From 78980ae5930e9b4fbcc16193e2f2a25a7e6d3c63 Mon Sep 17 00:00:00 2001 From: Robin Hovind Date: Fri, 28 Jan 2022 12:36:55 +0100 Subject: [PATCH] Address the 16-year-old criteria --- verification-solution.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/verification-solution.md b/verification-solution.md index 499b5a8..9f63635 100644 --- a/verification-solution.md +++ b/verification-solution.md @@ -63,8 +63,6 @@ covid19_smitte_start=yyyy-MM-dd // sampling date of COVID-19 test covid19_blokeret=false ``` - - A user which *does have* a negative COVID-19 test OR requested to skip the MSIS lookup, *is at least* 16 years old, and has not performed the verification flow more than the allowed number of times will have the following claims. @@ -74,6 +72,7 @@ covid19_blokeret=false ``` + If a user satisfies the requirements for age, but has been blocked due to too many attempts at performing the verification flow, the blocking claim changes value, and some additional claims are added informing the app of the duration and number of attempts configured for the blocking limit. @@ -83,10 +82,17 @@ covid19_limit_duration=24 covid19_limit_count=3 ``` -Thus, to authorize a user to upload their diagnosis keys using only the DK-compatible claims, -one must require that the `covid19_status` claim is present with a value `positiv` and that the `covid19_blokeret` claim is present with a value `false`. +A user which *is not* at least 16 years old will have the following claims: +``` +covid19_blokeret=true +covid19_limit_duration=24 +covid19_limit_count=3 +``` + This user does not get the `role`-claim with a value of `upload-approved` and is blocked from uploading and exchanging their token. -As of february 2022, users get to upload their tokens to retrieve an anonymous token even if they have a `covid19_status `claim with a value of `negativ` + +Thus, to authorize a user to upload their diagnosis keys using only the DK-compatible claims, +one must require that the `covid19_blokeret` claim is present with a value `false` and a `role`-claim is present with a value of `upload-approved` ## Anonymous tokens