This document contains the features that were developed or enhanced as part of MOSIP 1.1.3 release.
Key Manager is now enhanced with the below features,
Key Manager now supports encryption and decryption of registration packets using the thumb-print.
JWT Sign and JWT Verify APIs have been introduced to support full JWT signature validation with proper header and additional parameters.
An API has been added to validate certificate trust path for a certificate and partner domain.
We have removed the get public key API, which was used to fetch the public key. We recommend to use our get certificate API to fetch MOSIP’s public certificate.
Data Share is now enhanced with the below features,
The expiry for the data share URL has been added. The data share URL will not be accessible if the expiry time for the URL has exceeded.
As the data share policy structure has been changes in partner management, subsequent changes have been incorporated in data share.
Mandatory field labels in Pre-registration UI are now dynamically appended with a red asterisk symbol (*).
Direct call to internal authentication API during operator on-boarding has been removed from registration client. This call is now being routed via. Registration Processor.
Issue with Biometric Stream API (for 0.9.2 MDS) has been fixed - Hence, Registration Client is compatible with MDS 0.9.2 and 0.9.5 specifications.
User Salt sync has been removed from Registration Client syncs. Now, the salt is being generated on the fly in Registration Client, its not being fetched from the server.
The client settings (master data) and configurations are now encrypted using the TPM public certificate of the Registration Client and synced.
Registration Client UI Specification is enhanced with the below features,
Support for alignment has been added
Support for multiple location hierarchy in case of present and permanent address has been added
APIs have been created in Registration Processor, to delegate the internal authentication request and fetch encryption certificate calls from Registration Client to IDA.
Print Service has been deprecated from Registration Processor. A new project has been created for Print Service.
Print Stage in Registration Processor now calls the credential request generator to send print requests via. web sub.
In our earlier releases all the data captured during registration was sent to ABIS systems, but now, we are reading the policy and sending specific biometrics to the ABIS Partners. This has been bought in after the changes in our data share policy changes in partner management.
Source and Process details are now added in the registration processor ID mapper, so that the Registration Processor stages can make a call to the packet manager based on the values mentioned in the ID mapper.
As part of the credential issuance, we are now sending an additional information to the partner stating which attributes are encrypted and which are not.
The credentials sent to the new print service will now be encrypted using print partner’s encryption certificate.
During e-UIN card request, if the user makes a request using a particular VID then the same VID would be sent to the Print Partner.
As part of credential issuance, MOSIP credential service will share data with partners (IDA Instances or Print Partners) on web sub as per our standard schema. A sample schema would be published so that the partners can easily integrate with MOSIP.
The entire credential details shared to partners in the web sub response will be encrypted using the partner encryption certificate.
As the data share policy structure has been changes in partner management, subsequent changes have been incorporated in credential issuance.
Data fetched from Partner management (partner and policy details) and stored in IDA using Spring Cache.
All the IDA APIs are modified to remove ID Type from them. We would be using the ID value to identify if the input id is a VID or UIN.
Notification templates and titles were earlier part of IDA configurations. Now they are fetched from master data and stored in IDA using spring cache.
APIs have been created to add or retrieve biometric extractor details based on policy.
The policies (authentication and data share policies) are now generated as per our new policy schema.
As the IDA APIs are now modified to remove ID Type from them, the APIs in Resident Services are also modified to remove ID Type from them.
For features such as request for e-UIN card and QR code the new print service implementation is now being called via credential issuance web sub to generate the e-UIN card and QR code (verifiable credentials).
Key Management UI has been added in Administration Portal.
A new implementation has been created to receive requests to generate e-UIN card or QR codes using input received from Credential Issuance via. Web Sub.
MOSIP 1.1.3 succeeds 1.1.2 with enhancements and important defect fixes which were identified in Release 1.1.2.
Release Date: December 14, 2020
Key Highlights
Includes functional requirements, process flows, architecture and high level design.
All APIs are documented here.
Low level design documents for each module are available in the respective github repos.
Code needs to be deployed as per the procedure depicted in Sandbox Installer.
Basic integration testing was done covering the below modules.
