KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
|
Sri Lanka has successfully implemented a Digital ID POC based on the MOSIP platform. |
|
Sri Lanka has successfully implemented a Digital ID POC based on the MOSIP platform. |
No matter what, in the online world, reliable identities are a must for legally valid transactions. There are several technologies available on the market that enable next to unfailing authentication. To be accepted by users, they need to show ease of use, mobile capabilities and cost effectiveness. On the other hand, regulators and compliance authorities demand auditability, non-repudiation and trust.
Our world is becoming more digital and more mobile every day. The sensitivity of information being exchanged online grows rapidly and data privacy is a real concern to many people.
How are we facing new challenges to keep pace with today's digital transformation?
Getting rid of all paper flows, taking KYC-process to the next level, improve customers’ experience, introduce a safer way to login and confirm transactions, be compliant with EU regulations and PSD2.
Creating a digital ID in a country is one of the solution, but it requires more then just technology.
Digital transformation is increasingly affecting all types of organisations including Governments. In order to encourage citizens to adopt digital services, the least expensive channel for governments, it is necessary to support modern connection methodologies and provide user-focussed services. This webinar will investigate the challenges facing government and the opportunity digital transformation affords.
Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of threats and ultimately trust.
For more than 15 years, Denmark has provided public access to eID. 3. generation is now available delivering one unified system giving both citizens, employees, public authorities, and businesses easy access to solely accepting and using validated digital identities. Ensuring compliance within the framework of eIDAS and ultimately NIS2.
Bjarke Alling - current member and prior co-chair of the Danish National Cyber Security Council, founder and Group Director of the IT cybersecurity software company Liga, and a key contributor to the development of the Danish eID solution, will share insights into the solution and put it into a broader broader-crossing perspective.
An identity of some sort is necessary for almost all daily interactions in developed countries, and is becoming increasingly necessary in many developing nations. To interact with the public sector, it is imperative for an individual to have a legal identity that is anchored in a legally established, standardized, verifiable, and trustworthy source. All countries in the world have such repositories, and they exist either as civil registries or civil identification registers (or both). The 198 countries reviewed in this study have a civil registry and 171 have civil identification registers that issue identity cards. Only 27 lack a civil identification and do not issue identification credentials. And of those 27 countries, four are currently in the process of establishing such systems to uniquely identify citizens and residents.
This is a new development in the world and touches on mDL, Verifiable Credentials, decentralized identity, and personal data topics. A forward-looking presentation about what the world might look like, the foundational changes represented by this change, and some current and potential innovations that are now possible because of this.
Digital identity has been under a constant evolution for the last 30 years. It started from a simple access control via user account within a system to a shared credential among the systems, then to the federated identity and bring-your-own-identity (BYOI). Modern usages are not only for access control but include such purposes like digital on-boarding (account opening), employee and customer relationship management. Among the many technologies out there, OpenID seems to have gained popularity in the market that you are probably using it without knowing it. This session explains the positioning of OpenID in the digital ID landscape and explores the future potential for both corporations and individuals for the coming years.
Brilliant. So thank you everyone for joining in with me today. Today I'm gonna talk about Sri Lanka's unique digital identity MO implementation. So I'm D ha, I work as a director, software architect at I CT A. So I T A is the PS policymaking body for government of Sri Lanka. We are a government organization, so we are empowered to drive the digital transformation in Sri Lanka. So we offer various services. So we digitize government departments and we focus on cybersecurity, digital skill training, and we empower startups also. That's little bit about ict.
Okay, now let's focus on digital identity. So in any given ID system, there are two types, foundational and functional. So today we are go fo, going to focus on foundational id. So the basic role of a foundational ID is to provide identification and authentication, right?
So, and also it'll provide unique IDs, digital credentials and authentication. So that will be the basis of a foundational id. So does Sri Lanka need a digital id? So we have a very robust traditional ID which has been running since 1971, operated by department of Register of persons. So they are the main stakeholder of this project as well. But there are a lot of shortcomings. The currently the ID we have, it was bounded to a physical presence of the ID card owner.
We can't operate digitally, we government can't do digital transactions and the authentication needs performed me on a visual check. We have to check the, do a comparison of the person in front and the card holder. And we have to, lot of times when we obtain government services, we have to provide additional documentation just to prove our identity, which is a big hassle. And there are many cases fraudulent transactions have been reported. So this is a bottleneck for our digital identity, our digital transformation journey.
So that's where we thought of coming in with a solution, which is the digital identity obviously. So this is twofold. Basically it's a biometric back identity and a digital credential for an individual to operate in the cyber race. So in terms of biometrics, we will collect fingerprint, iris and facial and we will do a D duplication and we will offer the identities. The service will be consumed by public sector as well as private sector. The citizens only have to give their detail once we follow a principle called collect ones.
So afterwards, these details can be used for authentication as well as E K Y C purposes. So this project also D R P is empowered department of register of persons is empowered to do to or to drive the project. So as I C T A we do is the technology leadership.
Okay, before jumping into the digital identity, I want to show you something really important as a government, we have a government enterprise architecture. So on the bottom we have the network layer, which is Lanka government Network. On top of that we have the Lanka Garment cloud, which is the private cloud we have for dedicated for garment of Sri Lanka. On top of that, we are building the unique digital identity and a data exchange. So data exchange as an example, you know, extra similar to that. So those are the foundational layers, network, cloud and identity and data exchange.
On top of that we have shared services like payments, email, collaboration, all will reside on top of the foundational layers. Then we have line of businesses specific to each domain. Those are delivered through mobile lab, web, Porwal, APIs, various mechanisms to the stakeholders. Stakeholders can be citizens, tourist, business startups, government organizations, private sector businesses can be anything but today's discussion. We are gonna focus on unique digital identity. So this is the one plus one vision diagram that we have come up with.
So on the blue you can see the first year components that we are building as the unique digital identity. On yellow you can see the second year components. So this is a multi-stage project backed by technicalities, project management, legal aspects, and lot of engineering work as well. So this is the digital government architecture. So this is my bread and butter, this is what I do. So on the bottom you can see the data layer. Basically there will be multiple databases including biometrics, biographic data, master data. On top of that we are gonna have a functional layer.
So the functional layer will consist registration, authentication, E K Y C, and other admin services. These services will be exposed through a service exposure layer to web and mobile applications. And the third party integrations to be consumed by these stakeholders, citizens, D R P, who's the project owner, admins, public sector, private sector, even to the developer community to come up with applications. And on the left you can see the couple of non-functional requirements, important ones. And on the right you can see through SDK we are integrating A and biometric devices.
So this is a high level overview or I would rather say high level functional reference architecture of slu. And if you can see, this is geared more towards moip, right? So the moip, we have been inspired by moip and we are using mossi for our identity layer. So the process, we will do a pre-registration, which could be online as well as offline. So the offline, you'll get a form, you'll have to fill it out and you'll have to go to a registration center. At the registration center you will give your biometric and biographic data. So those will be duplicate.
And afterwards those will be verified by A D R P officer. D R P means department of register persons. They'll be officers who will be manually verifying all of these against the existing artifacts such as birth certificate, marriage certificate, driver's license, water's registry. We'll use multiple sources. That way we can ensure that we will issue a valued license which citizen can use for authentication. So this is the high level authentication and E K Y C flow. On the left you can see the request flow. On the right you can see the response flow.
So basically we are using somewhat similar to ADA's approach where you have a trusted service provider to augment the identification systems functionality. So basically citizen will engage with the business application, which is owned by the user agency as an example. User agency can be a bank or can be a any service offering company and they will be integrated with the trusted service provider, mostly over VPN or, or can be even internet connectivity at times, right? So let's look at a quick workflow. So citizen will go to the service provider in this example, let's say a bank.
Then he will give his biometric because in order to obtain financial services, you have to prove your identity. Then those information will be sent to the TSP trusted service provider who will broker the I identification approach. Then TSP will send a notification to the citizen. So this can be a SMS or this can be a call, this can be through the mobile application just to get his consent. And the citizen will give the consent back to tsp. TSP will carry out the authentication, then the pass the response back to UA and ua. UA means user agency will offer the service to the citizen, right?
So foundational framework for digital transformation. As you all aware, this will enable the digital transformation, very inclusive manner reducing and transactions and corruptions. And this will be the cornerstone enabling authentication for critical government services and citizen services.
Also, this will lay the foundation for digital transformation in Sri Lanka and it'll enhance the visibility and the quality of service delivery that we do right now. So these are a couple of examples. On the left you can see benefits that citizen will get on the right, you can see the benefits that service provider gets. So as I told you, we are mainly focused on moip.
If you, if you ask me what is moip, it's a modular open source identity platform which allows governments to implement foundational id as we speak, Mossi has crossed the one 100 markoff registrations and they are funded by multiple parties. So why did we use mossi? So it is modular, you can customize as you want and it has the population scale performance and they use automation which will be efficient running ID platform. And most importantly what we have seen is in Sri Lanka, some of the systems they get vendor lock. So we from the, from the inception, we want to be vendor neutral.
That's why we choose mosi. So how do we ensure that all those characteristics are there in mo? The way we ensure this, we carried out a poc. In the poc, we covered all these functionalities process, then authentication, integration with the existing government department systems and integration of ABIs, email gateways, biometric devices, all these were done. So the first phase of the POC and the second phase of the POC has been completed up to now covering all of these aspects. And even this week on Monday we, I'm very proud to say we have published an RFP for vendors to bid.
So it is up out there, IT the entire RFP is structured in a way we will get the infrastructure, biometric devices obese and SI two to implement digital identity in Sri Lanka. Right now let's look at a quick demo of the POC that we carried out, right? I hope you can see my screen?
Yes, yes you can.
Right? So on the left you can see it's the MO registration application. On the right you can see the applicant. I hope you can see the video. So they are giving now the
Okay, let me play it again. Can you see the video playing now? Yes. Now it's working here, right? So on the left you can see the registration client, which we built on top of Moip. On the right you can see a registration happening. So he gave his biographic data. Now he's going to give his biometric data. So these are just artifacts, couple of artifacts that we collect the existing national ID driving license if, if he has any. Now he's giving IRS biometrics. So all these first tested during our poc, we even did two live use cases.
First one is opening of a bank account, second one was obtaining a sim card. So these were live use cases that we did. Now he's going to give fingerprint on the second four fingers it's 4 42. Now he's going to give the other two fingers. All right. Now the phase biometrics. On the production deployment, we plan to capture the phase biometric also based on standards. This is supervisor's, username and password.
And citizen will see a overview of data that he gave and the supervisor will upload these packets back to the server until such time these registrations packets will stay in the enrollment device. So on the production, not only enrollment stations, we plan to get Portable enrollment devices also to address or or to enroll disabled persons or persons who are in rural areas. Because in a foundational ID inclusiveness is a key characteristics that we should strive for.
So this is the D R P application where A D R P officer, a department officer will verify his details against other artifacts and he will approve. And once he approves he will receive a SMS as well as a email and he can log into the Porwal. This is just a a half bake Porwal we did just for the pilot, we, we are coming up with a better Porwal. This is just to try out APIs and the functionalities and a letter also will be generated. And with this information we will post back. Right? Let me share my screen again. This one, just a reminder, we have one minute left.
Yeah, okay. Right. So I hope you can see my screen. I'll quickly run through. So these are, these are the standards that we comply to. Most of them are so standards. So this is the implementation timeline. So basically first year we'll get set of components, then the iteration two, four months we will get another set of components. Then we will go live implementation approach. We have a MSI and msp. So we covered all this. Now we plan to implement a digital digitally enabled Sri Lanka. So with that hope, I would like to conclude my presentation.
If you have any questions, I would be happy to answer. Thank you so much for your presentation. Rhonda. Applause for this one. Everyone.
