Validation suite

[asitplus-pteufl]

As previously discussed we see the need for a validation suite (*) identifier based on the following rationale:

• the processing details will change in the future, maybe even at the beginning if certain aspects need to be changed after the initial trial-runs
• an app which reads the qr-code should (at best) immediately identify which validation chain to follow to get data processing right
• such a suit-ID would be needed on a very high-level. e.g. as defined prefix of the BASE45 data within the QR-Code, at this level the app can easily decide on the required process
• content: maybe country code (I think this was also mentioned by @dirkx) and some version ID. e.g. AT01, where the version ID fully defines the complete validation chain, the country code has no specific reason right now, but could be important if some country-specific issues arise (which are not desirable, but still it could help to address them). The version ID would then indicate the full-suite of processes and other parameters that are required to fully validate the document.
• Val.Suite format: if we assume the BASE45 notation and avoid special chars of BASE45, we still would have 36 chars (A-Z and 0-9), resulting in 36*36 suites, which will be more than sufficient.

Example can already be seen in our COSE chain on https://dev.a-sit.at/certservice

(*) with "validation suite" I am referring to the whole process chain and details required for validating/creating a document (e.g. JSON->CBOR->COSE->ZLIB->BASE45) and the associated details (e.g. key-id within the COSE header, Trust-list format etc.)

Discussion:

• Opinion of the other members
• Location of such a suite (proposal: prefix of BASE45 data)
• Suite-Format: Country-code? length of version ID
• processes, parameters covered by suite, but basically the suite ID would be linked to the complete specification of a chain

[asitplus-pteufl]

i will close this, this is solved with HC1: