d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3bf47efa2bace8530fab2e55aa219ec02329fd3c
the_order/docs/integrations/eu-laissez-passer/specification.md
defiQUG 6a8582e54d feat: comprehensive project structure improvements and Cloud for Sovereignty landing zone 
- Add Cloud for Sovereignty landing zone architecture and deployment
- Implement complete legal document management system
- Reorganize documentation with improved navigation
- Add infrastructure improvements (Dockerfiles, K8s, monitoring)
- Add operational improvements (graceful shutdown, rate limiting, caching)
- Create comprehensive project structure documentation
- Add Azure deployment automation scripts
- Improve repository navigation and organization
2025-11-13 09:32:55 -08:00

300 lines
11 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# EU Laissez-Passer (EU-LP) — Technical Specification
**Document Type:** Technical Specification
**Version:** 1.0
**Last Updated:** 2024-12-28
**Status:** Reference Documentation
---
## 1) Legal & Governance
* **Instrument:** Council Regulation (EU) No 1417/2013 (form, issuance, recognition; replaces 1826/69). Does **not** itself grant privileges/immunities. Recognised by EU Member States; recognition in third countries via agreements.
* **Standards Basis:** Must meet the same **security standards/technical specs** as Member-State passports; aligned to **ICAO Doc 9303** (MRTD/eMRTD).
* **Issuing & Lifecycle:** Centralised enrolment, personalisation, delivery, and end-of-life (destruction) run by the European Commission on behalf of all EU issuing institutions.
---
## 2) Form Factor & Construction
* **Booklet Type:** Single booklet, **TD3 passport size**.
* **Dimensions:** **88 mm × 125 mm** (W×H). **Pages:** **48**. **Cover:** blue; hot-foil stamping; flexible plastic cover.
* **Validity:** Up to **6 years** (min 12 months). **No extensions.** **Provisional LP** possible up to **12 months**; its chip **may omit fingerprints**.
---
## 3) Data Page, MRZ & Document Identifiers
* **Visual Data (Core):**
- Surname
- Given names
- Date/place of birth
- Sex
- Nationality
- Document number
- Dates of issue/expiry
- Issuing authority
- Holder signature
- Primary colour photo plus ghost image
* **Function Line (Page 4):** Optional **"Function"** entry (e.g., Ambassador, Minister Counsellor, Attaché, etc.), including flags for **Family member** or **Temporary laissez-passer**.
* **Issuer Code (MRZ):** **EUE** (European Union). **Document Category (PRADO):** T (travel) / S (service/official/special).
* **MRZ Format:** ICAO **TD3** (2 lines × 44 chars) per Doc 9303; standard passport MRZ content/field ordering applies.
* **Known MRZ Deviation (Historic):** For German nationals, nationality field value change from **DEU** (pre-2022) to **D<<** (post-2022) to align with Doc 9303 Part 3; documented on the EU-LP CSCA site.
---
## 4) Electronic Document (Chip) & Biometrics
* **Type:** **Contactless IC** (eMRTD) embedded in datapage; ICAO-conforming. Stores digital **face image** + **two fingerprints** (except possible omission for provisional LPs).
* **Access Control & Trust:**
- **EU-LP PKI:** Country Signing Certificate Authority (CSCA) operated by the **European Commission JRC**; publishes CSCA certificates, link certificates and CRLs (PEM; SHA-256/SHA-1 fingerprints posted).
- **EAC/Extended Access:** Commission notes **extended access control** infrastructure for inspection systems.
- **ICAO PKD:** EU is a **member since 7 Nov 2017**; CSCA "**EUE**" available to PKD participants for global validation.
* **Current CSCA Materials:**
- **Current CSCA Self-Signed:** Released **27 Jul 2020**, valid to **27 Oct 2031**; SHA-256 fingerprint published.
- **New CSCA (2025 Series):** Released **10 Apr 2025**, valid to **10 Jul 2036**; to be active by **Jul 2025** (with link cert).
- **CRL:** Latest CRL publication dates and validity windows listed on the CSCA page.
