Difference between revisions of "DBA 2nd iteration Solution Architecture"

From DE4A
Jump to navigation Jump to search
 
(224 intermediate revisions by 5 users not shown)
Line 1: Line 1:
== pilot iteration 2Introduction ==
+
__NUMBEREDHEADINGS__
Approach: we follow the SA as was done for Intermediation (1st iteration).
 
  
Working on thr SA I realize that the SA for iteration 1 might need an update as well... TBC
+
[[Doing Business Abroad Pilot|Back to Doing Business Abroad main page]]
  
=== Scope and focus ===
+
This is not a formal pilot deliverable, but aims to translate the PSA to a Doing Business Abroad context.
  
* Within scope
+
[Final]
** Modify DO/DE Mocks for S&N en Lookup patterns
 
** Common component voor Cross-border subscriptions (optional for MS to use, i.e. not mandatory)
 
** Event Notification + Evidence Lookup flavour, in line with PSA 2nd iteration
 
* Outside scope
 
** Resend a subscription request in case of an error (instead the possibility to inspect the logs and manually resend a request is deemed sufficient (MVP))
 
** Include the Evidence in the notification (instead pure notification + lookup)
 
** Attribute Lookup
 
  
=== DE4A preconditions ===
+
== DBA pilot iteration 2==
Usage of eDelivery for both S&N and LKP patterns.
+
The 2nd pilot iteration for DBA consists of:
  
=== Design choices ===
+
#extending use of the intermediation pattern to allow for more fine grained powers validation: see chapter 2.
Describe what WON'T be implemented for the pilot as well as design choices (see also scope section)
+
#the Subscription and notification pattern: see chapter 3.
 +
#the Lookup pattern (the lookup of evidence, not individual attributes): see chapter 4.
  
=== eIDAS and OOP TS ===
+
Chapter 5 specifies two additional requirements for the intermediation pattern to initiate subscriptions.
  
== DBA eIDAS solution ==
+
==Solution architecture for DBA authentication and powers validation==
This section contains the eIDAS solution architecture for the DBA pilot. The second pilot iteration adds fine grained powers validation to eIDAS and will be used in conjunction with the intermediation pattern. While the first iteration solution architecture supports full powers only, the second iteration allows for explicit expression of powers in a powers validation request and powers declaration. This requires extension of eIDAS.
+
This section contains the eIDAS solution architecture for the DBA pilot. eIDAS is used for piloting the intermediation pattern in DBA pilot iteration 1 and 2.
  
=== General design choices ===
+
In all DBA cases a natural person represents a company in the cross-border eProcedure. In both iterations the powers of the representative are validated. The granularity is different in both iterations though. In the first iteration only full powers will be validated. The pilot partners will use currently available eIDAS functionality for communicating this cross-borders. The second pilot iteration adds fine-grained powers validation to eIDAS. It allows for explicit expression of powers in a powers validation request and powers declaration. This requires extension of eIDAS with the SEMPER concepts and software.
The DBA eIDAS architecture has been designed with the following general design decisions:
 
  
# The DBA pilot will implement a pilot-eIDAS-network, meaning the Member States will implement dedicated pilot eIDAS nodes for cross-border authentication and powers validation that is isolated from the regular network of eIDAS nodes. As the project extends on the use of eIDAS with legal person attributes and powers validation, regular eIDAS nodes are not suitable for piloting. Furthermore, use of the dedicated eIDAS network allows for acceptance of non-notified eID for piloting only.
+
===General design decisions===
# The DBA pilot uses the eIDAS company identification attributes ('legal person attributes in eIDAS') to communicate the represented legal person to the DP. As most Member States do not provide these attributes currently, they need to be added for piloting.
+
The DBA eIDAS architecture has been designed according to the following general design decisions (see [[DE4A D4.6 DBA Pilot Planning v1.0 final.pdf|DBA deliverable D4.6]]):
# The DBA pilot will use eIDAS attribute profile 1.1 and/or CEF’s reference software for the eIDAS node version 2.4.
 
# The DBA pilot will use the SEMPER extension that is compatible with the eIDAS node 2.4 for fine-grained powers validation in the second pilot iteration.
 
  
 +
#The DBA pilot implements a pilot-eIDAS-network, meaning the Member States will implement dedicated pilot eIDAS nodes for cross-border authentication and powers validation that is isolated from the regular network of eIDAS nodes. As the project extends on the use of eIDAS with legal person attributes and powers validation, regular eIDAS nodes are not suitable for piloting. Furthermore, use of the dedicated eIDAS network allows for acceptance of non-notified eID for piloting only.
 +
#The DBA pilot uses the eIDAS company identification attributes ('legal person attributes in eIDAS') to communicate the represented legal person to the DP. As most Member States do not provide these attributes currently, they need to be added for piloting.
 +
#The DBA pilot uses eIDAS attribute profile 1.1 and/or CEF’s reference software for the eIDAS node version 2.4.
 +
#The DBA pilot uses the SEMPER extension that is compatible with the eIDAS node 2.4 for fine-grained powers validation in the second pilot iteration.
  
Compared to current eIDAS practice, the use of eIDAS will be extended by the DBA pilot with:
+
 
# Requesting and sending legal person attributes (identifying the company that applies for the service). Although eIDAS has been able to send legal person attributes from the start, this functionality has been notified just twice (by IT and NL) and has not been used in production services.
+
Compared to current eIDAS practice, the use of eIDAS is extended by the DBA pilot with:
# Validating powers of representation. This function is not part of the eIDAS network currently.
+
#Requesting and sending legal person attributes (identifying the company that applies for the service). Although eIDAS has been able to send legal person attributes from the start, this functionality has been notified just twice (by IT and NL) and has not been used in production services.
 +
#Validating powers of representation. This function is not part of the eIDAS-network currently.
 +
 
 +
<br>
  
 
<u>Ad 1. Legal Person attributes & record matching at the DC</u>
 
<u>Ad 1. Legal Person attributes & record matching at the DC</u>
  
* The pilot partners will send the mandatory eIDAS attributes for the legal person after successful authenticating and validating powers (LegalPersonIdentifier and LegalName).  
+
*The pilot partners will send the mandatory eIDAS attributes for the legal person after successful authenticating and validating powers (LegalPersonIdentifier and LegalName).
* The Data evaluator in the DBA pilot needs record matching on the company to determine whether the company has been registered at the company portal prior to the pilot start (without eIDASLegalpersonIdentifier). The DBA data evaluator will use the second mandatory eIDAS attribute (LegalName) for that purpose. If needed the Data evaluator interacts with the user to do additional checks in the matching process. Record matching at the data evaluator is an eProcedure portal (or data consumer) specific activity that does not need harmonisation across piloting partners.  
+
*The Data evaluator in the DBA pilot needs record matching on the company to determine whether the company has been registered at the company portal prior to the pilot start (without LegalPersonIdentifier). The data evaluator will use the second mandatory eIDAS attribute (LegalName) for that purpose. If needed the Data evaluator interacts with the user to do additional checks in the matching process. Record matching at the data evaluator is an eProcedure portal (or data consumer) specific activity that does not need harmonisation across piloting partners.
* The data owner does not need to do record matching on the company as it can use the eIDASLegalIdentifier to uniquely identify the company involved. This is a consequence of the pilot principle, that the authenticating proxy sends an eIDASLegalPersonidentifier that the business register itself uses in its company registration.  
+
*The data owner does not need to do record matching on the company as it can use the LegalPersonIdentifier to uniquely identify the company involved. This is a consequence of the pilot principle, that the authenticating proxy sends a LegalPersonIdentifier containing a company identifier that the business register itself uses in its company registration.
* Data evaluators and data owners do not need to do record matching on the ''natural person''. Therefore, no additional eIDAS attributes of the natural person are needed.
+
*Data evaluators and data owners do not need to do record matching on the ''natural person''. Therefore, no additional eIDAS attributes of the natural person are needed.
 +
 
 +
For more information, please see [[DE4A D4.6 DBA Pilot Planning v1.0 final.pdf]]
  
For more information, please see, please see the DBA analysis on record matching
+
<br>
  
 
<u>Ad 2. Powers validation</u>
 
<u>Ad 2. Powers validation</u>
  
* Pilot iteration 1 supports implicit full powers only. It uses the eIDAS network currently operational for sending the required information. The eIDAS infrastructure – from the start – supported exchange of natural person attributes as well as company identification attributes (‘legal person attributes’). The eIDAS regulation defined the minimum datasets for both the natural and the legal person. The information on the company in eIDAS has been limited to attributes identifying the company. The eIDAS network lacks a possibility to specify the powers to validate though. Attributes specifying the powers (‘the powers declaration’) have not been defined yet. Implementing this option will require consensus on an additional processing rule: “In case of full powers, the eIDAS authentication will be successful and the data provider sends the eIDAS legal person attributes as well. In case of insufficient powers, the authentication must fail.”. Only that way the data consumer knows whether the user has full powers. By the lack of an explicit powers declaration, this option does not support fine-grained powers validation.  
+
*Pilot iteration 1 supports implicit full powers only. It uses the eIDAS network currently operational for sending the required information. The eIDAS infrastructure – from the start – supported exchange of natural person attributes as well as company identification attributes (‘legal person attributes’). The eIDAS regulation defined the minimum datasets for both the natural and the legal person. The eIDAS network lacks a possibility to specify the powers of representation though; attributes specifying the powers (‘the powers declaration’) have not been defined yet. Hence, in iteration 1 the pilot partners agreed on the following access policy rule: “In case of full powers, the eIDAS authentication will be successful and the authentication proxy sends the eIDAS legal person attributes as well. In case of insufficient powers, the authentication must fail at the eIDAS proxy.”. Only that way the data consumer knows whether the user has full powers or not.
* '''Pilot iteration 2''' supports fine grained powers validation. By using the SEMPER extension on eIDAS, not only the natural and company identification attributes can be exchanged, an explicit powers declaration will be included as well. Using the extension, the data consumer additionally specifies the scope of the service the user needs powers for. After validating the powers, the data provider constructs a powers declaration confirming or denying the person’s powers. The extension allows for full powers validation as well as fine-grained validation. Furthermore, the extension adds attributes for specifying the powers, like the source of powers and one or more limitation to the use of the power.
+
* Pilot iteration 2 supports fine grained powers validation. By using the SEMPER extension on eIDAS, not only the natural and company identification attributes can be exchanged, an explicit powers declaration will be included as well. Using the extension, the data evaluator specifies the scope of the service the user needs powers for. After validating the powers, the authentication proxy constructs a powers declaration confirming or denying the person’s powers. This way, the extension allows for fine-grained powers validation.
 +
 
  
  
Main design decisions regarding fine grained powers validation:
+
Main design decisions regarding fine grained powers validation in iteration 2:
  
# the DBA pilot allows for representation of legal persons by natural persons only.
+
#the DBA pilot allows for representation of legal persons by natural persons only.
# the DBA pilot does not allow for intermediary parties (e.g. accounting firm operation on behalf of the company).
+
#the DBA pilot does not allow for intermediary parties (e.g. employee of an accounting firm operating on behalf of the company).
# the DBA pilot will operate a list of harmonised services to express the extent of powers. Non-harmonised services will not be supported.
+
#the DBA pilot operates a list of harmonised services to express the extent of powers. Non-harmonised services will not be supported.
# the DBA pilot will use the SDG annex II procedures as starting point for the list of harmonised services.
+
#the DBA pilot uses the SDG annex II procedures as starting point for the list of harmonised services.
# the DBA pilot will implement fine grained powers using the SEMPER extension to eIDAS or implement the SEMPER concepts in custom eIDAS software.
+
#the DBA pilot implements fine grained powers using the SEMPER extension to eIDAS or implement the SEMPER concepts in custom eIDAS software.
  
For more information, please refer to the DBA internal discussion paper on Powers validation.
+
For more information, please refer to [[DE4A D4.6 DBA Pilot Planning v1.0 final.pdf]]
  
=== Process realisation ===
+
===Process realisation===
 
The table below presents the components that implement the application services for the DBA pilot.
 
The table below presents the components that implement the application services for the DBA pilot.
 
{| class="wikitable"
 
{| class="wikitable"
Line 72: Line 72:
 
|'''Components'''
 
|'''Components'''
 
|-
 
|-
|Request authentication, including powers validation
+
| rowspan="4" |Request authentication, including powers validation
|Authentication  initiation
+
| rowspan="4" |Authentication  initiation
| - eProcedure portal
+
|eProcedure portal front-end
<nowiki>- </nowiki>Specific eIDAS connector  
+
eProcedure portal back-end
 
+
|-
- eIDAS connector
+
|Specific eIDAS connector
 
+
|-
- SEMPER extension
+
|eIDAS connector
 +
|-
 +
|SEMPER extension
 
|-
 
|-
 
|Authenticate user
 
|Authenticate user
 
|User authentication
 
|User authentication
| - Identity Provider
+
|Identity Provider
 
|-
 
|-
 
|Validate powers of representation
 
|Validate powers of representation
 
|User authentication
 
|User authentication
| - Mandate Management System
+
|Mandate Management System
 
|-
 
|-
 
|Retrieve legal person attributes
 
|Retrieve legal person attributes
 
|User authentication
 
|User authentication
| - Legal Person attribute provider (may be same as Mandate Management System)
+
|Legal Person attribute provider (may be same as Mandate Management System)
 +
|-
 +
| rowspan="3" |Provide authentication details, including powers declaration
 +
| rowspan="3" |User authentication
 +
|Specific eIDAS proxy
 +
|-
 +
|eIDAS proxy
 
|-
 
|-
|Provide authentication details, including powers declaration
+
|SEMPER extension
|User authentication
 
|<nowiki>- </nowiki>Specific eIDAS proxy
 
 
 
- eIDAS proxy
 
 
 
- SEMPER extension
 
 
|}
 
|}
 
+
[[File:EIDAS_+_SEMPER.png|alt=|450x450px]]
=== Component description ===
+
The SEMPER extension is the common component that the Member States need to deploy on their national eIDAS nodes. Instead of operating the SEMPER (reference) module, a custom extension that complies with the SEMPER specifications may be developed by the individual Member States as well.
+
===Component description===
[[File:Components for eIDAS powers validation.png|none|frame]]
+
The table below describes each of the components in this solution architecture.  
 
{| class="wikitable"
 
{| class="wikitable"
 
|+table: component description
 
|+table: component description
 
|'''Component'''
 
|'''Component'''
 +
|'''Type'''
 
|'''Short description of its use'''
 
|'''Short description of its use'''
 
|'''Changes for 2nd iteration piloting'''
 
|'''Changes for 2nd iteration piloting'''
 
|-
 
|-
|SEMPER extension
+
|eProcedure portal Front-end
|Common component (local deployment)
+
|DC specific
Component for extending the eIDAS connector and the eIDAS proxy to allow for explicit powers validation requests and powers declarations.  
+
|The eProcedure portal Front-end handles all user interaction on the web. For piloting DBA, the eProcedure portal Front-end needs to add the eIDAS login option to the login-webpage. As the DBA Pilot uses a dedicated network of eIDAS nodes, the eIDAS login option should be separated  from the regular eIDAS login option (in case not already available on the eProcedure portal).
|Needs to be deployed by Member States for communicating fine grained powers.
+
|None.  
This component has been developed by the SEMPER project and needs to be deployed on the eIDAS node of each of the Member States.
 
 
|-
 
|-
|Identity Provider
+
|eProcedure portal Back-end
|The Identity Provider handles authentication of the natural person. The IdP may be notified under eIDAS, but does not need to be notified to be used in the DBA pilot.
+
|
|No changes in 2nd pilot iteration.
+
|The eProcedure portal Back-end connects to the national eIDAS node via the specific eIDAS connector. The DBA login option should invoke the dedicated eIDAS connector instead of the regular one (a different URL).
|-
+
Furthermore, the eProcedure portal Back-end should evaluate the authentication result received from the eIDAS connector.  
|Legal Person AP
 
|Member States need to provide the identifying (mandatory) attributes of the legal person (eIDASLegalPersonID and eIDASLegalName) to the specific eIDAS proxy. Member States could provide optional attributes of the legal person. The Legal Person attributes may be integrated in the national eID scheme. For example, in eRecognition (NL) the mandate management system also provides the legal person attributes. MMS and Legal Person AP are one and the same component then.
 
|No changes in 2nd pilot iteration.
 
|-
 
|Mandate Management System
 
|Member State Specific
 
Member State specific solutions for registration and validation of powers.
 
 
 
In the DBA first iteration MVP, this source must be used to verify full powers only. In the MVP the declaration of powers that results from validating full powers is implicit: in case the authentication is successful, the user will have full powers to represent the company. In the second iteration MVP, when using SEMPER, the powers declaration is explicit: the powers declaration relates to the requested powers declaration and can be a powers declaration for a specific eService as well as a (explicit) powers declaration for full powers.
 
|Optionally (depending on national implementation) the harmonised services need to be included in the MMS.
 
|-
 
|Specific eIDAS connector
 
|Member State Specific
 
The Member State specific component that translates national eID protocol into eIDAS (light) protocol for requesting authentication and powers validation.
 
 
 
Member States usually implement one or more components to ‘bridge’ eIDAS to the national eID infrastructure. As from CEF eIDAS reference software 2.0, Member States use the eIDAS Light protocol for this. 
 
|To enable fine grained powers validation, the specific eIDAS connector needs to be extended for requesting powers validation alongside authentication.
 
|-
 
|Specific eIDAS proxy
 
|Member State Specific
 
 
 
The Member State specific component that translates national eID protocol into eIDAS (light) protocol for performing authentication and powers validation. Member States usually implement one or more components to ‘bridge’ eIDAS to the national eID infrastructure. As from CEF eIDAS reference software 2.0, Member States use the eIDAS Light protocol for this. Furthermore, the eIDAS proxy coordinates the login process at the DP Member State by triggering the IdP, Legal Person AP and MMS.
 
|The Specific eIDAS proxy needs to be adapted to translate the powers validation request (the scope of powers to be precise) to national powers taxonomy, send a powers validation request to the MMS in national protocol, receive and interpret the response from the MMS and translate it back to cross-border taxonomy.
 
|-
 
|eProcedure portal
 
|DC specific
 
The eProcedure  portal handles all user interaction on the web. It connects to the national eIDAS node via the specific eIDAS connector. This requires the  eProcedure portal to add the eIDAS login option to the login-webpage and interface to the specific eIDAS connector. As the DBA Pilot will use a dedicated network of eIDAS nodes, the eIDAS login option should be separated  from the regular eIDAS login option (in case not already available on the  eProcedure portal). The DBA login option should invoke the dedicated eIDAS connector instead of the regular one (a different URL).  
 
 
|In iteration 1 the eProcedure portal should request:
 
|In iteration 1 the eProcedure portal should request:
 
+
*authentication at ''LoA substantial''
* authentication at ''LoA substantial''
+
*the natural person attributes (at least the mandatory ones) '''''- to be discussed. This does not work with node 2.5/profile 1.2 implemented by AT (and SE?).'''''
* the natural person attributes (at least the mandatory ones)
 
 
* the legal person attributes (at least the mandatory ones)
 
* the legal person attributes (at least the mandatory ones)
  
In iteration 1 the eProcedure portal should:
+
In iteration 1 the eProcedure portal should apply the following rules for granting access after authentication:
  
* deny the user access in case  of an “authentication failed”.  
+
*deny the user access in case  of an “authentication failed”-reply.
* grant the user access in case  of an “authentication successful”.  
+
*grant the user access in case  of an “authentication successful”-reply.
  
  
Line 163: Line 137:
 
In iteration 2 the eProcedure portal should request:
 
In iteration 2 the eProcedure portal should request:
  
* authentication at ''LoA substantial''
+
*authentication at ''LoA substantial''
* the legal person attributes only (at least the mandatory ones)
+
*the legal person attributes only (at least the mandatory ones)
* request a powers validation on the applicable harmonised service
+
*request a powers validation on the applicable harmonised service
 +
 
 +
In iteration 2 the eProcedure portal should apply the following rules for granting access after authentication:
 +
 
 +
*deny the user access in case of an “authentication failed” or "powers not sufficient"
 +
*grant the user access in case of an “authentication successful” and "powers sufficient"
  
In iteration 2 the eProcedure portal should:
 
  
* deny the user access in case of an “authentication failed” or "powers not sufficient"
+
'''Please note: we need to discuss the requesting of eIDAS MDS attributes taking eIDAS profile 1.2 (section 2.8) into account (request from AT).'''
* grant the user access in case of an “authentication successful” and "powers sufficient"
+
|-
 +
|Specific eIDAS connector
 +
|Member State Specific
 +
|The Member State specific component that translates national eID protocol into eIDAS (light) protocol for requesting authentication and powers validation.
 +
Member States usually implement one or more components to ‘bridge’ eIDAS to the national eID infrastructure. As from CEF eIDAS reference software 2.0, Member States use the eIDAS Light protocol for this. 
 +
| To enable fine grained powers validation in iteration 2, the specific eIDAS connector needs to be extended for requesting powers validation alongside authentication.
 +
|-
 +
|(pilot) eIDAS connector
 +
|Common component (MS deployment)
 +
|The component Member States implement to connect to the eIDAS network as a relying party. The connector accepts authentication requests from the data evaluators of the Member State and forwards the requests to the Member States that needs to authenticate the user. After authentication, the eIDAS connector receives the authentication results and sends them to the requesting data evaluator.
 +
The eIDAS connector can be implemented using CEF’s reference software or a custom implementation compliant to the eIDAS interoperability specifications. The CEF reference software implements  – besides the eIDAS SAML profile – also the JSON/REST eIDAS Light protocol to connect to national infrastructure.
 +
|No changes in 2nd pilot iteration.
 
|-
 
|-
|eIDAS connector
+
|SEMPER extension
|Common component (local deployment)
+
|Common component (MS deployment)
The component Member States implement to  connect to the eIDAS network as a relying party. The connector accepts  authentication requests from the service providers of the Member State and forwards the requests to the Member States that needs to authenticate the  user. After authentication, the eIDAS connector receives the authentication  results and sends them to the requesting service provider (relying party).  
+
|Component for extending the eIDAS connector and the eIDAS proxy to allow for explicit powers validation requests and powers declarations.
 +
|Needs to be deployed by Member States for communicating fine grained powers in iteration 2.
 +
This component has been developed by the SEMPER project and needs to be deployed on the eIDAS node of each of the Member States.
  
The eIDAS connector can be implemented using CEF’s reference software or a custom implementation compliant to the eIDAS interoperability specifications. The CEF reference software implements – besides the eIDAS SAML profile – also the JSON/REST eIDAS Light protocol to connect to national infrastructure.
+
As an alternative Member States May develop a custom implementation of the SEMPER software that complies with the SEMPER SAML interface specifications.
|No changes in 2nd pilot iteration.  
+
|-
 +
|(pilot) eIDAS proxy
 +
|Common component (MS deployment)
 +
|The component Member States implement to allow authentication with their (notified) eID for services provided in other Member States. The eIDAS proxy receives authentication requests from relying Member States, coordinates authentication, retrieval of legal person attributes and powers validation. The eIDAS proxy then sends the result to the requesting eIDAS connector.
 +
Just like the eIDAS connector, the eIDAS proxy can be implemented using CEF’s reference software or a custom implementation compliant to the eIDAS interoperability specifications. The CEF reference software implements – besides the eIDAS SAML profile – also the JSON/REST eIDAS Light protocol to connect to national infrastructure.
 +
|No changes in 2nd pilot iteration.
 +
|-
 +
|Specific eIDAS proxy
 +
|Member State Specific
 +
|The Member State specific component that translates national eID protocol into eIDAS (light) protocol for performing authentication and powers validation. Member States usually implement one or more components to ‘bridge’ eIDAS to the national eID infrastructure. As from CEF eIDAS reference software 2.0, Member States use the eIDAS Light protocol for this. Furthermore, the eIDAS proxy coordinates the login process at the DP Member State by triggering the IdP, Legal Person AP and MMS.
 +
|In the second pilot iteration the Specific eIDAS proxy needs to be adapted to translate the powers validation request (the scope of powers to be precise) to national powers taxonomy, send a powers validation request to the Mandate Management System in national protocol, receive and interpret the response from the Mandate Management System and translate it back to cross-border taxonomy.
 
|-
 
|-
|eIDAS proxy
+
|Identity Provider
|Common component (local deployment)
+
|Member State Specific
The component Member States implement to allow authentication with their (notified) eID for services provided in other  Member States. The eIDAS proxy receives authentication requests from relying Member  States, coordinates authentication, retrieval of legal person attributes and  powers validation. The eIDAS proxy then sends the result to the requesting  eIDAS connector.  
+
|The Identity Provider handles authentication of the natural person. The IdP may be notified under eIDAS, but does not need to be notified to be used in the DBA pilot.
 
+
|No changes in 2nd pilot iteration.
Just like the eIDAS connector, the eIDAS  proxy can be implemented using CEF’s reference software or a custom  implementation compliant to the eIDAS interoperability specifications. The  CEF reference software implements – besides the eIDAS SAML profile – also the  JSON/REST eIDAS Light protocol to connect to national infrastructure.
+
|-
|No changes in 2nd pilot iteration.  
+
|Legal Person AP
 +
|Member State Specific
 +
|Member States need to provide the identifying (mandatory) attributes of the legal person (eIDASLegalPersonID and eIDASLegalName) to the specific eIDAS proxy. Member States could provide optional attributes of the legal person. The Legal Person attributes may be integrated in the national eID scheme. For example, in eRecognition (NL) the mandate management system also provides the legal person attributes. Mandate Management System and Legal Person AP are one and the same component then.
 +
|No changes in 2nd pilot iteration.
 +
|-
 +
|Mandate Management System
 +
|Member State Specific
 +
|Member State specific solutions for registration and validation of powers.
 +
   
 +
| In the DBA first pilot iteration, this source must be used to verify full powers. The declaration of powers that results from validating full powers is implicit: in case the authentication is successful, the user will have full powers to represent the company.  
 +
In the second pilot iteration, when using SEMPER, the powers declaration is explicit: the powers declaration relates to the requested powers declaration and can be a powers declaration for a specific eService as well as a (explicit) powers declaration for full powers. Optionally (depending on national implementation) the harmonised services need to be included in the MMS.
 
|}
 
|}
  
 +
===Functional requirements===
  
=== Requirements ===
+
The table below presents the requirements that the data evaluator and the authentication connector and proxy must implement.  
 
 
 
 
The table below presents the requirements that the data evaluator and the authentication connector must implement.  
 
 
{| class="wikitable"
 
{| class="wikitable"
 
|'''Role'''
 
|'''Role'''
|'''requirement'''
+
|'''Component'''
 +
|'''Requirement'''
 
|
 
|
'''implement for<br />
+
'''Use in pilot iteration 1'''
pilot iteration 1'''
+
|'''Use in pilot iteration 2'''
|'''implement for pilot iteration 2'''
 
 
|-
 
|-
 
| rowspan="6" |Data evaluator
 
| rowspan="6" |Data evaluator
 +
| rowspan="6" |eProcedure portal
 
|The eProcedure portal adds an eIDAS login option for piloting.
 
|The eProcedure portal adds an eIDAS login option for piloting.
 
|x
 
|x
|
+
|x
 
|-
 
|-
 
|The eProcedure portal connects to a ''dedicated'' eIDAS pilot node.
 
|The eProcedure portal connects to a ''dedicated'' eIDAS pilot node.
 
|x
 
|x
|
+
|x
 
|-
 
|-
 
|The eProcedure portal requests eIDAS legal person attributes (mandatory ones)
 
|The eProcedure portal requests eIDAS legal person attributes (mandatory ones)
 
|x
 
|x
|
+
|x
 
|-
 
|-
|The eProcedure portal grants the user access on behalf of the company in case of an “authentication successful” response.  
+
|The eProcedure portal grants the user access on behalf of the company in case of an “authentication successful” response.
 
|x
 
|x
 
|
 
|
Line 226: Line 236:
 
|-
 
|-
 
| rowspan="3" |Authentication connector
 
| rowspan="3" |Authentication connector
 +
|SEMPER extension
 +
|MS implements SEMPER extension to the eIDAS connector.
 +
|
 +
|x
 +
|-
 +
|Specific eIDAS connector
 +
|MS adapts the "specific eIDAS connector" to support powers validation requests and powers declarations
 +
|
 +
|x
 +
|-
 +
|eIDAS connector
 
|MS implements eIDAS connector 2.4. In case of a custom implementation (like Sweden) an attribute profile 1.1-compliant version of the connector will be used for piloting.
 
|MS implements eIDAS connector 2.4. In case of a custom implementation (like Sweden) an attribute profile 1.1-compliant version of the connector will be used for piloting.
 
|x
 
|x
|
+
|x
 
|-
 
|-
|MS implements SEMPER extension to the eIDAS connector.  
+
| rowspan="8" |Authentication proxy
 +
|SEMPER extension
 +
|MS implements SEMPER extension to the eIDAS proxy.
 
|
 
|
 
|x
 
|x
 
|-
 
|-
|MS adapts the "specific eIDAS connector" to support powers validation requests and powers declarations
+
|Specific eIDAS proxy
 +
|MS adapts the "specific eIDAS proxy" to support powers validation requests and powers declarations
 
|
 
|
 
|x
 
|x
 
|-
 
|-
| rowspan="8" |Authentication proxy
+
| rowspan="6" |eIDAS proxy
 
|MS implements CEF eIDAS proxy 2.4.  
 
|MS implements CEF eIDAS proxy 2.4.  
  
 
In case of a custom implementation (like Sweden) an attribute profile 1.1-compliant  version of the connector will be used for piloting.
 
In case of a custom implementation (like Sweden) an attribute profile 1.1-compliant  version of the connector will be used for piloting.
 
|x
 
|x
|
+
|x
 
|-
 
|-
|MS implements SEMPER extension to the eIDAS connector.
+
|MS connects an IdP to the eIDAS proxy node for authenticating the natural person
|
+
|x
 
|x
 
|x
 
|-
 
|-
|MS adapts the "specific eIDAS proxy" to support powers validation requests and powers declarations
+
|MS connects attribute provider (AP) to eIDAS node for eIDAS legal person attributes (in case not integrated in the MMS)
|
 
 
|x
 
|x
|-
 
|Ms connects an IdP to the eIDAS proxy node for authenticating the natural person
 
 
|x
 
|x
|
 
 
|-
 
|-
|MS connects attribute provider (AP) to eIDAS node for eIDAS legal person  attributes (in case not integrated in the MMS)
+
|MS connects mandate management system (MMS) to eIDAS node for validating powers. Note: AP and MMS could be the same data source.
 
|x
 
|x
|
 
|-
 
|MS connects mandate management system (MMS) to eIDAS node for validating  full powers. Note: AP and MMS could be the same data source.
 
 
|x
 
|x
|
 
 
|-
 
|-
|Ms validates full powers
+
|MS validates (implicit) full powers
 
|x
 
|x
 
|
 
|
Line 274: Line 290:
 
|}
 
|}
  
=== Component Deployment ===
+
===Component Deployment===
 +
The table below shows the required deployment of common components.
 +
{| class="wikitable"
 +
|+
 +
!Component
 +
!Version
 +
|-
 +
|eIDAS connector
 +
|CEF reference software version 2.4
 +
or custom software implementing interoperability specs 1.1
 +
|-
 +
|eIDAS proxy
 +
|CEF reference software version 2.4
  
* eIDAS node 2.4 + SEMPER extension for node 2.4
+
or custom software implementing interoperability specs 1.1
 +
|-
 +
|SEMPER extension
 +
|The 2.4-compliant version of the SEMPER extension provided by Technical University Graz (SEMPER project)
 +
|}
  
  
 
Open questions AT:  
 
Open questions AT:  
  
* can we upgrade to eIDAS node 2.5? No compatible SEMPER extension available (check with TUG).
+
*can we upgrade to eIDAS node 2.5? No compatible SEMPER extension available (check with TUG).
* can we adapt the way we request attributes for iteration 1? -> don't request the natural person attributes, use the natural person representative attributes for this (profile 1.2 style).  
+
*can we adapt the way we request attributes for iteration 1? -> don't request the natural person attributes, use the natural person representative attributes for this (profile 1.2 style).
 +
 
 +
===Configuration of authentication requests===
 +
<u>Configuration for pilot iteration 1</u>
 +
*regular eIDAS request & response
 +
**eIDAS attributes to request: natural person and legal person attributes (at least the mandatory ones)
 +
**eIDAS attributes to respond with: natural person and legal person attributes (at least the mandatory ones) - including a copy of natural person attributes as ''representative'' is optional.
 +
 
 +
<u>Configuration for pilot iteration 2</u>
 +
 
 +
*regular eIDAS request & response
 +
**eIDAS attributes to request: legal person attributes only (at least the mandatory ones)
 +
**eIDAS attributes to respond with:legal person attributes (at least the mandatory ones) and ''representative'' natural person attributes (at least he mandatory ones) using the representative-prefix
 +
 
 +
*powers validation request & powers declaration (response)
 +
**request:
 +
***scope of powers to validate
 +
***type of representation allowed
 +
***source of powers accepted
 +
**response:
 +
***validation result (successful or not)
 +
***type of representation
 +
***source of powers
 +
 
 +
===Configuration of harmonised services===
 +
Principles for configuration:
 +
 
 +
*The DBA pilot relies on a common library of services to express the extent of powers: the harmonised services. This way, each of the participating Member States understand the powers validation requests of other Member States. It's up to each of the Member States to translate the harmonised services into nationally defined services (authentication connector-side) / powers (authentication proxy-side).
 +
* The DBA pilot uses the SDGR services as starting point. These services have been defined in European legislation (as procedures in annex II of the Regulation). Hence, they have been pre-defined and harmonised already across Europe. The DBA pilot defines the "SDGR" harmonised services catalogue for use in the SEMPER extension.
 +
* The DBA pilot is not limited to SDGR services though, e.g. opening a branch cross-border is explicitly excluded from the SDGR, but is included in some of the pilot scenario's. For services 'beyond SDGR' the DBA pilot has defined the "SDGRplus" harmonised services catalogue.
  
=== Component configuration ===
 
 
Proposal for the harmonised services to express powers cross-border:
 
Proposal for the harmonised services to express powers cross-border:
 
{| class="wikitable"
 
{| class="wikitable"
 
|+
 
|+
 
table: harmonised services for cross-border validation of powers
 
table: harmonised services for cross-border validation of powers
!Catalogue
+
!Service catalogue
 
!Nr
 
!Nr
 
!Harmonised service
 
!Harmonised service
Line 317: Line 377:
 
|Payment of social contributions for employees
 
|Payment of social contributions for employees
 
|-
 
|-
|SDGR+
+
|SDGRplus
 
|1
 
|1
|Starting of a company or opening as branch
+
|Starting of a company or opening a branch in another member state
 
|-
 
|-
|SDGR+
+
|SDGRplus
 
|2
 
|2
 
|Initial registration of a business activity with the business register
 
|Initial registration of a business activity with the business register
 
|}
 
|}
 +
*
  
=== Interfaces ===
+
===Logical interfaces===
The request will be a combination of a regular eIDAS request (not new) and a powers validation request (new).  
+
SAML interface specifications for regular authentication requests (pilot iteration 1) have been specified by CEF Digital: https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS+eID+Profile
 
 
 
 
'''regular eIDAS request & response'''
 
 
 
* eIDAS attributes to request: legal person attributes only (at least the mandatory ones)
 
* eIDAS attributes to respond with:legal person attributes (at least the mandatory ones) and ''representative'' natural person attributes (at least he mandatory ones) using the representative-prefix
 
 
 
 
 
'''powers validation'''
 
 
 
* request:
 
** scope of powers to validate
 
** type of representation allowed
 
** source of powers accepted
 
* response:
 
** validation result (successful or not)
 
** type of representation
 
** source of powers
 
  
SAML interface specifications for regular authentication requests (pilot iteration 1) have been specified by CEF Digital: https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS+eID+Profile
 
 
SAML interfaces specification for SEMPER-extended authentication request and response (pilot iteration 2) have been specified by SEMPER: see chapter 6 from deliverable M3 Report on mandate attributes and solutions for cross-border mandate attributes - 1.0.
 
SAML interfaces specification for SEMPER-extended authentication request and response (pilot iteration 2) have been specified by SEMPER: see chapter 6 from deliverable M3 Report on mandate attributes and solutions for cross-border mandate attributes - 1.0.
  
 
[[File:2019-07-08 M3 Report on mandate attributes and solutions for cross-border mandate attributes - 1.0.pdf|border|left|2019-07-08 M3 Report on mandate attributes and solutions for cross-border mandate attributes - 1.0.pdf]]
 
[[File:2019-07-08 M3 Report on mandate attributes and solutions for cross-border mandate attributes - 1.0.pdf|border|left|2019-07-08 M3 Report on mandate attributes and solutions for cross-border mandate attributes - 1.0.pdf]]
  
 +
==Solution architecture for Subscription & Notification pattern==
 +
This section specifies the solution for the [[Subscription and Notification Pattern|Subscription & Notification pattern]] that will be piloted by the DBA pilot in the second iteration. 
 +
 +
Within scope of the DBA pilot:
 +
*Modify DO/DE Mocks for the S&N pattern: for testing the S&N pattern, new versions of the DO- and DE-mocks need to be developed by the technical workpackage within DE4A.
 +
*Common component for Cross-border subscriptions and notification.
 +
*Event Notification, in line with PSA 2nd iteration: the PSA defines several options for implementing the S&N pattern. The option chosen provides a solution for notifying business events and triggering of the Lookup pattern in case (an updated version of) evidence is required by the DE.
  
 +
Outside scope of the DBA pilot:
 +
*Inspecting the log files for examining an error in sending a subscription request or notification.
 +
* Resend a subscription request in case of an error;
 +
* Resending a notification in case of an error (notification front-end);
 +
*Include the Evidence in the notification: in case the DE needs (an updated version of) the evidence, it will use the Lookup pattern.
 +
*Authorisation of DE's subscribing and DO's notifying (the component "authorization controller").
  
