Difference between revisions of "MA implementation"

From DE4A
Jump to navigation Jump to search
(Created page with "This page will contain lessons learned, tips and tricks on implementing the solution for Moving Abroad. Also, the planning and status of establishing connections between parti...")
 
 
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
This page will contain lessons learned, tips and tricks on implementing the solution for Moving Abroad. Also, the planning and status of establishing connections between participating Member States is presented.
+
This page will contain lessons learned, tips and tricks on implementing the solution for Moving Abroad. Moving abroad uses only one iteration covering the functionality of both the planned first and second iteration also, the planning and status of establishing connections between participating Member States are presented.
 
==Contents==
 
==Contents==
*1 Tips for new Member States implementing and using the DE4A Connector
+
*Tips for new Member States implementing and using the DE4A Connector
*2 Establishing connections
+
*Establishing connections
**3.1 DE4A Connector
+
**DE4A Connector
***3.1.1 Process
+
***Process
***3.1.2 Planning DE4A Connector Connectathons
+
***Planning DE4A Connector Connectathons
**3.2 eIDAS nodes
+
**eIDAS nodes
**3.3 Status of connections
+
**Status of connections
 +
**Legal issues encountered
 
===Tips for new Member States implementing and using the DE4A Connector===
 
===Tips for new Member States implementing and using the DE4A Connector===
 
*Use Connectathons as early as possible to share experiences in the setup and resolve issues together.
 
*Use Connectathons as early as possible to share experiences in the setup and resolve issues together.
Line 29: Line 30:
 
=====DE4A Connector Connectathon results=====
 
=====DE4A Connector Connectathon results=====
 
For each milestone, Connectathons are scheduled according to the tables below.
 
For each milestone, Connectathons are scheduled according to the tables below.
 +
====Status of connections====
 +
The current status of participating Member States having established connections is displayed in the tables below:
 
{| class="wikitable"
 
{| class="wikitable"
|+'''<small>DE4A Connector Milestone 2 and 3</small>''' '''<small>(Only with DE4A Connectors)</small>'''
+
|+<small>eIDAS Milestone 1: Connecting eIDAS proxies and connectors</small>
! colspan="2" rowspan="2" |
+
!
! colspan="4" |DT
+
! colspan="5" |Proxy
 +
!
 
|-
 
|-
 +
!
 +
!
 
!ES
 
!ES
 
!PT
 
!PT
 
!LU
 
!LU
!SI
+
!SL
 +
!RO
 
|-
 
|-
! rowspan="4" |'''DR'''
+
! rowspan="4" |Connector
 
!ES
 
!ES
 
|
 
|
|N/A
+
|x
|N/A
+
|x
|N/A
+
|x
 +
|x
 
|-
 
|-
 
!PT
 
!PT
|N/A
+
|x
 
|
 
|
|N/A
+
|x
|N/A
+
|x
 +
|x
 
|-
 
|-
 
!LU
 
!LU
|Pass
+
|x
|Pass
+
|x
|
 
|Pass
 
|-
 
!SI
 
|N/A
 
|N/A
 
|N/A
 
 
|
 
|
|}
+
|x
{| class="wikitable"
+
|x
|+<small>DE4A Connector Milestone 4 (Also with DO and DE)</small>
 
! colspan="2" rowspan="2" |
 
! colspan="4" |MS acting as DP
 
 
|-
 
|-
!ES
 
!PT
 
!LU
 
 
!SL
 
!SL
|-
+
|x
! rowspan="4" |'''MS'''
+
|x
acting
+
|x
 
 
as DC
 
!ES
 
 
|
 
|
|N/A
+
|x
|N/A
 
|N/A
 
 
|-
 
|-
!PT
+
!
|N/A
+
!RO
 +
|x
 +
|x
 +
|x
 
|
 
|
|N/A
 
|N/A
 
|-
 
!LU
 
|Pass
 
|Pass
 
|
 
|Pass
 
|-
 
!SL
 
|N/A
 
|N/A
 
|N/A
 
 
|
 
|
 
|}
 
|}
====eIDAS nodes====
 
Connections between eIDAS nodes are established using existing eIDAS procedures:
 
 
{| class="wikitable"
 
{| class="wikitable"
|+<small>eIDAS Milestone 1</small>
+
|+<small>OOP TS Milestone 2/3: Connecting DE4A Connectors between Member States</small>
 
!
 
!
! colspan="5" |Proxy
+
! colspan="5" |DE4A Connector acting as DT
 
|-
 
|-
 
!
 
