Implementing a Digital Central identity system as a national identity provider ensures a unique, reliable and accurate identity while protecting personal data.
In order to provide individualized and secure online services, public administrations need to identify, locate and authenticate their Internet visitors, while securing the communication channel and ensuring non-repudiation of electronic acts.
Fragmented Identification Channel: Unique to Each One
Traditionally, each administration creates and maintains its own functional digital identification system with the biographic, demographic, biometric, and cognitive data of its potential users. However, these individual initiatives are loaded with consequences for the administrations that adopt them: The investment in reliable and secure enrolment, storage, credentialing, encryption, and authentication technologies is significant and the implementation and operation of these solutions require skilled and qualified personnel. In addition, a nationwide presence close to potential users through a network of agencies is necessary to avoid excluding a significant portion of the population. In such redundant and fragmented configurations, users would have as many access codes as there are online public services, which, on top of being complex for the uninitiated, could compromise the security of personal data.
The Importance of Collaborating and Pooling Efforts
Nevertheless, outsourcing identification, location, and authentication services of Internet users to a trusted third-party identity provider has long been done on the Internet and is called third-party authentication. It uses a trusted external identity provider to validate the user's credentials before granting access to one or more services. The authentication process returns credentials, such as a username and privileged group membership, which are used to grant or deny the requested access.
From Basic to Functional
Thus, the implementation of a Central Digital Identity System as a national identity provider guarantees a reliable, unique, secure, and accurate identity, and through interoperability, unloads different public services. Centralized investment guarantees universal access without discrimination while protecting personal data. For optimal reliability, a NDIS could be based on the legal data of the National Civil Registry (NCR), the National Biometric Registry (NBR), and the National Population Registry (NPR) in order to become a fundamental national identity system.
Another possible and equally interesting topology is the construction of a distributed and decentralized identity system where each administration maintains its own functional identity system while becoming both a client and a trusted external identity provider for other administrations. This way, a citizen could reuse the same access codes, for example, to apply for a driver's license on the Ministry of Transport's portal, to declare his taxes on the Ministry of Finance's portal, or to subscribe to water and electricity. It represents mutual trust and recognition between members of the public sector and even a possible gateway to the private sector.
Blockchain: A Revolution in Identification?
Blockchain could be an additional technological brick to complete the functionalities of existing systems and guarantee the integrity and security of data, especially in terms of storage. The services provided by this new technology constitute a distributed solution that facilitates and improves the identity verification procedure by the user or by a legal entity when accessing services or providing digital evidence for any purpose. So, does the concept of Self-Sovereign Identity (SSI) put the individual and his personal data at the center of any experience, by allowing him to manage the elements that make up his identity and control access to his digitized identification information?
The truth is, the choice of the typology and underlying technology for a reliable, inclusive, robust, secure, flexible, sustainable national digital identity that protects the privacy and rights of users cannot be improvised nor exported from one country to another. It is the result of in-depth studies of the national identification sector, the legal framework, and the technical environment. It also requires knowledge and mastery of best practices in the field. It can be the object of public-private financing and win-win partnerships.
Written by Karim Bensaid, IT Consultant and Architect, Sofrecom and Philippe Tardieu, e-gov Manager, Sofrecom