目录

Preface（前言）

Executive summary（执行摘要）

1 Introduction（介绍/序言）

1.1 Principles on Identification（识别原则）

1.2 Need for a Foundational ID（需要基础ID）

1.3 Fostering Efficient And Effective Service Delivery（促进高效和有效的服务提供）

2 Technology strategy（技术战略）

2.1 Foundational ID as a Modular Open Source Platform （作为模块化开源平台的基础ID）

3 Design principles（设计原则）

3.1 Maturity（成熟）

3.2 Performance（性能）

3.3 Scalability（可扩展性）

3.4 Security（安全）

3.5 Affordability（可承受性;支付能力）

3.6 Evolvability（可发展性）

3.7 Open Standards, Open Source（开放标准、开源代码）

3.8 Modular（模块化）

3.9 Privacy by Design（隐私设计）

3.10 Population-Scale Design（人口规模设计）

3.11 Minimalistic and Evolutionary Approach（简约和进化的方法）

3.12 Configurability and Customizability（可配置性和可定制性）

4 Functional Architecture（功能架构）

4.1 ID Issuance（身份证发放）

4.2 Identity Lifecycle Management（身份生命周期管理）

4.3 Identity Applications（身份应用程序）

4.4 Resident-controlled Applications（常驻控制应用程序）

4.5 External System Integrations（外部系统集成）

5 Governance（治理）

5.1 Libre（免费的）

5.2 Community（社区）

5.3 MOSIP Executive Committee（MOSIP执行委员会）

5.4 MOSIP Technology Committee（MOSIP技术委员会）

5.5 International Advisory Group（国际咨询小组）

6 Conclusion（总结）

原文下载：MOSIP Blue Book

---

Preface（前言）

        At IIITB, one of our focus areas is the social role of Information Technology. As part of our efforts in promoting open source applications for societal development, we are undertaking a global effort to create a Modular Open Source Identification Platform (MOSIP) as a public good.

        在IIITB，我们的重点领域之一是信息技术的社会作用。作为我们促进开源应用程序促进社会发展的努力的一部分，我们正在全球范围内努力创建一个模块化开源识别平台（MOSIP）作为一种公共产品。

        Built on the principles of scalability, security and privacy, MOSIP hopes to help countries implement a foundational digital identification system in a cost-effective manner. The modular architecture provides governments flexibility in how they implement their foundational identification systems.

        基于可扩展性、安全性和隐私性的原则，MOSIP希望帮助各国以具有成本效益的方式实施基础数字识别系统。模块化架构为政府提供了实施基础身份识别系统的灵活性。

        We have witnessed in India, Peru, Estonia, Pakistan, and elsewhere that robust identification systems with universal coverage can be transformational. Digital forms of identification provide a potentially transformative solution to this global challenge by offering countries the ability to leapfrog paper-based systems and establish a robust identification infrastructure. This paradigm shifts in the way social safety programs are run. Digital Identification systems have facilitated financial inclusion to the poorest of the poor, empowered access to basic healthcare, education, and social entitlements. It has increased accountability and has driven innovation in service delivery.

        我们在印度、秘鲁、爱沙尼亚、巴基斯坦和其他地方看到，具有普遍覆盖的强大身份识别系统可以实现变革。数字身份识别形式为各国提供了超越纸质系统和建立强大身份识别基础设施的能力，为应对这一全球挑战提供了一个潜在的变革性解决方案。这种模式改变了社会安全项目的运行方式。数字身份识别系统促进了穷人中最贫穷者的金融包容性，使他们能够获得基本的医疗保健、教育和社会福利。它加强了问责制，并推动了服务提供方面的创新。

        This Bluebook is our effort to document the principles, architecture, and governance of MOSIP.

        这本蓝皮书是我们为记录MOSIP的原则、架构和治理所做的努力。

Executive summary（执行摘要）

UN’s Sustainable Development Goals: “Promote peaceful and inclusive societies for sustainable development, provide access to justice for all and build effective, accountable and inclusive institutions at all levels.” - Goal 16 “By 2030, provide legal identity for all, including birth registration” - Target 16.9 联合国可持续发展目标： “促进和平与包容的社会，促进可持续发展，为所有人提供诉诸司法的机会，并在各级建立有效、负责和包容的机构。”-目标16 “到2030年，为所有人提供合法身份，包括出生登记”-目标16.9

        A foundational ID system is one in which individuals receive a unique identifier from the government that is used for identity assertion and verification for various purposes. A Modular Open Source Identity Platform (MOSIP) will help in building a foundational ID system that upholds the principles of inclusion, robustness, privacy, and trust.

        基础身份证系统是指个人从政府获得唯一标识符，用于各种目的的身份断言和验证。模块化开源身份识别平台（MOSIP）将有助于建立一个基本的身份识别系统，维护包容性、稳健性、隐私性和信任性原则。

        Countries could leverage MOSIP as a public good to build their respective foundational ID systems and provide universal coverage. A clear definition of the strategy, principles, and governance for the design and development of MOSIP software will provide the right solution for a country that intends to adopt a multipurpose foundational ID system. Some of the factors that drive the technology choice for MOSIP are maturity, performance, scalability, security, affordability, and evolvability.

        各国可以利用MOSIP作为一种公共产品，建立各自的基础身份证系统，并提供普遍覆盖。MOSIP软件设计和开发的战略、原则和治理的明确定义将为一个打算采用多用途基础ID系统的国家提供正确的解决方案。推动MOSIP技术选择的一些因素包括成熟度、性能、可扩展性、安全性、可负担性和可进化性。

        MOSIP will be freely available to countries, so that they can configure and customise the platform for their individual requirement and context. Use of open standards and open source ensures that MOSIP is agnostic to specific applications, programming languages and platforms. The modular architecture provides governments flexibility in how they implement their foundation ID system.

