ID Repository
Last updated
Was this helpful?
Last updated
Was this helpful?
ID Repository contains the records of the identity of an individual and provides API based mechanism to store, retrieve, and update identity details by other MOSIP modules. ID Repository is used by , , and .
ID Repository module consists of the following components:
Identity service
VID service
Credential service
Credential Request Generator service
Credential Feeder
Salt generator
Stores, updates, and retrieves identity information.
Identity service uses Biometric SDK (server) to extract templates from provided biometric data.
Above is the entity relationship diagram illustrated for the Identity service. NOTE: The numbers do not signify a sequence of operations or control flow. Arrows indicate the data flow.
The credential request generator issues credentials for new/updated UIN data.
All demographic data of UIN and references to biometric and demographic files stored in the object store are stored in mosip_idrepo DB.
Audit logs are logged into Audit Manager.
Biometric SDK extracts the templates for input biometric data.
Auth Adapter integrates with KeyCloak for authentication.
Masterdata service retreives Identity schema based on input schema version.
Kernel ID generator generates UIN.
VID service fetches the list of VIDs associated with UIN to issue credential of update UIN and to create and activate draft VID.
VID Service provides functionality to create/update Virtual IDs mapped against a UIN. It also provides the facility to update the status of VID. VIDs are created based on the VID policy defined in the configuration.
Key Manager encrypts/decrypts data.
The credential request generator issues credentials for new/updated UIN data.
All VID related data is stored in mosip_idmap DB.
Partner management service retrieves online verification partners to issue credentials.
Audit logs are logged into Audit Manager.
The Auth Adapter integrates with KeyCloak for authentication.
WebSub publishes events related to VID updation.
The kernel ID generator generates VID.
The identity service checks the status of UIN to create a VID.
Key Manager encrypts/decrypts data and also used to sign data.
WebSub subscribes to get notifications related to credential status from IDA.
Identity service retrieves identity data for UIN/VID.
Partner management service retrieves policies related to credential type and also retrieves policy for bio-extraction.
Auth Adapter integrates with KeyCloak for authentication.
A credential can be defined as any document, object, or data structure that vouches for the identity of a person through some method of trust and authentication. Simply put, a credential is the thing that a person presents—in person or remotely—to say "this is who I am." The types of credentials issued in an ID system vary along multiple dimensions, depending on whether they are physical (i.e., they must be physically carried by a person in order to use them), or digital (i.e., they are machine readable and therefore can be used in a digital environment).
A credential type essentially maps to partner and data share policy.
auth: Represents individual's data shared with Online Verification Partners (further used for Authentication and eKYC).
qrcode: qrcode type is used for qrcode partners to issue qrcode related credential data.
euin: It is used to issue credential data to partners who wish to download euin card using euin policy.
reprint: Reprint auth type is used for issuing credential information to reprint partners.
vercred: To issue verifiable credentials to partners, vercred credential type is used.
New credential types may be defined as per needs of a country.
This service creates request for credential issuance.
Key Manager encrypts/decrypts data.
The Auth Adapter integrates with KeyCloak for authentication.
This job will feed the existing UIN/ VID identity information to the newly deployed IDA instance.
This is a one-time job that populates salts that are used to hash and encrypt data for Identity and VID services. This job must be executed before deploying these services. The following tables are populated:
uin_hash_salt in mosip_idrepo DB.
uin_encrypt_salt in mosip_idmap DB.
To know more about the developer setups, read:
Also, retrieves and updates status.
encrypts/decrypts data.
stores/retrieves biometrics and demographic documents.
retrieves online verification partners to issue credentials.
publishes events related to UIN updation and auth type status updates.
creates datashare url for sharable attributes.
Default credential types provided as part of are given below:
These types are defined in of .
In the MOSIP sandbox, the job is run .
Refer to .
