |
|---|
<style>
.toc {
background: #e6f4ff;
padding: 17px;
border-radius: 30px;
width: fit-content;
}
.toc::before {
font-weight: bold;
content: "User needs: " !important;
}
.innerCell table tr td {
word-break: break-all;
}
.wiki-content .innerCell {
overflow-x: hidden;
}
.codeContent .syntaxhighlighter table td.code .container .line {
white-space: pre-wrap;
}
</style>
<style>
html {
scroll-behavior: unset;
}
#myBtn {
display: none;
position: fixed;
bottom: 20px;
right: 30px;
z-index: 99;
font-size: 18px;
border: none;
outline: none;
background-color: #1A3761;
color: white;
cursor: pointer;
padding: 15px;
border-radius: 4px;
}
#myBtn:hover {
background-color: #555;
}
img {
Amax-width: 100%;
max-width: 900px !important;
Awidth: 100% !important;
display: block !important;
margin-left: auto !important;
margin-right: auto !important;
}
</style>
<button onclick="topFunction()" id="myBtn" title="Go to top">↑ Top</button>
<script>
//Get the button
var mybutton = document.getElementById("myBtn");
// When the user scrolls down 20px from the top of the document, show the button
window.onscroll = function() {scrollFunction()};
function scrollFunction() {
if (document.body.scrollTop > 20 || document.documentElement.scrollTop > 20) {
mybutton.style.display = "block";
} else {
mybutton.style.display = "none";
}
}
// When the user clicks the button, scroll to the top of the document
function topFunction() {
document.body.scrollTop = 0;
document.documentElement.scrollTop = 0;
}
</script>
|