        MOSIP将免费提供给各国，以便它们可以根据自己的需求和环境配置和定制平台。开放标准和开源的使用确保了MOSIP对特定的应用程序、编程语言和平台是不可知的。模块化体系结构为政府实施基础ID系统提供了灵活性。

1 Introduction（介绍/序言）

        A country’s identification (ID) system is the backbone for delivery of public and private services. Many nations have begun to implement digital ID systems to improve the efficiency and effectiveness of public services. In many cases, these systems are designed with a particular use case in mind (for example voting, driving permit, accessing social security benefits, and so on); such ID systems are known as Functional ID systems. Increasingly, however, governments are exploring the development of multipurpose foundational ID systems. In a foundational ID system, individuals receive a unique identifier from the government that is used for identity assertion and verification. The foundational ID can be leveraged to provide a wide variety of government and private functions.

        一个国家的身份识别系统是提供公共和私人服务的骨干。许多国家已经开始实施数字身份证系统，以提高公共服务的效率和有效性。在许多情况下，这些系统的设计考虑到了特定的用例（例如投票、驾驶许可、获得社会保障福利等）；这样的ID系统被称为功能ID系统。然而，各国政府越来越多地探索开发多用途的基础身份证系统。在基本的身份证系统中，个人从政府获得一个唯一的标识符，用于身份断言和验证。基础ID可以用来提供各种各样的政府和私人职能。

        As countries consider how best to build foundational ID systems, they face several policy and technological choices. Once these choices are made, implementers often grapple with implementation challenges.

        当各国考虑如何最好地建立基础身份证系统时，它们面临着几个政策和技术选择。一旦做出了这些选择，实施者往往会努力应对实施方面的挑战。

        While some of these choices and challenges will necessarily differ across contexts, there are some common ones faced by all countries. These include ensuring uniqueness in the system, interoperability, privacy by design, reaching scale, avoiding vendor lock-in, maintaining affordability, and so on.

        虽然这些选择和挑战中的一些必然因环境而异，但所有国家都面临着一些共同的选择和挑战。其中包括确保系统的独特性、互操作性、设计的隐私性、达到规模、避免供应商锁定、保持可负担性等等。

        The International Institute of Information Technology, Bangalore (IIIT-B), a world-renowned technology university, is undertaking a global effort to create a Modular Open Source Identity Platform (MOSIP) as a public good. MOSIP will augment governments’ capacity to address some of these common challenges. MOSIP will be configurable and customizable, enabling countries to make choices based on specific requirements for their foundational ID system. This effort is being funded by Indian and international philanthropic organizations.

        班加罗尔国际信息技术学院（IIIT-B）是一所世界知名的科技大学，正在全球范围内努力创建一个模块化开源身份平台（MOSIP）作为一种公共产品。MOSIP将增强各国政府应对其中一些共同挑战的能力。MOSIP将是可配置和可定制的，使各国能够根据其基本身份证系统的具体要求做出选择。这项工作得到了印度和国际慈善组织的资助。

Figure 1 - What does it take to build a robust foundational ID the benefits every resident of the country?

1.1 Principles on Identification（识别原则）

        Any modern identification system needs to adhere to globally accepted principles in order to be inclusive, empowering and innovative. While many such principles have been proposed, two in particular have received traction from several reputed organizations. These include the principles on identification for sustainable development as well as the United Nations High Commissioner for Refugees (UNHCR) standards for identity management of refugees. Several United Nations and international organizations, donors and private sector actors have endorsed these principles, which are listed below:

        任何现代身份识别系统都需要遵守全球公认的原则，才能具有包容性、赋权性和创新性。虽然已经提出了许多这样的原则，但有两项原则尤其受到了一些知名组织的支持。其中包括可持续发展的身份识别原则以及联合国难民事务高级专员办事处（难民专员办事处）的难民身份管理标准。一些联合国和国际组织、捐助者和私营部门行动者赞同这些原则，这些原则如下：

• Inclusion: Universal Coverage and accessibility（包容性：普遍覆盖和无障碍）

  • Ensuring universal coverage for individuals from birth to death, free from discrimination（确保个人从出生到死亡的普遍覆盖，不受歧视）

  • Removing barriers to access and usage and disparities in the availability of information and technology（消除获取和使用方面的障碍以及信息和技术可获得性方面的差异）

• Design: Robust, Secure, Response and Sustainable（设计：稳健、安全、响应和可持续）

  • Establishing a robust-unique, secure and accurate-identity（建立一个稳健、唯一、安全和准确的身份）

  • Creating a platform that is interoperable and responsive to the needs of various users（建立一个稳健、唯一、安全和准确的身份）

  • Using open standards and ensuring vendor and technology neutrality（使用开放标准并确保供应商和技术的中立性）

  • Protecting user privacy and control through system design（通过系统设计保护用户隐私和控制）

  • Planning for financial and operational sustainability without compromising accessibility（在不影响可达性的情况下规划财务和运营的可持续性）

• Governance: Building Trust by Protecting Privacy and User Right（治理：通过保护隐私和用户权利建立信任）

  • Safeguarding data privacy, security and user rights through a comprehensive legal and regulatory framework（通过全面的法律和监管框架保护数据隐私、安全和用户权利）

  • Establishing clear institutional mandates and accountability（建立明确的机构授权和问责制）

  • Enforcing legal and trust framework though independent oversight and adjudication grievances（通过独立监督和裁决申诉来执行法律和信任框架）

1.2 Need for a Foundational ID（需要基础ID）

        A foundational ID is based on a minimal set of attributes, such as name, gender, date of birth, and biometrics, that can be used to distinguish between individuals. Biometrics have been used in some countries that do not have an effective civil registry. A foundational ID should include all the residents of a country, irrespective of citizenship, gender, ethnicity, age or religion. Moreover, foundational IDs should be agnostic of specific applications, such as food ration systems, although these IDs might ultimately be used for such services too. Ultimately, a foundational ID is not meant to provide any rights or entitlements; it should simply assist individuals to assert their unique identities, and enable service providers to verify the same.

        基本ID基于一组最小的属性，如姓名、性别、出生日期和生物特征，这些属性可用于区分个人。生物识别技术已在一些没有有效民事登记的国家使用。基本身份证应包括一个国家的所有居民，不分公民身份、性别、种族、年龄或宗教。此外，基本ID应该不受特定应用程序的限制，例如口粮系统，尽管这些ID最终也可能用于此类服务。归根结底，基本身份证并不意味着提供任何权利或权益；它应该简单地帮助个人维护他们的唯一身份，并使服务提供商能够验证相同的身份。

        While making policy and technological choices, countries need to align to the ‘ Data Minimization ’ principle. This principle states that the identity provider should collect only the bare minimum data required to ensure universal coverage, avoid exclusion, and establish the uniqueness of each individual. It also implies that it should not collect different information from different people.

        在做出政策和技术选择时，各国需要遵循“数据最小化”原则。这一原则规定，身份提供者应只收集所需的最低限度的数据，以确保普遍覆盖，避免被排除在外，并确定每个人的唯一性。这也意味着它不应该从不同的人那里收集不同的信息。

        Moreover, standardization of name, address, and so on are essential to create a common, electronically verifiable foundational identity for all. It is also critical that these choices maintain the spirit of universal coverage and do not end up excluding sections of people.

        此外，姓名、地址等的标准化对于为所有人创建一个通用的、可电子验证的基本身份至关重要。同样重要的是，这些选择要保持全民覆盖的精神，不要最终将部分人排除在外。

        Government departments can leverage a foundational ID system to issue purpose-specific functional IDs. They may build on the foundational ID to identify an individual entitled to a particular service. For example, healthcare, insurance, and subsidized goods. Additionally, process flows for citizen-centric applications, such as opening a bank account, issuing telecom SIM card, and so on, be harmonized. Such an approach significantly enhances the strength of the ID infrastructure in a country, drastically reduces cost for ID management and lends itself to good governance.

        政府部门可以利用基础身份证系统发布特定用途的功能身份证。他们可以建立在基本ID的基础上，以识别有权获得特定服务的个人。例如，医疗保健、保险和补贴商品。此外，以公民为中心的应用程序（如开立银行账户、发行电信SIM卡等）的流程将得到协调。这种方法大大增强了一个国家身份证基础设施的实力，大幅降低了身份证管理成本，并有助于良好治理。

Figure 3 - Foundational ID and Functional ID

1.3 Fostering Efficient And Effective Service Delivery（促进高效和有效的服务提供）

        A robust, scalable and inclusive foundational ID system is transformational for the management of social benefits, financial inclusion, education, healthcare and other critical people-centric services. It is part of a digital infrastructure to efficiently and effectively deliver public and private sector services and social welfare programs.

        一个强大、可扩展和包容性的基础ID系统对于社会福利、金融包容性、教育、医疗保健和其他以人为中心的关键服务的管理具有变革性意义。它是数字基础设施的一部分，可以高效、有效地提供公共和私营部门的服务以及社会福利计划。

        For any agency, delivering a service to people, verifying identity and establishing service entitlement of the beneficiary is necessary. In the absence of a central robust foundational ID system, service agencies follow their own processes for creating functional IDs. This approach creates several challenges in service delivery:

        对于任何机构来说，向人们提供服务、核实受益人的身份并确定其服务权利都是必要的。在缺乏中央健全的基础ID系统的情况下，服务机构会遵循自己的流程来创建功能ID。这种方法在服务提供方面带来了一些挑战：

• Multiple identities for the same person, resulting in leakages（同一个人有多个身份，导致泄露）

• Ghost or non-existent individuals having identities to scheme the system（幽灵或不存在的个人有身份来策划系统）

• Limited or no interoperability, as most of the identity credentials are accepted only for a specific purpose and at a specific location（互操作性有限或没有互操作性，因为大多数身份证书仅用于特定目的和特定位置）

• Duplication of effort in identity creation by different service agencies, increasing overall cost of identification and inconvenience to residents（不同服务机构在身份创建方面的工作重复，增加了身份识别的总体成本，给居民带来了不便）

Figure 4 - Lack of a unique, digitally verifiable identity creates several challenges in service delivery.

        Creation and usage of a unique, digital and foundational identity across the country that is verifiable electronically has key benefits such as:

        在全国范围内创建和使用可通过电子方式验证的独特、数字和基础身份具有以下关键好处：

• A unique identity addresses concern of individuals with multiple identities（独特的身份解决了具有多种身份的个人的担忧）

• Authentication of the individual at service delivery ensures rightful claimant receives benefits and prevents ghost beneficiary from scheming the system（在提供服务时对个人进行身份验证，确保合法的索赔人获得福利，并防止幽灵受益人策划该系统）

• Identity that works across the country empowers the individual with portability and the system’s ability to serve across geographies（在全国范围内有效的身份使个人具有可移植性和系统跨地区服务的能力）

• Reduced rent seeking due to less dependency on manual processes（由于减少了对手动流程的依赖，减少了租金寻求）

• Efficient service delivery process（高效的服务提供流程）

• Reduced cost of identity establishment（身份建立成本降低）

• Electronic audit trail to audit service delivery process more effectively （电子审计跟踪，更有效地审计服务提供过程）

• Online authentication opens new ways for service delivery （在线身份验证为服务提供开辟了新途径）

Figure 5 - Benefits of an electronically verifiable, interoperable foundational ID

2 Technology strategy（技术战略）

        Societal platforms such as foundational ID systems are considered as digital public infrastructure for a country. Therefore, they should maximize reach and inclusion, while being cost-effective and scalable. When a foundational ID program for an entire nation is being built, it is typically subject to several challenges:

