Auto linking

Linking multiple identifiers to develop “federated digital identities”

Govt. wants to optimize the number of digital identities a citizen must have

The government has invited stakeholders to comment on a proposal to establish “federated digital identities” to optimize the number of digital identities a citizen should have, by linking various consumer credentials into a single identifier unique for digital transactions such as authentication and eKYC services.

The proposal is part of the Ministry of Electronics and Computing’s India Enterprise Architecture 2.0 (IndEA 2.0) framework which aims to enable governments and private sector companies to design IT architectures that can extend beyond organizational boundaries for the provision of integrated services.

“As various government platforms in all fields are being digitized, there is a trend to create more IDs, each with their own ID card, identity management and efforts to make it unique, etc.”, the ministry said in the draft, on which stakeholder comments were invited until Feb. 27.

“To have a multitude [of] Credentials, especially for interacting with the government, make it harder for the common man for whom they are created! Especially given the diversity of education, awareness and ability, it also has the potential to create more scenarios of exclusion,” he said, adding that if the intention of the state is to care for the vulnerable and poor, systems must always be designed to give people agency and choice.

At the same time, the architecture must allow people to participate and easily and easily access their documents, data and rights, he said.

Noting that Digital Identity is fundamental to enabling the citizen to answer the first question asked during any interaction with a public or private organization — “who am I”, he pointed out that Aadhaar seems to have answered this question at the population level with respect to all publicly funded schemes. However, departments and states are required to create multiple identities for the same citizen acting in different capacities such as student, teacher, farmer, landowner, contractor, bank customer, driver, vehicle owner, retiree, etc

“InDEA 2.0 offers a model of federated digital identities that aims to optimize the number of digital identities a citizen needs. The model empowers the citizen by giving her control over these identities and giving her the ability to choose which to use for what purpose. It gives agency to citizens and protects privacy by design. The same logic applies to entities. And the model is generic enough to also establish an identity ecosystem for entities,” he said.

He explained that electronic registers can be linked via identifiers to allow easy and paperless onboarding of citizens and also avoid repeated needs for data verification. For example, when a beneficiary is registered in the PDS program, this record will be linked to Aadhaar by the PDS system storing the Aadhaar number (or a tokenized version of it). Similarly, when someone gets a PAN, that record is linked to Aadhaar where the Aadhaar number becomes the Link ID. Then, when that person gets a mutual fund account, the PAN number, in turn, is linked to the mutual fund record.

“Possibility to reuse an existing register [under appropriate policy/law] of pre-verified attributes is essential to eliminate this repeated verification process which is costly, error-prone and above all inconvenient for citizens,” he said.

He said that when a registry allows users to use “existing IDs from other registries” to be used as an authentication mechanism, it not only creates a set of “automatically verified/attested” fields in the new registry (the registry provider does not have to re-verify these fields again), but also allows users to reuse and leverage commonly used credentials. “This fundamental design pattern is what allowed Aadhaar to become a ‘building block’ for other systems allowing banks to open accounts with eKYC. [attested common fields coming from Aadhaar in digitally signed manner] and allow transactions with authentication,” he said.