covid19/cwa-documentation
covid19/cwa-documentation
1
0
Fork 0
mirror of https://github.com/corona-warn-app/cwa-documentation synced 2024-10-31 22:58:48 +01:00
Code Releases Activity

Some spellchecking updates...

Browse Source
This commit is contained in:
Sebastian Wolf 2020-07-14 11:33:51 +02:00
parent 7eca45d0b9
commit 6ef01d9ee4
No known key found for this signature in database
GPG Key ID: B53C9059C9EEFDC8
5 changed files with 109 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
.spelling
View File

@ -1,28 +1,123 @@
14-day
24-hour
alex
amongst
analytics
APIs
APNs
backend backend
Backend Backend
barcode
barcodes
BlackDuck
blacklist
broadcasted
Bundesbeauftragter Bundesbeauftragter
Bundesnetzagentur Bundesnetzagentur
Changelog
Changelogs
changelog
changelogs
Checkmarx
Commonmark Commonmark
commonmark
config
Config
coronavirus coronavirus
Covid-19 Covid-19
cwa-app-android
cwa-app-ios
cwa-server
cwa-testresult-server
cwa-verification-iam
cwa-verification-portal
cwa-verification-server
CxSAST
Cyber
cyber
DDoS
deanonymize
Deutsche Deutsche
DP-3T
e.g. e.g.
en_US en_US
epidemiologically
flyer
focussing
Gesundheitsamt Gesundheitsamt
hacktivism
hardcoded
Hardcoded
how-tos
i.e.
IfSG
Informationsfreiheit Informationsfreiheit
Infrastrukturen Infrastrukturen
iOS iOS
Kritische Kritische
linter linter
linters
Lifecycle
lifecycle
logfile
logfiles
macOS macOS
markdownlint.json
Metadata Metadata
metadata
misconfiguration
natively
npm npm
Onboarding
onboarding
package.json
PEPP-PT
PostgreSQL
pre-printed
Probenbegleitschein Probenbegleitschein
Protecode
pseudonymized pseudonymized
rebase
reinstall
reinstalls
remediate
Remediate
resize
RPIs RPIs
SafetyNet
sap.com
Sarbanes-Oxley
SARS-CoV-2 SARS-CoV-2
sexualized
socio-economic
SonarQube
Synopsys
TalkBack TalkBack
TEK
TEKs
Telekom Telekom
TeleTAN TeleTAN
TeleTANs
teleTAN
teleTANs
timeframe
timestamp
timestamping
Timestamping
tl;dr tl;dr
tl
Tx
UI UI
uninstallation
Uninstallation
unlinkability
Unlinkability
Unobservability
unobservability
unsecure
up-to-dateness
useable
versioning
Vulas
whitelist
WhiteSource

31
INSTALL.md
View File

@ -33,8 +33,7 @@ To run all the linters please install for your OS:
## Installation ## Installation
For linting and all the checks you need several npm packages. The following For linting and all the checks you need several npm packages. The following command installs all necessary npm dependencies:
command installs all necessary npm dependencies:
```shell ```shell
npm install npm install
@ -44,8 +43,7 @@ This installs all dependencies into a local `node_modules` folder.
## Checks ## Checks
To enforce good spelling and specification conformity there are several checks To enforce good spelling and specification conformity there are several checks defined as `npm run-script` targets. To run all checks please execute:
defined as `npm run-script` targets. To run all checks please execute:
```shell ```shell
npm test npm test
@ -59,7 +57,7 @@ Every individual check can be run like so:
```shell ```shell
npm runscript my-individual-check npm runscript my-individual-check
``` ```
See the package-json file for help. See the package.json file for help.
#### Markdown linter #### Markdown linter
@ -71,8 +69,7 @@ npm run-script markdownlint
##### Overrides ##### Overrides
Sometimes it is not possible to be commonmark conform. In this Sometimes it is not possible to be commonmark conform. In this rare cases an inline tag to skip linting is possible.
rare cases an inline tag to skip linting is possible.
Candidates are tables. Candidates are tables.
@ -83,11 +80,9 @@ Candidates are tables.
<!-- markdownlint-enable--> <!-- markdownlint-enable-->
``` ```
Additionally html image tags can be allowed globally. This is useful if you need Additionally HTML image tags can be allowed globally. This is useful if you need to resize images, since commonmark has no annotation for this.
to resize images, since commonmark has no annotation for this.
This is done with a .markdownlint.json override file which would look something This is done with a .markdownlint.json override file which would look something like this:
like this:
```json ```json
{ {
@ -100,8 +95,7 @@ like this:
} }
``` ```
For more information how to tweak overrides consult the markdown linter For more information how to tweak overrides consult the markdown linter documentation mentioned above.
documentation mentioned above.
#### Spell checker #### Spell checker
@ -119,16 +113,13 @@ Not implemented yet.
##### Overrides ##### Overrides
Add any additional words to the .spelling file and use the target to sort Add any additional words to the .spelling file and use the target to sort and clean them before adding these to master.
and clean them before adding these to master.
```shell ```shell
npm run-script format-spelling npm run-script format-spelling
``` ```
Please note sometimes overriding is not the way to go. For example there may be Please note sometimes overriding is not the way to go. Our terminology should be applied consistently.
three ways for the word TeleTan (TeleTAN, teleTAN) in this repository. The
documents should stick to one variation.
#### Link resolver #### Link resolver
@ -140,9 +131,7 @@ npm run-script checklinks
#### Inconsiderate language scanner #### Inconsiderate language scanner
This checks against profanity and inconsiderate language. This is help full for This checks against profanity and inconsiderate language. This is help full for non-natives to detect words that could be inconsiderate. This utilizes [alex](https://github.com/get-alex/alex)
non-natives to detect words that could be inconsiderate. This utilizes
[alex](https://github.com/get-alex/alex)
```shell ```shell
npm run-script detect-inconsiderate-language npm run-script detect-inconsiderate-language

2
backend-infrastructure-architecture.md
View File

@ -3,4 +3,4 @@
The file ``backend-infrastructure-architecture.pdf`` complements the "CWA Solution Architecture" document. It is intended as a technical overview document of Corona Warn App (CWA) and its underlying infrastructure and network. The file ``backend-infrastructure-architecture.pdf`` complements the "CWA Solution Architecture" document. It is intended as a technical overview document of Corona Warn App (CWA) and its underlying infrastructure and network.
This description of the **cwa backend infrastructure architecture** is not published as MD file, because it is not intended to be developed together with the community. Whoever takes the sources and sets up their own "corona warn app" may use another backend structure. Nevertheless, it might be helpful to know how the current project is implemented in a data center. Therefore, we publish this document as a pdf file. This description of the **CWA backend infrastructure architecture** is not published as MD file, because it is not intended to be developed together with the community. Whoever takes the sources and sets up their own "Corona-Warn-App" may use another backend structure. Nevertheless, it might be helpful to know how the current project is implemented in a data center. Therefore, we publish this document as a PDF file.

2
scoping_document.md
View File

@ -141,7 +141,7 @@ the app have different needs.
4. **Infection case** 4. **Infection case**
If an app user tests positive for SARS-COV-2 infection, they can voluntarily If an app user tests positive for SARS-CoV-2 infection, they can voluntarily
publish the pseudonymized warn IDs saved in their app. That way, other app publish the pseudonymized warn IDs saved in their app. That way, other app
users can use their smartphones to find out whether they have been exposed users can use their smartphones to find out whether they have been exposed
to the infected user. to the infected user.