        基础身份证系统等社会平台被视为一个国家的数字公共基础设施。因此，它们应该最大限度地扩大覆盖面和包容性，同时具有成本效益和可扩展性。当为整个国家建立基础身份证计划时，它通常会面临几个挑战：

• Inadequate birth registry（出生登记不足）

  • A robust birth registry is the first step in securing a legal identity and is the country’s primary foundational ID system. However, birth registry systems in developing nations often have low coverage. While building a robust civil registry is an independent developmental imperative, a foundational ID system can help countries deal with the reality of fragmented identification systems（健全的出生登记是确保合法身份的第一步，也是该国主要的基本身份证系统。然而，发展中国家的出生登记系统往往覆盖率较低。虽然建立一个强大的民事登记是一项独立的发展任务，但一个基本的身份识别系统可以帮助各国应对身份识别系统分散的现实）

• High cost of biometric systems（生物识别系统成本高）

  • Biometrics such as fingerprints, iris, and face can help establish a non-repudiable unique identity for all residents. However, building a robust identity platform based on a biometric system is technically challenging and thus expensive（指纹、虹膜和面部等生物识别技术可以帮助所有居民建立一个不可否认的独特身份。然而，建立一个基于生物识别系统的强大身份平台在技术上具有挑战性，因此成本高昂）

• Vendor lock-in（供应商锁定）

  • When a platform architecture is built with a proprietary solution from a technology vendor, there is significant likelihood for vendor or technology lock-in and/or dependency. This creates rigidity in adapting new technologies, regulatory requirements or integration with other platforms, therefore stymieing ecosystem-driven innovation. Platforms should be agile to technology and policy evolution（当使用技术供应商的专有解决方案构建平台体系结构时，供应商或技术锁定和/或依赖的可能性很大。这在适应新技术、监管要求或与其他平台的集成方面造成了刚性，从而阻碍了生态系统驱动的创新。平台应能够灵活应对技术和政策的演变）

• Lack of harmonization with other services（与其他服务缺乏协调）

  • Solutions built around proprietary, closed systems tend to use non-standard protocols and components, which make integration with other services and systems difficult. This could defeat the very purpose of providing efficient and effective service delivery for residents. Moreover, such systems are expensive to build and maintain（围绕专有的封闭系统构建的解决方案往往使用非标准协议和组件，这使得与其他服务和系统的集成变得困难。这可能会破坏为居民提供高效和有效服务的目的。此外，这种系统的建造和维护成本很高）

• Technological and regulatory obsolescence（技术和法规过时）

  • It is extremely difficult to create systems that have a simple, minimalistic design and also keep pace with technological and regulatory evolution. The open source and modular approach of MOSIP makes it easy to evolve with time to changing needs（要创建一个简单、简约的设计，同时又能跟上技术和监管发展步伐的系统是极其困难的。MOSIP的开源和模块化方法使其易于随着时间的推移而发展以适应不断变化的需求）

2.1 Foundational ID as a Modular Open Source Platform （作为模块化开源平台的基础ID）

        Addressing the challenges of vendor-specific, closed or proprietary technologies requires a different way of approaching the architecture, design and integration of large-scale systems. The foundational ID system would be implemented as a Modular Open Source Identity Platform (MOSIP). Foundational ID system being a strategic asset of a country, solutions should be vendor neutral and interoperable. Importantly, the ID platform should do one thing and do it well — empower every resident with a unique identity. It is a digital platform that allows residents to authenticate themselves anywhere, anytime.

        解决供应商特定、封闭或专有技术的挑战需要以不同的方式来处理大规模系统的架构、设计和集成。基础身份识别系统将作为模块化开源身份识别平台（MOSIP）来实现。基础ID系统是一个国家的战略资产，解决方案应该是供应商中立的和可互操作的。重要的是，身份证平台应该做一件事并做好这件事——赋予每个居民一个独特的身份。这是一个数字平台，允许居民随时随地进行身份验证。

Figure 6 - MOSIP is intended to be a layered platform. Country specific customizations are intended to be added as a layer on top of the core technology platform. Use cases can be built as a topmost layer

3 Design principles（设计原则）

        In trying to decide the platform architecture, it is easy to be carried away by cutting-edge technologies and practices. However, for a platform as critical as a foundational ID system, it is prudent to make technology choices that are fit for purpose and support the ecosystem around it. Some of the key factors driving the technology choices for MOSIP are discussed in this section

        在尝试决定平台架构时，很容易被最前沿的技术和实践冲昏头脑。然而，对于像基础ID系统这样重要的平台，谨慎的做法是选择适合其目的并支持其周围的生态系统的技术。本节将讨论推动MOSIP技术选择的一些关键因素。

3.1 Maturity（成熟）

        The choice of technology should be such that the software developer ecosystems in countries can easily adopt MOSIP by leveraging the expertise they already have. The MOSIP dev team is selecting technologies that have been available and deployed successfully for a considerable period.

        技术的选择应使各国的软件开发生态系统能够利用现有的专业知识，轻松采用MOSIP。MOSIP开发团队正在选择已经成功部署了相当长一段时间的技术。

3.2 Performance（性能）

        Foundational ID systems should provide reasonable performance at population scale. They should be able to comfortably handle identity service requests per unit of time (throughput) and respond to an individual request quickly, without degrading user experience (response time). The system should have a high level of accuracy — both in terms of correctly issuing unique identities to the entire population and generating identification matches with an infinitesimally low percentage of error. System should be stable and resistant to failures in the face of external forces such as age, env. conditions, and pace of development.

        基础身份系统应在人口规模上提供合理的性能。他们应该能够在单位时间（吞吐量）内轻松处理身份服务请求，并快速响应单个请求，而不会降低用户体验（响应时间）。该系统应该具有高水平的准确性——无论是在向整个人群正确发布唯一身份方面，还是在生成错误率极低的识别匹配方面。系统应该是稳定的，并能抵抗外力（如年龄、环境条件）的故障和发展速度。

3.3 Scalability（可扩展性）

        The system should continue to work predictably when used by a large number of users. The system should reliably work with a large, variety and velocity of data — all of which steadily increase over time. Software or hardware bottlenecks should be well understood and should not limit the ability to scale. The system should work just as well in bandwidth-constrained environments.

        当大量用户使用该系统时，该系统应继续可预测地工作。该系统应能可靠地处理大量、多样和快速的数据，所有这些数据都会随着时间的推移而稳步增加。应充分理解软件或硬件瓶颈，不应限制扩展能力。该系统应该在带宽受限的环境中也能很好地工作。

3.4 Security（安全）

        The system should prevent unauthorized access and usage. It should be resilient to attacks and also have the capability to recover from a security breach or an attack. The system should use secure communication channels. Every access and transaction within the system should be audited.

        系统应防止未经授权的访问和使用。它应该能够抵御攻击，并具有从安全漏洞或攻击中恢复的能力。系统应使用安全的通信信道。系统内的每一次访问和事务都应该经过审计。

3.5 Affordability（可承受性;支付能力）

        The system should be economical — it should have cost-effective hardware and software. To help achieve this aim, the MOSIP building team is leveraging infrastructure based on commodity hardware.

        该系统应该是经济的——它应该有成本效益高的硬件和软件。为了帮助实现这一目标，MOSIP建设团队正在利用基于商品硬件的基础设施。

3.6 Evolvability（可发展性）

        Technology and regulatory policies evolve over time. The system should be architected in a way that makes it easy to adapt to and embrace this evolution without much reengineering.

        技术和监管政策会随着时间的推移而演变。系统的架构应该使其易于适应和接受这种演变，而无需进行太多的重新设计。

3.7 Open Standards, Open Source（开放标准、开源代码）

        To support widespread use across functions, such as the banking, telecom, and service sectors, and to enable seamless integration with other services, use of open standards is important. The architecture should be agnostic to specific applications, programming languages and platforms. E.g., this includes the usage of XML or JSON as a document exchange format, open protocols like HTTPS over REST, and so on. The software should have published, documented, and accessible Application Programming Interfaces (APIs). A platform is pluggable and extensible when open protocols & APIs are used effectively.

        为了支持跨功能(如银行、电信和服务部门)的广泛使用，并实现与其他服务的无缝集成，使用开放标准非常重要。架构应该与特定的应用程序、编程语言和平台无关。例如，这包括使用XML或JSON作为文档交换格式，开放协议，如HTTPS over REST，等等。软件应该已经发布、文档化和可访问的应用程序编程接口(api)。当有效地使用开放协议和api时，平台是可插拔和可扩展的。

        Today, in the software technology field, a lot of innovation is centered around open source. Hadoop, Docker and Linux are some examples of open source technology ecosystems. Having the foundational ID system as an open source platform would open it to a large community of developers, testers, and other professionals who can constantly provide feedback, contribute actively with new features, or fix bugs. There are plenty of examples in the technology where the agility to adapt & the pace of evolution in open source projects is higher than proprietary implementations. Key advantage of the MOSIP approach is that countries will have a ‘best practice’ system built by global experts. A strong open source community assures security, quality, flexibility, interoperability and support.

        今天，在软件技术领域，许多创新都是围绕着开源进行的。Hadoop、Docker和Linux是开源技术生态系统的一些例子。将基础ID系统作为一个开源平台，将向一个由开发人员、测试人员和其他专业人员组成的大型社区开放，他们可以不断提供反馈，积极贡献新功能，或修复错误。在这项技术中有很多例子表明，开源项目中的适应性和发展速度高于专有实现。MOSIP方法的主要优势在于，各国将拥有由全球专家建立的“最佳实践”系统。强大的开源社区确保了安全性、质量、灵活性、互操作性和支持。

Having the foundational ID system as an open source platform would open it to a large community of developers, testers, and other professionals who can constantly provide feedback, contribute actively with new features, or fix bugs. 将基础ID系统作为一个开源平台，将向一个由开发人员、测试人员和其他专业人员组成的大型社区开放，他们可以不断提供反馈，积极贡献新功能，或修复错误。

3.8 Modular（模块化）

        A platform should have one primary function. The key to successful ecosystem innovation is unbundling of features and integration using open interfaces. This also gives government departments the flexibility to evolve each aspect of the platform independently. This would help countries choose relevant modules to suit their design preferences.

        平台应该有一个主要功能。成功的生态系统创新的关键是通过开放接口实现功能的分离和集成。这也使政府部门能够灵活地独立发展平台的各个方面。这将有助于各国选择适合其设计偏好的相关模块。

3.9 Privacy by Design（隐私设计）

        The platform should be designed to be secure and should support privacy from the ground up. All transactions and data recorded within the system should be digitally signed. Common APIs should ensure access controls, auditing, confidentiality (via encryption), and integrity (via signatures). There should not be direct access to the data and the only entry point into the system should be through open APIs with enough levels of authorization. Confidentiality of sensitive data (like personally identifiable information) has to be established both at rest and in motion. All service and data access should be captured in an audit trail.

        平台的设计应该是安全的，并且应该从头开始支持隐私。系统内记录的所有事务和数据都应进行数字签名。通用api应该确保访问控制、审计、机密性(通过加密)和完整性(通过签名)。不应该直接访问数据，进入系统的唯一入口点应该是通过具有足够授权级别的开放api。敏感数据(如个人身份信息)的保密性必须在静态和动态中建立。应该在审计跟踪中捕获所有服务和数据访问。

3.10 Population-Scale Design（人口规模设计）

        The platform should work at population scale, that is, for populations of up to a few hundred million residents. The traditional approach to scaling is vertical — additional computational and storage capacity. This is not only expensive, but also limits the system’s overall ability to scale. Therefore, having a system that can scale horizontally is critical. This can be achieved by designing components of the system to be cloud-ready and by leveraging commodity hardware, which can be easily deployed or replaced.