**CSCA Resources:**
- Portal: https://eu-csca.jrc.ec.europa.eu/
- Certificate downloads (PEM format)
- CRL publication schedule
- Deviation notices
---
## 5) Physical & Print Security Features
* **Watermarks:** Dedicated watermark on biodata page; different watermark design on inner pages; centred positioning.
* **Laminate/OVD:** Holographic laminate with kinetic/metallic effects over the datapage.
* **Intaglio & Latent Image:** Intaglio printing with **latent "EU"** image; tactile features.
* **Optically Variable Ink (OVI):** OVI elements on inside covers (e.g., "EUE" motif).
* **UV/IR Features:** Substrate **without optical brighteners**, fluorescent fibres, UV overprints in **red/blue/green**; additional UV imagery (2022 redesign theme).
* **Numbering:** Laser-perforated serial on inner pages ("L" + digits); top-right numbering on biodata page.
* **Guilloches/Microprint:** Multitone guilloches; complex background patterns; screen-printed elements on datapage.
* **Binding/Anti-Tamper:** Security stitching/binding marks present across visa pages.
---
## 6) 2022 Design Refresh
* **In Circulation:** Since **July 2022** (after the initial 2015 upgrade).
* **Theme:** "Connectivity" & **space/universe** (EU **Galileo**/**Copernicus**). New UV graphics and specialised inks/print methods were introduced.
---
## 7) Eligibility & Functional Use
* **Eligible Holders:** EU representatives/staff (and, under conditions, certain **special applicants** and **family members**); eligibility governed by Staff Regulations/CEOS.
* **Recognition/Visa Handling:** Valid in EU Member States; third countries via agreement. Airlines/travel agents check acceptance/visa via **IATA Timatic**; document info published in **PRADO**/**FADO** for inspection.
* **Important Limitation:** The document **does not itself grant diplomatic status/immunity**.
---
## 8) Quick Reference — Border/ID Systems
* **Document Family:** **EU eMRTD**, issuer code **EUE**, TD3 format. **MRZ**: 2×44 chars per ICAO Doc 9303; standard passport field rules.
* **Chip Verification:** Trust EU-LP via **PKD** (CSCA EUE) or fetch CSCA/CRL directly from **JRC CSCA portal**. Extended access control supported; check reader configuration for EU-LP profiles.
* **Fingerprint Presence:** Required for standard booklets; **may be absent on provisional LPs** (design note on PRADO).
* **Specimen & Feature Lookup:** Use **PRADO: EUE-TS-02001** for exhaustive image-level features and page-by-page security elements.
---
## 9) Integration Notes
### For Identity Service Integration
* **MRZ Parsing:** Implement ICAO Doc 9303 TD3 format parser (2 lines × 44 characters).
* **Chip Reading:** Support contactless IC reading for eMRTD data groups (DG1, DG2, DG3).
* **Certificate Validation:** Integrate with EU-LP CSCA for certificate chain validation.
* **Biometric Verification:** Support face image and fingerprint verification (when present).
### For Document Verification
* **Security Feature Checks:**
- UV/IR feature detection
- Watermark verification
- Holographic laminate inspection
- Intaglio printing verification
- OVI element validation
* **MRZ Validation:**
- Check digit validation
- Field format validation
- Issuer code verification (EUE)
- Document number format
### For Credential Issuance
* **Diplomatic Credential Mapping:** Map EU-LP holder information to diplomatic credential claims:
- Function/role from page 4
- Issuing authority
- Validity period
- Document number
---
## 10) Technical Implementation Requirements
### ICAO Doc 9303 Compliance
* **Parts 35:** MRTD common specs, TD3 MRPs
* **Parts 1012:** LDS (Logical Data Structure), security mechanisms, PKI
* **Watch for Updates:** MRZ document-type code harmonisation (affects optional second letter in "P<" code) ahead of **Doc 9303 updates from 2026**.
### Certificate Management
* **Monitor EU-LP CSCA Page:** For certificate rollovers (new CSCA & link certs published **April 2025** with activation in **July 2025**).
