Will Open APIs break digital ID vendor lock-in, usher in new opportunity? ID4Africa community debates
The great potential for national ID systems with Open APIs to improve digital economies while enhancing equality and security was pitched at the latest webinar in ID4Africa’s Livecast online event. By making technology from different biometrics and digital ID vendors interoperable, major legacy problems could be solved, according to representatives from several industries.
‘Open APIs as a Pathway to Identity and Sectoral System Development’ is the eleventh webinar from the organization since the Livecasts began in 2020, and the second in a two-part series. The first part, on open-source software and digital public goods, was held in December.
Vendor lock-in was identified as a top obstacle in ID4Africa’s 2018 survey, and “led to a chilling effect,” observed host Dr. Joseph Atick, ID4Africa’s executive chairman. Decision-makers became hesitant to implement solutions for fear of being locked in. This is commonplace in sectors relying on identity interoperability, he says. Open APIs are one of the methods of addressing this kind of problem that has gained significant traction to the point where it is referred to by some in IT as ‘the API revolution.’
The method involves discrete, autonomous microservices connected from different domains over cloud, and used to build specific solutions. It is the opposite of traditional monolithic solutions that have dominated in Africa and elsewhere, and lowers barriers to entry, fosters collaboration, and enables the use of modules that can be replaced. Regulation and transparent procurement practices are needed to encourage the ecosystem, however.
ID4Africa does not endorse any particular API framework, but does encourage open API architecture with appropriate standards beyond data formats and hardware interfaces, Atick noted at the Livecast’s beginning.
The online event began with a discussion by panelists Aliyu Aziz of Nigeria, Mory Camara of Guinea, and Bali Andriantseheno of Madagascar on their countries’ experiences with open APIs and their current pain points. The government of each country is currently being supported in digital ID initiatives by the World Bank.
Nigeria is furthest along, with 46 million people currently registered for NINs, and a plan to surpass 100 million registrations through collaboration with telecom operators. Guinea is preparing for large-scale enrollment, and Madagascar is in the process of harmonizing two databases and scaling its registration.
There were commonalities among their challenges, with scaling, integration of systems and cybersecurity mentioned.
Kunal Jhanji from Boston Consulting Group presented the API economy, had how it has been used by tech giants and others to enable new opportunities. The API economy, he says, forms the solid technical foundation for new digital ecosystems, enabling opportunities to improve equality, financial inclusion and security.
Ian Turkington of TM Forum spoke about the use of APIs in the telecom sector, saying the organization has observed more than 4 thousand downloads of open APIs by African telecoms in past 12 months.
Herve Robache of STET spoke about open APIs in the financial sector. He notes that the new EU framework for financial services based on PSD2, GDPR and eIDAS has allowed banks to move to APIs from a much less secure previous online transaction method based on screen-scraping. The APIs allow authentication, authorization and consent management to be embedded within applications.
Advice to African identity authorities from the three sectorial presentations is to set a strong foundation for other stakeholder, to focus on collaboration, and to move ahead as soon as possible with the vital task of identity provision.
OSIA plans version 6 release for mid-year
Next, Doborah Comparin of SIA delivered a presentation on OSIA. Comparin explained the Open AI identity initiative to Biometric Update in a 2019 interview. The initiative aims to make identity agnostic and interoperable through Open APIs (as is being done in the telco and banking space).
The group operates on the guiding principles: of sovereignty of choice, technology neutrality, privacy by design, and while it started with a foundational management system, OSIA has introduced a new ID usage and sectoral project area.
This new PSIA component area provides ID verification and digital documents management, and makes ID attributes securely available to citizens and third parties.
During 2021, OSIA plans a version 5.1.0 release in February, to carry out a demonstration of its progress in May, and release a new version 6 in July. A certification program will also be publicly announced by the end of the year, perhaps in October.
Comparin described two demos. In one on credential issuance, interoperability between technologies from biometrics vendors including Coppernic, Laxton, INGroup, Idemia is shown. In a second demo, enrollment and verification by third parties Thales and other vendors, with cross-border interoperability working by the same method as internal interoperability.
Community discussion emphasizes collaboration
Asked about why Nigeria chose to work with OSIA, Aziz said Nigeria had already decided plug and play was needed, so OSIA was “preaching to the converted.” Camara answered that Guinea needed to be part of the conversation to make an informed decision on its direction, and Andriantseheno talked about Madagascar’s emphasis on taking a standardized, normative market approach.
Stakeholder discussion focused significantly on collaboration, with discussion about how to engage with other stakeholders to carry it out. Nigeria, Madagascar and Guinea each has some sort of steering committee in place to help with coordination.
In the Community Voices segment, comments and questions from Nigeria, Namibia, Djibouti, Burundi, and the RDC, as well as the AU and GSMA brought up risks to digital ID data, impact on continental free trade, specific API protocols, and how interoperability works between countries that have limited or no internal interoperability. Possibilities for collaboration were also identified.
Comparin notes that OSIA is bringing in universities to help evaluate security from independent perspective, and issued an invitation to MOSIP and OpenSRVS, vendors and governments to join OSIA.