4
solution_architecture.md
View File

@ -82,7 +82,7 @@ The TAN is used as authorization in the HTTP header of the POST request for uplo
Note regarding *Figure 3* and *Figure 4*: The white boxes with rounded corners represent data storage. The HTTP method POST is used instead of GET for added security, so data (e.g. the registration token) can be transferred in the body. Note regarding *Figure 3* and *Figure 4*: The white boxes with rounded corners represent data storage. The HTTP method POST is used instead of GET for added security, so data (e.g. the registration token) can be transferred in the body.
As mentioned before, users might have decided against retrieving test results electronically, or the lab may not support the electronic process. Step 3 of *Figure 2* shows that in these cases the health authority (“Gesundheitsamt”) reaches out to the patient directly. Also during this conversation, the teleTAN can be provided to the patient, which can be used to authorize the upload of diagnosis keys from the app to the Corona-Warn-App Server (step 4b of *Figure 2*). This process is also visualized in *Figure 4*. Whenever patients are contacted regarding a positive test result, they can choose to receive a teleTAN. The teleTan is retrieved from the web interface (*Figure 4*, step 1) of the portal service by a public health officer. This service in turn is requesting it from the Verification Server (2-3). The teleTAN is then issued to the officer (4-5) who transfers it to the patient (6). Once the patient has entered the teleTAN into the app (7), it uses the teleTAN to retrieve a registration token from the Verification Server (8-10). Once the user has confirmed the upload of the Diagnosis Keys, the application requests a TAN from the server, using the registration token (11-13). This TAN is needed by the server to ensure that the device is allowed to do the upload. These TANs are not visible to the user. After uploading the TAN and the diagnosis keys to the Corona-Warn-App Server (14), the Corona-Warn-App Server can verify the authenticity of the TAN with the Verification Server (15-16) and upon receiving a confirmation, store the diagnosis keys in the database (17). As mentioned before, users might have decided against retrieving test results electronically, or the lab may not support the electronic process. Step 3 of *Figure 2* shows that in these cases the health authority (“Gesundheitsamt”) reaches out to the patient directly. Also during this conversation, the teleTAN can be provided to the patient, which can be used to authorize the upload of diagnosis keys from the app to the Corona-Warn-App Server (step 4b of *Figure 2*). This process is also visualized in *Figure 4*. Whenever patients are contacted regarding a positive test result, they can choose to receive a teleTAN. The teleTAN is retrieved from the web interface (*Figure 4*, step 1) of the portal service by a public health officer. This service in turn is requesting it from the Verification Server (2-3). The teleTAN is then issued to the officer (4-5) who transfers it to the patient (6). Once the patient has entered the teleTAN into the app (7), it uses the teleTAN to retrieve a registration token from the Verification Server (8-10). Once the user has confirmed the upload of the Diagnosis Keys, the application requests a TAN from the server, using the registration token (11-13). This TAN is needed by the server to ensure that the device is allowed to do the upload. These TANs are not visible to the user. After uploading the TAN and the diagnosis keys to the Corona-Warn-App Server (14), the Corona-Warn-App Server can verify the authenticity of the TAN with the Verification Server (15-16) and upon receiving a confirmation, store the diagnosis keys in the database (17).
![Figure 4: Verification process for teleTAN received via phone](images/solution_architecture/figure_4.svg "Figure 4: Verification process for teleTAN received via phone") ![Figure 4: Verification process for teleTAN received via phone](images/solution_architecture/figure_4.svg "Figure 4: Verification process for teleTAN received via phone")
@ -226,7 +226,7 @@ Additionally, a central threshold for the combined risk score specifies whether
Furthermore the Google/Apple framework allows to set a [```minimalRiskScore```](https://developer.apple.com/documentation/exposurenotification/enexposureconfiguration/3583692-minimumriskscore) to exclude exposure incidents with scores lower than the value of this property. Furthermore the Google/Apple framework allows to set a [```minimalRiskScore```](https://developer.apple.com/documentation/exposurenotification/enexposureconfiguration/3583692-minimumriskscore) to exclude exposure incidents with scores lower than the value of this property.
In the current version of the API the time spent within the ranges of attenuation buckets are accumulated over all exposure incidents during one matching session. In the current version of the API the time spent within the ranges of attenuation buckets are accumulated over all exposure incidents during one matching session.
Since the number of requests is currently limited, it is not possible to get these values for each day and each exposure incident separately. Since the number of requests is currently limited, it is not possible to get these values for each day and each exposure incident separately.
While by default there is no minimum value set, this value is being configured accordingly, so that resumably irrelevant exposure incidents are excluded. While by default there is no minimum value set, this value is being configured accordingly, so that presumably irrelevant exposure incidents are excluded.
![Figure 13: Calculation of the combined risk score](images/solution_architecture/figure_13.svg "Figure 13: Calculation of the combined risk score") ![Figure 13: Calculation of the combined risk score](images/solution_architecture/figure_13.svg "Figure 13: Calculation of the combined risk score")