
Are multiple types (Test, Imm, Recov) allowed in one Payload?

vitorpamplona opened this issue · 24 comments

This is a valid DGC at the moment. It won't fit in the QR.

But as a verifier, I want to make sure I am supposed to expect massive payloads like the on below.

Also, what happens when payloads don't fit in the QR? Do issuers create many QRs? Do we merge them by name? Can we assume if the name + dob matches, it is the same person?

Or is there another digital way to transfer bigger credentials? Sending the HC1 in plain text?

 "ver": "1.0.0",
 "nam": {
   "fn": "d'Arsøns - van Halen",
   "gn": "François-Joan",
   "fnt": "DARSONS<VAN<HALEN",
   "gnt": "FRANCOIS<JOAN"
 "dob": "2009-01-28",
 "t": [
     "tg": "840539006",
     "tt": "LP217198-3",
     "tr": "260415000",
     "ma": "1232",
     "sc": "2021-04-13T14:20:00+00:00",
     "dr": "2021-04-13T14:40:01+00:00",
     "tc": "GGD Fryslân, L-Heliconweg",
     "co": "NL",
     "is": "Ministry of VWS",
     "ci": "urn:uvci:01:NL:GGD/81AAH16AZ"
     "tg": "840539006",
     "tt": "LP217198-3",
     "tr": "260415000",
     "ma": "1232",
     "sc": "2021-04-13T14:20:00+00:00",
     "dr": "2021-04-13T14:40:01+00:00",
     "tc": "GGD Fryslân, L-Heliconweg",
     "co": "NL",
     "is": "Ministry of VWS",
     "ci": "urn:uvci:01:NL:GGD/81AAH16AZ"
     "tg": "840539006",
     "tt": "LP217198-3",
     "tr": "260415000",
     "ma": "1232",
     "sc": "2021-04-13T14:20:00+00:00",
     "dr": "2021-04-13T14:40:01+00:00",
     "tc": "GGD Fryslân, L-Heliconweg",
     "co": "NL",
     "is": "Ministry of VWS",
     "ci": "urn:uvci:01:NL:GGD/81AAH16AZ"
 "r": [
     "tg": "840539006",
     "fr": "2021-04-21",
     "df": "2021-05-01",
     "du": "2021-10-21",
     "co": "NL",
     "is": "Ministry of VWS",
     "ci": "urn:uvci:01:NL:LSP/REC/1289821"
 "v": [
     "tg": "840539006",
     "vp": "1119349007",
     "mp": "EU/1/20/1528",
     "ma": "ORG-100030215",
     "dn": 2,
     "sd": 2,
     "dt": "2021-05-07",
     "co": "NL",
     "is": "Ministry of VWS",
     "ci": "urn:uvci:01:NL:PlA8UWS60Z4RZXVALl6GAZ"
     "tg": "840539006",
     "vp": "1119349007",
     "mp": "EU/1/20/1528",
     "ma": "ORG-100030215",
     "dn": 1,
     "sd": 2,
     "dt": "2021-04-15",
     "co": "NL",
     "is": "Ministry of VWS",
     "ci": "urn:uvci:01:NL:PlA8UWS60Z4RZXVALl6GAZ"

You are not allowed to group mulitple types in a DGC. Either it is test, vaccination or recovery AFAIK

Can you point me to where on spec this restriction is written out?

Because the JSON I shared passes the Schema compliance test as defined today.

In other words, the schema doesn't say: oneOf ["v", "t", "r"]

The schema allows for more than policy, this is a deliberate design choice. There's also a discussion whether two vaccinations should be included or just the last one, not sure if it was resolved but @gabywh and @sondaica might know more.

  1. Imm -> I assume here is meant Immunization? If so, this is incorrect. We are not talking about immunization but vaccination. Please keep the terminology consistent.
  2. You are most definitely allowed - but NOT required - to group more than one type of test into the QR payload.
  3. Schema doesn't say oneOf - correct, it does not. It also does not say - which is perhaps more the intent - anyOf. as there were reports of some validation issues with anyOf. I didn't look further into those validation issues (yet).