 +
To be analysed by semantic experts within DE4A:     
  
 +
*DBA requests the semantic experts to examine the authorization controller for the S&N pattern. The DBA partners don't require the authorization controller for piloting, but are aware this component is needed in case of large scale use of the S&N pattern. For the S&N pattern, the authorization controller should:     
 +
**Establish whether the DE is allowed to subscribe. This prevents unauthorised access to company data (in the form of notifications). This authorisation should be checked by the DT.
 +
**Establish whether the DO is allowed to send a notification. This prevents unauthorised sending of (fake) notifications. This authorisation should be checked by the DR.
  
== DBA OOP TS solution ==
+
Prerequisite from the DE4A-project is the use of eDelivery and AS4 for the exchange of messages in the S&N and Lookup patterns. This means that eDelivery will be used for:     
<span style="background:#FFFF00">Maybe this is the place to insert explanation of the subscription application collaboration (and notification?), i.e. front-end/back-end w.r.t. notifications.</span>
 
  
The shared solution for the OOP TS consists of all common functionality of the OOP technical system. Most of the common OOP TS components need to be implemented by the data requestor and data transferor, although the OOP TS uses central components as well. 
+
#requesting a subscription (DE to DO)
[[File:Shared OOPTS.png|none|thumb|547x547px|Shared solution OOP TS]]
+
# confirming a subscription (DO to DE)
=== Shared solution ===
+
# notifying a business event (DO to DE)
The OOP TS domain (WP5) provide the data requestor and data transferor with the components needed for
+
In the next sections the general design decisions, process realisations, component descriptions, requirements, component implementations and expected logical interfaces are described.
  
# cross-border subscription and notification messages
+
===General Design Decisions===
# performing the lookup of an evidence
+
The following design decisions have been applied to the solution for S&N:
 +
*The DBA pilot uses one type of subscription message and one type of notification message that all DC’s and DP’s involved will use. The subscription message is for subscribing to cross-border events generated at the DP. The notification message is for notifying the DC of such events. If the DC desires the Evidence can be retrieved using the Lookup. This implies an update of the IEM (to be provided by the semantics work package in DE4A).
 +
*There will be just one data owner per Member State: the business register, where the subscription will be recorded and where the cross-border events are generated, i.e. the authentic source of company information. The pilot does not support multiple DO's / notifying authorities in one Member State.
 +
*For a given subscription provider (data owner), just one subscription is allowed per combination of (a) data evaluator, (b) company and (c) event catalogue. In other words, the DE can not register multiple subscriptions for one single company and one event catalogue at a subscription provider. If this is required in the future (after piloting DBA), then this functionality needs to be added to the solution.
 +
*Using a single subscription request, the DE will subscribe to updates for a single company in a single Member State.
 +
**As soon as the DE wants to subscribe to updates of multiple companies at one DO, it needs to send multiple subscription request to that DO (one for each company it wants to subscribe to).
 +
**As soon as the DE wants to subscribe to updates for one company in two Member States, it needs to request two separate subscriptions, one for each Member State. This use case is not applicable to the DBA pilot though.
 +
*A notification concerns only one single event of one single company and will be addressed to only one Member State.
 +
**In case DE's from different Member States have subscribed to business events of a specific company, the DP needs to notify each of the Member States individually.
 +
**In case the DP needs to notify a DE of multiple events for a specific company, the DP needs to send multiple notifications (one for each event).
 +
**In case the DP needs to notify a DE of one event impacting multiple companies, the DP needs to send multiple notifications (one for each company).
 +
*Business event notification is considered an extension to the SDGR, hence explicit request and the preview functions won't be implemented.
 +
*The S&N pattern has been designed without any user interaction.
 +
*In contrary to the PSA for this pattern, the ending date & time for a subscription are voluntary, meaning that as long as the DE has not indicated the ending date & time, the subscription remains valid. Mandatory ending dates & time may lead to arbitrary ending dates set in the far future by the DE. Furthermore, there seems to be no legal basis for maximising the subscription period to - for example - 5 years.
 +
*In this solution the DE is in charge of its subscriptions at any time. There is no requirement to allow the data owner to end subscriptions single handed (e.g. after the company ended its operation).
 +
The OOP TS domain (to b provided by the technical work package of DE4A) provides the data requestor and data transferor with the components needed for exchange of cross-border subscription and notification messages.
  
In the MVP the DBA pilot uses one type of subscription message and one type on notification message that all DC’s and DP’s involved will use. The subscription message is for subscribing to cross-border events generated at the DP. The notification message is for notifying the DC of such events. If the DC desires the Evidence can be retrieved using the Lookup. This implies an update of the <span style="background:#FFFF00">IEM</span> (WP3). There will be just one data provider per Member state: the business register, where the subscription will be recored and where the cross border events are generated, i.e.is the authentic source of company information. The DC will subscribe in one Member State at a time. The DP will notify one Member State at the time. The explicit request and the preview functions won't be needed, in both interaction patterns there is no user involvement.  
+
===Process realisation===
 +
The solution for the S&N patterns includes required functionality of the OOP Technical System (common components) expressed as application components and interfaces in the diagram below. Some common components need to be implemented by the data requestor and data transferor, some components by the data evaluator and data owner and some are common components to be implemented by the DE4A technical workpackage. The image below depicts the solution for the Subscription & Notification pattern (S&N) with the familiar split in the different roles.
  
==== Process realisation ====
+
[[File:OOP TS S&N.png|alt=OOP TS DBA Subscription & Notification|none|frame|OOP TS DBA Subscription & Notification]]
The table below presents the components that implement the application services for the DBA pilot. The process realization is dealt with per pattern with S&N split in two as they are independently triggered.
+
The table below presents the components that implement the application services for the DBA pilot. The process realisation is split in two (subscription and notification) as they are independently triggered. See [[Subscription and Notification Pattern|Subscription and Notification]] in the Project Start Architecture (PSA 2nd iteration) for more details.
  
===== '''''Subscription''''' =====
+
=====''Subscription''=====
 
{| class="wikitable"
 
{| class="wikitable"
 
|'''Process'''
 
|'''Process'''
Line 380: Line 454:
 
|Initiate subscription (DC)
 
|Initiate subscription (DC)
 
|Subscription Initiation
 
|Subscription Initiation
|eProcedure Back-office Backend
+
|
 +
*[[eProcedure Back-office Backend]]
 +
*Back-office to OOP TS Interface
 +
*[[Connector|DE4A connector]]
 
|-
 
|-
 
|Change subscription (DC)
 
|Change subscription (DC)
 
|Subscription Initiation
 
|Subscription Initiation
|eProcedure Back-office Backend
+
|
 +
*eProcedure Back-office Backend
 +
*Back-office to OOP TS interface
 
|-
 
|-
 
|Lookup event provider routing information (DC)
 
|Lookup event provider routing information (DC)
 
|Inquire Routing Information
 
|Inquire Routing Information
|Data Service Lookup
+
|
 +
*[[Information Desk|IDK]]
 +
*DNS & [[SML/DNS|SML]]
 +
*MS [[SMP]]
 
|-
 
|-
 
|Send subscription request (DC)
 
|Send subscription request (DC)
 
|
 
|
* Message Encryption
+
*Message Encryption
* e-Signature Creation Service
+
*e-Signature Creation Service
* Data Exchange Service
+
*Data Exchange Service
  
*  
+
*
|
+
| eDelivery access point:
* Trust Service Provisioning
+
*[[Trust Service Provisioning]]
* Data Encryption/Decryption
+
*[[Data Encryption/Decryption]]
* Data Exchange
+
*[[Data Exchange]]
 
|-
 
|-
 
|Validate subscription request (DP)
 
|Validate subscription request (DP)
 
|
 
|
* eSignature Validation Service
+
*eSignature Validation Service
* Message Decryption
+
*Message Decryption
* Authority Check
+
*Authority Check (out of scope)
|
+
|eDelivery access point:
* Authorization Controller
+
*Trust Service Provisioning
* Trust Service Provisioning
+
*Data Encryption/Decryption
* Data Encryption/Decryption
 
 
|-
 
|-
 
|Evaluate subscription request (DP)
 
|Evaluate subscription request (DP)
 
|Subscription Evaluation
 
|Subscription Evaluation
|Subscription System
+
|[[Subscription System]]
 
|-
 
|-
 
|Exception: Prepare subscription error message (DP)
 
|Exception: Prepare subscription error message (DP)
 
|Subscription Error Handling
 
|Subscription Error Handling
|Subscription System
+
|
 +
*Subscription System
 +
*IDK
 +
*DNS & SML
 +
*MS SMP
 
|-
 
|-
|Exception Send subscription error message (DP)
+
|Exception: Send subscription error message (DP)
|
 
* Message Encryption
 
* e-Signature Creation Service
 
* Data Exchange Service
 
 
|
 
|
* Trust Service Provisioning
+
*Message Encryption
* Data Encryption/Decryption
+
*e-Signature Creation Service
* Data Exchange
+
*Data Exchange Service
 +
|eDelivery access point:
 +
*Trust Service Provisioning
 +
*Data Encryption/Decryption
 +
*Data Exchange
 
|-
 
|-
 
|Exception: Forward subscription error (DC)
 
|Exception: Forward subscription error (DC)
|n/a
 
 
|
 
|
 +
|
 +
*Back-office to OOP TS interface
 +
*DE4A connector
 
|-
 
|-
 
|Exception: Investigate reason for subscription error (DC)
 
|Exception: Investigate reason for subscription error (DC)
|n/a
+
|out of scope
|
+
|out of scope
 
|-
 
|-
 
|Register subscription (DP)
 
|Register subscription (DP)
Line 444: Line 531:
 
|Confirm subscription (DP)
 
|Confirm subscription (DP)
 
|Subscription Confirmation
 
|Subscription Confirmation
|Subscription System
+
|
 +
*Subscription System
 +
*DE4A connector
 +
*IDK
 +
*DNS & SML
 +
*MS SMP
 
|-
 
|-
 
|Send subscription confirmation (DP)
 
|Send subscription confirmation (DP)
 
|
 
|
* Message Encryption
+
*Message Encryption
* e-Signature Creation Service
+
*e-Signature Creation Service
* Data Exchange Service
+
*Data Exchange Service
|
+
|eDelivery access point:
* Trust Service Provisioning
+
*Trust Service Provisioning
* Data Encryption/Decryption
+
*Data Encryption/Decryption
* Data Exchange
+
*Data Exchange
 
|-
 
|-
 
|Forward confirmation (DC)
 
|Forward confirmation (DC)
 
|n/a
 
|n/a
 
|
 
|
 +
*Back-office to OOP TS interface
 +
*DE4A connector
 
|-
 
|-
 
|Log subscription information (DC)
 
|Log subscription information (DC)
 
|n/a
 
|n/a
|
+
|eProcedure Back-office Backend
 
|}
 
|}
===== '''''Notification''''' =====
+
=====''Notification''=====
 
{| class="wikitable"
 
{| class="wikitable"
 
|'''Process'''
 
|'''Process'''
Line 470: Line 564:
 
|'''Components'''
 
|'''Components'''
 
|-
 
|-
|Identify event (DP)
+
|Identify cross-border event (DP)
 
|Cross-border Event Filter
 
|Cross-border Event Filter
|Cross-border Event Handler
+
|[[Cross-border Event Handler]]
 
|-
 
|-
 
|Check subscriptions (DP)
 
|Check subscriptions (DP)
 
|Subscription Lookup
 
|Subscription Lookup
|Subscription System
+
|
 +
*Cross-border Event Handler
 +
*Subscription System
 
|-
 
|-
 
|Prepare notification message and subscriber list (DP)
 
|Prepare notification message and subscriber list (DP)
 
|Notification Message and Subscriber List Preparation
 
|Notification Message and Subscriber List Preparation
|Cross-border Event Handler
+
|
 +
*Cross-border Event Handler
 +
*DE4A connector
 +
*Event handler to OOP TS interface
 
|-
 
|-
 
|Exception: Resend past events (DP)
 
|Exception: Resend past events (DP)
|Manual Event Dispatch
+
|out of scope
|Notification Front-end
+
|out of scope
 
|-
 
|-
 
|Resolve service metadata (DP)
 
|Resolve service metadata (DP)
 
|Inquire Routing Information
 
|Inquire Routing Information
|Data Service Lookup
+
|
 +
*IDK
 +
*DNS & SML
 +
*MS SMP
 
|-
 
|-
 
|Exception: Resolve subscriber participant ID and inform National Contact Point (DP)
 
|Exception: Resolve subscriber participant ID and inform National Contact Point (DP)
|Subscription Mismatch Log
+
|out of scope
|Notification Front-end
+
|out of scope
 
|-
 
|-
 
|Send event notification (DP)
 
|Send event notification (DP)
 
|
 
|
* Message Encryption
+
*Message Encryption
* e-Signature Creation Service
+
*e-Signature Creation Service
* Data Exchange Service
+
*Data Exchange Service
|
+
|eDelivery Access point:
* Trust Service Provisioning
+
*Trust Service Provisioning
* Data Encryption/Decryption
+
*Data Encryption/Decryption
* Data Exchange
+
*Data Exchange
 
|-
 
|-
 
|Validate event notification (DC)
 
|Validate event notification (DC)
 
|
 
|
* eSignature Validation Service
+
*eSignature Validation Service
* Message Decryption
+
*Message Decryption
* Authority Check
+
*Authority Check (out of scope)
|
+
|eDelivery Access point:
* Trust Service Provisioning
+
*Trust Service Provisioning
* Data Encryption/Decryption
+
*Data Encryption/Decryption
* Data Exchange
+
*Data Exchange
 
|-
 
|-
 
|Determine event response (DC)
 
|Determine event response (DC)
Line 520: Line 622:
 
|Request change of subscription (DC)
 
|Request change of subscription (DC)
 
|
 
|
* Notification Mismatch Signal
+
*Notification Mismatch Signal
* Update Notification Response Log
+
*Update Notification Response Log
 
|eProcedure Back-office Backend
 
|eProcedure Back-office Backend
 
|-
 
|-
Line 537: Line 639:
 
|}
 
|}
  
===== '''''Lookup''''' =====
+
===Component description===
Note: compared with Intermediation the user is absent.
+
The following table lists the components indicated in the image above. Per component a short description of its use is given, by which role the component is used (i.e. DE, DR, DT, DO) and whether the component is MS specific or common functionality. 
{| class="wikitable sortable"
+
{| class="wikitable"
|'''Process'''
+
|'''Component'''
|'''Application Service'''
+
|'''Short description of its use'''
 +
|'''Role'''
 +
|'''Genericness*'''
 +
|'''Changes for 2nd iteration piloting'''
 +
|-
 +
|eProcedure Back-office Backend
 +
|This component implements back-end functionality for executing the eProcedure. Examples in the context of S&N:
 +
 
 +
*collecting relevant data for a subscription request
 +
*keeping track of subscriptions of the DE
 +
*processing subscription confirmations / errors
 +
*determining an appropriate response to a notification (e.g. discard or Lookup updated evidence)
 +
*updating logs
 +
 
 +
|DE
 +
|specific
 +
|Requires new functionality for S&N pattern in each of the DE's.
 +
 
 +
 
 +
'''TBD''' is the required functionality generic enough to justify a common component that DE's can deploy? Each DE needs to keep track of its subscriptions and needs event interpretation functionality as well. To some extend, registering the subscriptions is a mirror of the subscription system of the DO.
 +
 
 +
|-
 +
|Back-office to OOP TS
 +
|Interface for connecting the DE's backoffice with the OOP TS for:
 +
 
 +
*requesting (changes to) subscriptions
 +
* receiving subscription confirmations / errors
 +
*receiving notifications
 +
Just like the portal to OOP TS interface (as described in the DBA first iteration solution architecture), Member States may choose to implement this interface in a generic way to bridge national OOP protocols to DE4A datamodel at one single place. Furthermore, Member States may choose to integrate both interfaces (portal to OOP TS and backoffice to OOP TS) in one single interface.
 +
|DR
 +
|specific
 +
|Needs to be developed and implemented for the second iteration.
 +
May be partial re-use of the portal to OOP TS interface.
 +
|-
 +
|DE4A Connector
 +
|Taking care of eDelivery and IDK interfacing, shielding DR and DT from complexities and facilitating ease of implementation.
 +
 
 +
Error handling and logging.
 +
|DR, DT
 +
|common
 +
|Needs extension for S&N pattern to facilitate interaction on:
 +
- subscriptions
 +
 
 +
- notifications
 +
|-
 +
|IDK
 +
|DE4A playground IDK: a web application for locating the service to reach out to.
 +
|DR, DT
 +
|common
 +
|'''Change w.r.t. iteration 1?''' There is no evidence provider lookup, instead the endpoint where to send the subscription request to is needed. Also there is no evidence response.
 +
 
 +
 
 +
As the DBA pilot uses just one type subscription message with just one data provider per Member state (on NUTS0 level),  there is no need for dynamic discovery of the data provider. For the DBA pilot it is sufficient to use a simple configuration file with the required elements (member state and participant id) like in iteration 1.
 +
 
 +
See logical interfaces section below
 +
|-
 +
|MS SMP
 +
|For each subscription request/response, information on the receivers Access Point (URL) and its certificates are needed. Each member state hosts an SMP for this purpose (note: for testing one single centrally hosted DE4A SMP will be used). Before sending a request or response, the sending party queries the SMP of the receiver to get this info. 
 +
|DR, DT
 +
|common
 +
|None expected.
 +
|-
 +
|eDelivery Access Point
 +
|This component – also referred to as eDelivery AS4 gateway – handles the secure transfer of the data, including  encryption and decryption as well as signing/sealing and validating  signatures/seals.
 +
|DR, DT
 +
|common
 +
|Needs configuration for accepting subscription, notifications and lookup messages for the second iteration.
 +
|-
 +
|DNS & SML
 +
|As there are multiple SMP’s, the sending party needs to know where to find the SMP of the receiver to get the actual  metadata. This location can be found in the centrally CEF-hosted DNS, that  will be queried by the access point of the sending member state.
 +
 
 +
DNS entries will be created from the  registration of SMP’s: the SML, which is also centrally hosted by CEF.
 +
| Central
 +
|central
 +
|None expected.
 +
|-
 +
|Cross-border Event Handler
 +
|Application component handling the cross-border events. It filters all domestic events for relevant cross-border events and takes care of preparing a notification message and compiling a subscribers list to which the notification must be sent.
 +
|DO
 +
|common
 +
|The Cross-border Event Handler could be part of the Connector or at least be a common component. All DPs need this functionality.
 +
|-
 +
|Subscription System
 +
|Application component managing the entire life cycle of subscriptions, i.e. creation and maintaining subscriptions. It also offers functionality for validating subscriptions (does subject exist?, is the event supported?, is the subscription changing an existing subscription?), confirmation of a subscription and error handling.
 +
|DO
 +
|common
 +
|To be developed
 +
 
 +
 
 +
'''TBD''': is this generic enough to justify a common component that SO's may deploy if they like?
 +
|}
 +
<nowiki>*</nowiki>genericness: specific: to be developed, deployed and hosted by MS; common: to be developed by WP5 and deployed and hosted by MS; central: to be developed, deployed and hosted by CEF
 +
 
 +
===Functional requirements===
 +
The table below presents the requirements that the components involved need to implement.
 +
{| class="wikitable"
 
|'''Component'''
 
|'''Component'''
 +
|'''Nr'''
 +
|'''DBA requirement'''
 +
|'''Comment'''
 
|-
 
|-
|Determine required cross-border evidence (DC)
+
| rowspan="9" |eProcedure Backoffice Backend
|Cross-border Evidence Matching
+
|1
|Evidence Type Translator
+
|The DE should be able to subscribe to the combination of:
 +
 
 +
#a company
 +
#one or more business events (catalogue & type)
 +
|For piloting it is sufficient to skip the specification of events to subscribe to. It will be all or none.
 
|-
 
|-
|Lookup routing information (DC)
+
|2
|Inquire Routing Information
+
|The DE should monitor actual subscription at the DO by processing the subscription confirmation / error.
|Data Service Lookup
+
|
 
|-
 
|-
|Request evidence (DC)
+
|3
 +
|The DE should have the option to set a defined time frame for receiving notifications to automatically end a subscription.
 
|
 
|
* Message Encryption
+
|-
* e-Signature Creation Service
+
|4
* Data Exchange Service
+
|The DE should be able to manage the “end date” of the subscription (prolong, shorten, …).
 
|
 
|
* Trust Service Provisioning
 
* Data Encryption/Decryption
 
* Data Exchange
 
 
|-
 
|-
|Evaluate evidence request (DP)
+
|5
 +
|The DE should be able to unsubscribe to all notifications for a company at once.
 +
|See req 1. for piloting a "all or none" subscription is fine.
 +
|-
 +
|6
 +
|The DE should at any time have an overview of all its subscriptions in order to manage them.
 +
|
 +
|-
 +
|7
 +
|The DE may process a notification instantly, but may also choose to process the notifications in batch, e.g. once a day or week.
 
|
 
|
* eSignature Validation Service
+
|-
* Message Decryption
+
|8
* Data Exchange Service
+
|The DE should have a legal basis for processing business events.
* Authority Check
+
|It’s up to the DE to manage this. The DE will be  accountable for its data processing.
 +
|-
 +
|9
 +
|The DE should implement logic to decide when (by which events) to lookup evidence.
 
|
 
|
* Trust Service Provisioning
 
* Data Encryption/Decryption
 
* Data Exchange
 
 
|-
 
|-
|Establish subject identity (DP)
+
| rowspan="3" |DE4A connector
|Identity/Record Matching
+
|1
|Record Matching
+
|The DR must confirm having received the notification (by the DR not the DE) to the DT.
 
