eHealth Network EU DCC Validation Rules V1.00 2021-06-09 eHealth Network The eHealth Network is a voluntary network, set up under article 14 of Directive 2011/24/EU. It provides a platform of Member States' competent authorities dealing with eHealth. Adopted by consensus by the eHealth Network, online, 10.06.2021 2 -Keep this page free- eHealth Network Contents 1. Terminology ................................................................................................................................... 4 2. Overview ........................................................................................................................................ 5 3. User Stories ................................................................................................................................... 5 3.1 Departure ............................................................................................................................... 5 3.2 Arrival ..................................................................................................................................... 5 3.3 Booking .................................................................................................................................. 6 3.4 Holder Information ................................................................................................................ 6 3.5 Public Information ................................................................................................................. 6 4. Principles ....................................................................................................................................... 6 4.1 Acceptance Rules ................................................................................................................ 6 4.2 Invalidation Rules ................................................................................................................. 7 4.3 Dates and Time Handling.................................................................................................... 7 5. Rule Processing ........................................................................................................................... 7 5.1 Overview ................................................................................................................................ 7 5.2 Processing Steps ................................................................................................................. 9 5.3 Selective Processing ......................................................................................................... 10 5.4 Fallback Scenarios ............................................................................................................. 10 5.4.1 Incompatible Rule Engine Versions ........................................................................ 10 5.4.2 Incompatible Schema ................................................................................................ 10 5.5 Rule Format and Repository ............................................................................................. 11 5.5.1 Rule Identifier Pattern ................................................................................................ 11 5.5.2 Rule Format ................................................................................................................. 11 5.5.3 Repository ................................................................................................................... 12 6. Rule and Valueset Distribution ................................................................................................. 12 6.1 Functional Overview .......................................................................................................... 12 6.2 Rules API ............................................................................................................................. 13 6.3 Valueset API ....................................................................................................................... 13 6.4 App Provisioning ................................................................................................................. 13 7. Rules Engine ............................................................................................................................... 14 7.1 Overview .............................................................................................................................. 14 7.2 Rule Syntax ......................................................................................................................... 14 7.3 Dates and Time Handling.................................................................................................. 14 7.4 Basic Data Processing Structure ..................................................................................... 15 7.5 External Parameters .......................................................................................................... 15 4 eHealth Network 7.6 Validation Logic .................................................................................................................. 16 8. Predefined Rules ........................................................................................................................ 17 8.1 Available Data Fields ......................................................................................................... 17 8.2 Rules .................................................................................................................................... 18 Appendix A - examples ..................................................................................................................... 22 Appendix B .......................................................................................................................................... 22 Appendix C - CertLogic ..................................................................................................................... 23 Truthy and falsy .......................................................................................................................... 24 Literals: arrays, booleans, integers, and strings .................................................................... 24 Data access (var) ....................................................................................................................... 24 If-then-else (if) ............................................................................................................................. 25 Operations with binary operators ............................................................................................. 25 Negation (!) .................................................................................................................................. 26 Offset datetime (plusDays) ....................................................................................................... 26 Reduction (reduce) ..................................................................................................................... 26 Appendix D - multiple events checking ........................................................................................... 27 Multiple scans (for information only, and for discussion) ..................................................... 27 Todo list ....................................................................................................................................... 27 1. Terminology DEFINITION DESCRIPTION Technical Technical check (rules) on the authenticity, integrity, check structure and time stamps of the QR code. These are not included in these EU DCC Validation Rules. Business Business rule validation checks on the DCC payload Validation against acceptance and invalidation rules. Verification Verifcation Datetime is the date+time against which the Datetime rules are checked. For instance: date of departure, date of arrival, current date etc. CoD Country of Departure 5 eHealth Network CoA Country of Arrival DCC Digital COVID Certificate FFT Fit for Travel, acceptance for access to a MS <<term may change>> MS Member State or Member States Holder A Holder of a DCC. Proof A cryptographically signed digital assertion of a vaccination, test-results or recovery status of a holder. Verifier A verifier uses trusted cryptographic informations of a issuer to verify the proof of a holder. Issuer The issuer issues or signes proofs about a holder statement. Rule Engine A rule engine processes rules over a set of data defined in a standardized manner. 2. Overview The EU DCC Validation Rules are applied on the payload of the HCert. All "technical" validations have to be performed in the verifier applications to ensure that his checks are not overriden. This includes: Check of EXP Date Check of the Data Format (CBOR, Schema) Check of the Cryptographic Signature All checks which are based on the semantics of the payload, must be performed as a Validation Rule to ensure the exchange/interoperability of this information to other countries (hard coded rules on the payload cannot be explored by others). This should ensure the following behaviour: All wallet apps of all countries must be able to evaluate the current rule set of a country All verifier apps of all countries must be able to evaluate the current rule set of a country External parties (e.g. Reopen Europe, Airlines, Websites) must be able to use the rules as a input for checklists, visualizations