Functional Testing
Pre-registration (Dynamic UI & APIs)
Registration Client (Dynamic UI, functionality and upgrade)
Kernel (APIs)
Registration Processor (All flows have been covered)
ID Authentication (APIs)
Partner Management (APIs)
ID Repository (APIs)
Resident Services (APIs)
Admin (UI & APIs)
Configuration Testing
Testing was done for default configuration (two languages) and single language with changed ui specification for pre-registration and registration client (Further more we have changed the seed data to single language).
Version Tested
v1.1.3
Types of testing
Smoke
Functional
Integration
Regression
Security
Browser
Pre-Registration and Admin UI (Tested with the latest version of Chrome browser)
OS Support
Registration Client on Windows 10, MOSIP server components run as micro-services encapsulated as docker images
Deployment Script Environment
CentOS on AWS
Registration Client with TPM 2.0
Windows 10
Biometrics Standard
CBEFF format (Version - 2.0)
MDS
MDS v0.9.5
ABIS
ABIS Spec Version v0.9
SDK
SDK Spec Version v0.9
Key-store
HSM
Anti-virus
ClamAV
Maps
OpenstreetMap
Transliteration
ICU4J (Library with French, Arabic languages)
Non-Functional Testing
Performance Testing
Reliability and Disaster recovery Testing
HSM
Testing was done using SoftHSM
Browser Support
Testing for Pre-registration and Admin UI was done using Chrome (latest version)
Pre-registration
111
107
103
4
4
96%
4%
Resident Services
47
37
34
3
10
92%
8%
Admin Services
165
160
153
7
5
96%
4%
Authentication
47
44
39
5
3
89%
11%
Partner Management
71
61
61
0
10
100%
0%
Registration
100
96
94
2
4
98%
2%
Integration Scenarios
27
20
17
3
7
85%
15%
Total
568
522
501
21
46
96%
4%
The top issues identified in MOSIP 1.1.3 are listed below.
Wrong location data getting populated for demographic details in Reg-Client
Registration Client
Document upload page showing the Documents Categories even though they are inactive
Registration Client
In Update-UIN flow, if the Name fields are not filled and continued then "Mandatory Fields should be highlighted"
Registration Client
Incorrect error message while onboarding for "expired token"
Registration Client
UIN Update process should not make the DOB as mandatory field
Registration Client
Incorrect error message thrown for "Onboarding process" when RID is not assigned to user
Registration Client
DoB is not handled like the age for displaying Parent/Guardian details in an adult packet
Registration Client
Registration client Preview and acknowledgement pages have issues due to templates
Registration Client
In registration client packet upload page, packets uploaded from admin portal are not getting cleared leading to confusion
Registration Client
Sometimes images are displayed in inappropriate areas leading to restart of the registration client
Registration Client
Notification not working when a packet is reprocessed
Registration Processor
Double entries in Audit log for registration
Registration Client
Unable to upload more than 200 packets
Admin Services
Unable to create machine from admin console
Admin Services
While performing Bulk Upload for a table using Admin master Bulk Upload history table associated with it should also be updated
Admin Services
Unable to upload data in History tables via bulk Upload
Admin Services
Unable to upload the data using bulk upload from zoneUserHistory table
Admin Services
Incorrect role displayed in Admin UI when logged in as admin
Admin Services
API for Machine Master Create/Update doesn't handle the TPM Key updates
Admin Services
The centerType should not be removed from the already created center if it is deactivated
Admin Services
Unable to Activate or Deactivate the Holiday Master Data
Admin Services
The transaction is logged when only the table is selected with no csv and operation mentioned
Admin Services
Lunch Start time and Lunch End time is not visible in UI
Admin Services
Websub Subscription fails with error for one or more topics when 4 topics are subscribed in a row.
