Working group meeting #4 - APIs4IPS (API strategy essentials and REST-based API extensions and Blockchain)
11 March 2021 / 10:00 - 13:00
Online meeting via Webex
Event summary
The CEF eDelivery team is organising the second subgroup meeting focusing on the work on the future of eDelivery. This work will include a focus on REST-based API extensions to eDelivery and possible use of Blockchain technology.
If you have any additional comments or questions on the workshop, or generally concerning CEF eDelivery, the Service Offering or grant funding, please reach out to us via Service Desk.
You will need to be logged in using an EU Login account to submit a request. Don't have an EU Login account yet? Sign up here.
Participants
European Commission
Member States' representatives
Maya Madrid (DG CNECT H4) – CEF eDelivery Business Owner
Bogdan Dumitriu introduced the work that was done on the REST API profile since the previous meeting and gave the floor to Jerry Dimitriou who presented the new sections of the REST API profile (the OpenAPI Specification v3 Profile and the Messaging API Specification) from a technical perspective (cf. slides).
Bogdan Dumitriu shared the updated timeline and informed the group that the team aims to share a new version of the profile, including the work presented during this meeting, towards the end of March - beginning of April 2021. The work would be shared once it reaches a stable state.
Roberto Polli asked whether Jades define a way to provide "Signature" in multipart.
Jerry Dimitriou confirmed
Q&A
15 mins
Philip Helger asked whether the long term goal of the EC was to provide long-term maintenance of the specifications and thus establishing the EC as a standardisation organisation, or to hand over the maintenance to another organisation.
Bogdan Dumitriu replied that the profile was not a standard as such, but a collection of references to standards and guidelines for using them, therefore the EC would in any case not take the role of a standardisation organisation. As to the long-term maintenance of the profiles, Bogdan Dumitriu explained that this was a matter for future policy decision making. DIGIT, in its technical role, would be able to ensure the work, given the creation of a policy context, and invited Member States to raise the issue in the appropriate policy working groups.
Maya Madrid confirmed this comment.
Christophe Gaie asked whether the EC will share the products of the pilot project with the governments to test them.
Bogdan Dumitriu confirmed, indicating that, as the work is publicly funded, the deliverables would be fully available by June/July 2021. He further added that part 1 of the profile (the Core Profile) was already shared with the working group in January 2021.
Break (15 mins)
Pilot Domibus integration with CEF EBSI (blockchain):
Monica Posadapresented an update on the JRC’s work on API guidelines for government (cf. slides). Monicaalso presented the indicative timeline.
Mark Boyd then provided information on best practices in API lifecycle management (cf.slides). Mark precised that the key lifecycle issues regarding APIs are security and traceability.
Mark then started the interactive session on security and privacy asking first what were the main security threats faced by the countries.
RobertoPolli explained that in Italy security threats are mainly linked to information accidentally exposed by APIs which do not implement double checks.
Monica Posada asked Roberto whether it would be possible for his organisation to set up a security audit process.
Roberto replied that the problem is not only to establish processes but having thousands of agencies is complex for them to implement. Some agencies have the advantage of having great structures and lot of money to implement the security assessment, which is not the case for smaller agencies.
Mark Boyd then asked whether countries put in place traceability measures.
Manne Andersson answered that at the Swedish eHealth Agency, they are currently looking at profile APIs and talking about traceability over many APIs over many organisations because they see the need for that, but never deep into this. Manne added that this regards public sector but also private sector.
Maya Madrid finally thanked all participants and closed the meeting.
About the ISA² action on Innovative Public Services:
In the ISA² Work Programme for 2020, the action on Innovative Public Services has, among others, the objective of developing relevant legal, organisational and technical artefacts trialled through an extension and combination of the CEF eDelivery building block with blockchain based transactions’ log and a REST-based profile (a.k.a. APIs approach), that support new patterns of data access by request and data sharing.
The work related to the REST-based profile will take as input the JRC study on APIs4DGov that analysed the API technological landscape and its standards and technical specifications for general purpose use. This aims to support the definition of stable APIs for digital government services, avoiding the need to develop ad hoc solutions and helping stakeholders in the identification and selection of such solutions.
The scope of the ISA² action will be to develop the following:
A set of guidelines and specifications for establishing interoperable REST-based APIs for service invocation and publication of both open and protected data. Sample library implementation for API’s as well as software supporting central/core services such as service catalogues and service discovery could be also in scope.
Extension of eDelivery with other building blocks and innovative technical approaches such as blockchain and APIs. Should the pilots be successful, the CEF eDelivery building block will be enriched with a REST-based profile and a blockchain-based log of transactions. Every element will be modular so that it can be used in combination with the existing AS4-profile (of eDelivery) or on its own.
About CEF eDelivery:
The CEF eDelivery building block helps public administrations and businesses (and indirectly citizens) to participate in eDelivery Messaging Infrastructures which facilitate organisation-to-organisation messaging by enabling their systems to interact with each other in a secure, reliable and trusted way. The Connecting Europe Facility (CEF) Digital Programme, is currently promoting the adoption of common standards in the eDelivery Messaging Infrastructures in different policy domains (Business Registers, eJustice, eProcurement, etc.).