Closed Ein-Tim closed 2 years ago
Hi @Ein-Tim!
some information can be found here: https://www.coronawarn.app/de/faq/#val_service_basics https://ec.europa.eu/health/sites/health/files/ehealth/docs/covid-certificate_traveller-onlinebooking_en.pdf (Chapter 3) https://github.com/eu-digital-green-certificates/dgca-validation-service
Wish you a Merry Christmas!
Hey @dsarkar
Thanks for the links! I will read through them later on! Still I think the CWA documentation should be updated to include some infos how exactly this is implemented, like https://github.com/corona-warn-app/cwa-documentation/blob/master/images/solution_architecture/high_level_architecture.svg was also updated to show the connection to the DCC issuing server.
To you and the whole CWA team I wish merry Christmas, thanks for all of your work since more than a year now! ❤️ Enjoy the holidays!
Thanks @Ein-Tim for creating the issue. It had generated discussion and suspicions in the Twitter Space.
In particular, can it be abused 😈 or does it offer value over and above the CWA goal 😇
a) 😈 Can it be used by unscrupulous marketing agencies for harvesting real names and real date-of-births?
b) 😇 Does it offer a useful mechanism for online age-validation? I.e. The ticketer/web-site wants to perform age-verification and is not interested in vaccination status.
c) 🤔What accreditation is performed on ticketing agencies integrating this validation? Or is it freely available?
d) 😇 Does the CWA inform the user of the data being validated? E.g. If the ticketing agency requests that the date-of-birth is validated, this should be reflected in the CWA UI as is done in the Ausweis2 App. The screenshot in the blog and CWA library doesn't make this clear.
This declaration in the FAQ/Docu is important, because the specs make it clear that "that these specifications have no binding character".
@Ein-Tim The "harvesting" link above shows the workflow. I've added it directly to this comment to save you hunting. Bullet c) was my question in Spaces a minute ago. Thank you for listening.
@alanrick
Thanks for the ping! Yes, exactly, though these steps the booking service knows that your name is genuine, but, as I said, the validation service does not directly transmit name and dob to the booking system.
Hope all your questions are clarified now? I suggest you open a new issue reg. the question: "Which businesses can connect to the validation service?"
I suggest you open a new issue reg. the question: "Which businesses can connect to the validation service?"
See also:
and
"Which customers are already using a DCC validation service?
Customers or providers will publish this information themselves, independently."
@Ein-Tim
Although the CORONA-WARN-APP SOLUTION ARCHITECTURE document does not cover the validation service, which is what you requested in this issue, there is some information elsewhere.
"Bericht zur Datenschutz-Folgenabschätzung für die Corona-Warn-App der Bundesrepublik Deutschland Öffentliche Version Version 1.20, 09.12.2021"
Section 5.5 Systemarchitecture, 5.5.12 Validierungsdienste on Seite 71 ff and 5.7.26 Online-Validierungsdaten Seite 132 may provide you with some information you are looking for.
@MikeMcC399
Thanks Mike, I'll take a look! Enjoy your weekend!
Thanks for your report @Ein-Tim. Internal Tracking ID: EXPOSUREAPP-11229
Corona-Warn-App Open Source Team
Just for the record: The DCC ticketing feature was put on ice: https://github.com/corona-warn-app/cwa-website/issues/2218#issuecomment-1094809124
I don't expect any documentation for a feature that is not in use currently. Thus closing this issue.
Where to find the issue
https://github.com/corona-warn-app/cwa-documentation
Describe the issue
E.g. https://github.com/corona-warn-app/cwa-documentation/blob/master/images/solution_architecture/high_level_architecture.svg does not mention the DCC checks when booking tickets.
Suggested change
Update the documentation so that interested users can take a look at how exactly the DCC ticketing is implemented in the CWA, which connections are made, etc.
Ping
@tklingbeil
Internal Tracking ID: EXPOSUREAPP-11229