Commons
Updated keys are not present (updated keys) in the Key_Store table in derby DB
Commons
Able to do OTP authentication with a different partner
Authentication
Able to insert values as string in id repo when they are defined as simpleType in the ID schema
Authentication
Changes in IDA templates are not reflected until service restart
Authentication
Change in policy/partner is not notified to IDA
Partner Management
Booking are getting created for Non-working days but not Working days
Pre-registration
SEND OTP remains disabled even after entering Captcha if Captcha is enabled
Pre-registration
No email is received after booking appointment
Pre-registration
The preregistartion.identity.name property should be present under UI
Pre-registration
The Age field is populated as NaN when navigated using keyboard
Pre-registration
To see all open defects, see https://mosip.atlassian.net/issues/?filter=10709
MOSIP
Modular Open Source Identity Platform
ABIS
Automated Biometric Identification System
API
Application Programming Interface
ID
Identity
IDA
Identity Authentication
NFR
Non-Functional Requirements
OTP
One Time Password
SDK
Software Development Kit
JWT
Java Web Token
K8
Kubernetes
UIN
Unique Identification Number
VID
Virtual ID
CBEFF
Common Biometric Exchange Formats Framework
CORS
Cross Origin Resource Sharing
HSM
Hardware Security Module
TPM
Trusted Platform Module
SDK
Software Development Kit
MDS
MOSIP Device Service
ICU4J
International Components for Unicode for Java
WIP
Work In Progress
TBD
To Be Determined/Done
MDS
MOSIP Device Specification
This document contains the bugs that were fixed as part of MOSIP 1.1.3 release.
Password and Iris login screen overlay if auth token expires, and unbale to do password login to get fresh auth token
Registration Client
Sync request Decryption Failure in Packet Validator Stage
Registration Processor
Packet is getting failed at OSI (ida internal service time out error a OSI stage)
Registration Processor
"Internal System Error" while trying to log in to the reg-client
Registration Client
Packets are failing at validator stage(Unknownexception occured RPR-RCT-001 --> Unknown resource provided; nested exception is org.springframework.web.client.HttpServerErrorException: 500 )
Registration Processor
Packet approved using bio auth is failing at OSI stage
Registration Processor
Acknowledgement page has alignment issues for the bio data
Registration Client
Unable to add Userdetails from Admin console via BulkUpload data
Admin Services
The email notification is not coming under pre-reg application
Pre-registration
Unable to login to reg-client in offline mode.
Registration Client
Getting technical error while uploading the Data
Admin Services
1.1.3-On-boarding authentication is not working in Registration Client
Registration Client
Unable to upload the machinemaster Bulk data as getting error
Admin Services
Notification is not working and throwing exception under Regproc
Registration Processor
Update packet is failing under VALIDATE_PACKET stage
Registration Processor
User should have option to upload multiple packets
Admin Services
1.1.3- A packet is getting failed at OSI stage stating that Unable to access API resourceRPR-RCT-001 --> Unknown resource provided; nested exception is org.springframework.web.client.HttpServerErrorException: 500
Registration Processor
Temporary VID gets consumed after OTP request
IDA / ID Repository
Device Type column doesnot have value as API is not returning value
Admin Services
center-id is not displayed in reg client
Registration Client
Unable to Bulk upload the data for reg center
Admin Services
Unable to book appointment as getting technical error on slot selection page
Pre-registration
Unable to fetch packet status using the Admin
Admin Services
Bio update packet is getting failed stating that UIN Updation failed - Invalid Input Parameter - documents - individualBiometrics
IDA / ID Repository
EKYC encryption is not happening with the partner's key
IDA / ID Repository
Reg-Client getting hanged when consent proof is selected for scan in Document upload page
Registration Client
Photo not returned in eKYC response
IDA / ID Repository
Unable to do auth/kyc after disabling cache
IDA / ID Repository
Getting error "RES-SER-009" while trying to lock the Auth using Perpetual VID
Resident Services
Unable to test update and child packet flow-Unable to access API resourceRPR-RCT-001 --> RPR-RCT-001; nested exception is org.springframework.web.client.HttpClientErrorException: 404
Registration Processor
Sync failure, refresh token API is failing
Registration Client
Unable to do eKYC
IDA / ID Repository
Unable to do biometric auth
IDA / ID Repository
1.1.3:: Two instances of Reg Client are running, one is reg-client and another one is the launcher.
Registration Client
Getting error RES-SER-020 while updating the resident demographic details from resident service
Resident Services
While updating the Holiday the location field is coming as "undefined"
Admin Services
Unable to deactivate/ Activate the machine while edit Machine page
Admin Services
1.2 Reg Client with Mock MDS:: Biometric login, packet auth, and EOD auth are not working for the thumb.
Registration Client
1.2 Reg Client with Mock MDS:: Biometric login, packet auth, and EOD auth are not working for Right Hand Fingerprint.
Registration Client
Unable to do KYC auth with demographic Details , however Demo_Auth is working
IDA / ID Repository
1.2 Reg Cli with Mock MDS :: Continue button is disabled if low threshold biometrics are captured with Mock MDS
Registration Client
Packet created in Reg-Client is missing evidence.Json file
Registration Client
Reg Client1.1.2 with Mock MDS:: Packet with Officer auth says Biometric file validation failed for officer in Reg Proc.
