Presentation on theme: "CP-IS Client Overview 1 Author: Mat Barrow, Spine2 Functional Lead Date: 3 rd Dec 2013."— Presentation transcript:
CP-IS Client Overview 1 Author: Mat Barrow, Spine2 Functional Lead Date: 3 rd Dec 2013
Background CP-IS Client based on a similar NHS client (DBS): Files are just dropped into/picked from a folder which is specified during installation Batch handling and Spine messaging managed within client to minimise complexity and reduce LA system processing and network load Local logging for errors/exceptions in addition to file-level response messages Simple to install (see later slides) 2
Technical Requirements NHS Network (N3) connection (including IG Toolkit) or government network with a functional gateway to N3. HSCIC will register a Spine end-point for each LA, and advise the Accredited System ID (ASID) for use during installation of the client. Each LA will need to install its own certificate* Java Runtime Environment 6 (JRE6) Windows or Linux OS. Windows 7 and Ubuntu 12.04 have been tested. Other flavours may be tested where required but only the HSCIC warranted environment is supported. The minimum hardware specification is currently that required for JRE6. 3
Security 4 Certificate DN specific to LA: no sharing/reuse CP-IS certificates only work for CP-IS messaging ASID and Interactions checked for CP-IS certificates (No requirement for logon authentication) TLS Mutual Authentication with >=1024 bit (ideally 2048 bit) certificates Uses port 443 which will need to be opened in firewalls Requires a secure server in a secure location HSCIC is arranging for independent Penetration testing to be conducted against the CP-IS Client and Spine 2 itself, thereby giving assurance to LAs about the overall security of the solution.