Implementation Checklist

Overview

This checklist can help you plan your implementation. Besides technical and operational details, it covers server setup, QR code, certificate template changes, and updating and verifying certificates.

QR code

SectionChecklistDescription

Create QR code

Change the value in context section.

  • This value indicates the release version of the certificate schema. This versioning will support in introducing validations (if required) on certificates generated in previous schemas such as "revoking/invalidating certificates with previous schema."

  • For example: For release 1 - It could be "https://moh.prod/credentials/vaccination/v1" and for release 2 - It could be "https://moh.prod/credentials/vaccination/v2"

  • For more details and sample QR code content, click here.

Create QR code

The Id field in "credentialSubject" should be in a URI format.

  • If certify request payload contains “identity,” set it to “did::”

  • Else, use the “preEnrollmentCode” and set it to “did::”

Create QR code

The date value passed in the payload in the 'vaccination' section should match with the value in the 'evidence' section of the QR code and it should follow the YYYY-MM-DD format.

  • The format is as per the WHO-DDCC data standard.

  • Validate the date value as it may have impact due to the vaccination system (external), and DIVOC is deployed in servers with a different timezone (UTC). Border cases to be checked as day/date may change.

Create QR code

The 'issuer' is mapped correctly as per the requirement.

Create QR code

The vaccine list provided by a country is available in the master list.

Create QR code

The vaccine and prophylaxis mapping is as per the country requirements.

Create QR code

Vaccine 'manufacturer,' 'batch' values shared in the payload are getting reflected in the QR code.

  • The sample payload and the QR code is mentioned here.

Create QR code

The addressCountry value in the evidence section captures the 3-digit country code from here.

Create QR code

'dose' and "totalDoses" value shared in the payload are getting reflected in the QR code.

  • For more details, click here.

Create QR code

The 'Id' part in the evidence section is in a URI format.

  • For example, 'id' - "https://divoc.dev/vaccine/<certificateId>" Where - certificateId is unique for each certificate. If the certificate gets updated, a new certificate will be generated with a new certificate Id for the same event. For more details, click here.

Update changes

SectionChecklistDescription

Update a certificate

Update limits are set according to a country's requirement. The details to configure the update limit are available here.

Revoke a certificate

The system should be able to generate a certificate for a revoked dose.

For example, if the dose 2 certificate has been removed from the system, the user should be allowed to generate another/correct dose 2 certificate. Click here to know more on DIVOC's revocation services.

Revoke a certificate

The system is only revoking the earlier certificate which existed for the specified dose value.

For example, If dose 2 certificate has been removed from the system, the user should be allowed to generate another/correct dose 2 certificate.

Certificate template changes

SectionChecklistDescription

Create certificate template

QR code size is 2.5x2.5 inch on a printed A4 size paper.

Click here to see a sample certificate.

Create certificate template

Does the printed certificate show the minimal values based on the WHO-DDCC standard?

Click here to see the list of minimal data set as per the WHO-DDCC standard.

Create certificate template

If the certificate template has a table which shows the current and the previous dose details (if available), then the table should be configured to be scalable to capture details of both the current and the previous dose details in required combinations.

For example, the certificate template should have only one template file to refer to for the generation of certificates with a combination of dose 1, dose 1 and 2, dose 1, 2, and 3, etc. This should be up to a maximum feasible limit based on the template design.

Certificate verification

SectionChecklistDescription

Verify a certificate

SSL certificate has been applied to the verification page.

The SSL certificate is required to open the camera in the browser.

Verify a certificate

The verification page has been configured to provide the necessary guidance to the user for the verification component.

For example, the verification page should include following messaging/guidelines/ information:

  • How to scan the QR code?

  • The possible reason for showing a certificate as invalid or revoked?

  • What steps to follow if a certificate is shown as invalid or revoked, such as information of the contact person.

  • The possible reason if the verification component is not able to scan the QR code? Click here for more details.

Setting up the server

SectionChecklistDescription

Server setup

Infrastructure estimation guide.

For example, if the load goes up, then the system should be configured for scalability.

Server setup

The production environment should support the following recommendations:

  • Data backup policy.

  • Authentication and password management.

  • Error handling and logging.

  • System configurations.

  • Click here to know more.

Server setup

System is configured to handle network crash or infrastructure crash.

For example, if the master/slave nodes go down, are they configured to autostart/auto-deploy? Click here to know more.

Server setup

The system should be configured to backup. Click here to know more.

Back up of the following:

  1. DB/server setup.

  2. Online/offline line.

Server setup

Click here to read the server hardening guidelines.

The section should cover activities to be performed to ensure security of data and application.

For example,

  • Restrict all the non-essential ports on the public network. Ports of DB/other inter-components should only be accessible within the application. Click here for the list of ports.

  • Firewall controls should also be in place, such as user management, for better access control.

Generating signed key pairs

SectionChecklistDescription

Sign key generation

It is done as per the standard.

Click here for more details.

Sign key generation

Keycloak configuration related to DIVOC.

Click here for more details.

Operational checklist

Section ChecklistDescription

Privacy policy

Privacy policies are based on the recommendations made to implementing partners. They are advised to share it with citizens regarding their personally identifiable information and how it is managed in DIVOC.

As the application contains citizen data, access rights (read/write) should be agreed between parties for staging/production/other environments. Click here to know more.

Last updated