cwa-documentation icon indicating copy to clipboard operation
cwa-documentation copied to clipboard

Published 20 hours ago verified publisher icon corona-warn-app

Documentation on warning on behalf is missing

Open rugk opened this issue 3 years ago • 10 comments

Where to find the issue

https://github.com/corona-warn-app/cwa-documentation/blob/master/event_registration.md

Possibly https://github.com/corona-warn-app/cwa-verification-server/blob/master/docs/architecture-overview.md (last changed in 2020, so nothing new here).

Describe the issue

Since the latest v2.9 of the CWA, the health can warn users of the CWA even if the person who was tested positive cannot or does not warn others.

I tried to find technical information/documentation about how that new feature was implemented, but could not find any information.

Suggested change

This very likely includes at least:

  • …how the apps handle this (do they even handle it differently, or is it just some "ghost user" who is the health authority which is then added or what?)
  • How the server infrastructure was changed/is currently, to allow this feature? (if so)
  • How the TAN is generated and how it is assured that only authenticated parties (health authorities) can do this?
  • What happens if the key or whatever is used for one health authority is compromised?

rugk avatar Sep 08 '21 18:09 rugk

BTW, https://github.com/corona-warn-app/cwa-documentation/blob/master/event_registration.md is outdated, it says:

CWA proposes a fully-automated decentral solution for Presence Tracing which works independent of local health authorities and the collaboration of the host of a venue.

Yes, it can work like this, but the document should be updated to reflect the new "Warn for others" feature 😅

Hope it's ok to add this here.

Ein-Tim avatar Sep 08 '21 18:09 Ein-Tim

Yep, that's totally related and should/can be done when the doc for this whole feature is added.

rugk avatar Sep 08 '21 20:09 rugk

So now submitted a simple "fix" for that wrong sentence: https://github.com/corona-warn-app/cwa-documentation/pull/703

rugk avatar Sep 08 '21 20:09 rugk

FYI, on Twitter, somebody told me this:

Das funktioniert erstmal nur als Pilot mit zwei GÄ in Sachsen! Die rufen eine Hotline an, bekommen dann eine TAN und warnen entweder selbst über die CWA oder geben die TAN an den Ersteller weiter. Das Feature wird dann sukzessive an weitere GÄ ausgerollt.

No idea where they got this info, but is this true @thomasaugsten?

Ein-Tim avatar Sep 09 '21 18:09 Ein-Tim

  • The app handling is the same only the backend checks if not a regular tele-tan is used for warning on behalf or ENF keys are submitted.
  • A special tele-tan type was introduced
  • There is a special hotline only known to the GAs they have to call the hotline number and goes through a verification process to receive a tele-tan
  • There is no special key involved only a tele-tan with limited validity

I'm not in the rollout plan of the GAs involved.

thomasaugsten avatar Sep 09 '21 18:09 thomasaugsten

@thomasaugsten

Okay thanks. But you can confirm that there is a staged roll out for this feature in the health authorities?

Ein-Tim avatar Sep 09 '21 19:09 Ein-Tim

I have no information about internal processes of the health authorities

thomasaugsten avatar Sep 09 '21 19:09 thomasaugsten

Okay, I understand 😅

Thanks for your answers @thomasaugsten!

Ein-Tim avatar Sep 09 '21 19:09 Ein-Tim

@dsarkar I suggest to mirror this issue to JIRA, the best title is probably "Documentation on warning on behalf is missing"

Ein-Tim avatar Apr 18 '22 18:04 Ein-Tim

The warning on behalf feature has been removed in version 2.28. - Documentation still would have been nice.

Ein-Tim avatar May 13 '23 12:05 Ein-Tim