        该平台应该在人口规模上工作，也就是说，适用于高达数亿居民的人口。传统的缩放方法是垂直的——增加计算和存储容量。这不仅昂贵，而且限制了系统的整体扩展能力。因此，拥有一个可以水平扩展的系统是至关重要的。这可以通过将系统组件设计为云就绪，并利用可以轻松部署或更换的商用硬件来实现。

3.11 Minimalistic and Evolutionary Approach（简约和进化的方法）

        The design should be simple and minimalistic. There should be a clear separation of logical layers and functional boundaries, with only documented APIs used for communication between them. The design of the system should be evolutionary, that is, new capabilities should be built incrementally while allowing for rapid adoption of the platform. All components should be independently replaceable and extensible. A loose-coupled microservice approach lends itself to this principle.

        设计应该简单、简约。逻辑层和功能边界应该有明确的分离，只有文档化的API用于它们之间的通信。系统的设计应该是渐进的，也就是说，新的功能应该逐步构建，同时允许平台的快速采用。所有组件应可独立更换和扩展。松散耦合的微服务方法适用于这一原理。

3.12 Configurability and Customizability（可配置性和可定制性）

        An ID platform cannot have a one-size-fits-all approach, as each country would have its specific requirements, such as the attributes that constitute unique identification for its residents. MOSIP will support these diverse needs without the need for additional engineering. Countries should ideally be able to configure a well documented open source ‘kernel’, pick & choose the modules which it wishes to use for its ID system as a solution to save time and costs, i.e., avoid developing technology from scratch.

        身份证平台不可能采用一刀切的方法，因为每个国家都有自己的具体要求，例如构成其居民唯一身份的属性。MOSIP将在不需要额外工程的情况下支持这些多样化的需求。理想情况下，各国应该能够配置一个有充分文档记录的开源“内核”，选择其希望用于ID系统的模块，作为节省时间和成本的解决方案，即避免从头开始开发技术。

4 Functional Architecture（功能架构）

        The primary purpose of MOSIP is to empower nations to build their own foundational ID so that residents can uniquely identify and electronically verify themselves. The functional modules are as represented in the figure below.

        MOSIP的主要目的是授权各国建立自己的基本身份证，以便居民能够唯一地识别自己并进行电子验证。功能模块如下图所示。

Figure 7 - The functional architecture of MOSIP

4.1 ID Issuance（身份证发放）

        The ID Issuance framework facilitates building of the end ID Issuance application. It incorporates common ID Issuance activities such as master data sync with the server, supervisor validation, ID Issuance data packet formation, and transfer of packets to the server. The ID Issuance framework will support both offline and online modes of operation. A country can build on its existing ID system, verifying supporting documents/ID in both online and offline modes. Thus, if a country has an existing tax ID system or a bank ID system, the foundational ID can leverage the same.

        身份证颁发框架有助于最终身份证颁发应用程序的构建。它包含了常见的ID发布活动，如与服务器的主数据同步、主管验证、ID发布数据包的形成以及数据包到服务器的传输。身份证发放框架将支持离线和在线操作模式。一个国家可以在现有身份证系统的基础上，以在线和离线模式验证支持文件/ID。因此，如果一个国家有现有的税务ID系统或银行ID系统，基本ID可以利用这一系统。

        A reference web-interface portal will be provided for self pre-enrolment by the resident. Countries are expected to configure and build their ID Issuance client applications using the ID issuance framework. A reference implementation of the ID Issuance client will be provided as part of MOSIP.

        将提供一个参考网络接口门户网站，供居民自行预先注册。预计各国将使用身份证发放框架配置和构建其身份证发放客户端应用程序。身份证发放客户端的参考实施将作为MOSIP的一部分提供。

        This module manages the entire process of collecting user data at the ID issuance centers and generates a unique identification number (UIN). It processes the data submitted for ID issuance and validates the authenticity of information, process and person. It checks data and image quality, language, transliteration, and so on.

        该模块管理ID发布中心收集用户数据的整个过程，并生成唯一标识号（UIN）。它处理提交给身份证发放的数据，并验证信息、流程和人员的真实性。它检查数据和图像质量、语言、音译等等。

        Identity Data Management System (IDMS) is a batch service that continuously runs on the server, processes the data packets, and generates the UIN.

        身份数据管理系统（IDMS）是一种在服务器上连续运行、处理数据包并生成UIN的批处理服务。

        The IDMS interfaces with the Automated Biometric Information System (ABIS) for biometric dedupe check and the Demographic engine for demographic dedupe. Some of the other important submodules are listed:

        IDMS与用于生物特征重复数据消除检查的自动生物特征信息系统（ABIS）和用于人口统计重复数据消除的人口统计引擎对接。列出了其他一些重要的子模块：

• Automated Quality Check - All data packets collected from the field undergo standard automated quality check for virus, tampering, structure compliance, and so on（自动质量检查-从现场收集的所有数据包都要经过标准的自动质量检查，以检查病毒、篡改、结构合规性等）

• Manual Quality Check and Adjudication - Some part of the data quality checks should be performed manually by an adjudicator. This is done by correlating two attributes, for example, photo-age, photo-gender. This module should be configurable to perform sampling on operator, user-age, geography, device, and so on（手动质量检查和裁决-数据质量检查的某些部分应由裁决人手动执行。这是通过关联两个属性来实现的，例如照片年龄、照片性别。该模块应可配置为对操作员、用户年龄、地理位置、设备等执行采样）

• Deduplication - Uniqueness Check. This module performs crucial uniqueness check on the ID Issuance information. The uniqueness check can be performed on various biometric attributes like fingerprints, iris scan, and face scan（重复数据消除-唯一性检查。该模块对身份证发放信息进行关键的唯一性检查。可以对指纹、虹膜扫描和面部扫描等各种生物特征属性进行唯一性检查）

• UIN allocation - Allocates the UIN to the unique individual identified by the system

（UIN分配-将UIN分配给系统识别的唯一个人）

4.2 Identity Lifecycle Management（身份生命周期管理）

        This module enables updating of the ID to reflect important life events such as change of name and address. It also allows corrections to remove data entry errors. The module provides multiple modes of updates (online, paper trail, and in person), with necessary checks and balances to prevent misuse and fraud. All updates require user authentication to ensure that the data of a particular user is accessible and updateable only by that user. All documents are validated to ensure accuracy of data. Residents have the flexibility to update data either by themselves or in assisted mode. Finally, users receive a notification about the update.

