ECI OCS Workshop 29/11/2012
Agenda – Morning session 9h15 Welcome & Introduction 9h30 Introduction to European Citizens' Initiative 10h00 OCS architecture 10h30 ISO 27000 security standards 11h00 Coffee break 11h30 Open source tools for Vulnerability and Penetration tests 12h00 How to collaborate to OCS project?
Agenda – Afternoon Labs 14h00 Lab 1: MySQL install and set-up 14h45 Lab 2: GlassFish install and configuration 15h30 Lab 3: Deployment and set-up d'OCS 16h15 Lab 4: Deployment OCS Virtual Image 17h00 End of the workshop
ECI:OCS You wish to collect online? Get your system certified. Max. 1 month Collect statements of support in at least 7 member states. Max. 12 months OCS Get statements of support certified by member states. Max. 3 months The main focus of my presentation is to describe the Open Source Tool built by the Commission funded by the ISA program to facilitate the collection of statements of support. OCS is an open source web tool to be used by Initiative organisers to collect online supports for their initiatives.
ECI Online Collection System stakeholders European Commission National certification and validation authorities ECI organisers European Citizens All the groups are represented in jouinup users. University: Vienna (A master thesis about OCS), Graz Fundación Once, European Disability Forum (EDF)
ECI Online Collection Software requirements Open Source Software Functional requirements from Reg (EU) 211/2011 Security requirements from Reg (EU) 1179/2011 ISO 27k Multilanguage: 23 European official languages Support for disable people WCAG 2.0 compliant Compatible with all user clients/browsers ISO 27001 (October 2005) – Specification an Information Security Management System ISO 27002 (2005) – Code of practice for information security (hundreds of potential controls and control mechanisms, which may be implemented) ISO 27005 – Information security risk management W3C Recommendation 11 December 2008 – Web Content Accessibility Guidelines 2.0
OCS: Architecture & technology Standard JEE application Requires JEE 5 compliant application server Spring MVC JSR 220: Enterprise JavaBeansTM 3.0 JSR 317: JavaTM Persistence 2.0 JAXB: xml processing JMS Open source interpreted as not requiring additional software licenses. This implies excluding .net, coldfusion, … Only choices left were php or Java. Java provides better support for security. Provide database scripts for Oracle and MySQL and application server scripts for Weblogic and GlassFish
Geographic distribution of OCS users Source of Information joinup 40 users in total Anomaly: Austria
OCS downloads Artifacts: ear file + configuration scripts (database and application server)
OCS milestones Q1 2011 Q2 2011 Q3 2011 Q4 2011 Q1 2012 Q2 2012 Q3 2012 Corrigendum to Reg EU 211/2011 First online collection system Expert Group review of OCS Risk Assessment Reg EU 211/2011 Reg EU 1179/2011 REGULATION (EU) No 211/2011 of 16 February 2011 REGULATION (EU) No 1179/2011 of 17 November 2011 ECI Expert Group meeting 12 March 2012 Corrigendum to 211/2011 30 March 2012 Open Register E.C.I. 1 April 2012 O.C.S 1.0.0 22 December 2011 O.C.S 1.1.0 9 March 2012 O.C.S 1.2.0 30 March 2012 O.C.S 1.3.0 19 July 2012 O.C.S 1.3.1 – Viking edition 21 August 2012 Right2Water online – 3 September 2012 Meeting with organisers since June 2012. No budget for Online hosting and no IT knowledge First OCS in EC datacentre OCS 1.0.0 OCS 1.2.0 OCS 1.3.1 OCS VM
European Citizens’ Initiative: Useful links & contacts ECI Register http://ec.europa.eu/citizens-initiative ECI Online Collection Software in joinup https://joinup.ec.europa.eu/software/ocs/home ECI functional mail box EC-ECI-OCS@ec.europa.eu