18013-5 / micov

mobile international certificate of vaccination
11 stars 3 forks source link

What's the difference between ValidFrom/ValidUntil in the data model and nbf/exp in the CWT? #2

Open vitorpamplona opened 3 years ago

vitorpamplona commented 3 years ago

The spec runs into the same issues the DCC has. Most people think those fields are the same because they are not named correctly.

Vaccination has:

?"vf" : full-date, ; Valid from
?"vu" : full-date  ; Valid until

and the Recovery payload has

Rec = {
 ?"df" : full-date, ; Certificate Valid From
 ?"du" : full-date, ; Certificate Valid Until
}

Maybe they should be renamed from Certificate Valid From and Until to COVID Protection from and COVID Protection Until. That will give issuers and verifiers a better meaning for these fields

18013-5 commented 3 years ago

Thanks for raising this. Different from the EU DCC, micov allows multiple records to be included, for different diseases. For that reason, there is differentiation between the validity of the credential and the validity of individual records. Good suggestion to clarify the definition. It should indeed clearly define that these dates refer to the specific record.

vitorpamplona commented 3 years ago

Then why Test doesn't have a validity interval?

vitorpamplona commented 3 years ago

Also, if these values are different than the DCC, you should not claim that this standard is "supporting" the DCC. They are very different things.

18013-5 commented 3 years ago

Then why Test doesn't have a validity interval?

Because policies differ - and fluctuate. The PCR test that I took last week was valid for 24 hours in the Netherlands, while the very same test result was valid for 48 (or 72?) hours in the UK. What matters is the time the sample was taken.

18013-5 commented 3 years ago

Also, if these values are different than the DCC, you should not claim that this standard is "supporting" the DCC. They are very different things.

As far as I can see, providing a standard that allows more than currently is done in the EU (based on a policy choice) does not result in that standard not being able to support that smaller scope. Do I overlook something?

vitorpamplona commented 3 years ago

Because policies differ - and fluctuate. The PCR test that I took last week was valid for 24 hours in the Netherlands, while the very same test result was valid for 48 (or 72?) hours in the UK. What matters is the time the sample was taken.

Sure, but that's not what you said the dates represent. The validity of individual records is not the same as the period you are protected from COVID. One is about expiration of credentials, the other is about a clinical datapoint that has nothing to do with the validity of the records.

As far as I can see, providing a standard that allows more than currently is done in the EU (based on a policy choice) does not result in that standard not being able to support that smaller scope. Do I overlook something?

But you are not just extending, you are changing it. The concept for the dates you are talking about doesn't match what the DCC advocates for. Also, the CWT is different here (NamesSpaces, etc). You will also need to support HC1 encoding with Base45, which is not here. I understand the records are close to each other, but that's it.