Playbook for Evidence Provider
You have an intermediary platform already working?
If it's the case, we kindly ask you to reach out to your responsible member state representative to understand how to connect with the platform in place.
- Deploy eDelivery Access Point
- Understand Architecture
- Test
- Review Security
Understand Prerequisites
Strongly Encouraged
Introduction
Domain:
Once Only
Once - Only domain refers to the OOTS specific system components, activities, and policies usually under the European Commission control.
The OOTS reuses the eDelivery Building Block and uses its Access Point specification for the evidence exchange process. Being connected to the eDelivery network of nodes with an Access Point set up is a prerequisite to implementing the OOTS in your Member State. An Access Point in the Once-Only Technical System performs key security and reliability functions. It signs and encrypts messages and, in a delegated role, provides integrity, confidentiality, authenticity and non-repudiation of origin and receipt as explained in the Security Controls guidance document.
The eDelivery Access Points will enable the secure exchange of evidence between European countries required in administrative procedures (such as birth certificates, university diplomas and alike) with one another.
You can access the eDelivery building block here:
Configuring my Access Point to the OOTS
To configure your Access Point to the OOTS, you will need to have first implemented the eDelivery Building Block. The current version of OOTS requires implementations of eDelivery that support the following features of AS4 1.15:
- the Common Profile;
- the Four Corner Profile enhancements.
To ensure that your eDelivery Access Point conforms to the eDelivery AS4 profile, you are strongly encouraged to reuse an Access Point solution that is already conformant or to have your solution conformance tested.
Upon a successful outcome of a conformance test, the next step will be to get in contact with your solution provider to correctly configure your Access Point to the OOTS TDDs.
For more details about configuring eDelivery to OOTS go to eDelivery configuration for OOTS
For more details about Access Points specifications go to Access Points specifications
Secure Access Point messaging
To secure Access Point messaging, you can choose to use your certificate. Otherwise, you can request an X.509 certificate from the eDelivery PKI.
To do this, you should follow the instructions detailed in the OOTS Onboarding Toolkit
What if I don't have an Access Point set up?
If you are not yet connected to the eDelivery network of nodes with an Access Point set up or need support with regards to your eDelivery Access Point, please contact the eDelivery Service Desk
STEP 2
Understand Architecture
Required
Domain:
Once Only
Once - Only domain refers to the OOTS specific system components, activities, and policies usually under the European Commission control.
Domain:
Once Only
Once - Only domain refers to the OOTS specific system components, activities, and policies usually under the European Commission control.
The OOTS Common Services Administration Tool allows Member States to create and manage configurations related to the procedures in scope of the OOTS. The following procedures can be carried out using the Tool:
Evidence Providers can:
- Create a data service
- Create an evidence provider
- Create an evidence type
- Link an evidence provider to an evidence type
- Link an evidence type to a requirement
- Link a requirement to a group of evidence types
Evidence Requesters can:
- Link a procedure to requirement(s)
For more information on user roles and permissions go to
For information on assets workflows and statuses go to
If you need specific instructions for onboarding and operating Common Services Admin Tool you can visit the specific section in the OOTS Onboarding Toolkit
STEP 3
Test
Voluntary
Introduction
Domain:
Once Only
Once - Only domain refers to the OOTS specific system components, activities, and policies usually under the European Commission control.
Testing services are a useful resource for development teams in the Member States while developing their OOTS components or integrations. E.g. the testing services allow developers to have a look at how the interfaces look like and what the expected behaviour is of the different components. They can start with the sample projects in the testing tools while their components are under development and gradually replace the testing tools with their own components.
The details of the testing service will further be discussed and elaborated in the testing and deployment sub-group.
The testing information currently available is intended as testing services for Member State teams:
- to get early access to the services and tools as prepared by the EC team.
- to familiarise yourselves with the testing approach and to see if this fits within their development and integration procedures.
- to provide feedback and think about further improvements or additions, to be picked up by the testing and deployment sub-group.
To access the testing roadmap and other relevant information about testing tools, please refer to the OOTS Onboarding Toolkit
Projectathons
Domain:
Once Only
Once - Only domain refers to the OOTS specific system components, activities, and policies usually under the European Commission control.
For both Evidence Requesters and Evidence Providers, once you have explored the standalone tests that you can execute at any time, in any order and on your own against the Test Platform, the following step is to attend one or more Projectathon events. These events bring together teams, either physically, virtually or in a hybrid format, to ensure functionality, interoperability and production-like scenarios and data flows.
All relevant information to plan and prepare your participation to a Projectathon is available via the link below:
For any questions or support requests on the Projectathon, reach out to the EC OOTS Support team by mailing EC-OOTS-SUPPORT@ec.europa.eu
STEP 4
Review Security
Strongly Encouraged
Get Security Aware
Domain:
Once Only
Once - Only domain refers to the OOTS specific system components, activities, and policies usually under the European Commission control.
OOTS provides information on security policy and objectives, as mandated by the legal framework. Each security objective is mapped to either a system functionality or a responsible for procedural or operational arrangement. Information on OOTS security policy and objectives is available via:
OOTS also provides recommendations on security and policy requirements for the management of eDelivery Access Points. The recommendations on security for the management of eDelivery Access Points is available via:
ANNEX: Security Framework
To learn more about how to report a security incident take a look at the OOTS OO Hub