Skip to content
This repository has been archived by the owner on Nov 16, 2020. It is now read-only.

Infected status verification server for health system integration

License

Notifications You must be signed in to change notification settings

ito-org/authorization-server

Repository files navigation

Authorization Server (Draft)

License

The authorization server gives out upload tokens to health authorities / doctors / ...

They can then give these tokens to an infected person to upload his/her contact numbers.

Each upload token is valid once for max. ~5 days.

Diagram

Upload token

A token is a random sequence of ~10 numbers and letters. Numbers and letters should be chosen to be well distinguishable in text and speech.

API for TCN Backend

HTTP API with pinned public keys (peer auth)

POST /check_and_invalidate_token 
params: token=XXXXXXXXX
returns: "valid" or "invalid"

This has to be somehow transaction safe, i.e. token invalidation and upload should either both fail or none of them. I'm not sure how to best do that right now.

Interface for Health Authorities/Doctors

Webinterface to generate tokens

Authentication using smartcard e.g. https://uziregister.nl/ for the Netherlands, Praxisausweis (SMC-B) for Germany

Database schema

TABLE tokens:
	token 
	created_at

About

Infected status verification server for health system integration

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •