Discussion: REST Server or SaaS API for commercial use?

[Sikerdebaard]

I'm thinking of developing a REST API around this library. This could then be utilized to run the official MinVWS mobilecore verifier through this library on devices like ticket terminals. For offline requirements, e.g. festivals, this library + configs could be preloaded and refreshed once every x-days. For online devices a SaaS API could be utilized with a pay-as-you-go type subscription.

Would there be interest in such a thing? What requirements would you have for this?

For example if the library would be able to read the MRZ and/or NFC of an identity card / passport and automatically verify this with the information on the QR code would that be enough or would it still be necessary for a person to verify the ID proof? Of course there would need to be a fallback for unreadable ID proof but I think this could save some time as you would probably need less staff.

Would it be interesting to check if certain QR codes have been used more than once in your venue? There's a unique token in the domestic QR that could be utilized for this. This won't work if a person generated multiple QR codes but at the very least you could utilize it to see if a specific QR code has been scanned a suspicious number of times.

Are there analytics that might be useful? E.g. how many paper or app QR codes have been scanned or how many domestic or EHC codes? Is it allowed to gather such analytics?

[royarisse]

To me, this doesn't sound like a good idea, because it would allow not necessarily trustworthy parties to implement applications to be used to allow or deny access. How can a QR owner know the app that is used is trustworthy? And how do we ensure the scanned data is not stored for other intentions?

Let's not forget, this application is ought to be a temporary solution, in my opinion it doesn't need further propagation.

[fobrs]

The official application is not a solution but a huge problem. This technology is used to violate the fundamental rights of people. In article 1 of the Dutch 'grondwet' is written:

Allen die zich in Nederland bevinden, worden in gelijke gevallen gelijk behandeld. Discriminatie wegens godsdienst, levensovertuiging, politieke gezindheid, ras, geslacht of op welke grond dan ook, is niet toegestaan.

Google translate:

All who are in the Netherlands are treated equally in equal cases. Discrimination on the grounds of religion, belief, political opinion, race, sex or any other ground is not allowed.

'op welke grond dan ook (any other ground') is key here!

It is ok to write software to analyze the official application but please do not fall for the temptation to be worser than worse.