Skip to content

Platform Documentation

Rahuul Chettri edited this page Jul 26, 2019 · 206 revisions

Table Of Contents

1. INTRODUCTION

This document describes the objectives and explicit functional requirements of MOSIP. It also gives an overview of architecturally significant features, APIs and standards followed in MOSIP. Lastly, it provides necessary information on implementation, customization and set up.

2. FUNCTIONAL OVERVIEW[↑]

Further details are available on each modules under Requirement Specifications

2.1 Pre-Registration

Pre-registration is the web channel of the MOSIP. This module enables a user to:

  1. Book an appointment for registration
  2. Enter demographic data & upload supporting documents
  3. Appointment notification, rescheduling and cancellation
  4. Send resident data to registration center before appointment, which can be used during registration

Detailed functional specifications of pre-registration module

2.2 Registration Services

Registration Client application captures the demographic and biometric details of an individual along with supporting information (proof documents & information about parent/guardian/introducer) and packages the information in a secure way. This module provides the following capabilities:

  1. Provides a secure way of capturing an individual's demographic and biometric data
  2. Provides interfaces to biometric devices that comply to industry standards
  3. Works in online and offline mode to capture data
  4. Provides option to transfer data to server when online and helps in uninterrupted registrations
  5. Client has the ability to update itself for patch upgrades (bug fixes/enhancements) in a remote way. There could be hundreds of client instances running on laptops/desktops. Updates on all of them are controlled by the client and a central server.
  6. Registration client is secured such that it cannot be tampered with or misused

Detailed functional specifications of registration services

2.3 Registration Processor

Registration Processor processes the data (demographic and biometric) of an individual for quality and uniqueness and then issues a Unique Identification Number (UIN). The source of data are primarily from:

  1. MOSIP Registration Client
  2. Existing ID system(s) of a country

This module has the following capabilities:

  1. Provides guaranteed packet processing - Not lose the packet once received on the server
  2. Handle server failure, recovery and re-submission of packets for processing automatically
  3. Add new processing step(s) without changing existing steps as different countries may have different processing requirements
  4. Integrate with multiple ABIS providers. Accommodate sending one or more biometric modality to one or more ABISs and calculate a composite fusion score and then take a decision on the processing
  5. Each processing step is scalable independently based on the load

Detailed functional requirement specifications of Registration Processor

2.4 ID Authentication

ID Authentication in MOSIP provides services through APIs that validates the authenticity of a resident based on one or more factors (demographic and biometric). The authentication services are integrated with TSPs (Trusted Service Providers) for delivering eKYC services to residents via user agencies.

This module provides the following capabilities:

  1. Authenticate an individual in a secure and trusted way
  2. Capture the biometric data as per the defined standards
  3. Authenticate an individual based on their basic identity data captured via MOSIP
  4. In addition to demographic and biometric authentication, an individual can also be authenticated based on the following parameters:
    • Temporary One Time Password (TOTP) based
    • Challenge response
  5. Authentication APIs
  6. High Availability (HA) to ensure smooth service
  7. Scalable to cater to the growing population of a country
  8. Protects an Individual's identity from request-replay attacks
  9. Audited for reporting and fraud management checks

Detailed functional requirement specifications for authentication services

2.5 Kernel

Kernel is a platform to build higher-level services as well as a secure sandbox. Functionally it caters to the following services:

2.6 Administrator Services (WIP)

MOSIP Admin manages the functional and non-functional activities of MOSIP on Admin Portal through either the backend process or the UI screens.

Admin will be able to:

  • Set up Platform Data, Process Flows, ID Definition, Configuration, and Security Policy (Through backend process).
  • Manage (Create, Update, View, Activate/Deactivate, Map/Un-map/Re-map/Decommission) the resources.
  • Map the resources (Users, Machines, and Devices) to a registration center.
  • Manage the master data (Create/Update/Activate/Deactivate).
  • Manage approval requests for creation and updation of resources and master data.
  • Manage personal account details (Reset Password, Forgot User Name, Change Password, Unlock Account, and Edit Personal Details.
  • Activate/deactivate UIN
  • View status of packets

