Problem with certificate validity check for the Netherlands #671
Comments
|
Android shows the same behavior. For the second card, it looks a little different and not like it was designed this way:
|
|
This works as expected. Netherlands requieres a schema version 1.3 but if your vaccinate certificates is created before Juli you have schema version 1.0. We address this already to the Netherlands but we have no information if and when they plan to downgrade the business rules. |
|
Okay thanks. I'll leave this open for further communication. It's really not optimal for the end user. |
|
Please transfer this issue to the documentation repository. |
|
FYI: Everybody who got their vaccination certificate via the https://impfzentren.bayern/citizen/ can download a new certificate which is created with the latest schema. This then validates correctly in CWA. |
|
@thomasaugsten |
|
@thomasaugsten and @mlenkeit Goal for the "open status" in wallet and verifier apps is to provide information to the user that the validity of the certificate can't be checked, because there is a lack of information or the schema version for the check doesn't fit. The "checking rules" are displayed as text above of the contents of the certificate, so that user may estimate whether the certificate may actually be valid or not. The text/strings for the "checking rules" are directly provided by the participating member countries. Whether the member countries provide translations or not is apparently their matter of taste. => Is there any task force or working group, that could be able to harmonize texts provided in the description strings and also probably coordinate translation efforts? If you could provide an address, maybe the community could place a request there? I think that could help users in all countries independent of their wallet/verifier apps... Not all of the cards in the "open status" screen provide information of the validated DCC, for example:
=> Does CertLogic pass on these details to CWA so that they could be used to display these results (e.g., number of "events" found in the DCC), or only a simple "true/false" or "pass/fail"? Thanks in advance for your answer! |
Technically, that's possible, although it may require enhancements of the CertLogic dependencies. Feel free to raise a wishlist issue for that. I would assume that the chance of implementing such a change will depend on how frequent rules evaluate to open "in the wild".
I would suggest filing an issue in https://github.com/eu-digital-green-certificates/dcc-quality-assurance
CertLogic only returns pass/fail/open for a given rule. The rule itself has |
|
What does "This works as expected. Netherlands requieres a schema version 1.3" exactly mean? The official dutch app (https://play.google.com/store/apps/details?id=nl.rijksoverheid.ctr.verifier) shows a green status with my certificate while I get the error from above in CWA. |
You are referring to #671 (comment) so it means that the Business Rules (for travel) for the Netherlands requires Schema Version 1.3, which is not necessarily the same as the app from the Netherlands. When was your certificate issued? |
|
It was issued in June, actually at the first day it was possible in Baden-Württemberg. |
|
FYI: @thomasaugsten said in https://github.com/corona-warn-app/cwa-app-android/issues/3847#issuecomment-889940530:
|
|
@mlenkeit
I will do that next week. I assume that DCCs and the need to check their validity will stay part of our lives for quite a while. While I think it's unlikely to see more "open states" currently, the chances may rise in the future, when developments in the pandemic situation may require changes of DCCs and their schemes, but not all participating countries can react on those in a timely manner...
Thank you for the suggestion! I will try my chances there next week.
Hm, I see. Doesn't sound too easy to implement for above mentioned cards (the others are quite sufficient, imho), but maybe we can discuss this via the wishlist issue I'm going to open soon. Again, thank you, and have a nice week-end! |
Interesting point! According to this, Spain allows entry with only 1/2, which contradicts the information on https://reopen.europa.eu/en/from-to/DEU/ESP, where it says "COVID-19 Vaccination Certificate. Valid 14 days after receiving the complete regimen". That needs to be a separate issue. |
If the information on https://reopen.europa.eu/en/from-to/DEU/ESP is valid, then it's indeed a bug in their businessrules and an argument to also open source the national business rules (or the compiled JSON from gateway) for public bug bounty :) Edit: I looked into the rule set, and the rule to check for amount of doses is simply missing for them. |
Can you help me jump start to be able to read the rule set? Where can I see it? There are so many repositories and documents these days it's quite difficult to find one's way around. I have opened #675 anyway for Spain. |
|
@MikeMcC399 The rules that were PROD yesterday and delivered to CWA here: |
|
The same also happens with test certificates... |
Are you saying you get exactly the same screenshots as you originally posted? Did you have both a vaccination certificate and a test certificate stored? If yes, what happens if you only have a test certificate stored? |
Not exactly the same, but very close. Here's a screenshot (RAT, sample taken today):
Yes.