+
|From that point on delivery of the notifications to the DE is the responsibility of the DR (and not the DT or DO).
(needed for company matching right?)
 
 
|-
 
|-
|Communicate non-availability of OOP (DP)
+
|2
 +
|The DT needs to confirm having received the subscription request to the DR.
 
|
 
|
* Error Handler
+
|-
 +
|3
 +
|Each message sent requires a confirmation from the receiving actor (acknowledgement). For technical error messages concerning a subscription, notification or lookup the existing WP5 list can be used. e.g. timed-out, component unavailable, XML error, etc.
 +
|Errors need to be implemented for the messages required for both new patterns.
 +
|-
 +
|Back-office to OOP TS interface
 +
|1
 +
|The DR should provide a facility for delayed forwarding of notifications to the DE.
 +
|The DR probably needs a queue for this. This queue should guarantee delivery of the notifications to the DE, even if the DE is not online at some point in time or some other error prevents sending the notification.
 +
This functionality preferably is not part of the Connector which should remain stateless.
 +
|-
 +
| rowspan="4" |Subscription system
 +
|1
 +
|The DO should send a confirmation of registering or changing the subscription to the DE.
 +
|Including error code and handling.
 +
|-
 +
|2
 +
|The DO should generate one of the following error messages in case of registration error:
 +
1. subscription registration failed (e.g. actor not authorised to subscribe, company identifier not found)
  
* Message Encryption
+
2. subscription change failed (e.g. subscription to change not found in subscription system). 
* e-Signature Creation Service
+
| For piloting these two business errors are sufficient.
* Data Exchange Service
+
Business list of errors might be extended in future releases (after piloting).
|
+
 
* Trust Service Provisioning
+
 
* Data Encryption/Decryption
+
As a generic principle, the error message should convey little information in itself. Providing more information enables possible attackers in their attempts.
* Data Exchange
 
 
|-
 
|-
|Extract evidence (DP)
+
|3
|Evidence Lookup
+
|The subscription system should register:
|Evidence Query
+
- data evaluator
 +
 
 +
- company ID
 +
 
 +
- business event
 +
 
 +
- starting date & time
 +
 
 +
- ending date & time
 +
|Please note that, in piloting DBA, pilot partners will implement an 'all or nothing'-subscription. This way, a subscription for a specific company is for all business events at once or for none (no subscription then). Hence, the element "business event" will not be used to differentiate between business events that are and that aren't included in a subscription.
 +
 
 +
The element "business event" may be included in the components data store for future use though (to be decided by WP5).
 +
 
 +
Furthermore, the element may be generalised to "event" to cover future use of other types of events.
 
|-
 
|-
|Communicate non-availability or Delay of evidence (DP)
+
|4
 +
|The subscription system should allow for querying which data evaluators to notify in case of a business event.
 
|
 
|
* Error Handler
+
|-
 +
| rowspan="10" |Cross-border Event Handler
 +
|1
 +
|The cross-border event handler should:
  
* Message Encryption
+
*translate national events to harmonised events (as defined by the event catalogue)
* e-Signature Creation Service
+
*filter national events for relevance (i.e. presence in event catalogue)
* Data Exchange Service
+
*query the subscription system for subscribers to a particular event
 +
*construct notification message for each of the subscribers
 
|
 
|
* Trust Service Provisioning
 
* Data Encryption/Decryption
 
* Data Exchange
 
 
|-
 
|-
|Establish non-availability of OOP (DC)
+
|2
|Evidence Request Tracker
+
|The DO should send notifications only for a business event occurring to a company for which the DE has subscribed  – for as long as the subscription is valid.
|Evidence Interchange Back-end
+
|For piloting is seems sufficient to notify one single Member State in case of an event at a time.
 
|-
 
|-
|Compose evidence response (DP)
+
|3
|Domestic to Cannonical Evidence Transformation
+
|The DO should include the company identifier in the notification to allow the DE to find the corresponding record in its registry.
|Evidence Portal Back-end
+
|
 +
|-
 +
|4
 +
|The DO should include additional company identifiers that the business event concern.
 +
|E.g. The identifiers of the company / companies acquiring the company concerned.
 
|-
 
|-
|Transfer evidence (DP)
+
|5
 +
|The DO should clearly state in the notification what business event has occurred.
 
|
 
|
* Message Encryption
+
|-
* e-Signature Creation Service
+
|6
* Data Exchange Service
+
|The DO should provide a timestamp of the business event separate from the timestamp of the notification.
 
|
 
|
* Trust Service Provisioning
 
* Data Encryption/Decryption
 
* Data Exchange
 
 
|-
 
|-
|Forward evidence (DC)
+
|7
 +
|The DO may send notifications instantly, but may also send in batch, e.g. once a day or week.
 +
|The DE does not confirm receiving the notification to the DO, the acknowledgement of the DE4A connector is sufficient.
 +
|-
 +
|8
 +
|The DO should be able to send notifications independently of the availability of the DE.
 +
|In order not to hinder the notification process of  the DO.
 +
|-
 +
|9
 +
|The DO should not include any additional company data in the notification nor attach evidence of any type to the notification.
 +
|Data minimisation.
 +
 
 +
It will be up to the DE to process the notification. This might not need any additional data.
 +
|-
 +
|10
 +
|The DO should implement one event for notifying "the company registration evidence has changed" (without specifying which business event has occurred - if any).
 +
|To cover for data changes that might be relevant for the DE without being a direct consequence of the occurrence of a harmonised business event, e.g. e-mail address changed.
 +
|-
 +
| rowspan="2" |Data service
 +
|1
 +
|The data service of the DO needs to be capable of detecting business events and triggering a notification.
 
|
 
|
* eSignature Validation Service
+
|-
* Message Decryption
+
|2
* Data Exchange Service
+
|The data service of the DO needs to support the event type "Company registration evidence has changed"
 
|
 
|
* Trust Service Provisioning
 
* Data Encryption/Decryption
 
* Data Exchange
 
|-
 
|Evaluate evidence (DC)
 
|Requirements/Evidence Matching
 
|eProcedure Rules Engine
 
 
|}
 
|}
  
Do we stick with the ESL config file or will IDK implement something? [[File:DBA OOPTA Shared.png|none|thumb|610x610px]]
 
  
==== Component description ====
+
The table below presents the requirements for the DE and DO mocks.
The following table lists the shared components indicated light blue in the image above.
+
 
 +
* The DE mock should mock the eProcedure Back-office Backend.
 +
* The DO mock should mock the cross-border event handler and subscription system.
 +
 
 
{| class="wikitable"
 
{| class="wikitable"
 
|'''Component'''
 
|'''Component'''
|'''Short  description of its use'''
+
|'''Nr'''
 +
|'''DBA requirement'''
 +
|'''Comment'''
 
|-
 
|-
|<span style="background:#FFFF00">Evidence  service locator (ESL) configuration file Issuing Authority Locator (IAL) TBC</span>
+
| rowspan="4" |DE mock
|Change w.r.t. iteration1? There is no evidence lookup, instead the endpoint where to send the subscription request to is needed. ALso there is no evidence response, it is event oriented now.
+
|1
As the DBA pilot’s MVP uses just one type subscription message with just one data provider per Member state (on NUTS0 level),  there is no need for dynamic discovery of the data provider. For the DBA pilot it is sufficient to use a simple configuration file with the required elements (member state and participant id) like in iteration 1.
+
|Requesting a subscription:
|-
 
|SMP
 
|For each subscription request/response,  information on the receivers Access Point (URL) and its certificates are  needed. Each member state hosts an SMP for this purpose. Before sending a  request or response, the sending party queries the SMP of the receiver to get  this info. 
 
|-
 
|DNS & SML
 
|As there are multiple SMP’s, the sending  party needs to know where to find the SMP of the receiver to get the actual  metadata. This location can be found in the centrally CEF-hosted DNS, that  will be queried by the access point of the sending member state.
 
  
DNS entries will be created from the  registration of SMP’s: the SML, which is also centrally hosted by CEF.
+
* user input: company identifier, starting date and time, ending date and time (optionally)
 +
* user select: Data Owner
 +
* construct subscription request
 +
* show subscription request on web page
 +
* XML output: send request to DE4A connector
 +
|
 
|-
 
|-
|eDelivery AS4 gateway
+
|2
|This component – also referred to as  eDelivery access point – handles the secure transfer of the data, including  encryption and decryption as well as signing/sealing and validating  signatures/seals.
+
|Show subscription confirmation on web page.
 +
|
 
|-
 
|-
|DE4A Connector
+
|3
 +
|Show subscription error on web page.
 
|
 
|
 
|-
 
|-
|Authorization Controller
+
|4
|In case of LKP
+
|Changing a registered subscription:
Application component to establish which data service, e.g. evidence types can be requested and whether this is allowed under allowed under applicable Union or national law without user request and preview.
 
  
In case of S&N
+
* user input: company identifier, starting date and time, ending date and time (optionally)
 +
* user select: Data Owner
 +
* construct change request
 +
* show change request on web page
 +
* XML output: send request to DE4A connector
 +
|
 +
|-
 +
| rowspan="2" |DO mock
 +
|1
 +
|Subscription system - process requests:
  
Is the DC allowed to subscrive? Is the DP allowed to send a notification?
+
* XML input: registration request / change request:
 +
* register a subscription / change a registered subscription
 +
* XML output: confirm registration / send registration error
 +
|
 
|-
 
|-
|Cross-border Event Handler
+
|2
|Application component handling the cross-border events. It filters all domestic events for relevant cross-border events and takes care of preparing a notification message and compiling a subscribers list to which the notification must be sent.
+
|Event handler - Construct and send a notification:
|-
+
 
|Subscription System
+
* user input: company identifier
|Application component managing the entire life cycle of subscriptions, i.e. creation and maintaining subscriptions. It also offers functionality for validating subscriptions (does subject exist?, is the event supported?, is the subscription changing an existing subscription?), confirmation of a subscription and error handling.
+
* user select: harmonised event
|-
+
* check subscriptions for this company
|
+
* show subscriptions on web page
 +
* construct notification(s)
 +
* show notifications XML on web page
 +
* XML output: send notifications
 
|
 
|
 
|}
 
|}
  
==== Requirements ====
+
===Component deployment===
For DBA the Authorization Controller needs to check that only parties in the pilot send subscriptions and notifications.
+
 
 +
*DNS, SML will be reused from iteration 1.
 +
* SMP, eDelivery Access Point will be reused from iteration 1.
 +
* The IDK probably needs to change to allow for locating the subscription register.
 +
* The DE4A Connector needs an update to support the S&N flows and messages.
 +
*Various MS specific interfaces may be needed for (sub)system integration.
 +
* Both DE and DO need to do bookkeeping of subscriptions.
 +
* The DO needs cross-border event handling functionality
 +
*The DE needs event interpretation functionality and triggers for follow-up actions, like Lookup of evidence.
 +
 
 +
 
 +
Expectations for the semantics workpackage of DE4A:
 +
 
 +
*design messages for subscription request, subscription confirmation, subscription error and notification.
 +
* analysis and design authorisation controller (out of scope for piloting)
  
The "list" from the service Notification Message and Subscriber List Preparation can be restricted to one party only.
 
  
For technical error messsages the existing WP5 list can be used. Business error messages in case of S&N TBD. For the pilot it is probably sufficient to establish the notification was received by DR (DT->DR).  
+
Expectation for the technical workpackage of DE4A:
 +
 
 +
*extend the DE4A connector for S&N
 +
*extend (the configuration of) the integrated AS4 gateway for S&N
 +
*adapt the IDK if required for S&N.
 +
*design and develop the cross-border event handler
 +
*advise on queuing solution for Back-office to OOP TS interface
 +
*examine possibility for generic components for "subscription system" and S&N back-end functionality of "eProcedure back-office backend"
 +
*develop the DE and Do mocks
 +
 
 +
===Configuration of business events===
 +
 
 +
Business events are defined by each of the Member States individually. Although there are commonalities, all event-lists of the Member States are different. To enable cross-border interpretation of business events harmonisation of events is needed. For piloting DBA, just a small selection of events will be piloted. The purpose of the DBA pilot is not to harmonise all events, but to validate the notification-mechanism.
 +
 
 +
The DBA event list (catalogue "Business events") builds upon the BRIS definitions.
 +
 
 +
 
 +
List of harmonised events in the Event catalogue "Business events":
 +
#Company ended its operations
 +
#Company changed its legal form
 +
#Company merger or takeover
 +
#Company moved to another location
 +
#Company administration changed
 +
#Company registration evidence has changed
 +
'''TO DO: validate within DBA pilot.'''
 +
 
 +
 
 +
National-to-harmonised translation needs to be designed by each Member State. Example for NL below (concept).  
 +
{| class="wikitable"
 +
|+
 +
!nr
 +
!harmonised event
 +
!NL event equivalent
 +
|-
 +
|1
 +
|Company ended its operations
 +
|beëindigen rechtspersoon
 +
opheffen onderneming
 +
|-
 +
|2
 +
|Company changed its legal form
 +
|omzetten rechtspersoon
 +
|-
 +
|3
 +
|Company merger or takeover
 +
|fuseren rechtspersoon
 +
|-
 +
|4
 +
|Company moved to another location
 +
|verhuizen vestiging
 +
|-
 +
|5
 +
|Company administration changed
 +
|toetreden bestuurder
 +
 
 +
toetreden functionaris
  
Cross-border Event Handler
+
toetreden gemachtigde
  
Subscription System: Registering the subscription at DP and logging subscription at DC is similar in functionality but mirrored. This could be common component (reference implementation) or at least a specification. This component would be optional for MS to use. TODO data model, operations, logical I/Fs.
+
toetreden aansprakelijke bij samenwerkingsverband
  
==== Component implementation ====
+
uittreden functionaris/bestuurder/gemachtigde/aansprakelijke bij samenwerkingsverband
DNS, SML will be reused from iteration 1. 
+
|-
 +
|6
 +
|Company registration evidence has changed
 +
|(not an event)
 +
|}
  
The Evidence service locator (ESL) configuration file probably needs to change. TBC
 
  
SMP, eDelivery AS4 gateway will be reused from iteration 1.
+
===Logical interfaces===
 +
The expected logical interfaces of the common components are expected to remain largely the same with an expansion for the S&N pattern.  
  
The DE4A Connector needs an update.  
+
Note: We need to discuss with the semantic / technical experts of DE4A the implementation of the Data Service Lookup ABB. Right now this is covered by the IDK. However, for S&N there is no evidence lookup or exchange, so at least the name is off. Also the I/F with the Connector changes slightly. In the table below some differences are indicated.
 
{| class="wikitable"
 
{| class="wikitable"
 
|'''Component'''
 
|'''Component'''
 
|'''Expected interface'''
 
|'''Expected interface'''
 
|-
 
|-
|<span style="background:#FFFF00">Evidence  service locator (ESL) configuration file</span> <span style="background:#FFFF00">Issuing Authority Locator (IAL) TBC</span>
+
|IDK
|IN  (from DE4A connector to ESL configuration file):
+
|IN  (from DE4A connector to IDK):
 +
 
 +
* Member state
  
-          Member state
+
* Event catalogue (e.g. DBA = business event)
  
-          ... more?
 