This is a valid DGC at the moment. It won't fit in the QR.

Here is a png version of the QR generated for your quoted payload:
QR params:

  • base45 byte length of payload is 996 bytes - max payload spec is <= 1400 bytes
  • QR itself is Version 25, Error Mode Q - we could have got it smaller again by requesting Error Mode L
    So I guess it fits.

But as a verifier, I want to make sure I am supposed to expect massive payloads like the on below.

Could you please quantify "massive"?

Also, what happens when payloads don't fit in the QR?

Same protocol as has been established and used worldwide for decades for both HL7 and DICOM standards.

For the QR code there is an overall recommended max payload byte size. The final payload byte size depends on many factors, not least of which is the amount of repetition in the source data, since once stage of processing in the pipeline is LZMA compression.

If you add up the length of all fields in the JSON schema you may well exceed the max payload bytes in the end, depending on the data. This is no different to the HL7 and DICOM international standards and was an explicit and conscious choice made in conjunction with the eHealthNetwork Semantic sub-group. Moreover, since there is no max limit on the number of entries in an array, it is an arbitrarily trivial task to construct an artificial example that will exceed, at the end of all the processing, the max payload bytes.

Do issuers create many QRs?

  1. How the issuer wishes to slice and dice it is up to the issuer: business rules for issuance. In the end, what has to come out is a valid DGC schema and QR code.
  2. Is this a realistic case? For example, you say elsewhere (e.g. ) that you are advocating only one instance of one certificate type per QR code, which is certainly supported by the DGC schema too. Thus I suspect this is something of a merely academic problem, particularly if you constrain yourself to max one instance of one certificate type per QR code.

Can we assume if the name + dob matches, it is the same person?

No need to assume: these are the two fields the proposed EU legislation contains for matching with e.g. passport documents.

Short answer to original question: are multiple certificate types allowed in one payload? Yes.

Here is a png version of the QR generated for your quoted payload:

What is this QR? It does not start with "HC1:". This is not a valid HCERT since it's just a massive JSON string into a CBOR file. Where is the CWT? It's not following the spec. Did you just paste the text on a CBOR file?

Could you please quantify "massive"?

Anything over 500 bytes is massive and won't be printable/usable with ease. It creates major practical problems for printing and verifying QRs.

Here, I just made a one for you that actually follows the spec:

Screen Shot 2021-05-14 at 9 30 46 AM

109x109 QR bits at 25% ECC, 1485 bytes. MINIMUM printable size is 55x55mm, which occupies 52% of the printable area of an A5-based card.


Here is a png version of the QR generated for your quoted payload:

What is this QR? It does not start with "HC1:". This is not a valid HCERT since it's just a massive JSON string into a CBOR file. Where is the CWT? It's not following the spec. Did you just paste the text on a CBOR file?

Sure. Point being I just took your payload verbatim and you see it reduce.

Here, I just made a one for you that actually follows the spec:

Screen Shot 2021-05-14 at 9 30 46 AM

109x109 QR bits at 25% ECC, 1485 bytes. MINIMUM printable size is 55x55mm, which occupies 52% of the printable area of an A5-based card.

Further point from above being: it is a simple task to construct sth that is arbitrarily big as payload, whether meaningful or not. That was my point.

dirkx commented

Is it just mee - I get 541 raw bytes / payload level (or as base45:




which seems pretty managable to me. Commands are

  pbpaste | ./ | qrencode -o x.png
  pbpaste | ./ -b | wc -c

With the above JSON as is in the 'pbpaste' command.

Sure. I also got smaller by doing full serialize etc - but that wasn't the main point I was making, I thought I'd just stick to the OP text to prove the point, but I guess that message didn't arrive. Whether you serialize this down or not - it is a trivial task to keep adding to the source data until you get something that will no longer fit.

@dirkx also not following the SPEC. Missing CWT and structure is incorrect.