        此模块允许更新ID，以反映重要的生活事件，如姓名和地址的更改。它还允许更正以删除数据输入错误。该模块提供了多种更新模式（在线、书面跟踪和面对面），并提供了必要的检查和平衡，以防止滥用和欺诈。所有更新都需要用户身份验证，以确保特定用户的数据只能由该用户访问和更新。所有文件都经过验证，以确保数据的准确性。居民可以灵活地自行或以辅助模式更新数据。最后，用户会收到关于更新的通知。

4.3 Identity Applications（身份应用程序）

        This module enables individuals to verify and authenticate their ID electronically in real time. Such ‘online authentication’ of ID has certain distinct advantages over ‘offline’ methods, including cost, security, ease of implementation and extensibility.

        该模块使个人能够实时以电子方式验证和验证其身份证。与“离线”方法相比，这种ID的“在线身份验证”具有某些明显的优势，包括成本、安全性、易于实现和可扩展性。

• Types of Authentication - Biometric, Demographic, and Electronic, the authentication service supports biometric, demographic and electronic (for example, OTP, PIN, password) matching, with a yes/no response only. It does not support privacy-violating queries on residents’ data, e.g the residence address, DOB, and so on（身份验证类型-生物识别、人口统计和电子。身份验证服务支持生物识别、统计和电子（例如，OTP、PIN、密码）匹配，仅提供是/否响应。它不支持对居民数据（如居住地址、出生日期等）进行侵犯隐私的查询）

• Consented Data Sharing or electronic Know Your Customer (eKYC) - The platform provides secure, non-repudiable, and online sharing of resident demographic information. This is done only with explicit user consent, and will not include sharing of any biometric data. This enables residents to share their identity information with organizations in exchange for various services. It also allows them to meet regulatory requirements for services like opening a bank account or getting a mobile phone connection（经同意的数据共享或电子“了解你的客户”（eKYC）-该平台提供安全、不可重复使用的居民人口统计信息在线共享。这只能在用户明确同意的情况下进行，不包括共享任何生物特征数据。这使居民能够与组织共享他们的身份信息，以换取各种服务。它还允许他们满足诸如开立银行账户或连接手机等服务的监管要求）

• Multifactor Authentication - The authentication service supports multi factor authentication, which has become a prevalent security practice. For example, biometric authentication can be one factor and an OTP sent to the user’s mobile phone can be the other. Implementing agencies can include additional layers of authentication to strengthen the verification process. For example, a bank may use an ATM card with biometrics, where the card is authenticated within the bank’s domain and biometrics are authenticated within the foundational ID system（多因素身份验证-身份验证服务支持多因素身份认证，这已成为一种流行的安全做法。例如，生物特征认证可以是一个因素，发送到用户手机的OTP可以是另一个因素。执行机构可以包括额外的认证层，以加强验证过程。例如，银行可以使用具有生物特征的ATM卡，其中该卡在银行的域内进行身份验证，生物特征在基本身份系统内进行身份认证）

4.4 Resident-controlled Applications（常驻控制应用程序）

        The MOSIP system provides modules that empower residents with control over their ID usage. This increases trust and privacy in the system. Some of these key functionalities are listed:

        MOSIP系统提供模块，使居民能够控制其身份证的使用。这增加了系统中的信任和隐私。列出了其中一些关键功能：

• Lock/Unlock Biometric - Enables residents to lock or unlock their biometrics. This helps prevent the misuse of a person’s biometrics (for example, when the person is out of the country) 锁定/解锁生物特征-使居民能够锁定或解锁他们的生物特征。这有助于防止滥用一个人的生物特征（例如，当此人不在该国时）

• Lock/Unlock ID - Enables residents to lock the usage of the ID for authentication or KYC purposes to prevent misuse（锁定/解锁ID-使居民能够锁定ID的使用，用于身份验证或KYC目的，以防止滥用）

• Notification and History - Enables residents to view a record of the ID Issuance, lifecycle changes and authentication requests. It also notifies users via e-mail/SMS whenever the ID is updated or authenticated（通知和历史记录-使居民能够查看身份证颁发、生命周期更改和身份验证请求的记录。每当更新或验证ID时，它还会通过电子邮件/短信通知用户）

• Virtualization - Allows creation of a virtual identification number, which can be used when the resident is uncomfortable sharing the actual UIN details（虚拟化-允许创建一个虚拟标识号，当居民不愿意共享实际的UIN详细信息时，可以使用该标识号）

4.5 External System Integrations（外部系统集成）

        MOSIP provides only the core modules needed for a foundational ID system, as described in the previous section. However, it is designed to help countries integrate additional bespoke systems or commercial off-the-shelf (COTS) solutions. Some of these solutions are listed below:

        MOSIP只提供基础ID系统所需的核心模块，如前一节所述。然而，它旨在帮助各国集成额外的定制系统或商用现货（COTS）解决方案。以下列出了其中一些解决方案：

• Translation and transliteration services（翻译和音译服务）

• Notification services like e-mail or SMS（电子邮件或短信等通知服务）

• Document Management System (DMS) （文件管理系统）

• Automated Biometric Identification System (ABIS) （自动生物识别系统）

• GPS and location services for mapping centers （地图中心的GPS和定位服务）

• ID card printing and dispatch and delivery to residents（身份证打印、发放和送达居民）

• Business Intelligence, reporting, and fraud analytics system（商业智能、报告和欺诈分析系统）

• Existing Civil Registry and Vital Statistics System (CRVS)（现有民事登记和人口动态统计系统）

5 Governance（治理）

        MOSIP is being developed by the International Institute of Information Technology, Bangalore (IIIT-B). In keeping with the ethos of the open source movement, the governance of the platform adheres to the following principles:

        MOSIP由班加罗尔国际信息技术研究所（IIIT-B）开发。为了与开源运动的精神保持一致，平台的治理遵循以下原则：

5.1 Libre（免费的）

        In the spirit of ‘technology as social equalizer’, MOSIP will be made available on a public repository as an open source product. Any country can use it freely to develop customized foundational ID systems. This principle implies that MOSIP will be built using only reusable components, such as those available for free use under open source licenses. MOSIP will use proprietary or licensed components sparingly, only to fulfil any capability not provided through open source components.

        本着“技术作为社会均衡器”的精神，MOSIP将作为开源产品在公共存储库中提供。任何国家都可以自由使用它来开发定制的基础身份证系统。这一原则意味着MOSIP将只使用可重复使用的组件来构建，例如那些在开源许可证下可以免费使用的组件。MOSIP将谨慎使用专有或许可的组件，只是为了实现任何未通过开源组件提供的功能。

5.2 Community（社区）

        A strong community of developers, testers, commercial service providers, system integrators, trainers, educators, user communities, and champions of digital identity will support and maintain the platform source code.

        由开发人员、测试人员、商业服务提供商、系统集成商、培训师、教育工作者、用户社区和数字身份倡导者组成的强大社区将支持和维护平台源代码。

        MOSIP, like any open source platform, will be governed under a formal structure that helps meet the core objectives of creating a robust, scalable, and effective foundational ID platform. This structure will ensure transparency, participation, and efficacy of the platform. IIIT-B will develop, deploy, and manage all processes related to MOSIP, including that of technology development and standards. While performing this function, IIIT-B is being advised by three bodies: an executive committee, a technology committee and an international advisory group. These three bodies function independently and have terms of reference to guide inter-committee interactions.

        与任何开源平台一样，MOSIP将在一个正式的结构下进行管理，该结构有助于实现创建一个强大、可扩展和有效的基础ID平台的核心目标。这种结构将确保平台的透明度、参与度和有效性。IIIT-B将开发、部署和管理与MOSIP相关的所有流程，包括技术开发和标准。在履行这一职能时，IIIT-B由三个机构提供咨询：一个执行委员会、一个技术委员会和一个国际咨询小组。这三个机构独立运作，并有指导委员会间互动的职权范围。

5.3 MOSIP Executive Committee（MOSIP执行委员会）

        This committee comprises donors and representatives of organizations that have been championing digital ID for sustainable and inclusive development. The committee advises IIIT-B in building the vision and road map for MOSIP. The committee ensures that the core values and guiding principles are always adhered to.

        该委员会由捐助者和一直支持数字身份证促进可持续和包容性发展的组织代表组成。该委员会为IIIT-B制定MOSIP愿景和路线图提供建议。委员会确保始终坚持核心价值观和指导原则。

5.4 MOSIP Technology Committee（MOSIP技术委员会）

        This committee consists of experts in the fields of open source software development, software engineering, architecture, quality assurance, security, privacy, and biometrics. It provides advice on technology implementation of MOSIP. This includes, but is not limited to, the creation of functional and technology specifications. The technology committee oversees the software development lifecycle. It also solicits feedback from the user community and works towards creating an active developer ecosystem. It has the power to accept or reject code, documentation and control releases.

        该委员会由开源软件开发、软件工程、架构、质量保证、安全、隐私和生物识别等领域的专家组成。它为MOSIP的技术实施提供了建议。这包括但不限于创建功能和技术规范。技术委员会负责监督软件开发生命周期。它还征求用户社区的反馈意见，并致力于创建一个活跃的开发者生态系统。它有权接受或拒绝代码、文档和控制发布。

5.5 International Advisory Group（国际咨询小组）

        IIIT-B will constitute an international advisory group consisting of members drawn from technology organizations, governments, and relevant development agencies. This group will meet once or twice a year, review the progress of MOSIP, and offer suggestions for improvement. It would provide advice on positioning MOSIP as an offering to various stakeholders, develop a dissemination strategy, mobilize financial and other support and manage perceptions of MOSIP among potential user organizations, media, and civil society.

        IIIT-B将组成一个国际咨询小组，成员来自技术组织、政府和相关发展机构。该小组将每年举行一到两次会议，审查MOSIP的进展情况，并提出改进建议。它将提供关于将MOSIP定位为向各种利益攸关方提供服务的建议，制定传播战略，动员财政和其他支持，并管理潜在用户组织、媒体和民间社会对MOSIP的看法。

6 Conclusion（总结）

        A foundational ID system enables individuals to uniquely identify themselves while accessing services to which they are entitled. When implemented effectively, a digital foundational ID can foster more efficient service delivery.

        一个基本的身份系统使个人能够在访问他们有权获得的服务时唯一地识别自己。如果有效实施，数字基础ID可以促进更高效的服务交付。

        MOSIP is a modular and open source identity platform that hopes to help countries implement a foundational digital ID in a cost-effective manner. It is built on the principles of scalability, security and privacy. Due to its modular architecture, MOSIP provides flexibility in designing and implementing the foundational ID systems.

        OSIP是一个模块化、开源的身份识别平台，希望帮助各国以具有成本效益的方式实现基础数字身份。它建立在可扩展性、安全性和隐私性的原则之上。由于其模块化架构，MOSIP在设计和实现基础ID系统方面提供了灵活性。

原文下载：MOSIP Blue Book