!
Line 116: Line 95:
 
!SL
 
!SL
 
|-
 
|-
! rowspan="4" |Connector
+
! rowspan="4" |DE4A Connector
 +
acting
 +
 
 +
as DR
 
!ES
 
!ES
 
|
 
|
|N/A
+
|x
|N/A
+
|x
|N/A
+
|x
 
|-
 
|-
 
!PT
 
!PT
|N/A
+
|x
 
|
 
|
|N/A
+
|x
|N/A
+
|x
 
|-
 
|-
 
!LU
 
!LU
|Pass
+
|x
|Pass
+
|x
 
|
 
|
|Pass
+
|x
 
|-
 
|-
 
!SL
 
!SL
|N/A
+
|x
|N/A
+
|x
|N/A
+
|x
 
|
 
|
 
|}
 
|}
====Status of connections second iteration (continuously updated)====
 
The current status of participating Member States having established connections is displayed in the tables below:
 
 
{| class="wikitable"
 
{| class="wikitable"
|+<small>eIDAS Milestone 1: Connecting eIDAS proxies and connectors</small>
+
|+<small>OOP TS Milestone 4: Connecting DE4A Connectors, Data Evaluators and Data Owners between Member States</small>
 
!
 
!
! colspan="5" |Proxy
+
! colspan="5" |MS acting as DP
 
|-
 
|-
 
!
 
!
Line 155: Line 135:
 
!SL
 
!SL
 
|-
 
|-
! rowspan="4" |Connector
+
! rowspan="3" |MS
 +
acting
 +
 
 +
as DC
 
!ES
 
!ES
 
|
 
|
 +
|UC1
 
|
 
|
|
+
|UC2
|
 
 
|-
 
|-
 
!PT
 
!PT
Line 170: Line 153:
 
!LU
 
!LU
 
|
 
|
 +
|UC1
 
|
 
|
|
+
|UC1, 2
|
 
|-
 
!SL
 
|
 
|
 
|
 
|
 
 
|}
 
|}
 +
==MA Use Case issues identified==
 +
The template below was created to keep track of the status of use cases, including to register any legal issues encountered and possible solutions. The template should be applied at the use case level, registering the status for each country. Sections in ''italics'' should be updated. Use one line per Member State. Where inputs don't fit into the template (too long or complex), pilot participants can add additional notes below the table.
 
{| class="wikitable"
 
{| class="wikitable"
|+<small>OOP TS Milestone 2/3: Connecting DE4A Connectors between Member States</small>
+
|+
!
+
! colspan="4" | Use case [Change of Domicile Address]
! colspan="5" |DE4A Connector acting as DT
+
|-
 +
| colspan="2" |'''Data provider country'''
 +
| colspan="2" |'''Data evaluator country'''
 +
|-
 +
|'''Member State name'''
 +
|'''Status in this use case'''
 +
|'''Member State name'''
 +
|'''Status in this use case'''
 +
|-
 +
|PT
 +
|Will not send letter for deregistration
 +
will stop the process at creation of a PDF-document.
 +
|PT
 +
|Pick whichever one applies:
 +
''[not active yet] [receiving fake data] [receiving real data]''
 +
|-
 +
| RO
 +
|N/A
 +
|RO
 +
|Will not do the deregistration step.
 +
|-
 +
|ES
 +
|No need for deregistration
 +
|ES
 +
|Will not do deregistration step.
 +
|-
 +
|SI
 +
|No need for deregistration
 +
|SI
 +
|Will not do deregistration step.
 +
|-
 +
|LU
 +
|N/A
 +
|LU
 +
|Will do deregistration step.
 
|-
 
|-
!
+
| colspan="2" |'''Non completion of process'''
!
+
| colspan="2" |Test deregistration between PT and LU
!ES
 
!PT
 
!LU
 
!SL
 
 
|-
 
|-
! rowspan="4" |DE4A Connector
+
|''[Member State(s) name(s)]''
acting
+
|Describe: 01''/03/2021, [description of the risk/problem/incident''
 +
| colspan="2" |Describe: 30''/03/2022, [description of the solution or plan]''
 +
|}'''Additional notes:'''
 +
 