I am a little concerned that you folks are debating by presenting QRs that do not follow what is specified by yourselves.

I hope this is not how you are making specification decisions and that somebody has a full implementation to test things before making an opinion about it.

dirkx commented

Hmmm - that would be odd.

In your opinion - are the official test vectors in (e.g. /NL/) correct ?

I have not tested them all yet, but the 3-4 countries that I tested were correct.

DK, for instance

  { "Map": [ [ 1, -7 ], [ 4, "uE7ViYTSegg=" ] ] },     <- unprotected COSE header
  {},                                                  <- protected COSE header
    "Map": [
      [ 1, "DK" ],                                     <- CWT
      [ 4, 1620909698 ],                               <- CWT
      [ 6, 1620650498 ],                               <- CWT
        -260,                                          <- HCERT
          "Map": [                                     <- HCERT v1
              {                                        <- Payload
                "r": [],
                "t": [],
                "v": [
                    "ci": "urn:uuid:1c11e5a6-8008-4cf2-8e67-d5dac166e67a",
                    "co": "DK",
                    "dn": 2,
                    "dt": "2021-04-13",
                    "is": "Danish Health Data Authority",
                    "ma": "ORG-100030215",
                    "mp": "EU/1/20/1528",
                    "sd": 2,
                    "tg": "840539006",
                    "vp": "1119349007"
                "dob": "1983-01-06",
                "nam": {
                  "fn": "Klaus",
                  "gn": "Jørgensen",
                  "fnt": "KLAUS",
                  "gnt": "JOERGENSEN"
                "ver": "1.0.0"

As you can see, the lack of precision on what to put on the payload makes some countries add:

"r": [],
"t": [],

and others not even include those fields. Should verifiers understand empty arrays as "There is no R and T for this person" as opposed to "We don't know if there is an R or T for this person" when fields are not present.

In other words, an empty array means something different than not including the field. But that difference is not clear on the spec.

dirkx commented

Ok - good. As that is the same code creating it. Thanks!

Then there is a bug somewhere, because your QR only contains this below. There is no CWT.

  "tag": 18,
  "value": [
    { "Map": [ [ 1, -7 ], [ 4, "1P87cFkLGLc=" ] ] },
      "ver": "1.0.0",
      "nam": {
        "fn": "d'Arsøns - van Halen",
        "gn": "François-Joan",
        "fnt": "DARSONS<VAN<HALEN",
        "gnt": "FRANCOIS<JOAN"
      "dob": "2009-01-28",
      "t": [
          "tg": "840539006",
          "tt": "LP217198-3",
          "tr": "260415000",
          "ma": "1232",
          "sc": "2021-04-13T14:20:00+00:00",
          "dr": "2021-04-13T14:40:01+00:00",
          "tc": "GGD Fryslân, L-Heliconweg",
          "co": "NL",
          "is": "Ministry of VWS",
          "ci": "urn:uvci:01:NL:GGD/81AAH16AZ"
          "tg": "840539006",
          "tt": "LP217198-3",
          "tr": "260415000",
          "ma": "1232",
          "sc": "2021-04-13T14:20:00+00:00",
          "dr": "2021-04-13T14:40:01+00:00",
          "tc": "GGD Fryslân, L-Heliconweg",
          "co": "NL",
          "is": "Ministry of VWS",
          "ci": "urn:uvci:01:NL:GGD/81AAH16AZ"
          "tg": "840539006",
          "tt": "LP217198-3",
          "tr": "260415000",
          "ma": "1232",
          "sc": "2021-04-13T14:20:00+00:00",
          "dr": "2021-04-13T14:40:01+00:00",
          "tc": "GGD Fryslân, L-Heliconweg",
          "co": "NL",
          "is": "Ministry of VWS",
          "ci": "urn:uvci:01:NL:GGD/81AAH16AZ"
      "r": [
          "tg": "840539006",
          "fr": "2021-04-21",
          "df": "2021-05-01",
          "du": "2021-10-21",
          "co": "NL",
          "is": "Ministry of VWS",
          "ci": "urn:uvci:01:NL:LSP/REC/1289821"
      "v": [
          "tg": "840539006",
          "vp": "1119349007",
          "mp": "EU/1/20/1528",
          "ma": "ORG-100030215",
          "dn": 2,
          "sd": 2,
          "dt": "2021-05-07",
          "co": "NL",
          "is": "Ministry of VWS",
          "ci": "urn:uvci:01:NL:PlA8UWS60Z4RZXVALl6GAZ"
          "tg": "840539006",
          "vp": "1119349007",
          "mp": "EU/1/20/1528",
          "ma": "ORG-100030215",
          "dn": 1,
          "sd": 2,
          "dt": "2021-04-15",
          "co": "NL",
          "is": "Ministry of VWS",
          "ci": "urn:uvci:01:NL:PlA8UWS60Z4RZXVALl6GAZ"
dirkx commented