  
OUT from ESL configuration file to DE4A connector):
+
OUT (from IDK to DE4A connector):
  
-          participant ID
+
* Participant ID
 
|-
 
|-
 
|SMP
 
|SMP
 
|IN  (from DE4A connector to SMP):
 
|IN  (from DE4A connector to SMP):
  
-          Participant ID
+
* Participant ID
  
 
OUT  (from SMP to DE4A connector):
 
OUT  (from SMP to DE4A connector):
  
-          Service URL
+
* Service URL
  
-          Certificate to use
+
* Certificate to use
 
|-
 
|-
 
|DNS  & SML
 
|DNS  & SML
 
|IN  (from DE4A connector to DNS):
 
|IN  (from DE4A connector to DNS):
  
-          Member state
+
* Member state
  
-          Participant ID
+
* Participant ID
  
 
OUT  (from DNS to DE4A connector):
 
OUT  (from DNS to DE4A connector):
  
-          SMP location
+
* SMP location
 
|-
 
|-
 
|eDelivery  AS4 gateway
 
|eDelivery  AS4 gateway
|IN  (from DE4A connector to eDelivery AS4 gateway):
+
|IN  (from DE4A connector to eDelivery Acess Point):
 +
 
 +
* Subscription request/registration conformation/notification
  
-          evidence request
 
  
OUT (from eDelivery AS4 gateway to DE4A connector):
+
OUT (from eDelivery Access Point to DE4A connector):
  
-          Evidence response
+
* ACK
 
|-
 
|-
 
|DE4A  Connector
 
|DE4A  Connector
|''subscription''
+
|''Subscription''
IN  (from data evaluator to DE4A connector):
+
Initiating or changing subscription
 +
 
 +
IN  (from DE to DE4A connector):
 +
 
 +
*request ID (correlation)
 +
*subject identifier (company in question)
 +
*data owner identifier (DO id = participant ID)
 +
*subscriber identifier (DE id = participant ID)
 +
*event catalogue (DBA fixed business events)
 +
*(new) subscription start and end date
 +
 
 +
OUT  (from DE4A connector to DE):  
 +
 
 +
*ACK  (from DT)
 +
 
  
-          Data evaluator
 
  
-          Data evaluating Member state
+
''Subscription confirmation''
  
-          Subscription Request
+
IN (from DO to DE):
  
-          Notification providing Member state/party?
+
*request ID
  
OUT  (from DE4A connector to data evaluator):
+
*data owner identifier (DO id = participant ID)
 +
*subscriber identifier (DE id = participant ID)
 +
*status (success/fail)
  
-          Notification providing member state
+
OUT (from DE to DO):
  
-          Data provider
+
*ACK
  
-          Subscription Response (ACK from DT?)
+
''Notification''
  
 +
IN  (from DO to DE4A connector):
  
''notification''
+
*subscriber identifier (DE ID = participant ID)
 +
*data owner identifier (DO id = participant ID)
 +
*notification
  
IN  (from data processor to DE4A connector):
+
#subject identifier (company in question)
 +
#event catalogue
 +
#event
 +
#timestamp event
  
-          Data processor
+
OUT (from DE4A connector to DR):
  
-          Data processing Member state
+
*ACK (from DR)
 +
|-
 +
|Subscription system
 +
|IN (from DE4A connector to subscription system) - for subscribing:
  
-          Notification
+
* subscription request
  
-          Data evaluating mermber state/party?
+
OUT:
  
OUT  (from DE4A connector to data processor):
+
* subscription confirmation
  
-          Notification providing member state
+
* subscription error
  
-          Data evaluator
 
  
-          Notification Response (ACK from DR?)
+
IN (from cross-border event handler) - for composing the list of notifications:
  
 +
* subject identifier (company in question)
  
''lookup''
+
OUT:
  
As in iteration 1.
+
* list of subscribers (DE participant ID's).
 
|-
 
|-
|...
+
|Cross-border Event Handler
|
+
|IN
 +
 
 +
* domestic event
 +
 
 +
 
 +
OUT
 +
 
 +
* array of notifications
 +
 
 
|}
 
|}
  
==== Expected logical interfaces ====
+
==Solution architecture for Lookup pattern==
The expected logical interfaces are expected to remain largely the same.  
+
This section specifies the solution for the Lookup pattern that will be piloted by the DBA pilot in the second iteration. Basically, the Lookup pattern will be implemented as the intermediation pattern, but without: user authentication, explicit request and preview. Instead of having the eProcedure portal managing the OOP TS flow in interaction with he user, it will be the eProcedure back-office that will initiate the lookup and process the evidence.
 +
 
 +
The Lookup pattern will be used to quickly retrieve (updated) evidence needed to keep a local company data store up-to-date, to re-asses a service provided or for generic fraud prevention purposes.
 +
 
 +
 
 +
Within scope of the DBA pilot:
 +
*Evidence Lookup, the PSA defines several options for implementing the Lookup pattern. The option chosen is based on requesting (an updated version of) evidence.
 +
 
 +
 
 +
Outside scope of the DBA pilot:
 +
*Attribute Lookup: this solution architecture supports Evidence type lookup requesting the full evidence without user interaction. The option to request individual attributes / API-approach is not supported.
 +
*Authorisation of DE's to retrieve the requested evidence (the component "authorisation controller")
 +
 
 +
 
 +
To be analysed by the semantic experts in DE4A:
 +
 
 +
*DBA requests the semantic experts to examine the authorization controller for the Lookup pattern. The DBA partners don't require the authorization controller for piloting, but are aware this component is needed in case of large scale use of the Lookup (and intermediation) pattern. For the Lookup pattern, the authorization controller should establish whether the DE is allowed to retrieve the requested evidence type. This prevents unauthorised access to company data. This authorisation should be checked by the DT.
  
<span style="background:#FFFF00">
 
We need to discuss with WP3/WP5 the implementation of the Data Service Lookup ABB. Right now this is covered by two SBBs ESL and IAL.
 
However, for S&N there is no evidencen  lookup or exchange, so at lest the name is off. Also the I/F with the Connector changes slightly. In the table above some differences are indicated.</span>
 
  
=== DC-specific solution ===
+
Prerequisite from the DE4A-project is the use of eDelivery and AS4 for the exchange of messages in the Lookup pattern. This means that eDelivery in the Lookup pattern will be used for:
The DC specific solution is different for every DC and the solution architecture will be specified in the design document of the pilot processes (one for each data consumer). Nonetheless the DC-specific solution at a higher level of abstraction show similarities.
 
  
==== Process realization ====
+
#requesting evidence (DE to DO)
 +
#sending the evidence (DO to DE)
  
===== '''''Subscription''''' =====
+
In the next sections the general design decisions, process realisations, component descriptions, requirements, component implementations and expected logical interfaces are described.
{| class="wikitable"
+
 
 +
===General Design Decisions===
 +
The following design decisions have been applied to the solution for Lookup:
 +
*Based on a received notification message (S&N pattern) the DC, if desired, retrieves the Evidence using the Lookup.
 +
*The explicit request and the preview functions won't be implemented as Lookup is considered 'beyond SDGR'
 +
*The Lookup has been designed without any user interaction.
 +
The OOP TS domain (WP5) provides the data requestor and data transferor with the components needed for performing the lookup of an evidence.
 +
 
 +
===Process realisation===
 +
The solution for the Lookup pattern specifies required functionality of the OOP Technical System expressed as application components and interfaces in the diagram below. Some OOP TS components need to be implemented by the data requestor and data transferor, some components by the data evaluator and data owner and some are common components to be implemented by DE4A WP5. The image below depicts the solution for the Lookup Pattern (LKP) with the familiar split in the different roles.
 +
 
 +
[[File:OOP TS LKP.png|alt=OOPT TS Lookup|none|frame|Components of the Lookup pattern]]
 +
 
 +
 
 +
The table below presents the components that implement the application services for the DBA pilot.
 +
 
 +
Please note that we assume the common components for the Lookup pattern can be re-used 1-on-1 of the intermediation pattern (same components, same functionality, same deployments). Only the initiation of the evidence request and the processing of the evidence response is different (not eProcedure portal but eProcedure backoffice). Hence, for the common components, just a referral has been included. For more information we refer to the solution architecture of the intermediation pattern.
 +
 
 +
See [[Lookup Pattern]] for more details.
 +
 
 +
{| class="wikitable sortable"
 
|'''Process'''
 
|'''Process'''
 
|'''Application Service'''
 
|'''Application Service'''
|'''Components'''
+
|'''Component'''
 
|-
 
|-
|Initiate subscription
+
|Determine required cross-border evidence (DC)
|Subscription Initiation
+
|Cross-border Evidence Matching
|eProcedure Back-office Backend
+
|eProcedure Backoffice Back-end:
 +
 
 +
*Evidence Type Translator
 +
 
 +
Back-office to OOP TS interface
 
|-
 
|-
|Change subscription
+
|''Lookup routing information (DC)''
|Subscription Initiation
+
|''See intermediation pattern''
|eProcedure Back-office Backend
+
|''See intermediation pattern''
 
|-
 
|-
|Lookup event provider routing information
+
|''Request evidence (DC)''
|Inquire Routing Information
+
|''See intermediation pattern''
|Data Service Lookup
+
|''See intermediation pattern''
 
|-
 
|-
|Send subscription request
+
|''Evaluate evidence request (DP)''
|
+
|''See intermediation pattern''
* Message Encryption
+
|''See intermediation pattern''
* e-Signature Creation Service
 
* Data Exchange Service
 
 
 
*
 
|
 
* Trust Service Provisioning
 
* Data Encryption/Decryption
 
* Data Exchange
 
 
|-
 
|-
|Exception: Forward subscription error
+
|''Establish subject identity (DP)''
|n/a
+
|''See intermediation pattern''
|
+
|''See intermediation pattern''
 
|-
 
|-
|Exception: Investigate reason for subscription error
+
|''Communicate non-availability of OOP (DP)''
|n/a
+
|''See intermediation pattern''
|
+
|''See intermediation pattern''
 
|-
 
|-
|Forward confirmation
+
|''Extract evidence (DP)''
|n/a
+
|''See intermediation pattern''
|
+
|''See intermediation pattern''
|-
 
|Log subscription information
 
|n/a
 
|<span style="background:#FFFF00">could be a common component</span>
 
|}
 
 
 
===== '''''Notification''''' =====
 
{| class="wikitable"
 
|'''Process'''
 
|'''Application Service'''
 
|'''Components'''
 
 
|-
 
|-
|Validate event notification
+
|''Communicate non-availability or Delay of evidence (DP)''
|
+
|''See intermediation pattern''
* eSignature Validation Service
+
|''See intermediation pattern''
* Message Decryption
 
* Authority Check
 
|
 
* Trust Service Provisioning
 
* Data Encryption/Decryption
 
* Data Exchange
 
 
|-
 
|-
|Determine event response
+
|''Establish non-availability of OOP (DC)''
|Event Evaluation
+
|''See intermediation pattern''
|eProcedure Back-office Backend
+
|''See intermediation pattern''
<span style="background:#FFFF00">another candidate for reuse TBC</span>
 
 
|-
 
|-
|Request change of subscription
+
|''Compose evidence response (DP)''
|
+
|''See intermediation pattern''
* Notification Mismatch Signal
+
|''See intermediation pattern''
* Update Notification Response Log
 
|eProcedure Back-office Backend
 
 
|-
 
|-
|Dismiss event
+
|''Transfer evidence (DP)''
|Update Notification Response Log
+
|''See intermediation pattern''
|eProcedure Back-office Backend
+
|''See intermediation pattern''
 
|-
 
|-
|Trigger evidence lookup
+
|''Forward evidence (DC)''
|Update Notification Response Log
+
|''See intermediation pattern''
|eProcedure Back-office Backend
+
|''See intermediation pattern''
 
|-
 
|-
|Notify Responsible Organization
+
|Evaluate evidence (DC)
|Update Notification Response Log
+
|Assess Evidence
|eProcedure Back-office Backend
+
|eProcedure Backoffice Back-end
 
|}
 
|}
  
===== '''''Lookup''''' =====
+
===Component description===
{| class="wikitable sortable"
+
The following table lists the components indicated in the image above. Per component a short description of its use is given, by which role the component is used (i.e. DE, DR, DT, DO) and whether the component is MS specific or common functionality. 
|'''Process'''
+
{| class="wikitable"
|'''Application Service'''
 
 
|'''Component'''
 
|'''Component'''
 +
|'''Short description of its use'''
 +
|'''Role'''
 +
|'''Genericness*'''
 +
|'''Changes for 2nd iteration piloting'''
 
|-
 
|-
|Determine required cross-border evidence
+
|eProcedure Back-office Backend
|Cross-border Evidence Matching
+
|This component handles all backoffice functionality for the eProcedure. For the Lookup pattern it:
|Evidence Type Translator
+
 
 +
*translates the required evidence to the canonical evidence to request
 +
*requests the canonical evidence to the MS DE4A connector
 +
*receives the evidence (or error)
 +
*processes the evidence (update local data store, process possible impact on service provided to the company / general fraud detection or prevention).
 +
 
 +
|DE
 +
|specific
 +
|This new functionality needs to be designed and developed by each of the participating DE's.
 
|-
 
|-
|Lookup routing information
+
|Back-office to OOP TS
|Inquire Routing Information
+
|Interface for connecting the DE's backoffice with the OOP TS for:
|Data Service Lookup
+
*requesting evidence by Lookup
 +
 
 +
Just like the portal to OOP TS interface (as described in the DBA first iteration solution architecture), Member States may choose to implement this interface in a generic way to bridge national OOP protocols to DE4A datamodel at one single place. Furthermore, Member States may choose to integrate both interfaces (portal to OOP TS and backoffice to OOP TS) in one single interface.
 +
| DR
 +
|specific
 +
|Needs to be developed and implemented for the second iteration.
 +
May be partial re-use of the portal to OOP TS interface.
 
|-
 
|-
|Request evidence
+
|DE4A Connector
|
+
|Taking care of eDelivery and IDK interfacing, shielding DR and DT from complexities and facilitating ease of implementation.
* Message Encryption
+
 
* e-Signature Creation Service
+
Error handling and logging.
* Data Exchange Service
+
|DR, DT
|
+
|common
* Trust Service Provisioning
+
|No changes expected.
* Data Encryption/Decryption
+
Double check that the component as deployed for the intermediation pattern can be used  without change.
* Data Exchange
 
 
|-
 
|-
|Establish non-availability of OOP
+
|IDK
|Evidence Request Tracker
+
|DE4A playground IDK: a web application for locating the service to reach out to.
|Evidence Interchange Back-end
+
|DR, DT
 +
|common
 +
|No changes expected.
 +
Double check that the component as deployed for the intermediation pattern can be used  without change.
 
|-
 
|-
|Forward evidence
+
|SMP
|
+
|For each subscription request/response, information on the receivers Access Point (URL) and its certificates are needed. Each member state hosts an SMP for this purpose (note: for testing one single centrally hosted DE4A SMP will be used). Before sending a request or response, the sending party queries the SMP of the receiver to get this info. 
* eSignature Validation Service
+
|DR, DT
* Message Decryption
+
|common
* Data Exchange Service
+
|None expected.
|
 
* Trust Service Provisioning
 
* Data Encryption/Decryption
 
* Data Exchange
 
 
|-
 
|-
|Evaluate evidence
+
|eDelivery access Point
|Requirements/Evidence Matching
+
|This component – also referred to as eDelivery AS4 gateway – handles the secure transfer of the data, including encryption and decryption as well as signing/sealing and validating signatures/seals.
|eProcedure Rules Engine
+
|DR, DT
|}
+
|common
<span style="background:#FFFF00"><<insert updated diagram>></span>
+
|No changes expected.  
[[File:DBA DC Specific.png|none|thumb|610x610px]]
 
  
==== Component description ====
+
Double check that the component as deployed for the intermediation pattern can be used without change.  
<span style="background:#FFFF00">Additional components may be possible on DC side TBD
 
Also, it is likely not be be handled by the eProcedure portal but from the back office.</span>
 
{| class="wikitable"
 
|'''Component'''
 
|'''Short  description of its use'''
 
 
|-
 
|-
|eProcedure  portal
+
|DNS & SML
|The eProcedure portal should be adapted to support the use of the cross-border evidence in the process. For that  purpose it should facilitate the user in the OOP-process and connect to the OOP TS. Connection to the OOP TS is typically implemented via a Portal-to-OOP  TS-interface that may utilise national OOP-protocols and infrastructure.  
+
|As there are multiple SMP’s, the sending party needs to know where to find the SMP of the receiver to get the actual  metadata. This location can be found in the centrally CEF-hosted DNS, that will be queried by the access point of the sending member state.  
 +
 
 +
DNS entries will be created from the registration of SMP’s: the SML, which is also centrally hosted by CEF.
 +
| Central
 +
|central
 +
|None expected.
 
|-
 
|-
|eProcedure  backend
+
|Data Service
|The eProcedure backend handles all  eProcedure specific logic. For the DBA pilot this backend functionality basically  remains unchanged. One addition to the backend may be the record matching on  the company (for companies registered prior to the pilot).  
+
|The webservice of the data provider that will output the evidence requested.
 +
|DO
 +
|specific
 +
|None expected.
 
|-
 
|-
|Portal  to OOP TS interface
+
|Data source to OOP TS Interface
|Member states may (but do not need to)  implement an interface from national OOP protocols to the DE4A data model  (DE4A connector). Such an interface guarantees that the data evaluator can  use the same (national) OOP protocols and services for cross-border use as  well.  
+
|Interface for connecting the data service with the OOP TS (IM & LKP).
 +
|DO, DT
 +
|specific
 +
|None expected.
 
|}
 
|}
 +
<nowiki>*</nowiki>genericness: specific: to be developed, deployed and hosted by MS; common: to be developed by WP5 and deployed and hosted by MS; central: to be developed, deployed and hosted by CEF
  
==== Requirements ====
+
===Functional requirements===
A DC subscribes to the full set of cross-border events (the set is TBD).  
+
The table below presents the requirements that the components involved need to implement.
 +
 
 +
{| class="wikitable"
 +
|'''Component'''
 +
|'''Nr'''
 +
|'''DBA requirement'''
 +
|'''Comment'''
 +
|-
 +
|eProcedure Back-office
 +
|1
 +
|Once the eProcedure backoffice logic has assessed the notification and has concluded one or more evidences (or updates to evidences) need to be requested, the back-office should be able to send the evidence request to the OOP TS interface.
  
==== Component implementation ====
 
This section is fully DC-specific.
 
  
==== Expected logical interfaces ====
 
This section is fully DC-specific.
 
  
=== DP-specific solution ===
+
Please note, in case of multiple data owners in one Member State supporting the required evidence type, the Data evaluator needs to be aware which one to contact (as there is no possibility to ask the user). Hence, after processing the initial evidence in the intermediation pattern, it needs to store the data owner ('participant') to contact for updates. In the DBA pilot there will be only one data owner per Member State, so there is no need to store the participant at the DE.
The DP specific solution is different for every DP. The DP specific solution architecture will be specified in the design document of the pilot processes (one for each data consumer). Nonetheless the DP-specific solution at a higher level of abstraction show similarities.
+
|The evidence request will be the same or similar to the request of the intermediation pattern.
 