Detailed functional specifications of administrator services module

2.9 ID Repository

Detailed functional specifications of ID Repository

3. ARCHITECTURE OVERVIEW[↑]

3.1 Architectural Principles and Platform Goals

3.2 Logical Architecture

3.3 Technology Stack

3.4 Data Architecture

3.5 High Level Design

3.5.1 Pre-Registration

3.5.2 Kernel

3.5.3 Registration Services

3.5.4 Registration Processor

3.5.5 Authentication Services

3.5.7 Administrator Services

3.5.8 ID Repository

4. REQUIREMENT SPECIFICATIONS[↑]

4.1 Functional Requirement Specifications

4.1.1 Pre-Registration

4.1.2 Data Services

4.1.3 Common Services

4.1.4 Admin Services

4.1.5 UIN Generation

4.1.6 Configuration Server

4.1.7 Audit Manager

4.1.8 Authentication and Authorization

4.1.9 Registration Services

4.1.10 Registration Processor

4.1.11 Authentication Services

4.1.13 Administrator Services

4.1.15 ID Repository

4.2 Non-Functional Requirement Specifications

5. ARCHITECTURALLY SIGNIFICANT COMPONENTS[↑]

5.1 ID Object Definition

ID definition describes the attributes a Country or entity intends to capture from an Individual, which will formulate the definition of ID for a Country. This section elaborates on the mechanism MOSIP adopts, in order to provide the flexibility for each Country to define its preferred ID definition and ID object definition schema.

More details on ID Object Definition

5.2 Configurations

MOSIP as a platform will have multiple applications running and each application will have a set of configurations. This section details:

  1. The key configuration files a system owner has to create before starting the platform – with a centralized Config Server.
  2. Launcher component which will read the configuration files, validate and launch the platform.

More details on Configurations

5.3 Registration Packet Structure

This section illustrates the packet creation flow along with the encryption process, as part of Registration Client.

More details on Registration Packet

5.4 ABIS Middleware

This section provides details on the ability of MOSIP to support a single or multi-ABIS solution, specifics on the Components & APIs of ABIS Middleware, Strategies for Biometric data management in ABIS and Strategies for de-duplication in case of multiple ABIS systems.

More details on ABIS Middleware

5.5 Biometric Data Standards

This section details out the specifications for Biometric data during data acquisition and verification.

More details on Biometric Data Specifications

5.6 MOSIP Device Specification

This section illustrates the VDM technical specifications to be adhered by a vendor, who intends to adopt their devices to the MOSIP platform, so as to capture the biometric data and process the same.

More details on MOSIP Device Specification

5.7 Core Data Management

ID Repository module contains the golden record of Identity for an Individual. Once new/update packets are processed by Registration Processor, the Identity details of an Individual are added/updated in ID Repository. The Identity information available in ID Repository is then used by ID Authentication to authenticate an Individual.

This module exposes few REST APIs which can be used to create/update/retrieve identity of an individual. Please refer to the ID Repository API for more details.

5.8 Integration with External Systems

This section illustrates the integration specifications of MOSIP with an external system.

6. MOSIP APIs[↑]

6.1 External APIs

6.2 Internal APIs

7. PRIVACY AND SECURITY[↑]

Multiple aspects of Security like Confidentiality, Privacy, and Integrity of data are key in ensuring an Individual's identity is not compromised. This section illuminates on the privacy and security design principles MOSIP follows. Please also take a look at Security Tools to know more about the tools used for security testing.

8. CONTRIBUTING[↑]

To get started on contributing to MOSIP, read our Contributor Guide and our Code of Conduct

9. BUILDING AND DEPLOYING MOSIP[↑]

9.1 Getting Started Guide

9.2 Tester Documentation

Useful information for the tester community. Tester Documentation

Test Rig represents a one click automation to build, deploy and test a software module. Successful execution of test rig would ascertain complete setup of the MOSIP platform. More details on Test Rig Design.

More details on Test Automation

9.3 Developer Documentation

9.4 Customization (WIP)

10. INFRASTRUCTURE RECOMMENDATIONS[↑]

10.1 Data Center Architecture (WIP)

11. List Of Acronyms

Acronym Expanded Form
ABIS Automated Biometric Identification System
API Application Programming Interface
ID Identity
IDA Identity Authentication
MOSIP Modular Open Source Identity Platform
NFR Non-Functional Requirements
OTP One Time Password
SDK Software Development Kit
TBD To Be Determined
TOTP Temporary One Time Password
UIN Unique Identification Number
WIP Work In Progress
CBEFF Common Biometric Exchange Formats Framework
HSM Hardware Security Module
TPM Trusted Platform Module
Clone this wiki locally
You can’t perform that action at this time.