* **Deviation Notices:** Watch for nationality-field encoding changes (e.g., German nationals: DEU → D<<).
### Data Groups (LDS)
Typical EU-LP eMRTD contains:
* **DG1:** MRZ data
* **DG2:** Face image
* **DG3:** Fingerprint template(s) — may be absent on provisional LPs
* **DG4:** Additional biometric data (if applicable)
* **DG5:** Displayed portrait
* **DG6:** Reserved
* **DG7:** Displayed signature
* **DG8DG16:** Additional data groups (if applicable)
---
## 11) Verification Flow
### Standard Verification Process
1. **Physical Inspection:**
- Check document format (TD3, 88×125mm)
- Verify security features (watermarks, OVI, UV/IR)
- Inspect binding and anti-tamper features
2. **MRZ Reading:**
- Read MRZ (2 lines × 44 chars)
- Validate check digits
- Verify issuer code (EUE)
- Parse document number, dates, personal data
3. **Chip Access:**
- Establish contactless communication
- Perform Basic Access Control (BAC) or Extended Access Control (EAC)
- Read data groups (DG1, DG2, DG3)
4. **Certificate Validation:**
- Fetch CSCA certificate from EU-LP CSCA portal or PKD
- Validate certificate chain
- Check CRL for revoked certificates
- Verify document signature
5. **Biometric Verification:**
- Compare live face image with DG2
- Compare live fingerprints with DG3 (if present)
- Calculate match scores
6. **Data Consistency:**
- Compare MRZ data with chip data (DG1)
- Verify visual data matches chip data
- Check document validity dates
---
## 12) Compliance & Standards
### Standards Alignment
* **ICAO Doc 9303:** Full compliance required
* **EU Regulation 1417/2013:** Form and issuance requirements
* **Security Standards:** Equivalent to Member-State passports
### Integration Points
* **PRADO:** Document specimen reference (EUE-TS-02001)
* **FADO:** Document authenticity database
* **IATA Timatic:** Travel document acceptance database
* **ICAO PKD:** Public Key Directory for certificate validation
---
## 13) References
### Official Sources
* **European Commission:** https://commission.europa.eu/about/departments-and-executive-agencies/human-resources-and-security/laissez-passer_en
* **EUR-Lex Regulation:** https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX%3A32013R1417
* **PRADO Specimen:** https://www.consilium.europa.eu/prado/en/EUE-TS-02001/index.html
* **ICAO Doc 9303:** https://www.icao.int/publications/doc-series/doc-9303
* **EU-LP CSCA Portal:** https://eu-csca.jrc.ec.europa.eu/
### Related Documents
* **UN Laissez-Passer:** PRADO UNO-TS-02001 (for comparison)
* **ICAO PKD:** Public Key Directory membership information
* **IATA Timatic:** Travel document database
---
## 14) Implementation Checklist
### Phase 1: Basic Support
- [ ] MRZ parser for TD3 format (2×44 chars)
- [ ] Document number validation
- [ ] Issuer code recognition (EUE)
- [ ] Basic security feature detection
### Phase 2: Chip Integration
- [ ] Contactless IC reader integration
- [ ] BAC/EAC implementation
- [ ] LDS data group reading (DG1, DG2, DG3)
- [ ] Certificate chain validation
### Phase 3: Advanced Features
- [ ] EU-LP CSCA integration
- [ ] CRL checking
- [ ] Biometric verification (face, fingerprints)
- [ ] Full security feature validation
### Phase 4: Production
- [ ] Certificate rollover monitoring
- [ ] Deviation notice handling
- [ ] Integration with credential issuance
- [ ] Audit logging and compliance reporting
---
## Document Control
- **Version:** 1.0
- **Last Updated:** 2024-12-28
- **Next Review:** Quarterly (or upon ICAO/EU updates)
- **Owner:** Identity Service / Compliance Team
- **Status:** Reference Documentation
---
**Note:** This specification is for technical integration purposes. For legal and policy matters, refer to the official EU Regulation 1417/2013 and consult with legal counsel.
Reference in New Issue View Git Blame Copy Permalink