Two ideas to break down vendor lock-in in foundational biometric ID systems launch at ID4Africa 2019
A lack of interoperability and vendor lock-in are long-standing barriers to successful identification systems in many places around the world, and have been an area of focus at ID4Africa throughout the course of the movement. Vendor lock-in is the most common cause of dissatisfaction with technology vendors among African identity authorities, according to the 2018 ID4Africa survey.
At ID4Africa 2018 in Abuja, Nigeria, Alphonse Malibiche, director of identification management for Tanzania’s National Identification Authority (NIDA) was among several advocates for the use of open standards to break down siloes and achieve the full benefits of investments in technology. Malibiche told Biometric Update that governments could mitigate these problems with careful planning, and expressed optimism that incremental progress is being made.
Now, a pair of groups are presenting their visions for a new way of running digital identification systems, in the hopes of capping that incremental progress with a giant leap.
The Open Standards Identity API (OSIA) is an initiative of the Secure Identity Alliance, consisting of a comprehensive set of defined ID ecosystem components connected by an open source API. It interconnects a Civil Registry, Population Registry, ABIS, and functional registers, such as for voter rolls, passports, or social benefits, in a system the organization says is guided by the principles of sovereignty, technology neutrality, and privacy by design.
It represents the first time the industry’s major stakeholders, including IDEMIA, Gemalto, De La Rue, which was recently acquired by HID Global, IN Groupe, Laxton and Veridos have all come together to address the issue, and to agree on what the different components of a fully-functioning identity ecosystem are, IDEMIA Senior Market Development Manager Debora Comparin told Biometric Update. Previously, even the terminology was not agreed on.
The Modular Open Source Identity Platform (MOSIP) consists of a set of modules designed for scalability and manageability, privacy, security, and affordability. Its platform design enables an increased number of potential system integrators, such as new regional players with e-Government experience, increasing competition among service providers. As an open-source platform, those service providers can be used interchangeably, without vendor lock-in, MOSIP Legal Counsel Srijoni Sen told Biometric Update by email.
MOSIP cites an ID4Africa estimate of $240 million to implement a digital identity solution for a country with 30 million people.
The platform was presented by MOSIP’s Technical Committee Chairman Sanjay Jain, and OSIA was launched with a presentation by Comparin, during an ID4Africa 2019 plenary session on disruptive innovations.
Anchored by the International Institute of Information Technology Bangalore (IIT-B) and with the support of the Bill & Melinda Gates Foundation, Sir Ratan Tata Trust and Omidyar Network, MOSIP has developed an open source platform for foundational identity systems the organization says avoids the problems that have thwarted so many efforts and driven up costs in the past.
“The use of the open platform enables interchangeability of service providers without vendor lock-in,” Sen explains. “A country by following good software design practices can build an ID system for itself using MOSIP platform without locking itself with a single system integrator.”
A country customization layer sits atop the core technology layer of the MOSIP platform. At this layer system integrators customize and integrate the modules, and on top of it sits the use case layer, where the country’s linked ID services are hosted.
A number of open-source, open standard modules make up the foundational ID platform. They include key modules for pre-registration web channel, registration services client application, a registration processor for deduplication. The registration processor also includes APIs for integrating pre-existing databases. Other key modules provide an API-based ID authentication mechanism, and the kernel, which functions as a platform for building higher level services, and as a secure sandbox.
After an assessment process, implementing countries design a system based on the platform, and then work towards launching it. The platform will rely on a MOSIP Commercial Partners for customization and integration for each government or intergovernmental group, and MOSIP also provides training and education, as well as country-level technology consulting and other support.
“MOSIP makes available a full-fledged identity system core for which there are no competitive, readily available alternatives available today,” according to Sen. Any ID issuer can customize the complete foundational system, or specific functional modules to implement its own system, with full control.
“Open source ID systems allow the system owners to gain control of the crucial identity system and promotes total ownership of the system over time.”
Sen says that OSIA appears to be complementary to MOSIP’s aims: “there is scope to build integrations with civil registries and civil identity systems based on MOSIP integration API standards.” The idea is to be interoperable with practically any system.
