d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: comprehensive project structure improvements and Cloud for Sovereignty landing zone

Browse Source 
- Add Cloud for Sovereignty landing zone architecture and deployment
- Implement complete legal document management system
- Reorganize documentation with improved navigation
- Add infrastructure improvements (Dockerfiles, K8s, monitoring)
- Add operational improvements (graceful shutdown, rate limiting, caching)
- Create comprehensive project structure documentation
- Add Azure deployment automation scripts
- Improve repository navigation and organization
This commit is contained in:
defiQUG
2025-11-13 09:32:55 -08:00
parent 92cc41d26d
commit 6a8582e54d
202 changed files with 22699 additions and 981 deletions
Download Patch File Download Diff File Expand all files Collapse all files

299
docs/integrations/eu-laissez-passer/specification.md Normal file
View File

@@ -0,0 +1,299 @@
# EU Laissez-Passer (EU-LP) — Technical Specification
**Document Type:** Technical Specification
**Version:** 1.0
**Last Updated:** 2024-12-28
**Status:** Reference Documentation
---
## 1) Legal & Governance
* **Instrument:** Council Regulation (EU) No 1417/2013 (form, issuance, recognition; replaces 1826/69). Does **not** itself grant privileges/immunities. Recognised by EU Member States; recognition in third countries via agreements.
* **Standards Basis:** Must meet the same **security standards/technical specs** as Member-State passports; aligned to **ICAO Doc 9303** (MRTD/eMRTD).
* **Issuing & Lifecycle:** Centralised enrolment, personalisation, delivery, and end-of-life (destruction) run by the European Commission on behalf of all EU issuing institutions.
---
## 2) Form Factor & Construction
* **Booklet Type:** Single booklet, **TD3 passport size**.
* **Dimensions:** **88 mm × 125 mm** (W×H). **Pages:** **48**. **Cover:** blue; hot-foil stamping; flexible plastic cover.
* **Validity:** Up to **6 years** (min 12 months). **No extensions.** **Provisional LP** possible up to **12 months**; its chip **may omit fingerprints**.
---
## 3) Data Page, MRZ & Document Identifiers
* **Visual Data (Core):**
- Surname
- Given names
- Date/place of birth
- Sex
- Nationality
- Document number
- Dates of issue/expiry
- Issuing authority
- Holder signature
- Primary colour photo plus ghost image
* **Function Line (Page 4):** Optional **"Function"** entry (e.g., Ambassador, Minister Counsellor, Attaché, etc.), including flags for **Family member** or **Temporary laissez-passer**.
* **Issuer Code (MRZ):** **EUE** (European Union). **Document Category (PRADO):** T (travel) / S (service/official/special).
* **MRZ Format:** ICAO **TD3** (2 lines × 44 chars) per Doc 9303; standard passport MRZ content/field ordering applies.
* **Known MRZ Deviation (Historic):** For German nationals, nationality field value change from **DEU** (pre-2022) to **D<<** (post-2022) to align with Doc 9303 Part 3; documented on the EU-LP CSCA site.
---
## 4) Electronic Document (Chip) & Biometrics
* **Type:** **Contactless IC** (eMRTD) embedded in datapage; ICAO-conforming. Stores digital **face image** + **two fingerprints** (except possible omission for provisional LPs).
* **Access Control & Trust:**
- **EU-LP PKI:** Country Signing Certificate Authority (CSCA) operated by the **European Commission JRC**; publishes CSCA certificates, link certificates and CRLs (PEM; SHA-256/SHA-1 fingerprints posted).
- **EAC/Extended Access:** Commission notes **extended access control** infrastructure for inspection systems.
- **ICAO PKD:** EU is a **member since 7 Nov 2017**; CSCA "**EUE**" available to PKD participants for global validation.
* **Current CSCA Materials:**
- **Current CSCA Self-Signed:** Released **27 Jul 2020**, valid to **27 Oct 2031**; SHA-256 fingerprint published.
- **New CSCA (2025 Series):** Released **10 Apr 2025**, valid to **10 Jul 2036**; to be active by **Jul 2025** (with link cert).
- **CRL:** Latest CRL publication dates and validity windows listed on the CSCA page.
**CSCA Resources:**
- Portal: https://eu-csca.jrc.ec.europa.eu/
- Certificate downloads (PEM format)
- CRL publication schedule
- Deviation notices
---
## 5) Physical & Print Security Features
* **Watermarks:** Dedicated watermark on biodata page; different watermark design on inner pages; centred positioning.
* **Laminate/OVD:** Holographic laminate with kinetic/metallic effects over the datapage.
* **Intaglio & Latent Image:** Intaglio printing with **latent "EU"** image; tactile features.
* **Optically Variable Ink (OVI):** OVI elements on inside covers (e.g., "EUE" motif).
* **UV/IR Features:** Substrate **without optical brighteners**, fluorescent fibres, UV overprints in **red/blue/green**; additional UV imagery (2022 redesign theme).
* **Numbering:** Laser-perforated serial on inner pages ("L" + digits); top-right numbering on biodata page.
* **Guilloches/Microprint:** Multitone guilloches; complex background patterns; screen-printed elements on datapage.
* **Binding/Anti-Tamper:** Security stitching/binding marks present across visa pages.
---
## 6) 2022 Design Refresh
* **In Circulation:** Since **July 2022** (after the initial 2015 upgrade).
* **Theme:** "Connectivity" & **space/universe** (EU **Galileo**/**Copernicus**). New UV graphics and specialised inks/print methods were introduced.
---
## 7) Eligibility & Functional Use
* **Eligible Holders:** EU representatives/staff (and, under conditions, certain **special applicants** and **family members**); eligibility governed by Staff Regulations/CEOS.
* **Recognition/Visa Handling:** Valid in EU Member States; third countries via agreement. Airlines/travel agents check acceptance/visa via **IATA Timatic**; document info published in **PRADO**/**FADO** for inspection.
* **Important Limitation:** The document **does not itself grant diplomatic status/immunity**.
---
## 8) Quick Reference — Border/ID Systems
* **Document Family:** **EU eMRTD**, issuer code **EUE**, TD3 format. **MRZ**: 2×44 chars per ICAO Doc 9303; standard passport field rules.
* **Chip Verification:** Trust EU-LP via **PKD** (CSCA EUE) or fetch CSCA/CRL directly from **JRC CSCA portal**. Extended access control supported; check reader configuration for EU-LP profiles.
* **Fingerprint Presence:** Required for standard booklets; **may be absent on provisional LPs** (design note on PRADO).
* **Specimen & Feature Lookup:** Use **PRADO: EUE-TS-02001** for exhaustive image-level features and page-by-page security elements.
---
## 9) Integration Notes
### For Identity Service Integration
* **MRZ Parsing:** Implement ICAO Doc 9303 TD3 format parser (2 lines × 44 characters).
* **Chip Reading:** Support contactless IC reading for eMRTD data groups (DG1, DG2, DG3).
* **Certificate Validation:** Integrate with EU-LP CSCA for certificate chain validation.
* **Biometric Verification:** Support face image and fingerprint verification (when present).
### For Document Verification
* **Security Feature Checks:**
- UV/IR feature detection
- Watermark verification
- Holographic laminate inspection
- Intaglio printing verification
- OVI element validation
* **MRZ Validation:**
- Check digit validation
- Field format validation
- Issuer code verification (EUE)
- Document number format
### For Credential Issuance
* **Diplomatic Credential Mapping:** Map EU-LP holder information to diplomatic credential claims:
- Function/role from page 4
- Issuing authority
- Validity period
- Document number
---
## 10) Technical Implementation Requirements
### ICAO Doc 9303 Compliance
* **Parts 35:** MRTD common specs, TD3 MRPs
* **Parts 1012:** LDS (Logical Data Structure), security mechanisms, PKI
* **Watch for Updates:** MRZ document-type code harmonisation (affects optional second letter in "P<" code) ahead of **Doc 9303 updates from 2026**.
### Certificate Management
* **Monitor EU-LP CSCA Page:** For certificate rollovers (new CSCA & link certs published **April 2025** with activation in **July 2025**).
* **Deviation Notices:** Watch for nationality-field encoding changes (e.g., German nationals: DEU → D<<).
### Data Groups (LDS)
Typical EU-LP eMRTD contains:
* **DG1:** MRZ data
* **DG2:** Face image
* **DG3:** Fingerprint template(s) — may be absent on provisional LPs
* **DG4:** Additional biometric data (if applicable)
* **DG5:** Displayed portrait
* **DG6:** Reserved
* **DG7:** Displayed signature
* **DG8DG16:** Additional data groups (if applicable)
---
## 11) Verification Flow
### Standard Verification Process
1. **Physical Inspection:**
- Check document format (TD3, 88×125mm)
- Verify security features (watermarks, OVI, UV/IR)
- Inspect binding and anti-tamper features
2. **MRZ Reading:**
- Read MRZ (2 lines × 44 chars)
- Validate check digits
- Verify issuer code (EUE)
- Parse document number, dates, personal data
3. **Chip Access:**
- Establish contactless communication
- Perform Basic Access Control (BAC) or Extended Access Control (EAC)
- Read data groups (DG1, DG2, DG3)
4. **Certificate Validation:**
- Fetch CSCA certificate from EU-LP CSCA portal or PKD
- Validate certificate chain
- Check CRL for revoked certificates
- Verify document signature
5. **Biometric Verification:**
- Compare live face image with DG2
- Compare live fingerprints with DG3 (if present)
- Calculate match scores
6. **Data Consistency:**
- Compare MRZ data with chip data (DG1)
- Verify visual data matches chip data
- Check document validity dates
---
## 12) Compliance & Standards
### Standards Alignment
* **ICAO Doc 9303:** Full compliance required
* **EU Regulation 1417/2013:** Form and issuance requirements
* **Security Standards:** Equivalent to Member-State passports
### Integration Points
* **PRADO:** Document specimen reference (EUE-TS-02001)
* **FADO:** Document authenticity database
* **IATA Timatic:** Travel document acceptance database
* **ICAO PKD:** Public Key Directory for certificate validation
---
## 13) References
### Official Sources
* **European Commission:** https://commission.europa.eu/about/departments-and-executive-agencies/human-resources-and-security/laissez-passer_en
* **EUR-Lex Regulation:** https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32013R1417
* **PRADO Specimen:** https://www.consilium.europa.eu/prado/en/EUE-TS-02001/index.html
* **ICAO Doc 9303:** https://www.icao.int/publications/doc-series/doc-9303
* **EU-LP CSCA Portal:** https://eu-csca.jrc.ec.europa.eu/
### Related Documents
* **UN Laissez-Passer:** PRADO UNO-TS-02001 (for comparison)
* **ICAO PKD:** Public Key Directory membership information
* **IATA Timatic:** Travel document database
---
## 14) Implementation Checklist
### Phase 1: Basic Support
- [ ] MRZ parser for TD3 format (2×44 chars)
- [ ] Document number validation
- [ ] Issuer code recognition (EUE)
- [ ] Basic security feature detection
### Phase 2: Chip Integration
- [ ] Contactless IC reader integration
- [ ] BAC/EAC implementation
- [ ] LDS data group reading (DG1, DG2, DG3)
- [ ] Certificate chain validation
### Phase 3: Advanced Features
- [ ] EU-LP CSCA integration
- [ ] CRL checking
- [ ] Biometric verification (face, fingerprints)
- [ ] Full security feature validation
### Phase 4: Production
- [ ] Certificate rollover monitoring
- [ ] Deviation notice handling
- [ ] Integration with credential issuance
- [ ] Audit logging and compliance reporting
---
## Document Control
- **Version:** 1.0
- **Last Updated:** 2024-12-28
- **Next Review:** Quarterly (or upon ICAO/EU updates)
- **Owner:** Identity Service / Compliance Team
- **Status:** Reference Documentation
---
**Note:** This specification is for technical integration purposes. For legal and policy matters, refer to the official EU Regulation 1417/2013 and consult with legal counsel.