Registration Client
1.1.2Reg Cli with Mock: only a little finger is captured for officer/supervisor packet auth.
Registration Client
Child Packet failing in OSI stage with message "Biometric data - Iris did not match"
Registration Processor
The none text does not appear under document upload page
Pre-registration
Unable to sentOTP when user is performing send OTP with different transactionID
Resident Services
The application still present on the Your application page even after discard
Pre-registration
Admin page reloads if proper role is not provided
Admin Services
Error during send a notification to resident after packet validation stage.
Registration Processor
ObjectStore should return boolean instead of throwing exception when exists method is invoked
Commons
1.1.2(MOCK MDS ): Packets are still displayed in the Pending approval list though EOD auth is successful (it mean EOD auth with a bio is not working as expected).
Registration Client
Default list of Partners/Policies required
Partner Management
On loading the Admin Page we get you are not authorized
Admin Services
Operator is unable to create exception packet
Registration Client
Actual face was not visible in bio section of acknowledgement screen
Registration Client
Hide document screen if the entire document section is removed from UI spec.
Registration Client
WebSub subscrtiption secret should be accepted from property in intent verification annotation
Commons
Packet Status does not show all the stages under view more section
Admin Services
Unable to continue to biometric screen after scanning the document ( workaround works)
Registration Client
On click of logout the popup does not appear properly
Pre-registration
The document upload page is not rendered properly for Applicant added
Pre-registration
1.1.2 - Packet is failing at BIOGRAPHIC_VERIFICATION stage stating that Unknown exception occured null.
Registration Processor
Not receiving failure notifications for OTP auth
IDA / ID Repository
The id sent in the .csv file is getting save for the tables where unique id is generated when data is sent
Admin Services
1.1.2 -Unable to Create New/Update Packet when Document Scanner is Enabled.
Registration Client
1.1.2: Very frequently minio returns object as null ( during search and packet processing )
Registration Processor
Admin is picking lang value from configmaps
Admin Services
The user is not redirected to list view page under center, device and machine
Admin Services
The demo details filled during registration in Reg-client is not shown on the preview, acknowledgement and approval page.
Registration Client
Post Holiday should return id field
Admin Services
[Intermittent] Files are not stored in Object Store
IDA / ID Repository
The search API is not giving the machineType name under response
Admin Services
Getting error while trying to Lock and Unlock UIN
Resident Services
Unable to Filter the location with the fields getting column not supported
Admin Services
Getting error errorCode": "KER-MSD-311",while trying to search Location data
Admin Services
Search API for Gender does not support name column as value
Admin Services
1.2 DEV Real MDS- Face Capture Issue in Reg Client
Registration Client
Getting error while trying to Download EUIN
Resident Services
Unable to discard the application
Pre-registration
Unable to update the Blacklisted word from UI
Admin Services
We are able to change the status of the device which is in Revoked state to Registered
Admin Services
Working Non Working Days API is giving incorrect response
Admin Services
1.1.2: Sync failure as client id/secret key authentication is failed because the secret key is plaintext {Cipher}.
Registration Client
1.1.2 -In All Env - All the reg proc pods need to be restarted multiple times to bring up reg proc completely (Packet stuck at any stage at any time).
Registration Processor
Default name is missing in UIN update template when any demo filed is updated excluding name.
Registration Client
Officer / Supervisor biometric data is not sent in the meta_info.json (Packet is getting failed in the OSI stage).
Registration Client
Popup is retained though the application is logged out.
Registration Client
MDS issue during biometric login using fingerprint.
Registration Client
On every launch Reg Client asks for the update though no update is there.
Registration Client
Unable to authenticate after a deactivated UIN is activated
IDA / ID Repository
The inactive Center type is shown in the drop down Registration center type in center creation and Update form
Admin Services