“MOSIP supports open standards using various ISO biometric standards like CBEFF for ABIS and biometric SDK. Interoperability with devices is based on a MOSIP device specification, which will be openly available,” Sen explains. “Being open source, MOSIP encourages interoperability between different ID systems and integration with existing systems. Since different user organisations have different needs, we are happy to see more open source initiatives addressing such needs.”
The Government of Morocco plans to roll out an RNP system based on MOSIP in 2019, and the MOSIP team also plans to launch commercial partner programs.
The businesses that make up the SIA’s membership also represent the majority of identity system integrators, which gives them the critical mass necessary to support the project, but has also made establishing a consensus challenging. Despite that, and being announced only a year ago, the initiative is planning to have the framework ready for implementations later this year.
That is testament to a commitment by all major industry players to do things differently, according to Comparin. Reaching consensus on each component and release is one thing, but actually getting buy-in from all members that the change in approach was necessary was the real hard part.
“It was really at the beginning to converge and accept a big change in the market,” she says. “We are now going to compete purely based on innovation and technology on the single components and not to rely on vendor lock-in at all.”
By using agreed upon standards, without proprietary technology such as file formats preventing interoperability and portability, OSIA provides a variety of choices from the market that can be substituted for each other, while preserving legacy systems. In her presentation, Comparin compared OSIA to LEGO, saying whichever shape or colour of piece you choose, it will fit with the others.
The OSIA is driven by government goals in an ongoing process, through an advisory board that hears from governments and gives direction, and a Workgroup that manages the evolution of functional and technical specifications. Nigeria NIMC (National Identity Management Commission) Director General Aliyu Aziz is chairman of the advisory board.
SIA Marketing and Communication Director Stephanie de Labriolle told Biometric Update in an interview that the initiative is not simply a single project, but a full initiative, and the framework is only the beginning. The initiative includes the advisory committee, a technical team, a data community, and an external moderator. Each decision or change takes time, as it needs to be reflected in products so that they will comply from implementation, Comparin says.
When asked about the reputation of open source software as inexpensive, Comparin asserts that software is not a major part of solution cost.
“The right question is: where does the cost lie?” she argues. “I don’t think most of the cost of what we charge for is in the code itself. It’s all about the customization, implementation, support and maintenance. All those four things are still needed even if you have open source software. Open source software has some advantages but in this particular case I don’t see it in the cost.”
Further, de Labriolle says that MOSIP will not really solve the problem of vendor lock-in. What is really needed is the flexibility provided by the open source API and the industry’s agreement on open standards.
“What you need if you really want to solve vendor lock-in is to be free to say I want tomorrow to change some of the components of my system,” Comparin points out. “So you need to make sure that your system is truly modular, with an open standard interface so that you can unplug some component and plug in others, or make your system grow.”
Identity industry technology and service providers adapt the code to the country, and then carry out implementation, setting up servers and connections. Then comes the important task of providing support and maintenance for handling the population’s sensitive data.
For governments, the process may not change substantially, but result in a major leap forward in interoperability.
“Governments may be suspicious, and I can understand that, after decades of vendor lock-in,” Comparin admits. The capacity among government stakeholders, however, has been evolving as well.
“We can see the market is changing, and the people in charge in Africa are changing,” de Labriolle observes. “They want to have their sovereignty; they want to decide.”
Comparin invites companies to join the SIA and the OSIA initiative, saying that it is a unique opportunity, and de Labriolle notes that the process of co-creating the standards is still ongoing and open to new participants.
Ultimately, both de Labriolle and Sen say that OSIP and MOSIP are not competing initiatives, and could both be implemented in the same system. Following the back-to-back presentations, ID4Africa Executive Director Dr. Joseph Atick stressed the movement’s technological neutrality.
“We don’t see them as competing, we see them as alternatives,” he noted.
They may be complimentary, but whether either or both will ultimately solve the problem of vendor lock-in remains to be seen.
Africa | biometrics | digital identity | Gates Foundation | Gemalto | ID4Africa | IDEMIA | identity management | IN Groupe | Laxton Group | Modular Open Source Identity Platform | Omidyar Network | Open Standards Identity API | Secure Identity Alliance | standards | vendor lock-in | Veridos