 +
''[Provide any additional information that's required to describe the status of the use case, if applicable. Copy and paste to add a new issue]''
  
as DR
+
Where inputs don't fit into the template (too long or complex), pilot participants can add additional notes below the table.
!ES
+
{| class="wikitable"
|
+
|+
 +
! colspan="4" | Use case [Birth and Marriage Evidence]
 +
|-
 +
| colspan="2" |'''Data provider country'''
 +
| colspan="2" |'''Data evaluator country'''
 +
|-
 +
|'''Member State name'''
 +
|'''Status in this use case'''
 +
|'''Member State name'''
 +
|'''Status in this use case'''
 +
|-
 +
|PT
 +
|Pick whichever one applies:
 +
''[not active yet] [issuing fake data] [issuing real data]''
 +
|PT
 +
|Pick whichever one applies:
 +
''[not active yet] [receiving fake data] [receiving real data]''
 +
|-
 +
| RO
 +
|Pick whichever one applies:
 +
''[not active yet] [issuing fake data] [issuing real data]''
 +
|RO
 
|
 
|
 +
|-
 +
|ES
 
|
 
|
 +
|ES
 
|
 
|
 
|-
 
|-
!PT
+
|SI
 
|
 
|
 +
|SI
 
|
 
|
 +
|-
 +
|LU
 
|
 
|
 +
|LU
 
|
 
|
 
|-
 
|-
!LU
+
| colspan="2" |'''Identified risks / problems / incidents'''
|
+
| colspan="2" |'''Implemented solutions or plan''' (note: use the same line as the risk/problem/incident, so
 +
that the solution/plan matches the risk/problem/incident next to it)
 +
|-
 +
|''[Member State(s) name(s)]''
 +
|Describe: ''dd/mm/yyyy, [description of the risk/problem/incident''
 +
| colspan="2" |Describe: ''dd/mm/yyyy, [description of the solution or plan]''
 +
|}'''Additional notes:'''
 +
 
 +
''[Provide any additional information that's required to describe the status of the use case, if applicable. Copy and paste to add a new issue]''
 +
 
 +
 
 +
=== Pilot risk status[edit | edit source] ===
 +
{| class="wikitable"
 +
|+
 +
!Risk level
 +
!Tick if this level applies (tick only one)
 +
!Comments (if any)
 +
|-
 +
|Low
 
|
 
|
 
|
 
|
 +
|-
 +
|Medium
 +
|x
 
|
 
|
 
|-
 
|-
!SL
+
|High
|
 
|
 
 
|
 
|
 
|
 
|
 
|}
 
|}
 +
 +
=== Measures taken[edit | edit source] ===
 
{| class="wikitable"
 
{| class="wikitable"
|+<small>OOP TS Milestone 4: Connecting DE4A Connectors, Data Evaluators and Data Owners between Member States</small>
+
|+
!
+
!Measure description
! colspan="5" |MS acting as DP
+
!Tick if this measure was taken
 +
!Description or comments (if any)
 +
|-
 +
|Piloting partners will '''communicate proactively towards each other on issues or incidents''' ('''always mandatory''')
 +
|''x''
 +
|''Will be done when issues arise, which is not yet the case.''
 +
|-
 +
|Any real-life '''pilot participants (if applicable) are informed''' of the fact that they are involved in piloting activities,
 +
including any risks and countermeasures taken, and the (lack of) legal effects and consequences of participation.
 +
 
 +
Appropriate documentation should be retained to demonstrate that this information has been provided.
 +
 
 +
'''(mandatory for medium and high)'''
 +
|''x''
 +
|''Citizens are informed about involvement in piloting activities at the Explicit request step, i.e. before requesting their data to be retrieved from a competent authority in their home country.''
 
|-
 
|-
!
+
|If the piloting involves '''real-life persons''', piloting should be organised under the '''supervision of a DPO'''.
!
+
'''(mandatory for medium and high)'''
!ES
+
|''x''
!PT
+
|''Hans Graux''
!LU
 
!SL
 
 
|-
 
|-
! rowspan="4" |MS
+
|If the piloting would be done on a '''production environment''', all pilot partners should '''notify''' any operators of such environments in advance.
acting
+
Appropriate measures should be taken that piloting activities d'''o not result in negative legal or practical consequences''' for any real-life persons, real life data, or production environments.
 +
 
 +
The production environments should be '''cleaned''' if the piloting activity was not intended to have long term legal or practical consequences.
  
as DC
+
'''(mandatory for medium and high)'''
!ES
+
|''x''
|
+
|''Operators are informed and attend pilot run sessions. Portals allow for submitting evidences but without any legal or practical consequences for the citizen.''
|
 
|
 
|
 
 
|-
 
|-
!PT
+
|All piloting activities should be '''monitored by pilot partners''' (each solely in relation to such components of the piloting activities which are under their responsibility)
|
+
in a manner that allows any incidents to be detected and remedied (including by contacting any affected real-life persons where needed).
|
+
 
|
+
'''(mandatory for medium and high)'''
|
+
|''x''
 +
|''Piloting activities are monitored by pilot partners.''
 
|-
 
|-
!LU
+
|The '''DE4A project DPO''' (Hans Graux) has been informed prior to initiating piloting activity, and of any incidents that are reasonably likely to create legal effects or practical impacts on any real-life persons
|
+
'''(mandatory for high)'''
|
+
|''x''
|
+
|''Starting the WPL sends a notification to the DPO that pilot is about to start. Continuously updated after that on this wiki.''
|
 
 
|-
 
|-
!SL
+
|Implementation of a '''pilot monitoring and remediation strategy''' to assess whether exchanged evidences are reasonably capable of satisfying the requirements for high risk piloting documented in the deliverables,
|
+
and to ensure that any errors in the piloting activity can be detected and remediated in a manner that eliminates any negative legal or practical consequences.
|
+
 
|
+
'''(mandatory for high)'''
|
+
|''x''
 +
|''Piloting activities are monitored by pilot partners.''
 
|}
 
|}

Latest revision as of 09:15, 17 April 2023

This page will contain lessons learned, tips and tricks on implementing the solution for Moving Abroad. Moving abroad uses only one iteration covering the functionality of both the planned first and second iteration also, the planning and status of establishing connections between participating Member States are presented.

Contents

  • Tips for new Member States implementing and using the DE4A Connector
  • Establishing connections
    • DE4A Connector
      • Process
      • Planning DE4A Connector Connectathons
    • eIDAS nodes
    • Status of connections
    • Legal issues encountered

Tips for new Member States implementing and using the DE4A Connector

  • Use Connectathons as early as possible to share experiences in the setup and resolve issues together.
  • Use the publicly available playground and instructions to set up and configure the national DE4A Connector.
  • Configure the DE4A Connector using a less strict setup for cryptographic validation, to sort out connectivity issues. Trying to solve issues with strict cryptographic adherence is difficult as the encryption can cause errors, that are not related to the actual functionality and connectivity

Establishing connections

The MA pilot is establishing and testing connections between participating Member States, using testcases and Connectathons. During specific timeslots, experts of 2 (or more) countries join with technical experts of the DE4A program. The meetings are online, and focus on establishing the connection between DE4A Connectors or eIDAS nodes. Pre-defined testcases are used to collect necessary proof that the connection is functioning correct. Any last-minute errors are being resolved immediately (if possible).

DE4A Connector

Process

For establishing connections between DE4A Connectors of participating Member States the following steps are performed:

  1. Preparation
    • collecting necessary information for configuration of the common components.
  2. Local testing
    • setting up the national DE4A Connector and connecting this to a DE4A Connector in the DE4A playground.
  3. Connectivity testing
    • testing a full chain of components, using a Mocked DE, the national DE4A Connector (acting as a DT or DR), the playground DE4A Connector (acting as a DR or DT) and a Mocked DO.
  4. Connectathon
    • testing a full chain of components, using a Mocked DE, one national DE4A Connector (acting as a DT or DR), another national DE4A Connector (acting as a DR or DT) and a Mocked DO (Milestone 2 and 3)
    • testing a full chain of components, using a real DE, one national DE4A Connector (acting as a DT or DR), another national DE4A Connector (acting as a DR or DT) and a real DO (Milestone 4)

During the Connectathons, test cases and preparations that are being used / executed are found in the MA-OwnCloudfolder "Connectathon"

DE4A Connector Connectathon results

For each milestone, Connectathons are scheduled according to the tables below.

Status of connections

The current status of participating Member States having established connections is displayed in the tables below:

eIDAS Milestone 1: Connecting eIDAS proxies and connectors
Proxy
ES PT LU SL RO
Connector ES x x x x
PT x x x x
LU x x x x
SL x x x x
RO x x x
OOP TS Milestone 2/3: Connecting DE4A Connectors between Member States
DE4A Connector acting as DT
ES PT LU SL
DE4A Connector

acting

as DR

ES x x x
PT x x x
LU x x x
SL x x x
OOP TS Milestone 4: Connecting DE4A Connectors, Data Evaluators and Data Owners between Member States
MS acting as DP
ES PT LU SL
MS

acting

as DC

ES UC1 UC2
PT
LU UC1 UC1, 2

MA Use Case issues identified

The template below was created to keep track of the status of use cases, including to register any legal issues encountered and possible solutions. The template should be applied at the use case level, registering the status for each country. Sections in italics should be updated. Use one line per Member State. Where inputs don't fit into the template (too long or complex), pilot participants can add additional notes below the table.