I just tried and I get the same result. |
|
@Ein-Tim Maybe you could activate the Error Reports and check the schema (version) of the test certificate. See corona-warn-app/cwa-app-android#3838 (comment) relating to finding the information for a vaccination certificate. I guess it would be similar for a test certificate. |
|
I don't see the schema version in the log when adding the test certificate to the app. Because I was curious I also tested with a vaccination certificate, I don't see the schema version in the log there neither. |
|
@Ein-Tim |
The problem here is, that it is not clear whether the schema mismatch leads to an "unacceptable" certificate or not. The solution by the eHN group is, to set such a certificate to "open" (="unclear") and to provide a complete list of all rules with their related contents of the certificate, aiming that a human being will check the certificate's contents for validity. But I fully agree, that the current information and formatting is rather confusing and insufficient, and should urgently be enhanced. |
In parallel to your recommendation I was also asking the creator of CertLogic for his suggestions. But he also took the opportunity to raise this issue in his work group and provided some information (ehn-dcc-development/eu-dcc-business-rules#56 (comment)): |
|
ehn-dcc-development/eu-dcc-business-rules#56 (comment) Updated rules for NL can be expected from next week-end on! 🎉 |
|
For now (Acceptance Rules from 06.08.2021) the schema version of all previously existing NL business rules have not been set to "1.0.0" yet. If they're not adapted soon, it may take a while longer, until wallet apps won't give the "open" status. The only change I could figure out so far, is, that for certificate type "test" 2 new rules have been added. They will take effect on 08.08.2021, and they have the schema version 1.0.0 and also translations into DE/EN/FR/ES/IT & NL.
Interesting enough to create my own test certificate (schema version 1.2.0) and to see, what will CWA make out of it. (And time runs out to test these things, as with CWA 2.7 only certificates with a valid signature may be imported.)
And CWA did well: while the test sample collection time already expired, CWA shows it as "failed" in German language (because this rule has translations). And it showed it at all as expired, because this rule has schema version 1.0.0. So, while the NL rules are mixed up even more, CWA presented the status (open/failed) correctly in available languages. |
|
Hi @mlenkeit , please have a look at ehn-dcc-development/eu-dcc-business-rules#56 (comment). For the other annotations made in above referenced comment, I'll need to think a bit deeper... tomorrow 😉 |
|
@vaubaehn It should only have failed the I then tried with a I was a bit confused about whether the checking of vaccination certificates with schema (ver) 1.0.0 with the Business Rules for the Netherlands is supposed to work already in production on CWA, but re-reading your notes it seems that this needs to be discussed in a meeting taking place tomorrow, Friday, Aug 13, 2021. Correct? |
|
@MikeMcC399
I was understanding the comment ehn-dcc-development/eu-dcc-business-rules#56 (comment) in that way, that NL subgroup could downgrade the schema version (without discussion in their meeting), but they are not sure whether that was an adequate solution. So that subject might be picked up in that meeting. That lead me to a bit long analysis (ehn-dcc-development/eu-dcc-business-rules#56 (comment)) where I conclude that a downgrade in this case is an appropriate solution. Let's see how the plot continues... |
|
New information from here: ehn-dcc-development/eu-dcc-business-rules#56 (comment) Updated rules and hopefully validation with status "pass" for NL can be expected from Thursday, August 19, 2021. |
|
After a fast check I can confirm that the new rules for NL are online. What did not happen yet for the new rules, is localization. |
|
You can already now confirm that this has been fixed by checking the validity of the certificate for any date in the future but today, tomorrow & the day after tomorrow. Or to make it clear: Select the 19.08.2021 as date of entry and the certificate will show the correct status. I will still leave this open until 19.08.2021 and close it then. |
@vaubaehn we cannot make any promises. These meetings typically have a packed agenda and the priority of the individual topics is usually beyond our control. |
|
hi @mlenkeit ,
You have my full understanding. But I guess we both (or: "we all", if I may speak for the user community) see the advantage for UX, when localizations find their way into the descriptions of business rules one day. And as it is not too easy to approach to TSI directly from our side in this regard, it is good that we have one spokesman with you in this subject, who can from time to time knock onto TSI's door... |
|
This has been fixed on 19.08.2021 though a server-side update. Closing as fixed. |
|
Thanks everybody for contributing here. Corona-Warn-App Open Source Team |
|
A similar problem now popped up with France... |
|
This is already addressed. I think this will be fixed soon. |
|
@thomasaugsten thanks for your response, great. If you don't mind I will open an issue there anyway, as this may also affect other country teams, and when they read along there by chance, it could be more easy to prevent future issues. Ok? |
|
France is fixed |
|
@thomasaugsten Thanks for notifying! |
|
There are also issues with Switzerland, does anybody know a status about that? |
Switzerland seems to be a different issue. (If this is not the issue that you are seeing, then please open a new issue.) |
Avoid duplicates
Technical details
Describe the bug
When checking the vaccination certificate for the Netherlands, I only get this:
I don't fully understand what the app is trying to tell me here (;
Steps to reproduce the issue
Expected behaviour
Clear description why the certificate is not valid.
Additional context
Please check the behavior under Android.
Internal Tracking ID: EXPOSUREAPP-8786
The text was updated successfully, but these errors were encountered: