STACK-X Webinar — National Digital Identity Stack: Introduction to NDI
The following article was adapted from a STACK-X Webinar conducted by the National Digital Identity Team at GovTech.
Digital Identity Today
A Digital Identity typically serves as a set of “digital credentials” for a person, facilitating secure and convenient online transactions between the individual and businesses or governments.
It is sometimes seen as a relatively new concept that has recently gained significant attention. But you may be surprised to learn that governments have been trying to implement national digital identities since the 90s!
Why is Singapore interested in Digital Identity?
You would, of course, know that we have developed and continue to work on our own National Digital Identity (NDI). So what’s in it for us?
Over the past 55 years, Singapore has built up its economy on the principles of being an open, trusted and interconnected global hub. This necessitated the development of world-class infrastructure to facilitate the movement of money, people and goods. This involved building roads, airports, and financial institutions. It also required the creation of clear, fair regulatory frameworks to facilitate cross-border trust.
Translating this into the current digital age, we have to start thinking about digital infrastructure. What are the new digital infrastructures that we need to build up to facilitate the open and secure flow of data between systems, institutions and nations? These are important concerns for Singapore, which is why NDI has been deemed a Strategic National Project.
You can see some of these concerns reflected in the key goals of NDI from the diagram below:
So, what does the NDI digital infrastructure that we’re building look like?
The pyramid above illustrates our Singapore NDI stack. Let’s go through these layers one-by-one.
Trusted Data
At the foundational layer, we believe it’s necessary to have a trusted data ecosystem. Several years ago, we launched a data platform called MyInfo, which brings together data from across a range of government agencies. MyInfo ensures that users do not have to repeatedly provide the same information or documents to multiple government agencies whenever they need to transact with the government or even private sector services. Data sharing is, of course, based on explicit user consent.
MyInfo has been very well-received by citizens and businesses. In particular, many businesses now have access to authoritative data sources, which allows them to provide fully digital services that enhance customer experiences.
Some key results that businesses reported were:
- 15% increase in customer approval
- 80% reduction in transaction time
- Increase in customer conversion rates
- Significant reduction in business costs
In fact, as an interesting case study, 5 global banks that require the least number of clicks to open a bank account all use MyInfo!
Trusted Identity
One of the most important things a consent-driven data ecosystem needs is an identity scheme with very high identity assurance. We do this by leveraging Singapore’s foundational identity scheme, which involves the use of physical identity cards — issued to all citizens at birth — as well as biometrics. Our digital identity builds on this foundational identity and our biometrics-as-a-service platform similarly utilises this biometric data.
Our digital identity operates on a largely centralised model (issued by the government), but we’re continuing to explore complementary decentralised distribution models, as we believe that this will be necessary for interoperability between different national digital identities in the future.
Trusted Access
Another crucial element of a good data ecosystem is high authentication assurance. This is why we provide multi-form factor authentication services to both the public and private sectors. Some of the form factors we’ve introduced include SingPass Mobile (which we hope you’re quite familiar with by now), a cryptographic soft token mobile identity. More recently, we have also rolled out face verification services.
While authentication still takes place via a single, government-owned authentication mode, we intend to extend this out to a federated model in the future — one where users will be able to verify their identities in-app or in-site, for example.
Trusted Services
The final layer of our NDI stack is the trusted services stack. This involves providing API products for our public agencies and private sector businesses so that they can easily onboard and integrate our platform into their own services. Here are six of these API products:
MyInfo — Provides access to individual and corporate data during onboarding and customer acquisition.
- To date, close to 600 digital services offered by government agencies and businesses have been on-boarded to MyInfo. This service sees more than 200,000 transactions a day.
Login — Allows relying parties to use us as their authentication service provider.
- Login was launched in July 2019 and went into general release in early 2020.
- To date, there are 40 private sector organisations leveraging Login as an authentication gateway, including OCBC Bank, Prudential, NTUC Union, Income Insurance, the Singapore Employers’ Federation and JustLogin’s HR software.
Verify — Enables users to perform secure face-to-face identity verification and data transfer through scanning of QR codes or Near-Field Communication (NFC).
- Currently in a general release phase.
- This feature is being piloted at Republic Plaza for visitor registration and Punggol Polyclinic for new patient registration, without the need for residents to present their identity documents.
Authorise — Allows businesses to obtain authorisation from customers remotely.
- For example: insurance providers can leverage Authorise to send a remote authorisation request through SingPass Mobile to customers, where they can sign and authorise the renewal of their policy remotely. This product is still in the works.
Sign — Enables users to digitally sign documents using their SingPass Mobile app by scanning the QR code displayed on the screen before authenticating themselves. This digital signature is identifiable and uniquely linked to the signer. Digital signatures made with “Sign with SingPass” use certificates issued by ATS, the National Certification Authority. Upon ATS’ accreditation under Singapore’s Electronic Transactions Act, signatures made using “Sign with SingPass” will be regarded as secure electronic signatures.
- Pilot will be launched at the end of the year.
Identiface — Allows relying parties to use our Face Verification as a Service without the need to build their own facial recognition system.
- Removes the need for businesses to enrol customers or collect and store biometric data on their own.
- Piloted for logins to government digital services at agencies’ kiosks located at IRAS Taxpayer and Business Service Centre and Our Tampines Hub’s Public Service Centre, CPFB’s Bishan Service Centre.
The Journey Ahead
The initial success we’ve had with the adoption of our NDI platform has been encouraging. Not only have numerous businesses integrated NDI services, but citizens have also responded well to NDI.
More than 50% of Singapore residents have adopted our mobile digital identity, SingPass Mobile, which was first issued in October 2018. Today, the app has over 2.1million users. Our COVID-19 national check-in system, SafeEntry, is an extension of our digital identity platform, and it allows over 2 million users to check in to over 200,000 venues daily. We were able to launch this system nationwide within only a few weeks thanks to our existing digital identity infrastructure.
However, we know that the work is only just beginning, and that NDI has much more as-of-yet unrealised potential. So, we’re going to be focusing on scaling our services in multiple areas, such as data connectivity, the adoption of relying services, and creating more use cases.
If you’re a potential partner who’s keen to integrate NDI into your services, products or platform, you can visit the GovTech Developer Portal for more information. The portal contains simple onboarding instructions, APIs and technical documentation, as well as quick access to development sandboxes.
Please click here to read our article on our NDI tech stack.
For more information on other government developed products, please visit developer.tech.gov.sg.
By GovTech’s NDI Team (Kwok Quek Sin, Senior Director) and Technology Management Office (Michael Tan)
