Virtual Meetup: "Language engineering for the EU Digital COVID-19 Certificate"

Hi Community,

I am happy to announce that this Thursday (the 14th of April), Meinte Boersma will hold the discussion about " Language engineering for the EU Digital COVID-19 Certificate ".

Also, remember that we changed the link to join the Meetup!

During the COVID-19 pandemic, the European Union has provided a digital certificate so that citizens can proof that they have been tested negative for, recovered from, or been vaccinated against COVID-19: the EU DCC (for “European Union Digital COVID-19 Certificate”) which takes the form of a QR code. The purpose of this certificate is to facilitate free travel of EU citizens by providing a means to quickly and reliably gauge whether someone is fit-for-entry into a country. The EU DCC went live July 1st 2021, and since then more than (roughly) 3 billion DCC have been issued. Every country participating with the EU DCC has the possibility to declare the rules that govern whether someone is deemed fit-for-entry into that country based on their DCC. These rules are defined using a small DSL called CertLogic.

In this talk, Meinte will explain where the EU DCC comes from, how it works, and why it’s designed and implemented the way it is. In particular, he’ll explain CertLogic, its evolution, and the validation process based on it. Finally, he’d like to discuss how this approach could be extended to facilitate automated decision-making (ADM) processes.

Meinte Boersma is a language engineer from the Netherlands. In the past he has worked for Mendix on their Web modeling capabilities, on his own language workbench Más, and on ALEF, the Agile Law Execution Factory of the Dutch Tax Administration. Currently, he works as an independent consultant, among others for the Dutch Ministry of Health. He’s currently also working on a book about implementation of Web-based projectional DSLs for Manning Publications - see here.

Registration for the Virtual Meetup

After registering, you will receive a confirmation email containing information about joining the meeting. It will also permit you to add it to your calendar.

Time

It is hosted on Zoom at 6 PM GMT+1/CEST (you can use this link to figure out which time is in your timezone: https://www.thetimezoneconverter.com/?t=6%3A00%20PM&tz=Roma&).

Cheers,
Elisa

P.S. We get a recurring question: “Are presentations recorded?”. The answer is not, and the reasons are explained here https://d.strumenta.community/t/on-recording-virtual-meetups/949/7

Hi,
you can find the slides here:
Language Engineering for EU DCC.pdf (2.2 MB)
and the list of the links below:

EU DCC:

EU DCC business rules:

CertLogic:

Re-Open Europe: https://reopen.europa.eu/

Here there is the content of the chat:

17:50:23 From Federico Tomassetti to Everyone:
	Hi Rene!
17:50:33 From Rene to Everyone:
	Hey, great to be here!
17:50:44 From Federico Tomassetti to Everyone:
	Great to have you here!
18:01:18 From Peter Wasilko to Everyone:
	Hello from New York!
18:01:44 From Meinte Boersma to Everyone:
	Hi Peter!
18:02:39 From Peter Wasilko to Everyone:
	Sorry I couldn't make it last week, I was in a CodeX legal tech seminar.
18:06:20 From Federico Tomassetti to Everyone:
	Happy to have you back Peter
18:12:02 From Peter Wasilko to Everyone:
	Shouldn't that be “yob" instead of "dob”?
18:12:28 From Federico Tomassetti to Everyone:
	Y as in year, instead of D as in date?
18:12:31 From Ryan Barrett to Everyone:
	The datae can be YYYY, YYYY-MM or YYYY-MM-DD
18:12:51 From Peter Wasilko to Everyone:
	yes
18:13:06 From Ryan Barrett to Everyone:
	There are people for whom the exact DOB is not known so they are represented in government records as the parts they ahve
18:13:33 From Federico Tomassetti to Everyone:
	Thank you Ryan
18:13:53 From Peter Wasilko to Everyone:
	Ah, that makes sense! Thanks so much!
18:14:24 From Ryan Barrett to Everyone:
	Thanks, always learn a lot from you Meinte 🙂
18:15:22 From Peter Wasilko to Everyone:
	Can if function offline?
18:15:27 From Peter Wasilko to Everyone:
	*it
18:16:04 From Ryan Barrett to Everyone:
	Verification is fully offline.
18:22:45 From Peter Wasilko to Everyone:
	Does the system address natural immunity after recovering from COVID?
18:23:16 From Federico Tomassetti to Everyone:
	I think so, because for example in Italy there were rules considering it
18:23:41 From Federico Tomassetti to Everyone:
	If one recovered from Covid within the last X months was considered ok to entry
18:25:21 From Peter Wasilko to Everyone:
	But Code is Data, didn't anyone at Apple study LISP?
18:26:34 From Federico Tomassetti to Everyone:
	Apparently no, we used this trick in another project, to push XML to an app to update the logic. The app had an interpreter executing what the XML instructed it to
18:27:58 From Meinte Boersma to Everyone:
	EU DCC:
	  * eHN GitHub org: https://github.com/ehn-dcc-development/
	    (eHN = EU eHealth Network)
	  * Online decoder: https://floysh.github.io/DCC-green-pass-decoder/
	  * Specification: https://ec.europa.eu/health/sites/default/files/ehealth/docs/covid-certificate_json_specification_en.pdf https://github.com/ehn-dcc-development/hcert-spec https://github.com/ehn-dcc-development/ehn-dcc-schema
	  * Mini-app to compute encoding: https://dcc-encoding.vercel.app/?events=R,1V,2V,R
	  * Blog on decoding DCCs: https://www.bartwolff.com/Blog/2021/08/08/decoding-the-eu-digital-covid-certificate-qr-code
18:28:03 From Meinte Boersma to Everyone:
	EU DCC business rules:
	  * GitHub repo: https://github.com/ehn-dcc-development/dgc-business-rules
	  * Analyses: https://github.com/ehn-dcc-development/dcc-business-rules-analysis
	    * Vaccine-country matrix: https://htmlpreview.github.io/?https://github.com/ehn-dcc-development/dcc-business-rules-analysis/blob/main/analysis/vaccine-country-matrix.html
	    * Vaccine acceptance per country: https://htmlpreview.github.io/?https://github.com/ehn-dcc-development/dcc-business-rules-analysis/blob/main/analysis/vaccine-specs-per-country.html
	  * Checking a DCC against rules of all participating countries: https://dcc-crosscheck.vercel.app/
	  * validation framework's spec: https://ec.europa.eu/health/sites/default/files/ehealth/docs/eu-dcc_validation-rules_en.pdf
	  * JS util for working with EU DCC business rules: https://github.com/ehn-dcc-development/dgc-business-rules/tree/main/dcc-business-rules-utils
	  * Possible extension of the framework: https://non-dcc-rules-prototype.vercel.app/
18:28:09 From Meinte Boersma to Everyone:
	CertLogic:
	  * CertLogic spec + test suite: https://github.com/ehn-dcc-development/dgc-business-rules/tree/main/certlogic/specification
	  * Playground: https://certlogic-fiddle.vercel.app/
	  * JS-impl.: https://github.com/ehn-dcc-development/dgc-business-rules/tree/main/certlogic/certlogic-js https://www.npmjs.com/package/certlogic-js
	  * JVM-impl.: https://github.com/ehn-dcc-development/dgc-business-rules/tree/main/certlogic/certlogic-kotlin
	  * Swift-impl.: https://github.com/eu-digital-green-certificates/json-logic-swift
	  * Dart-impl.: https://github.com/ehn-dcc-development/dgc-business-rules/tree/main/certlogic/certlogic-dart https://pub.dev/packages/certlogic_dart
	  * JS component to render CertLogic expressions in HTML: https://github.com/ehn-dcc-development/dgc-business-rules/tree/main/certlogic/certlogic-html https://www.npmjs.com/package/certlogic-html
	
	Re-Open Europe: https://reopen.europa.eu/
18:28:40 From Rene to Everyone:
	json (Data) being slowly converted into code (eval) Code and data blurring together
18:31:19 From Mike Cargal to Everyone:
	no issue with numbers in JavScript being floating point (I assume JSON parser would treat them that way), but you assume Ints?
18:31:38 From Rene to Everyone:
	I need to do more LISP
18:31:42 From Glen Braun to Everyone:
	Did you use any schema language like JsonSchema to define schema and validate program documents with it?
18:32:59 From Peter Wasilko to Everyone:
	What about leap day B-Days?
18:36:24 From Rene to Everyone:
	Maybe I'll start writing json logic at work ,lol
18:36:55 From Niko Stotz to Everyone:
	why are the names in the payload shortend that much?
18:38:40 From Federico Tomassetti to Everyone:
	The presenter monitors the chat, so I am out of a job today 😄 I think that if some questions are not answered is because they will fit later in the presentation, if not I will ask them at the end
18:39:11 From Peter Wasilko to Everyone:
	Did anyone consider basing the system on Prolog or Shen?
18:39:24 From Ryan Barrett to Everyone:
	We had very strict budgets for data before we knew if we would include all vaccination history in a DCC or not. Thankfully decision was “not”, but then we have space over.
18:39:27 From Federico Tomassetti to Everyone:
	What is Shen?
18:39:40 From Peter Wasilko to Everyone:
	https://shenlanguage.org/
18:39:48 From Federico Tomassetti to Everyone:
	Thank you!
18:40:35 From Peter Wasilko to Everyone:
	I’ve been wanting to try it out for a while.
18:40:56 From Rene to Everyone:
	Does jsonLogic or certLogic have security issues because it is evaluting something coming in from a network request?
18:41:38 From Federico Tomassetti to Everyone:
	I think rules in this case come only from national authorities (like ministries of health)
18:42:15 From Rene to Everyone:
	This json doesn't come in from a network request?
18:44:04 From Peter Wasilko to Everyone:
	Can we work the blockchain buzzword into this?
18:44:20 From Rene to Everyone:
	Sounds like a challenge!
18:44:25 From Peter Wasilko to Everyone:
	Or NFTs
18:44:31 From Ryan Barrett to Everyone:
	A lot of countries sign the data they send to the app, i.e. put a CMS sig around it. Then that’s checked by the apps.
18:44:48 From Ryan Barrett to Everyone:
	Avoids MITM attacks or attacks on the infra.
18:45:20 From Rene to Everyone:
	Ideally....
18:51:13 From Peter Wasilko to Everyone:
	Do we assume a 12/31 b-day for year only entries?
18:51:49 From Mike Cargal to Everyone:
	I'm pretty sure that's what they said (they "round up" to EOY)
18:51:51 From Federico Tomassetti to Everyone:
	I think some slide was showing that before, yes
18:55:40 From Pedro J. Molina to Everyone:
	Looks like LISP would be a good tool for the job }:-b
18:57:51 From Rene to Everyone:
	So I would imagine using these techniques means you can change your mind about the business rules. flexible code.
18:58:15 From Federico Tomassetti to Everyone:
	Yes, consider also regulations were changing all the time
19:01:06 From Ryan Barrett to Everyone:
	We were very lucky to get someone as good as Meinte 🙂
19:03:10 From Peter Wasilko to Everyone:
	Use PEGs over RegExs!
19:05:58 From Rene to Everyone:
	The scope was limitied because it was hard to add more certLogic keywords?
19:07:18 From Ryan Barrett to Everyone:
	When you designed it you didn’t have a clear scope for what would have actually been needed. The DSL gives a lot of flexibility without adding huge complexity.
19:07:29 From Pedro J. Molina to Everyone:
	How often (if ever) did you found the needed data to evaluate the rule is not in the cert?
19:07:47 From Peter Wasilko to Everyone:
	Were there rules for exceptions like a Religious Exemption?
19:10:03 From Maarten Steen to Everyone:
	Did any country adopt CertLogic for domestic use?
19:15:36 From Pedro J. Molina to Everyone:
	Excellent work and great presentation, Meinte. Thanks for sharing it!
19:15:57 From Peter Wasilko to Everyone:
	Thanks so much for the talk!
19:16:08 From Riemer van Rozen to Everyone:
	Thanks for the presentation!
19:16:50 From Glen Braun to Everyone:
	ok, thank you
19:17:05 From Ryan Barrett to Everyone:
	Thanks for the presentation :-)
19:17:22 From Rene to Everyone:
	Very interesting work!
19:17:23 From David Benn to Everyone:
	Very good. Thank you.
19:17:54 From Jos Warmer to Everyone:
	👍
19:17:57 From Jennek Geels to Everyone:
	very impressive
19:18:24 From Peter Wasilko to Everyone:
	Has anyone tried to apply this approach to digital C.V.’s?
19:18:34 From Paul Spencer to Everyone:
	many thanks!
19:18:57 From Ryan Barrett to Everyone:
	@Peter there is a lot going on with Verifiable Credentials, and also chances for DSLs around them.