 
==== Process realisation ====
 
 
 
===== '''''Subscription''''' =====
 
{| class="wikitable"
 
|'''Process'''
 
|'''Application Service'''
 
|'''Components'''
 
 
|-
 
|-
|Validate subscription request
+
|Back-office to OOP TS
 
|
 
|
* eSignature Validation Service
+
|no Lookup-specific requirements
* Message Decryption
 
* Authority Check
 
 
|
 
|
* Authorization Controller
 
* Trust Service Provisioning
 
* Data Encryption/Decryption
 
 
|-
 
|-
|Evaluate subscription request
+
|DE4A connector
|Subscription Evaluation
 
|Subscription System
 
|-
 
|Exception: Prepare subscription error message
 
|Subscription Error Handling
 
|Subscription System
 
|-
 
|Exception Send subscription error message
 
 
|
 
|
* Message Encryption
+
|no Lookup-specific requirements
* e-Signature Creation Service
 
* Data Exchange Service
 
 
|
 
|
* Trust Service Provisioning
 
* Data Encryption/Decryption
 
* Data Exchange
 
|-
 
|Register subscription
 
|Subscription Creation and Update
 
|Subscription System
 
|-
 
|Confirm subscription
 
|Subscription Confirmation
 
|Subscription System
 
 
|-
 
|-
|Send subscription confirmation
+
|IDK
 
|
 
|
* Message Encryption
+
|no Lookup-specific requirements
* e-Signature Creation Service
 
* Data Exchange Service
 
 
|
 
|
* Trust Service Provisioning
 
* Data Encryption/Decryption
 
* Data Exchange
 
|}
 
 
===== '''''Notification''''' =====
 
{| class="wikitable"
 
|'''Process'''
 
|'''Application Service'''
 
|'''Components'''
 
 
|-
 
|-
|Identify event
+
|SMP
|Cross-border Event Filter
 
|Cross-border Event Handler
 
|-
 
|Check subscriptions
 
|Subscription Lookup
 
|Subscription System
 
|-
 
|Prepare notification message and subscriber list
 
|Notification Message and Subscriber List Preparation
 
|Cross-border Event Handler
 
|-
 
|Exception: Resend past events
 
|Manual Event Dispatch
 
|Notification Front-end
 
|-
 
|Resolve service metadata
 
|Inquire Routing Information
 
|Data Service Lookup
 
|-
 
|Exception: Resolve subscriber participant ID and inform National Contact Point
 
|Subscription Mismatch Log
 
|Notification Front-end
 
|-
 
|Send event notification
 
 
|
 
|
* Message Encryption
+
|no Lookup-specific requirements
* e-Signature Creation Service
 
* Data Exchange Service
 
 
|
 
|
* Trust Service Provisioning
 
* Data Encryption/Decryption
 
* Data Exchange
 
|}
 
 
===== '''''Lookup''''' =====
 
From DP's point of view this should be same as Intermediation.
 
{| class="wikitable sortable"
 
|'''Process'''
 
|'''Application Service'''
 
|'''Component'''
 
 
|-
 
|-
|Evaluate evidence request
+
|eDelivery Access Point
 
|
 
|
* eSignature Validation Service
+
|no Lookup-specific requirements
* Message Decryption
 
* Data Exchange Service
 
* Authority Check
 
 
|
 
|
* Trust Service Provisioning
 
* Data Encryption/Decryption
 
* Data Exchange
 
 
|-
 
|-
|Establish subject identity
+
|DNS & SML
|Identity/Record Matching
 
|Record Matching
 
 
 
(needed for company matching right?)
 
|-
 
|Communicate non-availability of OOP
 
 
|
 
|
* Error Handler
+
|no Lookup-specific requirements
 
 
* Message Encryption
 
* e-Signature Creation Service
 
* Data Exchange Service
 
 
|
 
|
* Trust Service Provisioning
 
* Data Encryption/Decryption
 
* Data Exchange
 
|-
 
|Extract evidence
 
|Evidence Lookup
 
|Evidence Query
 
 
|-
 
|-
|Communicate non-availability or Delay of evidence
+
|Data service
 
|
 
|
* Error Handler
+
|no Lookup-specific requirements
 
 
* Message Encryption
 
* e-Signature Creation Service
 
* Data Exchange Service
 
 
|
 
|
* Trust Service Provisioning
 
* Data Encryption/Decryption
 
* Data Exchange
 
|-
 
|Compose evidence response
 
|Domestic to Cannonical Evidence Transformation
 
|Evidence Portal Back-end
 
 
|-
 
|-
|Transfer evidence
+
|Data source to OOP TS Interface
 
|
 
|
* Message Encryption
+
|no Lookup-specific requirements
* e-Signature Creation Service
 
* Data Exchange Service
 
 
|
 
|
* Trust Service Provisioning
 
* Data Encryption/Decryption
 
* Data Exchange
 
 
|}
 
|}
<span style="background:#FFFF00"><<insert updated diagram  or add new diagram for S&N>></span>
 
[[File:DBA DP Specific.png|none|thumb|605x605px]]
 
  
==== Component description ====
+
 
Table is a mix of LKP and S&N
+
The table below presents the requirements for the DE and DO mocks.
 +
 
 +
* The DE mock should mock the eProcedure Back-office Backend.
 +
* The DO mock should mock the data service.
 +
 
 
{| class="wikitable"
 
{| class="wikitable"
 
|'''Component'''
 
|'''Component'''
|'''Short  description of its use'''
+
|'''Nr'''
 +
|'''DBA requirement'''
 +
|'''Comment'''
 
|-
 
|-
|Data  service
+
|DE mock
|The webservice of the data provider that  will output the evidence requested.
+
|1
 +
|no Lookup-specific requirements
 +
Same functionality as DE mock for Intermediation pattern.
 +
|
 
|-
 
|-
|Portal  to OOP TS interface
+
|DO mock
|Member states may (but do not need to)  implement an interface from national OOP protocols to the DE4A data model  (DE4A connector).
+
|1
|-
+
|no Lookup-specific requirements
|Subscription System
+
Same functionality as DO mock for Intermediation pattern.
|Application component managing the entire life cycle of subscriptions, i.e. creation and maintaining subscriptions. It also offers functionality for validating subscriptions (does subject exist?, is the event supported?, is the subscription changing an existing subscription?), confirmation of a subscription and error handling.
+
|
|-
 
|Cross-border Event Handler
 
|Application component handling the cross-border events. It filters all domestic events for relevant cross-border events and takes care of preparing a notification message and compiling a subscribers list to which the notification must be sent.
 
|-
 
|Notification Front-end
 
|Application component providing the UI for civil servants to dispatch events and consult logging information for trouble shooting.
 
 
|}
 
|}
  
==== Requirements ====
+
===Component deployment===
There are two types of events, those that trigger an evidence update and those that don't. DBA needs support for a small set (5-6) of events containing both event types.
+
*See intermediation pattern.
 +
 
 +
 
 +
Expectations for the semantic wokpackage of DE4A:
 +
 
 +
*analyse and design authorisation controller for the Lookup pattern (out of scope for piloting)
 +
 
  
The Cross-border Event Handler could maybe be part of the Connector or at least be a common component. All DPs need this functionality,
+
Expectation for the technical workpackage in DE4A:
  
==== Component implementation ====
+
*double check to ensure the common components can be re-used from the intermediation pattern without any change.
This section is fully DP-specific.  
 
  
<span style="background:#FFFF00">Note part of the Subscription System may be generic enough for a common component.</span>
+
===Logical interfaces===
 +
The expected logical interfaces remain unchanged.
 +
==Solution architecture for Intermediation Pattern==
 +
The solution architecture for the intermediation pattern has been designed in the first pilot iteration. Please refer to [[DBA D4.6 Pilot planning|D4.6 Pilot planning]] for this architecture (not included in the wiki yet).  
  
==== Expected logical interfaces ====
+
The solution architecture remains unchanged, except for two additional requirements for the eProcedure portal that have been introduced by the S&N pattern.
This section is fully DP-specific.  
+
{| class="wikitable"
 +
|'''Component'''
 +
|'''Nr'''
 +
|'''DBA requirement'''
 +
|'''Comment'''
 +
|-
 +
| rowspan="2" |eProcedure portal
 +
|1
 +
|For the S&N pattern the logic of the eProcedure portal needs to be extended to initiate a subscription (start of S&N pattern). Whether a subscription is needed after processing the evidence is depending on the rules and regulation the data evaluator implements.
 +
|
 +
|-
 +
|2
 +
|For the S&N pattern the logic of the eProcedure portal might need to be adapted to include rules and texts for informing the user on subscriptions & possibly notifications.
 +
 
 +
As S&N is out of scope of the SDGR, this informative step is not part of the explicit request process. However, the user should be informed of subscriptions.
 +
| Has no priority in piloting DBA S&N. Might be implemented by the DE, but it doesn't need to.
 +
|}
  
== Appendix: archimate component diagrams ==
+
==Appendix: archimate component diagrams==
  
=== DBA eIDAS solution architecture ===
+
===Solution architecture for DBA authentication and powers validation===
  
=== OOP TS solution architecture ===
+
===Solution architecture for Subscription & Notification pattern and Lookup pattern===
TODO merge AC's and tailot to MVP.
+
TODO merge AC's and tailor to pilot increment 2.

Latest revision as of 07:47, 22 August 2022


Back to Doing Business Abroad main page

This is not a formal pilot deliverable, but aims to translate the PSA to a Doing Business Abroad context.

[Final]

1 DBA pilot iteration 2

The 2nd pilot iteration for DBA consists of:

  1. extending use of the intermediation pattern to allow for more fine grained powers validation: see chapter 2.
  2. the Subscription and notification pattern: see chapter 3.
  3. the Lookup pattern (the lookup of evidence, not individual attributes): see chapter 4.

Chapter 5 specifies two additional requirements for the intermediation pattern to initiate subscriptions.

2 Solution architecture for DBA authentication and powers validation

This section contains the eIDAS solution architecture for the DBA pilot. eIDAS is used for piloting the intermediation pattern in DBA pilot iteration 1 and 2.

In all DBA cases a natural person represents a company in the cross-border eProcedure. In both iterations the powers of the representative are validated. The granularity is different in both iterations though. In the first iteration only full powers will be validated. The pilot partners will use currently available eIDAS functionality for communicating this cross-borders. The second pilot iteration adds fine-grained powers validation to eIDAS. It allows for explicit expression of powers in a powers validation request and powers declaration. This requires extension of eIDAS with the SEMPER concepts and software.

2.1 General design decisions

The DBA eIDAS architecture has been designed according to the following general design decisions (see DBA deliverable D4.6):

  1. The DBA pilot implements a pilot-eIDAS-network, meaning the Member States will implement dedicated pilot eIDAS nodes for cross-border authentication and powers validation that is isolated from the regular network of eIDAS nodes. As the project extends on the use of eIDAS with legal person attributes and powers validation, regular eIDAS nodes are not suitable for piloting. Furthermore, use of the dedicated eIDAS network allows for acceptance of non-notified eID for piloting only.
  2. The DBA pilot uses the eIDAS company identification attributes ('legal person attributes in eIDAS') to communicate the represented legal person to the DP. As most Member States do not provide these attributes currently, they need to be added for piloting.
  3. The DBA pilot uses eIDAS attribute profile 1.1 and/or CEF’s reference software for the eIDAS node version 2.4.
  4. The DBA pilot uses the SEMPER extension that is compatible with the eIDAS node 2.4 for fine-grained powers validation in the second pilot iteration.


Compared to current eIDAS practice, the use of eIDAS is extended by the DBA pilot with:

  1. Requesting and sending legal person attributes (identifying the company that applies for the service). Although eIDAS has been able to send legal person attributes from the start, this functionality has been notified just twice (by IT and NL) and has not been used in production services.
  2. Validating powers of representation. This function is not part of the eIDAS-network currently.


Ad 1. Legal Person attributes & record matching at the DC

  • The pilot partners will send the mandatory eIDAS attributes for the legal person after successful authenticating and validating powers (LegalPersonIdentifier and LegalName).
  • The Data evaluator in the DBA pilot needs record matching on the company to determine whether the company has been registered at the company portal prior to the pilot start (without LegalPersonIdentifier). The data evaluator will use the second mandatory eIDAS attribute (LegalName) for that purpose. If needed the Data evaluator interacts with the user to do additional checks in the matching process. Record matching at the data evaluator is an eProcedure portal (or data consumer) specific activity that does not need harmonisation across piloting partners.
  • The data owner does not need to do record matching on the company as it can use the LegalPersonIdentifier to uniquely identify the company involved. This is a consequence of the pilot principle, that the authenticating proxy sends a LegalPersonIdentifier containing a company identifier that the business register itself uses in its company registration.
  • Data evaluators and data owners do not need to do record matching on the natural person. Therefore, no additional eIDAS attributes of the natural person are needed.

For more information, please see DE4A D4.6 DBA Pilot Planning v1.0 final.pdf


Ad 2. Powers validation

  • Pilot iteration 1 supports implicit full powers only. It uses the eIDAS network currently operational for sending the required information. The eIDAS infrastructure – from the start – supported exchange of natural person attributes as well as company identification attributes (‘legal person attributes’). The eIDAS regulation defined the minimum datasets for both the natural and the legal person. The eIDAS network lacks a possibility to specify the powers of representation though; attributes specifying the powers (‘the powers declaration’) have not been defined yet. Hence, in iteration 1 the pilot partners agreed on the following access policy rule: “In case of full powers, the eIDAS authentication will be successful and the authentication proxy sends the eIDAS legal person attributes as well. In case of insufficient powers, the authentication must fail at the eIDAS proxy.”. Only that way the data consumer knows whether the user has full powers or not.
  • Pilot iteration 2 supports fine grained powers validation. By using the SEMPER extension on eIDAS, not only the natural and company identification attributes can be exchanged, an explicit powers declaration will be included as well. Using the extension, the data evaluator specifies the scope of the service the user needs powers for. After validating the powers, the authentication proxy constructs a powers declaration confirming or denying the person’s powers. This way, the extension allows for fine-grained powers validation.


Main design decisions regarding fine grained powers validation in iteration 2:

  1. the DBA pilot allows for representation of legal persons by natural persons only.
  2. the DBA pilot does not allow for intermediary parties (e.g. employee of an accounting firm operating on behalf of the company).
  3. the DBA pilot operates a list of harmonised services to express the extent of powers. Non-harmonised services will not be supported.
  4. the DBA pilot uses the SDG annex II procedures as starting point for the list of harmonised services.
  5. the DBA pilot implements fine grained powers using the SEMPER extension to eIDAS or implement the SEMPER concepts in custom eIDAS software.

For more information, please refer to DE4A D4.6 DBA Pilot Planning v1.0 final.pdf

2.2 Process realisation

The table below presents the components that implement the application services for the DBA pilot.

table: process realisation
Process Application service Components
Request authentication, including powers validation Authentication initiation eProcedure portal front-end

eProcedure portal back-end

Specific eIDAS connector
eIDAS connector
SEMPER extension
Authenticate user User authentication Identity Provider
Validate powers of representation User authentication Mandate Management System
Retrieve legal person attributes User authentication Legal Person attribute provider (may be same as Mandate Management System)
Provide authentication details, including powers declaration User authentication Specific eIDAS proxy
eIDAS proxy
SEMPER extension

2.3 Component description

The table below describes each of the components in this solution architecture.

table: component description
Component Type Short description of its use Changes for 2nd iteration piloting
eProcedure portal Front-end DC specific The eProcedure portal Front-end handles all user interaction on the web. For piloting DBA, the eProcedure portal Front-end needs to add the eIDAS login option to the login-webpage. As the DBA Pilot uses a dedicated network of eIDAS nodes, the eIDAS login option should be separated from the regular eIDAS login option (in case not already available on the eProcedure portal). None.
eProcedure portal Back-end The eProcedure portal Back-end connects to the national eIDAS node via the specific eIDAS connector. The DBA login option should invoke the dedicated eIDAS connector instead of the regular one (a different URL).

Furthermore, the eProcedure portal Back-end should evaluate the authentication result received from the eIDAS connector.

In iteration 1 the eProcedure portal should request:
  • authentication at LoA substantial
  • the natural person attributes (at least the mandatory ones) - to be discussed. This does not work with node 2.5/profile 1.2 implemented by AT (and SE?).
  • the legal person attributes (at least the mandatory ones)

In iteration 1 the eProcedure portal should apply the following rules for granting access after authentication:

  • deny the user access in case of an “authentication failed”-reply.
  • grant the user access in case of an “authentication successful”-reply.


In iteration 2 the eProcedure portal should request:

  • authentication at LoA substantial
  • the legal person attributes only (at least the mandatory ones)
  • request a powers validation on the applicable harmonised service

In iteration 2 the eProcedure portal should apply the following rules for granting access after authentication:

  • deny the user access in case of an “authentication failed” or "powers not sufficient"
  • grant the user access in case of an “authentication successful” and "powers sufficient"


Please note: we need to discuss the requesting of eIDAS MDS attributes taking eIDAS profile 1.2 (section 2.8) into account (request from AT).

Specific eIDAS connector Member State Specific The Member State specific component that translates national eID protocol into eIDAS (light) protocol for requesting authentication and powers validation.

Member States usually implement one or more components to ‘bridge’ eIDAS to the national eID infrastructure. As from CEF eIDAS reference software 2.0, Member States use the eIDAS Light protocol for this.

To enable fine grained powers validation in iteration 2, the specific eIDAS connector needs to be extended for requesting powers validation alongside authentication.
(pilot) eIDAS connector Common component (MS deployment) The component Member States implement to connect to the eIDAS network as a relying party. The connector accepts authentication requests from the data evaluators of the Member State and forwards the requests to the Member States that needs to authenticate the user. After authentication, the eIDAS connector receives the authentication results and sends them to the requesting data evaluator.

The eIDAS connector can be implemented using CEF’s reference software or a custom implementation compliant to the eIDAS interoperability specifications. The CEF reference software implements – besides the eIDAS SAML profile – also the JSON/REST eIDAS Light protocol to connect to national infrastructure.

No changes in 2nd pilot iteration.
SEMPER extension Common component (MS deployment) Component for extending the eIDAS connector and the eIDAS proxy to allow for explicit powers validation requests and powers declarations. Needs to be deployed by Member States for communicating fine grained powers in iteration 2.

This component has been developed by the SEMPER project and needs to be deployed on the eIDAS node of each of the Member States.

As an alternative Member States May develop a custom implementation of the SEMPER software that complies with the SEMPER SAML interface specifications.

(pilot) eIDAS proxy Common component (MS deployment) The component Member States implement to allow authentication with their (notified) eID for services provided in other Member States. The eIDAS proxy receives authentication requests from relying Member States, coordinates authentication, retrieval of legal person attributes and powers validation. The eIDAS proxy then sends the result to the requesting eIDAS connector.

Just like the eIDAS connector, the eIDAS proxy can be implemented using CEF’s reference software or a custom implementation compliant to the eIDAS interoperability specifications. The CEF reference software implements – besides the eIDAS SAML profile – also the JSON/REST eIDAS Light protocol to connect to national infrastructure.

No changes in 2nd pilot iteration.
Specific eIDAS proxy Member State Specific The Member State specific component that translates national eID protocol into eIDAS (light) protocol for performing authentication and powers validation. Member States usually implement one or more components to ‘bridge’ eIDAS to the national eID infrastructure. As from CEF eIDAS reference software 2.0, Member States use the eIDAS Light protocol for this. Furthermore, the eIDAS proxy coordinates the login process at the DP Member State by triggering the IdP, Legal Person AP and MMS. In the second pilot iteration the Specific eIDAS proxy needs to be adapted to translate the powers validation request (the scope of powers to be precise) to national powers taxonomy, send a powers validation request to the Mandate Management System in national protocol, receive and interpret the response from the Mandate Management System and translate it back to cross-border taxonomy.
Identity Provider Member State Specific The Identity Provider handles authentication of the natural person. The IdP may be notified under eIDAS, but does not need to be notified to be used in the DBA pilot. No changes in 2nd pilot iteration.
Legal Person AP Member State Specific Member States need to provide the identifying (mandatory) attributes of the legal person (eIDASLegalPersonID and eIDASLegalName) to the specific eIDAS proxy. Member States could provide optional attributes of the legal person. The Legal Person attributes may be integrated in the national eID scheme. For example, in eRecognition (NL) the mandate management system also provides the legal person attributes. Mandate Management System and Legal Person AP are one and the same component then. No changes in 2nd pilot iteration.
Mandate Management System Member State Specific Member State specific solutions for registration and validation of powers. In the DBA first pilot iteration, this source must be used to verify full powers. The declaration of powers that results from validating full powers is implicit: in case the authentication is successful, the user will have full powers to represent the company.

In the second pilot iteration, when using SEMPER, the powers declaration is explicit: the powers declaration relates to the requested powers declaration and can be a powers declaration for a specific eService as well as a (explicit) powers declaration for full powers. Optionally (depending on national implementation) the harmonised services need to be included in the MMS.

2.4 Functional requirements

The table below presents the requirements that the data evaluator and the authentication connector and proxy must implement.

Role Component Requirement

Use in pilot iteration 1

Use in pilot iteration 2
Data evaluator eProcedure portal The eProcedure portal adds an eIDAS login option for piloting. x x
The eProcedure portal connects to a dedicated eIDAS pilot node. x x
The eProcedure portal requests eIDAS legal person attributes (mandatory ones) x x
The eProcedure portal grants the user access on behalf of the company in case of an “authentication successful” response. x
The eProcedure portal additionally constructs a fine-grained powers validation request. x
The eProcedure portal validates the Powers declaration received. x
Authentication connector SEMPER extension MS implements SEMPER extension to the eIDAS connector. x
Specific eIDAS connector MS adapts the "specific eIDAS connector" to support powers validation requests and powers declarations x
eIDAS connector MS implements eIDAS connector 2.4. In case of a custom implementation (like Sweden) an attribute profile 1.1-compliant version of the connector will be used for piloting. x x
Authentication proxy SEMPER extension MS implements SEMPER extension to the eIDAS proxy. x
Specific eIDAS proxy MS adapts the "specific eIDAS proxy" to support powers validation requests and powers declarations x
eIDAS proxy MS implements CEF eIDAS proxy 2.4.

In case of a custom implementation (like Sweden) an attribute profile 1.1-compliant version of the connector will be used for piloting.

x x
MS connects an IdP to the eIDAS proxy node for authenticating the natural person x x
MS connects attribute provider (AP) to eIDAS node for eIDAS legal person attributes (in case not integrated in the MMS) x x
MS connects mandate management system (MMS) to eIDAS node for validating powers. Note: AP and MMS could be the same data source. x x
MS validates (implicit) full powers x
MS adds fine-grained powers validation x

2.5 Component Deployment

The table below shows the required deployment of common components.

Component Version
eIDAS connector CEF reference software version 2.4

or custom software implementing interoperability specs 1.1

eIDAS proxy CEF reference software version 2.4

or custom software implementing interoperability specs 1.1

SEMPER extension The 2.4-compliant version of the SEMPER extension provided by Technical University Graz (SEMPER project)


Open questions AT:

  • can we upgrade to eIDAS node 2.5? No compatible SEMPER extension available (check with TUG).
  • can we adapt the way we request attributes for iteration 1? -> don't request the natural person attributes, use the natural person representative attributes for this (profile 1.2 style).

2.6 Configuration of authentication requests

Configuration for pilot iteration 1

  • regular eIDAS request & response
    • eIDAS attributes to request: natural person and legal person attributes (at least the mandatory ones)
    • eIDAS attributes to respond with: natural person and legal person attributes (at least the mandatory ones) - including a copy of natural person attributes as representative is optional.

Configuration for pilot iteration 2

  • regular eIDAS request & response
    • eIDAS attributes to request: legal person attributes only (at least the mandatory ones)
    • eIDAS attributes to respond with:legal person attributes (at least the mandatory ones) and representative natural person attributes (at least he mandatory ones) using the representative-prefix
  • powers validation request & powers declaration (response)
    • request:
      • scope of powers to validate
      • type of representation allowed
      • source of powers accepted
    • response:
      • validation result (successful or not)
      • type of representation
      • source of powers

2.7 Configuration of harmonised services

Principles for configuration:

  • The DBA pilot relies on a common library of services to express the extent of powers: the harmonised services. This way, each of the participating Member States understand the powers validation requests of other Member States. It's up to each of the Member States to translate the harmonised services into nationally defined services (authentication connector-side) / powers (authentication proxy-side).
  • The DBA pilot uses the SDGR services as starting point. These services have been defined in European legislation (as procedures in annex II of the Regulation). Hence, they have been pre-defined and harmonised already across Europe. The DBA pilot defines the "SDGR" harmonised services catalogue for use in the SEMPER extension.
  • The DBA pilot is not limited to SDGR services though, e.g. opening a branch cross-border is explicitly excluded from the SDGR, but is included in some of the pilot scenario's. For services 'beyond SDGR' the DBA pilot has defined the "SDGRplus" harmonised services catalogue.

Proposal for the harmonised services to express powers cross-border:

table: harmonised services for cross-border validation of powers
Service catalogue Nr Harmonised service
SDGR 1 Notification of business activity, permission for exercising a business activity, changes of business activity and the termination of a business activity not involving insolvency or liquidation procedures
SDGR 2 Registration of an employer (a natural person) with compulsory pension and insurance schemes
SDGR 3 Registration of employees with compulsory pension and insurance schemes
SDGR 4 Submitting a corporate tax declaration
SDGR 5 Notification to the social security schemes of the end of contract with an employee, excluding procedures for the collective termination of employee contracts
SDGR 6 Payment of social contributions for employees
SDGRplus 1 Starting of a company or opening a branch in another member state
SDGRplus 2 Initial registration of a business activity with the business register

2.8 Logical interfaces

SAML interface specifications for regular authentication requests (pilot iteration 1) have been specified by CEF Digital: https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS+eID+Profile

SAML interfaces specification for SEMPER-extended authentication request and response (pilot iteration 2) have been specified by SEMPER: see chapter 6 from deliverable M3 Report on mandate attributes and solutions for cross-border mandate attributes - 1.0.

File:2019-07-08 M3 Report on mandate attributes and solutions for cross-border mandate attributes - 1.0.pdf

3 Solution architecture for Subscription & Notification pattern

This section specifies the solution for the Subscription & Notification pattern that will be piloted by the DBA pilot in the second iteration.

Within scope of the DBA pilot:

  • Modify DO/DE Mocks for the S&N pattern: for testing the S&N pattern, new versions of the DO- and DE-mocks need to be developed by the technical workpackage within DE4A.
  • Common component for Cross-border subscriptions and notification.
  • Event Notification, in line with PSA 2nd iteration: the PSA defines several options for implementing the S&N pattern. The option chosen provides a solution for notifying business events and triggering of the Lookup pattern in case (an updated version of) evidence is required by the DE.

Outside scope of the DBA pilot:

  • Inspecting the log files for examining an error in sending a subscription request or notification.
  • Resend a subscription request in case of an error;
  • Resending a notification in case of an error (notification front-end);
  • Include the Evidence in the notification: in case the DE needs (an updated version of) the evidence, it will use the Lookup pattern.
  • Authorisation of DE's subscribing and DO's notifying (the component "authorization controller").

To be analysed by semantic experts within DE4A:

  • DBA requests the semantic experts to examine the authorization controller for the S&N pattern. The DBA partners don't require the authorization controller for piloting, but are aware this component is needed in case of large scale use of the S&N pattern. For the S&N pattern, the authorization controller should:
    • Establish whether the DE is allowed to subscribe. This prevents unauthorised access to company data (in the form of notifications). This authorisation should be checked by the DT.
    • Establish whether the DO is allowed to send a notification. This prevents unauthorised sending of (fake) notifications. This authorisation should be checked by the DR.

Prerequisite from the DE4A-project is the use of eDelivery and AS4 for the exchange of messages in the S&N and Lookup patterns. This means that eDelivery will be used for:

  1. requesting a subscription (DE to DO)
  2. confirming a subscription (DO to DE)
  3. notifying a business event (DO to DE)

In the next sections the general design decisions, process realisations, component descriptions, requirements, component implementations and expected logical interfaces are described.

3.1 General Design Decisions

The following design decisions have been applied to the solution for S&N:

  • The DBA pilot uses one type of subscription message and one type of notification message that all DC’s and DP’s involved will use. The subscription message is for subscribing to cross-border events generated at the DP. The notification message is for notifying the DC of such events. If the DC desires the Evidence can be retrieved using the Lookup. This implies an update of the IEM (to be provided by the semantics work package in DE4A).
  • There will be just one data owner per Member State: the business register, where the subscription will be recorded and where the cross-border events are generated, i.e. the authentic source of company information. The pilot does not support multiple DO's / notifying authorities in one Member State.
  • For a given subscription provider (data owner), just one subscription is allowed per combination of (a) data evaluator, (b) company and (c) event catalogue. In other words, the DE can not register multiple subscriptions for one single company and one event catalogue at a subscription provider. If this is required in the future (after piloting DBA), then this functionality needs to be added to the solution.
  • Using a single subscription request, the DE will subscribe to updates for a single company in a single Member State.
    • As soon as the DE wants to subscribe to updates of multiple companies at one DO, it needs to send multiple subscription request to that DO (one for each company it wants to subscribe to).
    • As soon as the DE wants to subscribe to updates for one company in two Member States, it needs to request two separate subscriptions, one for each Member State. This use case is not applicable to the DBA pilot though.
  • A notification concerns only one single event of one single company and will be addressed to only one Member State.
    • In case DE's from different Member States have subscribed to business events of a specific company, the DP needs to notify each of the Member States individually.
    • In case the DP needs to notify a DE of multiple events for a specific company, the DP needs to send multiple notifications (one for each event).
    • In case the DP needs to notify a DE of one event impacting multiple companies, the DP needs to send multiple notifications (one for each company).
  • Business event notification is considered an extension to the SDGR, hence explicit request and the preview functions won't be implemented.
  • The S&N pattern has been designed without any user interaction.
  • In contrary to the PSA for this pattern, the ending date & time for a subscription are voluntary, meaning that as long as the DE has not indicated the ending date & time, the subscription remains valid. Mandatory ending dates & time may lead to arbitrary ending dates set in the far future by the DE. Furthermore, there seems to be no legal basis for maximising the subscription period to - for example - 5 years.
  • In this solution the DE is in charge of its subscriptions at any time. There is no requirement to allow the data owner to end subscriptions single handed (e.g. after the company ended its operation).

The OOP TS domain (to b provided by the technical work package of DE4A) provides the data requestor and data transferor with the components needed for exchange of cross-border subscription and notification messages.

3.2 Process realisation

The solution for the S&N patterns includes required functionality of the OOP Technical System (common components) expressed as application components and interfaces in the diagram below. Some common components need to be implemented by the data requestor and data transferor, some components by the data evaluator and data owner and some are common components to be implemented by the DE4A technical workpackage. The image below depicts the solution for the Subscription & Notification pattern (S&N) with the familiar split in the different roles.

OOP TS DBA Subscription & Notification
OOP TS DBA Subscription & Notification

The table below presents the components that implement the application services for the DBA pilot. The process realisation is split in two (subscription and notification) as they are independently triggered. See Subscription and Notification in the Project Start Architecture (PSA 2nd iteration) for more details.

3.2.1 Subscription
Process Application Service Components
Initiate subscription (DC) Subscription Initiation
Change subscription (DC) Subscription Initiation
  • eProcedure Back-office Backend
  • Back-office to OOP TS interface
Lookup event provider routing information (DC) Inquire Routing Information
Send subscription request (DC)
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
eDelivery access point:
Validate subscription request (DP)
  • eSignature Validation Service
  • Message Decryption
  • Authority Check (out of scope)
eDelivery access point:
  • Trust Service Provisioning
  • Data Encryption/Decryption
Evaluate subscription request (DP) Subscription Evaluation Subscription System
Exception: Prepare subscription error message (DP) Subscription Error Handling
  • Subscription System
  • IDK
  • DNS & SML
  • MS SMP
Exception: Send subscription error message (DP)
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
eDelivery access point:
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Exception: Forward subscription error (DC)
  • Back-office to OOP TS interface
  • DE4A connector
Exception: Investigate reason for subscription error (DC) out of scope out of scope
Register subscription (DP) Subscription Creation and Update Subscription System
Confirm subscription (DP) Subscription Confirmation
  • Subscription System
  • DE4A connector
  • IDK
  • DNS & SML
  • MS SMP
Send subscription confirmation (DP)
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
eDelivery access point:
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Forward confirmation (DC) n/a
  • Back-office to OOP TS interface
  • DE4A connector
Log subscription information (DC) n/a eProcedure Back-office Backend
3.2.2 Notification
Process Application Service Components
Identify cross-border event (DP) Cross-border Event Filter Cross-border Event Handler
Check subscriptions (DP) Subscription Lookup
  • Cross-border Event Handler
  • Subscription System
Prepare notification message and subscriber list (DP) Notification Message and Subscriber List Preparation
  • Cross-border Event Handler
  • DE4A connector
  • Event handler to OOP TS interface
Exception: Resend past events (DP) out of scope out of scope
Resolve service metadata (DP) Inquire Routing Information
  • IDK
  • DNS & SML
  • MS SMP
Exception: Resolve subscriber participant ID and inform National Contact Point (DP) out of scope out of scope
Send event notification (DP)
  • Message Encryption
  • e-Signature Creation Service
  • Data Exchange Service
eDelivery Access point:
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Validate event notification (DC)
  • eSignature Validation Service
  • Message Decryption
  • Authority Check (out of scope)
eDelivery Access point:
  • Trust Service Provisioning
  • Data Encryption/Decryption
  • Data Exchange
Determine event response (DC) Event Evaluation eProcedure Back-office Backend
Request change of subscription (DC)
  • Notification Mismatch Signal
  • Update Notification Response Log
eProcedure Back-office Backend
Dismiss event (DC) Update Notification Response Log eProcedure Back-office Backend
Trigger evidence lookup (DC) Update Notification Response Log eProcedure Back-office Backend
Notify Responsible Organization (DC) Update Notification Response Log eProcedure Back-office Backend

3.3 Component description

The following table lists the components indicated in the image above. Per component a short description of its use is given, by which role the component is used (i.e. DE, DR, DT, DO) and whether the component is MS specific or common functionality.

Component Short description of its use Role Genericness* Changes for 2nd iteration piloting
eProcedure Back-office Backend This component implements back-end functionality for executing the eProcedure. Examples in the context of S&N:
  • collecting relevant data for a subscription request
  • keeping track of subscriptions of the DE
  • processing subscription confirmations / errors
  • determining an appropriate response to a notification (e.g. discard or Lookup updated evidence)
  • updating logs
DE specific Requires new functionality for S&N pattern in each of the DE's.


TBD is the required functionality generic enough to justify a common component that DE's can deploy? Each DE needs to keep track of its subscriptions and needs event interpretation functionality as well. To some extend, registering the subscriptions is a mirror of the subscription system of the DO.

Back-office to OOP TS Interface for connecting the DE's backoffice with the OOP TS for:
  • requesting (changes to) subscriptions
  • receiving subscription confirmations / errors
  • receiving notifications

Just like the portal to OOP TS interface (as described in the DBA first iteration solution architecture), Member States may choose to implement this interface in a generic way to bridge national OOP protocols to DE4A datamodel at one single place. Furthermore, Member States may choose to integrate both interfaces (portal to OOP TS and backoffice to OOP TS) in one single interface.

DR specific Needs to be developed and implemented for the second iteration.

May be partial re-use of the portal to OOP TS interface.

DE4A Connector Taking care of eDelivery and IDK interfacing, shielding DR and DT from complexities and facilitating ease of implementation.

Error handling and logging.

DR, DT common Needs extension for S&N pattern to facilitate interaction on:

- subscriptions

- notifications

IDK DE4A playground IDK: a web application for locating the service to reach out to. DR, DT common Change w.r.t. iteration 1? There is no evidence provider lookup, instead the endpoint where to send the subscription request to is needed. Also there is no evidence response.


As the DBA pilot uses just one type subscription message with just one data provider per Member state (on NUTS0 level), there is no need for dynamic discovery of the data provider. For the DBA pilot it is sufficient to use a simple configuration file with the required elements (member state and participant id) like in iteration 1.

See logical interfaces section below

MS SMP For each subscription request/response, information on the receivers Access Point (URL) and its certificates are needed. Each member state hosts an SMP for this purpose (note: for testing one single centrally hosted DE4A SMP will be used). Before sending a request or response, the sending party queries the SMP of the receiver to get this info.  DR, DT common None expected.
eDelivery Access Point This component – also referred to as eDelivery AS4 gateway – handles the secure transfer of the data, including encryption and decryption as well as signing/sealing and validating signatures/seals. DR, DT common Needs configuration for accepting subscription, notifications and lookup messages for the second iteration.
DNS & SML As there are multiple SMP’s, the sending party needs to know where to find the SMP of the receiver to get the actual metadata. This location can be found in the centrally CEF-hosted DNS, that will be queried by the access point of the sending member state.

DNS entries will be created from the registration of SMP’s: the SML, which is also centrally hosted by CEF.

Central central None expected.
Cross-border Event Handler Application component handling the cross-border events. It filters all domestic events for relevant cross-border events and takes care of preparing a notification message and compiling a subscribers list to which the notification must be sent. DO common The Cross-border Event Handler could be part of the Connector or at least be a common component. All DPs need this functionality.
Subscription System Application component managing the entire life cycle of subscriptions, i.e. creation and maintaining subscriptions. It also offers functionality for validating subscriptions (does subject exist?, is the event supported?, is the subscription changing an existing subscription?), confirmation of a subscription and error handling. DO common To be developed


TBD: is this generic enough to justify a common component that SO's may deploy if they like?

*genericness: specific: to be developed, deployed and hosted by MS; common: to be developed by WP5 and deployed and hosted by MS; central: to be developed, deployed and hosted by CEF

3.4 Functional requirements

The table below presents the requirements that the components involved need to implement.

Component Nr DBA requirement Comment
eProcedure Backoffice Backend 1 The DE should be able to subscribe to the combination of:
  1. a company
  2. one or more business events (catalogue & type)
For piloting it is sufficient to skip the specification of events to subscribe to. It will be all or none.
2 The DE should monitor actual subscription at the DO by processing the subscription confirmation / error.
3 The DE should have the option to set a defined time frame for receiving notifications to automatically end a subscription.
4 The DE should be able to manage the “end date” of the subscription (prolong, shorten, …).
5 The DE should be able to unsubscribe to all notifications for a company at once. See req 1. for piloting a "all or none" subscription is fine.
6 The DE should at any time have an overview of all its subscriptions in order to manage them.
7 The DE may process a notification instantly, but may also choose to process the notifications in batch, e.g. once a day or week.
8 The DE should have a legal basis for processing business events. It’s up to the DE to manage this. The DE will be accountable for its data processing.
9 The DE should implement logic to decide when (by which events) to lookup evidence.
DE4A connector 1 The DR must confirm having received the notification (by the DR not the DE) to the DT. From that point on delivery of the notifications to the DE is the responsibility of the DR (and not the DT or DO).
2 The DT needs to confirm having received the subscription request to the DR.
3 Each message sent requires a confirmation from the receiving actor (acknowledgement). For technical error messages concerning a subscription, notification or lookup the existing WP5 list can be used. e.g. timed-out, component unavailable, XML error, etc. Errors need to be implemented for the messages required for both new patterns.
Back-office to OOP TS interface 1 The DR should provide a facility for delayed forwarding of notifications to the DE. The DR probably needs a queue for this. This queue should guarantee delivery of the notifications to the DE, even if the DE is not online at some point in time or some other error prevents sending the notification.