Use case [Change of Domicile Address]
Data provider country Data evaluator country
Member State name Status in this use case Member State name Status in this use case
PT Will not send letter for deregistration

will stop the process at creation of a PDF-document.

PT Pick whichever one applies:

[not active yet] [receiving fake data] [receiving real data]

RO N/A RO Will not do the deregistration step.
ES No need for deregistration ES Will not do deregistration step.
SI No need for deregistration SI Will not do deregistration step.
LU N/A LU Will do deregistration step.
Non completion of process Test deregistration between PT and LU
[Member State(s) name(s)] Describe: 01/03/2021, [description of the risk/problem/incident Describe: 30/03/2022, [description of the solution or plan]

Additional notes:

[Provide any additional information that's required to describe the status of the use case, if applicable. Copy and paste to add a new issue]

Where inputs don't fit into the template (too long or complex), pilot participants can add additional notes below the table.

Use case [Birth and Marriage Evidence]
Data provider country Data evaluator country
Member State name Status in this use case Member State name Status in this use case
PT Pick whichever one applies:

[not active yet] [issuing fake data] [issuing real data]

PT Pick whichever one applies:

[not active yet] [receiving fake data] [receiving real data]

RO Pick whichever one applies:

[not active yet] [issuing fake data] [issuing real data]

RO
ES ES
SI SI
LU LU
Identified risks / problems / incidents Implemented solutions or plan (note: use the same line as the risk/problem/incident, so

that the solution/plan matches the risk/problem/incident next to it)

[Member State(s) name(s)] Describe: dd/mm/yyyy, [description of the risk/problem/incident Describe: dd/mm/yyyy, [description of the solution or plan]

Additional notes:

[Provide any additional information that's required to describe the status of the use case, if applicable. Copy and paste to add a new issue]


Pilot risk status[edit | edit source]

Risk level Tick if this level applies (tick only one) Comments (if any)
Low
Medium x
High

Measures taken[edit | edit source]

Measure description Tick if this measure was taken Description or comments (if any)
Piloting partners will communicate proactively towards each other on issues or incidents (always mandatory) x Will be done when issues arise, which is not yet the case.
Any real-life pilot participants (if applicable) are informed of the fact that they are involved in piloting activities,

including any risks and countermeasures taken, and the (lack of) legal effects and consequences of participation.

Appropriate documentation should be retained to demonstrate that this information has been provided.

(mandatory for medium and high)

x Citizens are informed about involvement in piloting activities at the Explicit request step, i.e. before requesting their data to be retrieved from a competent authority in their home country.
If the piloting involves real-life persons, piloting should be organised under the supervision of a DPO.

(mandatory for medium and high)

x Hans Graux
If the piloting would be done on a production environment, all pilot partners should notify any operators of such environments in advance.

Appropriate measures should be taken that piloting activities do not result in negative legal or practical consequences for any real-life persons, real life data, or production environments.

The production environments should be cleaned if the piloting activity was not intended to have long term legal or practical consequences.

(mandatory for medium and high)

x Operators are informed and attend pilot run sessions. Portals allow for submitting evidences but without any legal or practical consequences for the citizen.
All piloting activities should be monitored by pilot partners (each solely in relation to such components of the piloting activities which are under their responsibility)

in a manner that allows any incidents to be detected and remedied (including by contacting any affected real-life persons where needed).

(mandatory for medium and high)

x Piloting activities are monitored by pilot partners.
The DE4A project DPO (Hans Graux) has been informed prior to initiating piloting activity, and of any incidents that are reasonably likely to create legal effects or practical impacts on any real-life persons

(mandatory for high)

x Starting the WPL sends a notification to the DPO that pilot is about to start. Continuously updated after that on this wiki.
Implementation of a pilot monitoring and remediation strategy to assess whether exchanged evidences are reasonably capable of satisfying the requirements for high risk piloting documented in the deliverables,

and to ensure that any errors in the piloting activity can be detected and remediated in a manner that eliminates any negative legal or practical consequences.

(mandatory for high)

x Piloting activities are monitored by pilot partners.