· 5 min read

Open Standards and Open-Source Software

Francis Tuffy
Francis Tuffy · Editor
Open Standards and Open-Source Software

Yiannis Theodorou, Head of Digital ID at the Tony Blair Institute for Global Change and Debora Comparin, Standardisation Expert at Thales and Chair of OSIA Initiative, SIA, warn of the pitfalls in creating closed and non-interoperable systems in this adaptation of their article ‘Modernising Digital-ID Systems: What Open Standards and Open-Source Software Really Mean’ 1.

Today’s identity market is an environment of siloed foundational and functional ID systems, partly built on proprietary technologies. But, as the market matures, new tech solutions are redefining the landscape. Mobile-ID solutions, sophisticated biometrics, cloud computing, distributed ledgers and other technologies have made it possible to develop integrated national ID ecosystems that are efficient, cost-effective and secure, without necessarily involving centralised databases.

But the ability of many countries to take advantage of these new technologies by switching suppliers is severely hampered by the complexity of existing systems or contractual arrangements.

For example, if a newly procured digital-ID provider must deal with encrypted biometric templates in an existing database, it would need to access the raw biometric images captured and stored by the previous provider’s systems. If the unencrypted raw images are not available or reliable, the government will likely be forced to re-register the entire population.

Vendor lock-in constrains development because any change is subject to considerable costs and the risk of operational failures. At the same time, to benefit from the latest technologies, governments need to update, adapt and upgrade their legacy systems while having the freedom to choose the most appropriate solutions to meet their needs.

Two main approaches have emerged that offer governments the flexibility and freedom they need: open standards 2 and open-source software (OSS) 3.

Open standards

As the World Bank puts it 4: ‘Government-service providers of social protection, health care, education and financial services could work seamlessly with a digital-ID system using the authentication services of a core OSS solution if it were built on open standards.’ Similarly, by choosing hardware such as biometric scanners and smartcard readers based on open standards, governments could easily achieve interoperability among departments, both nationally but also across borders at regional or global levels.

Furthermore, by choosing to replace specific legacy devices or selecting suppliers with ones that comply with the same standards, governments can increase market competitiveness.

There are several open standards driving developments in the digital-ID space, including: OpenID for Verifiable Credential Issuance, FIDO2 and OSIA 5.

In Nigeria, OSIA has enabled interoperability between the National Identity Registry and the Mobile ID Ecosystem, which are deployed by different providers – one of which is local. Common Identity, an African software company and OSIA member, has developed Nigeria’s Identity Management Commission’s (NIMC) Mobile ID Ecosystem, allowing citizens to have their unique identity verified against the country’s registry almost instantly and securely via an OSIA interface. Launched in December 2020, the NIMC app has been downloaded 3.3 million times in 90 days.

Open-Source Software

Open-source approaches to digital ID include OpenCRVS (proof of concept in Zambia), Modular Open Source Identification Platform 6 (MOSIP, adopted in Morocco and the Philippines), and OpenWallet Foundation (which aims to launch early this year).

In Morocco, MOSIP allows the Moroccan government to own the source code of the solution as well as adapt or evolve it over time, independently of vendors. The new digital ID and National Population Registry (NPR) will underpin efforts to reform the social safety-net system and to introduce presence-less, paper-less and cash-less transactions. The NPR leverages MOSIP as its core technology solution and will provide a foundational platform upon which to accelerate inclusive growth of the digital economy.

Collaboration is key

Open standards and OSS are collaborative tools underpinned by strong communities that add value to governments looking to build or upgrade their digital-ID ecosystems.

The two approaches are not mutually exclusive and, if properly procured, have the potential to thrive when coupled. While OSS offers governments the ability to own and modify the source code of their solution and pull resources from the community behind the code, open standards ensure interoperability and a certain level of product quality thanks to certification that is normally linked to the standard’s deployment.

While the implementation of OSS solutions based on open standards is a key recommendation of the European Commission, many low and middle-income countries (particularly across Africa) still have a long way to go before harnessing this potential.

Despite the benefits of an OSS solution, it is not a ready-to-use application because it must be customised to meet each country’s needs and be maintained, which requires dedicated expertise. Countries lacking local expertise may need to contract a specialised service provider or systems integrator to maintain the system, leading indirectly to vendor lock-in issues.

To mitigate such dependencies, governments may specifically require their suppliers to train local staff as part of their procurement contracts, while nurturing local expertise by partnering with academic institutions to offer dedicated courses.

Caution on two fronts

Since digital-ID systems are complex infrastructures, governments come to depend on their technology partners, often in a multi-provider environment. In this context, the OSS and open-standards communities offer governments the flexibility and freedom required to implement and manage their infrastructure without the dependencies that leave them vulnerable.

However, caution is needed on two fronts.

First, for OSS solutions to be compatible and therefore based on open standards, the recommended standard should be reflective of the proposed definition of ‘open’, specifically that any patents associated with the specification must be available under royalty-free terms. 

Second, although initially dependent on system integrators, governments should consider putting in place local training to mitigate the capacity risks of OSS solutions.

By considering these two recommendations, governments are more likely to futureproof their digital-ID systems in the most efficient manner.


1 - https://institute.global/policy/modernising-digital-id-systems-what-open-standards-and-open-source-software-really-mean 

2 - Open standards provide requirements, specifications, guidelines or characteristics that can be used consistently to ensure that materials, products, processes and services are fit for their purpose.

3 - Open-source software (OSS) is software with source code that anyone can inspect, modify and enhance.

4 - https://documents1.worldbank.org/curated/en/672901582561140400/pdf/Open-Source-for-Global-Public-Goods.pdf 

5 - https://secureidentityalliance.org/osia 

6 - https://www.mosip.io/ 

Subscriber content

Read the full article

Full access to ID & Secure Document News articles, newsletters and archives.

Sign Up to ID & Secure Document News Weekly

Receive regular updates on the latest news and articles posted on our website.

Verity

Verity

AI search assistant

Ask me anything from the ID & Secure Document News archives.

free questions remaining