This functionality preferably is not part of the Connector which should remain stateless.

Subscription system 1 The DO should send a confirmation of registering or changing the subscription to the DE. Including error code and handling.
2 The DO should generate one of the following error messages in case of registration error:

1. subscription registration failed (e.g. actor not authorised to subscribe, company identifier not found)

2. subscription change failed (e.g. subscription to change not found in subscription system).

For piloting these two business errors are sufficient.

Business list of errors might be extended in future releases (after piloting).


As a generic principle, the error message should convey little information in itself. Providing more information enables possible attackers in their attempts.

3 The subscription system should register:

- data evaluator

- company ID

- business event

- starting date & time

- ending date & time

Please note that, in piloting DBA, pilot partners will implement an 'all or nothing'-subscription. This way, a subscription for a specific company is for all business events at once or for none (no subscription then). Hence, the element "business event" will not be used to differentiate between business events that are and that aren't included in a subscription.

The element "business event" may be included in the components data store for future use though (to be decided by WP5).

Furthermore, the element may be generalised to "event" to cover future use of other types of events.

4 The subscription system should allow for querying which data evaluators to notify in case of a business event.
Cross-border Event Handler 1 The cross-border event handler should:
  • translate national events to harmonised events (as defined by the event catalogue)
  • filter national events for relevance (i.e. presence in event catalogue)
  • query the subscription system for subscribers to a particular event
  • construct notification message for each of the subscribers
2 The DO should send notifications only for a business event occurring to a company for which the DE has subscribed – for as long as the subscription is valid. For piloting is seems sufficient to notify one single Member State in case of an event at a time.
3 The DO should include the company identifier in the notification to allow the DE to find the corresponding record in its registry.
4 The DO should include additional company identifiers that the business event concern. E.g. The identifiers of the company / companies acquiring the company concerned.
5 The DO should clearly state in the notification what business event has occurred.
6 The DO should provide a timestamp of the business event separate from the timestamp of the notification.
7 The DO may send notifications instantly, but may also send in batch, e.g. once a day or week. The DE does not confirm receiving the notification to the DO, the acknowledgement of the DE4A connector is sufficient.
8 The DO should be able to send notifications independently of the availability of the DE. In order not to hinder the notification process of the DO.
9 The DO should not include any additional company data in the notification nor attach evidence of any type to the notification. Data minimisation.

It will be up to the DE to process the notification. This might not need any additional data.

10 The DO should implement one event for notifying "the company registration evidence has changed" (without specifying which business event has occurred - if any). To cover for data changes that might be relevant for the DE without being a direct consequence of the occurrence of a harmonised business event, e.g. e-mail address changed.
Data service 1 The data service of the DO needs to be capable of detecting business events and triggering a notification.
2 The data service of the DO needs to support the event type "Company registration evidence has changed"


The table below presents the requirements for the DE and DO mocks.

  • The DE mock should mock the eProcedure Back-office Backend.
  • The DO mock should mock the cross-border event handler and subscription system.
Component Nr DBA requirement Comment
DE mock 1 Requesting a subscription:
  • user input: company identifier, starting date and time, ending date and time (optionally)
  • user select: Data Owner
  • construct subscription request
  • show subscription request on web page
  • XML output: send request to DE4A connector
2 Show subscription confirmation on web page.
3 Show subscription error on web page.
4 Changing a registered subscription:
  • user input: company identifier, starting date and time, ending date and time (optionally)
  • user select: Data Owner
  • construct change request
  • show change request on web page
  • XML output: send request to DE4A connector
DO mock 1 Subscription system - process requests:
  • XML input: registration request / change request:
  • register a subscription / change a registered subscription
  • XML output: confirm registration / send registration error
2 Event handler - Construct and send a notification:
  • user input: company identifier
  • user select: harmonised event
  • check subscriptions for this company
  • show subscriptions on web page
  • construct notification(s)
  • show notifications XML on web page
  • XML output: send notifications

3.5 Component deployment

  • DNS, SML will be reused from iteration 1.
  • SMP, eDelivery Access Point will be reused from iteration 1.
  • The IDK probably needs to change to allow for locating the subscription register.
  • The DE4A Connector needs an update to support the S&N flows and messages.
  • Various MS specific interfaces may be needed for (sub)system integration.
  • Both DE and DO need to do bookkeeping of subscriptions.
  • The DO needs cross-border event handling functionality
  • The DE needs event interpretation functionality and triggers for follow-up actions, like Lookup of evidence.


Expectations for the semantics workpackage of DE4A:

  • design messages for subscription request, subscription confirmation, subscription error and notification.
  • analysis and design authorisation controller (out of scope for piloting)


Expectation for the technical workpackage of DE4A:

  • extend the DE4A connector for S&N
  • extend (the configuration of) the integrated AS4 gateway for S&N
  • adapt the IDK if required for S&N.
  • design and develop the cross-border event handler
  • advise on queuing solution for Back-office to OOP TS interface
  • examine possibility for generic components for "subscription system" and S&N back-end functionality of "eProcedure back-office backend"
  • develop the DE and Do mocks

3.6 Configuration of business events

Business events are defined by each of the Member States individually. Although there are commonalities, all event-lists of the Member States are different. To enable cross-border interpretation of business events harmonisation of events is needed. For piloting DBA, just a small selection of events will be piloted. The purpose of the DBA pilot is not to harmonise all events, but to validate the notification-mechanism.

The DBA event list (catalogue "Business events") builds upon the BRIS definitions.


List of harmonised events in the Event catalogue "Business events":

  1. Company ended its operations
  2. Company changed its legal form
  3. Company merger or takeover
  4. Company moved to another location
  5. Company administration changed
  6. Company registration evidence has changed

TO DO: validate within DBA pilot.


National-to-harmonised translation needs to be designed by each Member State. Example for NL below (concept).

nr harmonised event NL event equivalent
1 Company ended its operations beëindigen rechtspersoon

opheffen onderneming

2 Company changed its legal form omzetten rechtspersoon
3 Company merger or takeover fuseren rechtspersoon
4 Company moved to another location verhuizen vestiging
5 Company administration changed toetreden bestuurder

toetreden functionaris

toetreden gemachtigde

toetreden aansprakelijke bij samenwerkingsverband

uittreden functionaris/bestuurder/gemachtigde/aansprakelijke bij samenwerkingsverband

6 Company registration evidence has changed (not an event)


3.7 Logical interfaces

The expected logical interfaces of the common components are expected to remain largely the same with an expansion for the S&N pattern.

Note: We need to discuss with the semantic / technical experts of DE4A the implementation of the Data Service Lookup ABB. Right now this is covered by the IDK. However, for S&N there is no evidence lookup or exchange, so at least the name is off. Also the I/F with the Connector changes slightly. In the table below some differences are indicated.

Component Expected interface
IDK IN (from DE4A connector to IDK):
  • Member state
  • Event catalogue (e.g. DBA = business event)


OUT (from IDK to DE4A connector):

  • Participant ID
SMP IN (from DE4A connector to SMP):
  • Participant ID

OUT (from SMP to DE4A connector):

  • Service URL
  • Certificate to use
DNS & SML IN (from DE4A connector to DNS):
  • Member state
  • Participant ID

OUT (from DNS to DE4A connector):

  • SMP location
eDelivery AS4 gateway IN (from DE4A connector to eDelivery Acess Point):
  • Subscription request/registration conformation/notification


OUT (from eDelivery Access Point to DE4A connector):

  • ACK
DE4A Connector Subscription

Initiating or changing subscription

IN (from DE to DE4A connector):

  • request ID (correlation)
  • subject identifier (company in question)
  • data owner identifier (DO id = participant ID)
  • subscriber identifier (DE id = participant ID)
  • event catalogue (DBA fixed business events)
  • (new) subscription start and end date

OUT (from DE4A connector to DE):

  • ACK (from DT)


Subscription confirmation

IN (from DO to DE):

  • request ID
  • data owner identifier (DO id = participant ID)
  • subscriber identifier (DE id = participant ID)
  • status (success/fail)

OUT (from DE to DO):

  • ACK

Notification

IN (from DO to DE4A connector):

  • subscriber identifier (DE ID = participant ID)
  • data owner identifier (DO id = participant ID)
  • notification
  1. subject identifier (company in question)
  2. event catalogue
  3. event
  4. timestamp event

OUT (from DE4A connector to DR):

  • ACK (from DR)
Subscription system IN (from DE4A connector to subscription system) - for subscribing:
  • subscription request

OUT:

  • subscription confirmation
  • subscription error


IN (from cross-border event handler) - for composing the list of notifications:

  • subject identifier (company in question)

OUT:

  • list of subscribers (DE participant ID's).
Cross-border Event Handler IN
  • domestic event


OUT

  • array of notifications

4 Solution architecture for Lookup pattern

This section specifies the solution for the Lookup pattern that will be piloted by the DBA pilot in the second iteration. Basically, the Lookup pattern will be implemented as the intermediation pattern, but without: user authentication, explicit request and preview. Instead of having the eProcedure portal managing the OOP TS flow in interaction with he user, it will be the eProcedure back-office that will initiate the lookup and process the evidence.

The Lookup pattern will be used to quickly retrieve (updated) evidence needed to keep a local company data store up-to-date, to re-asses a service provided or for generic fraud prevention purposes.


Within scope of the DBA pilot:

  • Evidence Lookup, the PSA defines several options for implementing the Lookup pattern. The option chosen is based on requesting (an updated version of) evidence.


Outside scope of the DBA pilot:

  • Attribute Lookup: this solution architecture supports Evidence type lookup requesting the full evidence without user interaction. The option to request individual attributes / API-approach is not supported.
  • Authorisation of DE's to retrieve the requested evidence (the component "authorisation controller")


To be analysed by the semantic experts in DE4A:

  • DBA requests the semantic experts to examine the authorization controller for the Lookup pattern. The DBA partners don't require the authorization controller for piloting, but are aware this component is needed in case of large scale use of the Lookup (and intermediation) pattern. For the Lookup pattern, the authorization controller should establish whether the DE is allowed to retrieve the requested evidence type. This prevents unauthorised access to company data. This authorisation should be checked by the DT.


Prerequisite from the DE4A-project is the use of eDelivery and AS4 for the exchange of messages in the Lookup pattern. This means that eDelivery in the Lookup pattern will be used for:

  1. requesting evidence (DE to DO)
  2. sending the evidence (DO to DE)

In the next sections the general design decisions, process realisations, component descriptions, requirements, component implementations and expected logical interfaces are described.

4.1 General Design Decisions

The following design decisions have been applied to the solution for Lookup:

  • Based on a received notification message (S&N pattern) the DC, if desired, retrieves the Evidence using the Lookup.
  • The explicit request and the preview functions won't be implemented as Lookup is considered 'beyond SDGR'
  • The Lookup has been designed without any user interaction.

The OOP TS domain (WP5) provides the data requestor and data transferor with the components needed for performing the lookup of an evidence.

4.2 Process realisation

The solution for the Lookup pattern specifies required functionality of the OOP Technical System expressed as application components and interfaces in the diagram below. Some OOP TS components need to be implemented by the data requestor and data transferor, some components by the data evaluator and data owner and some are common components to be implemented by DE4A WP5. The image below depicts the solution for the Lookup Pattern (LKP) with the familiar split in the different roles.

OOPT TS Lookup
Components of the Lookup pattern


The table below presents the components that implement the application services for the DBA pilot.

Please note that we assume the common components for the Lookup pattern can be re-used 1-on-1 of the intermediation pattern (same components, same functionality, same deployments). Only the initiation of the evidence request and the processing of the evidence response is different (not eProcedure portal but eProcedure backoffice). Hence, for the common components, just a referral has been included. For more information we refer to the solution architecture of the intermediation pattern.

See Lookup Pattern for more details.

Process Application Service Component
Determine required cross-border evidence (DC) Cross-border Evidence Matching eProcedure Backoffice Back-end:
  • Evidence Type Translator

Back-office to OOP TS interface

Lookup routing information (DC) See intermediation pattern See intermediation pattern
Request evidence (DC) See intermediation pattern See intermediation pattern
Evaluate evidence request (DP) See intermediation pattern See intermediation pattern
Establish subject identity (DP) See intermediation pattern See intermediation pattern
Communicate non-availability of OOP (DP) See intermediation pattern See intermediation pattern
Extract evidence (DP) See intermediation pattern See intermediation pattern
Communicate non-availability or Delay of evidence (DP) See intermediation pattern See intermediation pattern
Establish non-availability of OOP (DC) See intermediation pattern See intermediation pattern
Compose evidence response (DP) See intermediation pattern See intermediation pattern
Transfer evidence (DP) See intermediation pattern See intermediation pattern
Forward evidence (DC) See intermediation pattern See intermediation pattern
Evaluate evidence (DC) Assess Evidence eProcedure Backoffice Back-end

4.3 Component description

The following table lists the components indicated in the image above. Per component a short description of its use is given, by which role the component is used (i.e. DE, DR, DT, DO) and whether the component is MS specific or common functionality.

Component Short description of its use Role Genericness* Changes for 2nd iteration piloting
eProcedure Back-office Backend This component handles all backoffice functionality for the eProcedure. For the Lookup pattern it:
  • translates the required evidence to the canonical evidence to request
  • requests the canonical evidence to the MS DE4A connector
  • receives the evidence (or error)
  • processes the evidence (update local data store, process possible impact on service provided to the company / general fraud detection or prevention).
DE specific This new functionality needs to be designed and developed by each of the participating DE's.
Back-office to OOP TS Interface for connecting the DE's backoffice with the OOP TS for:
  • requesting evidence by Lookup

Just like the portal to OOP TS interface (as described in the DBA first iteration solution architecture), Member States may choose to implement this interface in a generic way to bridge national OOP protocols to DE4A datamodel at one single place. Furthermore, Member States may choose to integrate both interfaces (portal to OOP TS and backoffice to OOP TS) in one single interface.

DR specific Needs to be developed and implemented for the second iteration.

May be partial re-use of the portal to OOP TS interface.

DE4A Connector Taking care of eDelivery and IDK interfacing, shielding DR and DT from complexities and facilitating ease of implementation.

Error handling and logging.

DR, DT common No changes expected.

Double check that the component as deployed for the intermediation pattern can be used without change.

IDK DE4A playground IDK: a web application for locating the service to reach out to. DR, DT common No changes expected.

Double check that the component as deployed for the intermediation pattern can be used without change.

SMP For each subscription request/response, information on the receivers Access Point (URL) and its certificates are needed. Each member state hosts an SMP for this purpose (note: for testing one single centrally hosted DE4A SMP will be used). Before sending a request or response, the sending party queries the SMP of the receiver to get this info.  DR, DT common None expected.
eDelivery access Point This component – also referred to as eDelivery AS4 gateway – handles the secure transfer of the data, including encryption and decryption as well as signing/sealing and validating signatures/seals. DR, DT common No changes expected.

Double check that the component as deployed for the intermediation pattern can be used without change.

DNS & SML As there are multiple SMP’s, the sending party needs to know where to find the SMP of the receiver to get the actual metadata. This location can be found in the centrally CEF-hosted DNS, that will be queried by the access point of the sending member state.

DNS entries will be created from the registration of SMP’s: the SML, which is also centrally hosted by CEF.

Central central None expected.
Data Service The webservice of the data provider that will output the evidence requested. DO specific None expected.
Data source to OOP TS Interface Interface for connecting the data service with the OOP TS (IM & LKP). DO, DT specific None expected.

*genericness: specific: to be developed, deployed and hosted by MS; common: to be developed by WP5 and deployed and hosted by MS; central: to be developed, deployed and hosted by CEF

4.4 Functional requirements

The table below presents the requirements that the components involved need to implement.

Component Nr DBA requirement Comment
eProcedure Back-office 1 Once the eProcedure backoffice logic has assessed the notification and has concluded one or more evidences (or updates to evidences) need to be requested, the back-office should be able to send the evidence request to the OOP TS interface.


Please note, in case of multiple data owners in one Member State supporting the required evidence type, the Data evaluator needs to be aware which one to contact (as there is no possibility to ask the user). Hence, after processing the initial evidence in the intermediation pattern, it needs to store the data owner ('participant') to contact for updates. In the DBA pilot there will be only one data owner per Member State, so there is no need to store the participant at the DE.

The evidence request will be the same or similar to the request of the intermediation pattern.
Back-office to OOP TS no Lookup-specific requirements
DE4A connector no Lookup-specific requirements
IDK no Lookup-specific requirements
SMP no Lookup-specific requirements
eDelivery Access Point no Lookup-specific requirements
DNS & SML no Lookup-specific requirements
Data service no Lookup-specific requirements
Data source to OOP TS Interface no Lookup-specific requirements


The table below presents the requirements for the DE and DO mocks.

  • The DE mock should mock the eProcedure Back-office Backend.
  • The DO mock should mock the data service.
Component Nr DBA requirement Comment
DE mock 1 no Lookup-specific requirements

Same functionality as DE mock for Intermediation pattern.

DO mock 1 no Lookup-specific requirements

Same functionality as DO mock for Intermediation pattern.

4.5 Component deployment

  • See intermediation pattern.


Expectations for the semantic wokpackage of DE4A:

  • analyse and design authorisation controller for the Lookup pattern (out of scope for piloting)


Expectation for the technical workpackage in DE4A:

  • double check to ensure the common components can be re-used from the intermediation pattern without any change.

4.6 Logical interfaces

The expected logical interfaces remain unchanged.

5 Solution architecture for Intermediation Pattern

The solution architecture for the intermediation pattern has been designed in the first pilot iteration. Please refer to D4.6 Pilot planning for this architecture (not included in the wiki yet).

The solution architecture remains unchanged, except for two additional requirements for the eProcedure portal that have been introduced by the S&N pattern.

Component Nr DBA requirement Comment
eProcedure portal 1 For the S&N pattern the logic of the eProcedure portal needs to be extended to initiate a subscription (start of S&N pattern). Whether a subscription is needed after processing the evidence is depending on the rules and regulation the data evaluator implements.
2 For the S&N pattern the logic of the eProcedure portal might need to be adapted to include rules and texts for informing the user on subscriptions & possibly notifications.

As S&N is out of scope of the SDGR, this informative step is not part of the explicit request process. However, the user should be informed of subscriptions.

Has no priority in piloting DBA S&N. Might be implemented by the DE, but it doesn't need to.

6 Appendix: archimate component diagrams

6.1 Solution architecture for DBA authentication and powers validation

6.2 Solution architecture for Subscription & Notification pattern and Lookup pattern

TODO merge AC's and tailor to pilot increment 2.