Ah yes -and no - user error - I had assumed your example had those - & blindly copied it - not realising it was a naked one without the 1,4,6 and -260 payload package:




should have the payload prefix:

   Issuer              : NL
   Experation time     : 1636555497
   Issued At           : 1621003497
   Health payload      : {"ver": "1.0.0", "nam....Z4RZXVALl6GAZ"}]}

Should weight in at 570 bytes.

Your QR actually is:

  • ECC L 7% 85x85 bits 903 bytes
  • ECC M 15% 93x93 bits 1081 bytes
  • ECC Q 25% 109x109 bits 1485 bytes
  • ECC H 30% 125x125 bits 1953 bytes

Since the HCERT recommendation is to use ECC Q (which I definitely agree), you shouldn't report bytes sizes or print QRs in other levels (it just confuses everyone).

Here's the same QR with ECC Q, where half of my phones (I happen to have a phone test bench with 32 different models) have difficulty reading already.

Screen Shot 2021-05-14 at 12 01 06 PM

dirkx commented

I made a more realistic payload with a similar structure (2 vaxs, 1 recovery, 3 tests) merged from sources at testdata. The original one I assembled here had too many copy/pasted duplications (good for the Zlib).

This one is 129x129 bits, 2080 bytes (ECC Q), minimum printed size is 70x70mm.

Screen Shot 2021-05-14 at 1 04 38 PM

    "ver": "1.0.0",
    "nam": {
        "fn": "d'Arsøns - van Halen",
        "gn": "François-Joan",
        "fnt": "DARSONS<VAN<HALEN",
        "gnt": "FRANCOIS<JOAN"
    "dob": "2009-02-28",
    "v": [{
        "tg": "840539006",
        "vp": "J07BX03",
        "mp": "EU/1/20/1528",
        "ma": "ORG-100030215",
        "dn": 1,
        "sd": 2,
        "dt": "2021-02-16",
        "co": "BG",
        "is": "Ministry of Health",
        "ci": "urn:uvci:10:BG:3P3K6F5GLW46LRZT#H"
    }, {
        "tg": "840539006",
        "vp": "J07BX03",
        "mp": "EU/1/20/1528",
        "ma": "ORG-100030215",
        "dn": 2,
        "sd": 2,
        "dt": "2021-03-09",
        "co": "BG",
        "is": "Ministry of Health",
        "ci": "urn:uvci:10:BG:3P3K6F5GLW46LRZT#H"
    "r": [{
        "tg": "840539006",
        "fr": "2021-02-20",
        "co": "AT",
        "is": "BMSGPK Austria",
        "df": "2021-04-04",
        "du": "2021-10-04",
        "ci": "urn:uvci:01:AT:858CC18CFCF5965EF82F60E493349AA5Y"
    "t": [{
        "tg": "840539006",
        "tt": "LP6464-4",
        "sc": "2021-05-10T11:03:35Z",
        "dr": "2021-05-11T10:03:35Z",
        "tr": "260415000",
        "tc": "Test Center DK",
        "co": "DK",
        "is": "Danish Health Data Authority",
        "ci": "urn:uvci:01:DK:9835661370E6558FAB0D5EE0DAFF39C8#G"
    }, {
        "ci": "urn:uvci:01:HR:MZ0000000371",
        "co": "HR",
        "dr": "2021-04-25T00:00:00+02:00",
        "is": "Ministry of Health",
        "sc": "2021-04-25T00:00:00+02:00",
        "tg": "840539006",
        "tr": "260415000",
        "tt": "LP6464-4"
    }, {
        "ci": "urn:uvci:01:HR:MZ0000000378",
        "co": "HR",
        "dr": "2021-04-20T00:00:00+02:00",
        "is": "Ministry of Health",
        "ma": "1223",
        "nm": "BIOSYNEX COVID-19 Ag BSS",
        "sc": "2021-04-20T00:00:00+02:00",
        "tg": "840539006",
        "tr": "260415000",
        "tt": "LP217198-3"


  "tag": 18,
  "value": [
    { "Map": [ [ 1, -7 ], [ 4, "Rjene8QvRwA=" ] ] },
      "Map": [
        [ 6, 1621011766 ],
        [ 4, 1684036800 ],
            "Map": [
                  "ver": "1.0.0",
                  "nam": {
                    "fn": "d'Arsøns - van Halen",
                    "gn": "François-Joan",
                    "fnt": "DARSONS<VAN<HALEN",
                    "gnt": "FRANCOIS<JOAN"
                  "dob": "2009-02-28",
                  "v": [
                      "tg": "840539006",
                      "vp": "J07BX03",
                      "mp": "EU/1/20/1528",
                      "ma": "ORG-100030215",
                      "dn": 1,
                      "sd": 2,
                      "dt": "2021-02-16",
                      "co": "BG",
                      "is": "Ministry of Health",
                      "ci": "urn:uvci:10:BG:3P3K6F5GLW46LRZT#H"
                      "tg": "840539006",
                      "vp": "J07BX03",
                      "mp": "EU/1/20/1528",
                      "ma": "ORG-100030215",
                      "dn": 2,
                      "sd": 2,
                      "dt": "2021-03-09",
                      "co": "BG",
                      "is": "Ministry of Health",
                      "ci": "urn:uvci:10:BG:3P3K6F5GLW46LRZT#H"
                  "r": [
                      "tg": "840539006",
                      "fr": "2021-02-20",
                      "co": "AT",
                      "is": "BMSGPK Austria",
                      "df": "2021-04-04",
                      "du": "2021-10-04",
                      "ci": "urn:uvci:01:AT:858CC18CFCF5965EF82F60E493349AA5Y"
                  "t": [
                      "tg": "840539006",
                      "tt": "LP6464-4",
                      "sc": "2021-05-10T11:03:35Z",
                      "dr": "2021-05-11T10:03:35Z",
                      "tr": "260415000",
                      "tc": "Test Center DK",
                      "co": "DK",
                      "is": "Danish Health Data Authority",
                      "ci": "urn:uvci:01:DK:9835661370E6558FAB0D5EE0DAFF39C8#G"
                      "ci": "urn:uvci:01:HR:MZ0000000371",
                      "co": "HR",
                      "dr": "2021-04-25T00:00:00+02:00",
                      "is": "Ministry of Health",
                      "sc": "2021-04-25T00:00:00+02:00",
                      "tc": "KLINIÄŒKI BOLNIÄŒKI CENTAR RIJEKA",
                      "tg": "840539006",
                      "tr": "260415000",
                      "tt": "LP6464-4"
                      "ci": "urn:uvci:01:HR:MZ0000000378",
                      "co": "HR",
                      "dr": "2021-04-20T00:00:00+02:00",
                      "is": "Ministry of Health",
                      "ma": "1223",
                      "nm": "BIOSYNEX COVID-19 Ag BSS",
                      "sc": "2021-04-20T00:00:00+02:00",
                      "tg": "840539006",
                      "tr": "260415000",
                      "tt": "LP217198-3"
dirkx commented