Closed jkiddo closed 3 years ago
jkiddo
commented
3 years ago @dirkx - being a guy who knows a bit about legal stuff: Is it really allowed to have a reference to a specific vaccination event embodied in the DGC? Doesn't that make it a PII?
martin-lindstrom
commented
3 years ago Another question. When checking some of the data in https://github.com/eu-digital-green-certificates/dgc-testdata I notice that BG has a DGC with two different entries, both containing the same UVCI. My understanding is that this ID should identity the vaccination event, not the entire DGC.
jkiddo
commented
3 years ago Another question. When checking some of the data in https://github.com/eu-digital-green-certificates/dgc-testdata I notice that BG has a DGC with two different entries, both containing the same UVCI. My understanding is that this ID should identity the vaccination event, not the entire DGC.
Agree - this is also my understanding
martin-lindstrom
commented
3 years ago This needs to be sorted out. It is an issue when interop-testing - https://github.com/eu-digital-green-certificates/dgc-testdata/issues/66
@gabywh Could you shed some light on the issue?
gabywh
commented
3 years ago Bottomline: The UVCI is by Annex 2 bound to the use of vaccine, but it is also used in the context of test and recovery
Yes. It all started with vaccination. The name UVCI stuck. I did raise this as an issue but it will not be changed. HTH.
martin-lindstrom
commented
3 years ago @gabywh And your view on the use of the same UVCI for several entries? I claim that each ID should be unique per the event. But @SchulzeStTSI has another opinion (https://github.com/eu-digital-green-certificates/dgc-testdata/issues/66).
gabywh
commented
3 years ago Another question. When checking some of the data in https://github.com/eu-digital-green-certificates/dgc-testdata I notice that BG has a DGC with two different entries, both containing the same UVCI.
Then this is an error in the test. I created #59 and assigned to myself, in which I need to review all these no doubt well-intentioned bulk-submissions of test data and examples for both correctness and consistency.
My understanding is that this ID should identity the vaccination event, not the entire DGC. Correct. There is only a "certificate id" field per certificate type instance. The DGC "container" is simply that: a container, there is no medical event associated with it, but with the certificate(s) it contains
gabywh
commented
3 years ago @gabywh And your view on the use of the same UVCI for several entries?
This is incorrect. As above.
I claim that each ID should be unique per the event.
Correct.
jkiddo
commented
3 years ago Just so I can understand. Please express the desired behaviour in absolute terms
gabywh
commented
3 years ago Just so I can understand. Please express the desired behaviour in absolute terms
Not sure what you mean by "absolute terms" but here goes:
Did that help?
SchulzeStTSI
commented
3 years ago @gabywh The paper certificate is defined with one unique certificate identifier. Which ID of the multiple entries should then be the printed one? I think here is still the id in the root missing, next to the dob etc.
MartinMitev
commented
3 years ago As decided in the technical subgroup, we just support one event per certificate. So there is one event per certificate and one UVCI.
gabywh
commented
3 years ago As decided in the technical subgroup, we just support one event per certificate.
Yes, I know it was decided there, I'm in that subgroup ;) - and the statement is absolutely correct.
You cannot do anything other than support one event per certificate, that is already given by the medical workflow. There can only ever be one event per certificate by definition since one unique atomic medical event generates one unique certificate with its corresponding unique certificate id.
So there is one event per certificate and one UVCI.
Per certificate, yes.
However, the DGC Schema payload (and thus by extension the QR Code) can ('can' and not 'must') contain multiple certificates. Each certificate has its own certificate id in the UVCI format.
The DGC container (DGC.schema.json) is not a certificate in itself but may contain zero or more certificates (as defined in DGC.Types.schema.json). This specific entry in the FAQ may also help: https://github.com/ehn-digital-green-development/ehn-dgc-schema/wiki/FAQ#why-are-the-certificate-type-entries-specified-as-an-array
chris2286266
commented
3 years ago Can someone be so kind and verify the following UVCIs?
URN:UVCI:01:AT:10807843F94AEE0EE5093FBC254BD813#B URN:UVCI:01:AT:71EE2559DE38C6BF7304FB65A1A451EC#3 URN:UVCI:01:AT:B5921A35D6A0D696421B3E2462178297#I URN:UVCI:01:AT:858CC18CFCF5965EF82F60E493349AA5#K and URN:UVCI:01:AT:ABCDEFG988#/ URN:UVCI:01:AT:ABCDEFG997#:
Thanks
gabywh
commented
3 years ago one way amongst many using the examples/Luhn-Mod-N Python code (branch: next):
from luhn_mod_n import LuhnModN
UVCI = ["URN:UVCI:01:AT:10807843F94AEE0EE5093FBC254BD813#B",
"URN:UVCI:01:AT:71EE2559DE38C6BF7304FB65A1A451EC#3",
"URN:UVCI:01:AT:B5921A35D6A0D696421B3E2462178297#I",
"URN:UVCI:01:AT:858CC18CFCF5965EF82F60E493349AA5#K",
"URN:UVCI:01:AT:ABCDEFG988#/",
"URN:UVCI:01:AT:ABCDEFG997#:"]
for uvci in UVCI:
cert_id, _, check = uvci.rpartition('#')
txt = cert_id + check
is_valid = LuhnModN.validate_check_character(txt=txt)
print(f"uvci '{cert_id}' with checksum '{check}' validates as: {is_valid}")
The UVCI is described as an identifer and its usage is stated in both the vaccine entry, test entry and recovery entry. However, in Annex 2, Option 2 the following is stated:
I have a hard time seeing how the (national) vaccination registry should hold any identifiers in relation to an episode of obtained recovery.
Bottomline: The UVCI is by Annex 2 bound to the use of vaccine, but it is also used in the context of test and recovery