Clarification Needed: A single DGC with multiple certificates of different types

[bhavin-qryptal]

Issue Description

Question: Is it legit to have a single DGC with multiple certificates of different types (e.g. One or more Vaccination Record(s) , Recovery Report(s) and/or Test Report(s)) ?

I recall having read somewhere (could not find that reference anymore) which mentioned that a single DGC could have one more certificates of same types. e.g. Two Vaccination Records (for 1st dose and 2nd dose), however, It could not contain a combination of Vaccination Report and Recovery Report. Now, I am having a doubt whether this understanding is correct or not. Please help with some reference, if you could. I have noticed quite a few examples (an example) in test data repository which contains more than one types of the certificates under single DGC.

Also, if certificates of different types are allowed in single DGC, I believe, we would need to ensure that given DSC is eligible (extended Key Usage ) to sign all underlying types of the certificates. Please do opine on this.

Proposed Solution

Seeking clarification with some references to the documents.

[asitplus-pteufl]

The HCERT spec defines this aspect here: https://github.com/ehn-digital-green-development/hcert-spec/blob/main/hcert_spec.md#a4-extended-key-usage-identifiers

you have two options:

• either put in the OIDs you need in the DSC

• or put no OID in the DSC, then it is considered as valid for all types

[bhavin-qryptal]

you have two options:

• either put in the OIDs you need in the DSC
• or put no OID in the DSC, then it is considered as valid for all types

Thank you. This is helpful. However, I still wish to confirm whether is it legit to have a single DGC with multiple certificates of different types?

[asitplus-pteufl]

I think the official confirmation would be better to have from @SchulzeStTSI
let me verify if I got it right (not quite sure, because you are writing, a single DGC, but I think you mean "a single DSC")
you would like to use a single DSC (the document signing certificate) that signs multiple DGCs types (e.g. test, recovery, vacc), right?
That's the way we do it (Austria), we have a DSC without any OID which automatically - according to the linked - spec enables it to create all types of DGCs

[bhavin-qryptal]

@daniel-eder , @SchulzeStTSI , Kindly help. Thank you.

[asitplus-pteufl]

ah sorry, I think I got your question wrong.
NO, a DGC is only allowed to have one type (test, rec, vacc). Lacking the official link right now
The schema technically allows for more than one per DGC, but this is not allowed from business rules perspectives. @SchulzeStTSI do you have an official reference for that?

[SchulzeStTSI]

@asitplus-pteufl @bhavin-qryptal Currently is defined that one DGC can have 1 Event from only one type. The definition for the business rules is still in progress.

[bhavin-qryptal]

Thank you @asitplus-pteufl and @SchulzeStTSI . There very large number of test files from NL which does not comply with this rule e.g. https://github.com/eu-digital-green-certificates/dgc-testdata/blob/main/NL/2DCode/raw/310.json

[dslmeinte]

On Fri, May 21, 2021 at 8:16 AM SchulzeStTSI ***@***.***> wrote: @asitplus-pteufl <https://github.com/asitplus-pteufl> @bhavin-qryptal <https://github.com/bhavin-qryptal> Currently is defined that one DGC can have 1 Event from only one type. The definition for the business rules is still in progress.

The JSONSchema for the DGC (as JSON payload) allows any number of events from any type. (In fact, minItems = 1 for the arrays in v, t, and r.) It seems it'd be a good idea to tighten the schema a bit?

…

-- With kind regards, Meinte Boersma (drs./M.Sc.) Independent consultant and expert in domain modeling and model-driven software development (MDSD). Web site: http://www.dslconsultancy.com/ Blog: ***@***.*** (previous: http://dslmeinte.wordpress.com/) Twitter: http://twitter.com/meinte37

[SchulzeStTSI]

@dslmeinte There is currently a open point how we continue with this. My proposal would be to set oneOf for v,t and r, and set maxItems:1 for all entries. But this currently under discussion.

[dslmeinte]

@SchulzeStTSI oneOf[r,t,v] + maxItems=1 is exactly what I was thinking, to keep things somewhat backward-compatible. (Still begs the question why it wasn't oneOf's with objects instead of arrays in the 1st place.)

Where does this discussion take place?

[bhavin-qryptal]

If it helps, recently rolled out test script has a logic to ensure that a single DGC could have one more certificates of same types. e.g. Two Vaccination Records (for 1st dose and 2nd dose). However, It would not allow a combination of different types, e.g. Vaccination Report and Recovery Report in one DGC.

Please let me know if the test script criteria need to be tightened further to ensure ONLY one certificate record is allowed per DGC.

[dirkx]

@bhavin-qryptal that needs to await the answer from the legal people.

@SchulzeStTSI - I am afraid that that is not quite correct - At this point in time - the current version of the regulation does NOT stipulate this. It allows for a piece of paper (or a yellow booklet or a qr code) to contain multiple V's, T's and R's. And it allows for multiple V, T or R events. The certificates it refers to are medical certificates.

So following the WG meeting on Friday (21/5) we need to await the clarification from the legal people - including the clarification on the prohibition to store between processes and its effect on multiple scans if events (or a set of events of the same type; e.g. two vaccinations in a row) are rendered on separate bits of paper / QR codes.

[dslmeinte]

Because the format (JSONSchema) allows multiples, and legal people are involved, it seems to me that this {c|sh}ould be a separate business rule, which also means that 1-event should not be an assumption baked into the test automation.

On Sat, 22 May 2021 at 13:22, Dirk-Willem van Gulik < ***@***.***> wrote: @bhavin-qryptal <https://github.com/bhavin-qryptal> that needs to await the answer from the legal people. @SchulzeStTSI <https://github.com/SchulzeStTSI> - I am afraid that that is not quite correct - At this point in time - the current version of the regulation does NOT stipulate this. It allows for a piece of paper (or a barcode or a yellow booklet) to contain multiple V's, T's and R's. And it allows for multiple V, T or R events. So following the WG meeting on Friday (21/5) we need to await the clarification from the legal people - including the clarification on the prohibition to store between processes and its effect on multiple scans if events (or a set of events of the same type; e.g. two vaccinations in a row) are rendered on separate bits of paper / QR codes. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#161 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAFG7G4QRJIUZTWJBDXCS53TO6HVZANCNFSM45IOPRMA> .

-- With kind regards, Meinte Boersma (drs./M.Sc.) Independent consultant and expert in domain modeling and model-driven software development (MDSD). Web site: http://www.dslconsultancy.com/ Blog: ***@***.*** (previous: http://dslmeinte.wordpress.com/) Twitter: http://twitter.com/meinte37

[daniel-eder]

@bhavin-qryptal The last status I know about is - as Meinte and Dirk mentioned - that we are still awaiting clarification from legal. @SchulzeStTSI can you update this issue when we have clarification?

[SchulzeStTSI]

@bhavin-qryptal The regulation clarifies now this topic: only one type of certificate with one entry is allowed. Means only one v OR t OR r Record with maximum one item in the array.

[bhavin-qryptal]

@bhavin-qryptal The regulation clarifies now this topic: only one type of certificate with one entry is allowed. Means only one v OR t OR r Record with maximum one item in the array.

Thank you for the confirmation. I have made change in the test script to reflect this. ref: #261