Why restrict vaccination, test and recovery group properties to one item?

[andypandy47]

Hi there,

As with the new changes added into v1.3.0, its my understanding that the vaccination, test and recovery group properties are all restricted to one item each. I am a bit confused by this as they are defined as arrays, which initially indicated that multiple medical events could be encoded in a single barcode. With this change however, citizens will require a barcode per vaccination, test and recovery event.

Just wanted to ask what the justification was for this? I feel this may make things more complicated for the user and from what I can see, there wouldn't be any issues around QR code capacity as the character count is relatively small and multiple events have a minor impact.

Thanks

[dslmeinte]

The “1-event rule” is a result of an EU regulation - I'll provide a link later, if I can manage. I think the general reasoning was one of simplification to avoid not meeting deadlines because of complexity.

Originally, multi-event DCCs were envisioned (I think - that's “before my time”), which explains the arrays. These didn't get changed in 1.3.0 because of backwards compatibility (and a lot of test data relying on the array-format), and also because it gives the possibility to go back to multi-event in the future, in case it's absolutely needed.

(My €0.02.)

[gabywh]

I guess you could try reading the FAQ? https://github.com/ehn-dcc-development/ehn-dcc-schema/wiki/FAQ#why-are-the-certificate-type-entries-specified-as-an-array

[gabywh]

The “1-event rule” is a result of an EU regulation

It is the result of a clarification to the EU regs provided by DG Just.

Originally, multi-event DCCs were envisioned (I think - that's “before my time”), which explains the arrays.

Correct. And they would still be of value for a couple of MS.

These didn't get changed in 1.3.0 because of backwards compatibility (and a lot of test data relying on the array-format), and also because it gives the possibility to go back to multi-event in the future, in case it's absolutely needed.

Possibility for future expansion is one reason: open-closed principle - O in SOLID e.g. https://en.wikipedia.org/wiki/SOLID

[michaelmaguire]

This EU approach is proving to be a problem for some people, e.g.:

"Just arrived in YVR and although I am fully vaccinated they are making me do a hotel quarantine with my kids because my LU Euronorm vaccination pass only has vaccination information for the second vaccine on it. Fair warning. This was an extremely expensive mistake."

https://www.facebook.com/groups/2011343209196466/permalink/2820736368257142/

Please see, for example:

Providing proof of your vaccination In ArriveCAN, you must provide:

the details of your first dose (date, country and vaccine you received) the details of your second dose if one was required (i.e., for Pfizer, Moderna, and AstraZeneca vaccines)

https://travel.gc.ca/travel-covid/travel-restrictions/covid-vaccinated-travellers-entering-canada#proof

[gabywh]

Thanks for the use case, of which there are also others even within the EU. Issue discussed many times.

The DCC Schema was initially designed to support multiple combinations of vacc, test and recovery -> which is why there is this "strange" remnant of an array but with min 1 and max 1 in the current DCC Schema.

Statement by Directorate General Justice ("EU legal") stated clearly: only one record EITHER vacc OR test OR recovery per QR Code permissible. So that's how it is.

You may also find the FAQ of use, in particular: https://github.com/ehn-dcc-development/ehn-dcc-schema/wiki/FAQ#why-are-the-certificate-type-entries-specified-as-an-array

HTH.

[michaelmaguire]

Statement by Directorate General Justice ("EU legal") stated clearly: only one record EITHER vacc OR test OR recovery per QR Code permissible. So that's how it is.

Thanks. Do you have a reference to the EU legal statement and a contact (i.e. in my software company "the business"). They work for us (as in "we the people"), so we should just inform them of the problems this is creating and ask them to reconsider. I was previously an EU citizen, and I'm still married to one - I'm happy to follow it up.

[gabywh]

Statement by Directorate General Justice ("EU legal") stated clearly: only one record EITHER vacc OR test OR recovery per QR Code permissible. So that's how it is.

Thanks. Do you have a reference to the EU legal statement

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32021D1073

and a contact (i.e. in my software company "the business").

Is an EU regulation so:

• if inside the EU, then follow up with your EU rep (good place to start may be your Member State Ministry of Health)
• if outside the EU, then your "local" European External Action Service might be a good place to start e.g. https://eeas.europa.eu/headquarters/headquarters-homepage_en

They work for us (as in "we the people"), so we should just inform them of the problems this is creating and ask them to reconsider.

Already done - which is where the clarification came from.

I appreciate you may not have been involved in the discussions at the time, but you're not saying anything new here or suggesting anything that hasn't already been tried: "been there, done that"

I was previously an EU citizen, and I'm still married to one - I'm happy to follow it up.

Feel free :)

[gabywh]

"Just arrived in YVR and although I am fully vaccinated they are making me do a hotel quarantine with my kids because my LU Euronorm vaccination pass only has vaccination information for the second vaccine on it. Fair warning. This was an extremely expensive mistake."

As ever: liability is on the traveller to check the rules for the destination - covid-19 changes nothing in that respect. Two sites that may prove useful: https://www.traveldoc.aero/ https://reopen.europa.eu/en

[michaelmaguire]

Feel free :)

Great. Can you please pass along the contact office details? I.e. a person and a phone number or email.

[vaubaehn]

@dsarkar @heinezen

Regarding recommendations to CWA users, that to store only the 2/2 vaccination certificate in CWA (or any other wallet app) is sufficient: this is not always the case, unfortunately. Please see https://github.com/ehn-dcc-development/ehn-dcc-schema/issues/110#issuecomment-880417278 and following. Please reconsider recommendations to users by support teams, if cases like these can still occur.

[dsarkar]

@vaubaehn Thank you very much indeed! We will evaluate how to proceed with this information.

[gabywh]

I may even happen to agree with you ;-) which is why the entries were initially designed as an array and not a single item to cater for all cases (single and multiple med certs). However the decision to have only one entry is a legal one which has then been implemented as required in this Schema.

From a technical perspective, modifying the schema to support multiple entries is trivial: it can be as simple as increasing or even removing the upper limit constraint on the array(s). However, such a change first requires a change in legislation. Note also that such a simple Schema change would create (relatively) larger ripples in the associated business logic each Member State would have to supporr.

BTW been through this cycle of discussions many times before. I would imagine if Member States can present their case (to eg the eHN Coordinated Actions meeting) citing the need to support multiple med cert entries based on Member State legislation, then I can imagine you would have a strong case for change. Note also that in theory the opportunity for Member States to comment on draft versions of the legislation was open for several months before the final legislation was passed, so the obvious push-back to the request would be: "Why wasn't this raised during the months that the draft legislation was open for discussion and modification?"

Note that I am longer working on this project but since this seems to an almost perernially repeated question, I thought I'd just brain-dunp / summarize some relevant infornation here.

My advice would be: take up this issue with whoever is your rep in the eHN Coordinated Actions meeting and ask them to raise it in that meeting.

HTH, Gaby

Op vr 27 aug. 2021 16:31 schreef vaubaehn @.***>:

@dsarkar https://github.com/dsarkar @heinezen https://github.com/heinezen

Regarding recommendations to CWA users, that to store only the 2/2 vaccination certificate in CWA (or any other wallet app) is sufficient: this is not always the case, unfortunately. Please see #110 (comment) https://github.com/ehn-dcc-development/ehn-dcc-schema/issues/110#issuecomment-880417278 and following. Please reconsider recommendations to users by support teams, if cases like these can still occur.

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/ehn-dcc-development/ehn-dcc-schema/issues/110#issuecomment-907247551, or unsubscribe https://github.com/notifications/unsubscribe-auth/ASHCPHI7T2DOXLTCYDB6LM3T66OUZANCNFSM46ZFSSRQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

[vaubaehn]

@gabywh

I may even happen to agree with you ;-)

Believe it or not, this made my day ;-)

Your additional information was indeed very helpful, imho. Actually, there is another issue that guided me to here (https://github.com/corona-warn-app/cwa-app-android/pull/3928), but all former information applies similarly. I'm trying to gather and condense information for Cornona-Warn-App tech leads and devs, to solve some problems a bit quicker. And

My advice would be: take up this issue with whoever is your rep in the eHN Coordinated Actions meeting and ask them to raise it in that meeting

is especially helpful in this context.

I would imagine if Member States can present their case (to eg the eHN Coordinated Actions meeting) citing the need to support multiple med cert entries based on Member State legislation, then I can imagine you would have a strong case for change.

The current use case here in Germany: Legislation now warrants recovered citizens who get their first vacc shot to have a status "immunized" on the day of their vaccination - without 14-day waiting period. As you know, this can't be validated against business rules with current DCC schema, as it would need to take recovery ANDvaccination into account in a single cert. Don't know if in other member countries a similar legislation is in effect. Second use case: Booster vaccinations. If you now present a 'boostered' vacc cert with a 3/3 series of doses, business rules and verifier apps would complain (without adjustments), when booster vaccination was less than 15 days ago. Hence, your whole vaccination status could be recognized invalid (without additional manual effort to prove your previous doses). Bad, if you only carry a single digital 3/3 vacc cert with you at border control and you have been boostered just recently. Maybe these use cases are already enough?

so the obvious push-back to the request would be: "Why wasn't this raised during the months that the draft legislation was open for discussion and modification?"

The answer from the representive would need to be: "Because the course of the whole process (new scientific findings, recent mutatations, unforeseeable practical implications) prevented to anticipate all necessary details, that now lead to this request for change."

So, a thanks a lot for your time to reply - and especially for all your work on the DCC!

[gabywh]

@gabywh

I may even happen to agree with you ;-)

Believe it or not, this made my day ;-)

Nice :)

Your additional information was indeed very helpful, imho. Actually, there is another issue that guided me to here (corona-warn-app/cwa-app-android#3928), but all former information applies similarly. I'm trying to gather and condense information for Cornona-Warn-App tech leads and devs, to solve some problems a bit quicker. And

My advice would be: take up this issue with whoever is your rep in the eHN Coordinated Actions meeting and ask them to raise it in that meeting

is especially helpful in this context.

I would imagine if Member States can present their case (to eg the eHN Coordinated Actions meeting) citing the need to support multiple med cert entries based on Member State legislation, then I can imagine you would have a strong case for change.

The current use case here in Germany: Legislation now warrants recovered citizens who get their first vacc shot to have a status "immunized" on the day of their vaccination - without 14-day waiting period. As you know, this can't be validated against business rules with current DCC schema, as it would need to take recovery ANDvaccination into account in a single cert.

Not entirely true. Again, this point was already raised several times. The official response was: "You can show each of the individual QR codes, one after the other". There was a further point raised about legislation explicitly disallowing persistence of the data. However, the clarification was received that persistence in RAM for the purposes of validating multiple QR codes (where required - as in the use cases you mention) is permissible. Before you say anything: I know...

You might think that this really sucks from a usability (UX) perspective, is error prone and will only cause more delays at border controls as people hunt either (1) on their smartphone / wallet for the correct two or three QR codes to present, or (2) for two or three separate pieces of paper each with a QR code on it, or (3) if they were smart but still paper-based they could have printed both or all three on one sheet of paper. Oh, wait, if the QRs are shrunk to all fit on one piece of paper, then perhaps the printed resolution of the QR code then becomes too low for the QR codes to be read. Wait... I know! We could put all the required medical certs into one QR code and avoid all these issues...

Well: "you might think that, I couldn't possibly comment" (https://www.youtube.com/watch?v=xJFiByfiRTA - the original and best :)

Don't know if in other member countries a similar legislation is in effect.

Mentioning no names... Austria... oops... wasn't supposed to be mentioning names, so I guess it's just as well I didn't mention Peter Teufl (@asitplus-pteufl) who would probably be a good point of contact for you... "oops I did it again!" (Britney!)

Second use case: Booster vaccinations. If you now present a 'boostered' vacc cert with a 3/3 series of doses, business rules and verifier apps would complain (without adjustments), when booster vaccination was less than 15 days ago. Hence, your whole vaccination status could be recognized invalid (without additional manual effort to prove your previous doses).

Additional manual effort, as described above, indeed.

Bad, if you only carry a single digital 3/3 vacc cert with you at border control and you have been boostered just recently. Maybe these use cases are already enough?

"You might think that, I couldn't possibly comment!" ;)

so the obvious push-back to the request would be: "Why wasn't this raised during the months that the draft legislation was open for discussion and modification?"

The answer from the representive would need to be: "Because the course of the whole process (new scientific findings, recent mutatations, unforeseeable practical implications) prevented to anticipate all necessary details, that now lead to this request for change."

Is certainly a possible answer.

As you mentioned Germany then your representative in the eHN Coordinated Actions meeting would be Niklas Kramer - a thoroughly decent chap IMHO and certainly a staunch advocate for Germany's needs. The Coordinated Actions meeting used to be on - I think - a Tuesday or a Wednesday afternoon, maybe they still are. In any case, do contact Niklas sooner rather than later with your thoughts (although he is probably doing a marvellous job of defending the German corner over this point already).

So, a thanks a lot for your time to reply - and especially for all your work on the DCC!

You're most welcome - glad I could make your day :)

Gaby.