Development hub for Thailand National Digital ID platform.
|HTTP API schema||https://app.swaggerhub.com/organizations/NDID|
Recommended reading: For newcomers, we highly recommend that you watch the TEDxChiangMai talk which describes the importance and benefits of having a digital ID infrastructure in Thailand.
From the whitepaper:
The Digital Identity Platform is intended to provide a flexible and highly secured method of self-identification for any Thai citizen personal. The platform must be able to leverage any reliable identity the user currently holds. Examples of reliable identity could be, for example, Citizen Id, Bank Accounts, Passport Number, Tax ID, Biometric Data.
The users will interact with a Relying Party (RP) to receive services – offline or online. In order to successfully receive the services, the users are obliged to prove their identities in the form of online or offline identity confirmation with any available Identity Provider (IdP) who hold their identities.
An Authoritative Source (AS) is considered as Source of Truth for any information relevant to the users. There are currently multiple Source of Truth entities. Each entity may keep one or multiple classification of user information. The RP can request more user information from AS, if necessary, under the permission granted by the users.
There are 2 main processes when using NDID:
Enrolment and identity proofing (getting a digital ID): The user first needs to enrol with an Identity Provider (IdP) to get started. They will verify your identity (identity proofing) and then provide you a digital identity along with an authenticator that you use to verify your credential. The user can enrol with multiple IdPs for extra security.
Authentication and data access authorization (using your digital ID): This happens when you use a service that requires authentication using digital ID. They (the Relying Party (RP), who offers you service) will ask the IdP, who will in turn ask you to provide your credentials (authentication) using your authenticator and allow the RP to access the data (data access authorization) which will be provided by an Authoritative Source (AS).
This section gives you a quick overview of the digital identity platform, illustrated through a simple scenario.
Let's consider a use case where you're applying for a Visa at an embassy. They need your identity and bank statement. Without a digital identity platform, this would require a lot of paperwork.
Note: This is a concrete scenario designed to help readers understand the system more easily, but the platform is very flexible, supporting vast amount of use cases.
With a digital identity platform, this process is much simpler. First, we define these participants:
- User, in this example, the applicant.
- Relying Party (RP) relies on the NDID platform to provide service to users. In this example, the embassy.
- Identity Provider (IdP) holds the identity of the user, and is able to prove the identity the user.
- Authoritative Source (AS) holds the user’s information, such as bank statement. In this example, the bank.
- The NDID platform
- A decentralized app with nodes running on each RP, IdP, and AS, connecting them together.
- Exposing an HTTP-based API to enable integration with each party.
- Transaction logs (without ID or private information, but contains zero-knowledge proof to verify the transaction) are recorded on the blockchain (Tendermint).
- Private information (ID information, data from AS) is communicated between nodes securely through ZMQ.
Note: The following diagram treats the NDID platform as a black box, only showing the interaction between parties (Users, RP, IdP and AS). For more technical information about how the platform works and communicate securely under the hood, please see the technical overview.