Release Name: CTK 1.4.0
Support: Stable Release
Release Date: 15th April, 2024
The 1.4.0 version of CTK includes the following new features:
New Features in CTK 1.4.0 release
Quality Assessment Report is now available for Quality Assessment Collections. This report is eligible for review, similar to the Compliance Collection report.
Added a new CTK Landing page
Added Terms & Conditions consent popup for partners during login. If a partner does not provide consent, they will be automatically logged out.
SBI Testcases Enhancements
Added a negative SBI testcase SBI1196 where Discover request attributes are in UPPER CASE
Added testcases(SBI1197, SBI1198 and SBI1199) where bioSubTypes is optional in RCapture request
Enhanced all SBI schemas by adding "Additional Properties" as "false" in all nested objects as well. This will disallow any extra attributes at nested levels.
Community reported issue in the CTK UI GitHub repository is fixed - Android SBI CTK Check Device Status failed: SBI1028, SBI1029
In the trust validation process, we’ve now incorporated an additional check for the Organization Name. This check involves verifying both the logged-in user’s organization and the Subject Organization specified in the certificate. By doing so, we enhance the security and reliability of our validation procedures.
Responses from SBI RCapture will now be encrypted and stored in the CTK database.
In response to a community-reported issue, CTK now sends the ‘previousHash’ as the SHA256 hash of an empty UTF-8 string, rather than simply an empty string.
The attributes, "requestedScore" and "qualityScore" currently support floating point numbers in CTK schemas and testcases.
ABIS Testcases Enhancements
Added new ABIS DataShare related testcases ABIS3030, ABIS3031. ABIS3031 is inactive in this release since it needs some changes in kernel-auth-adapter.
Enhanced all ABIS schemas by adding "Additional Properties" as "false" in all nested objects as well. This will disallow any extra attributes at nested levels.
SDK Testcases Enhancements
Enhanced all SDK schemas by adding "Additional Properties" as "false" in all nested objects as well. This will disallow any extra attributes at nested levels.
Technical Enhancements
Added a Batch Job for Archival of oldest X test runs per collection to an archive table. This X is configurable.
API documentation
Create separate repository for CTK test cases.
CTK 1.4.0 test with latest released code of Mock MDS, Mock SDK and Mock ABIS
Capture BQAT version and other details in Quality Assessment Report
Fixed bugs identified in Security Testing of CTK
Artifactory: mosipid/artifactory-ref-impl: 1.2.0.1
Audit manager: mosipid/kernel-auditmanager-service: 1.2.0.1-B1
Auth Manager: mosipid/kernel-authmanager: 1.2.0.1-B1
Key Manager: modipid/kernel-keymanager-service: 1.2.0.1-B1
Partner Management: mosipid/partner-management-service: 1.2.0.1-B1
KeyCloak: mosipid/keycloak-init: 1.2.0.1-B1
Postgres: mosipid/postgres-init: 1.2.0.1-B1
Config Server: config-server: mosipid/config-server: 1.1.2
Notification Service: mosipid/kernel-notification-service: 1.2.0.1-B1
ClamAV: clamav/clamav: latest
MinIO
Post installation, follow the setup steps available here.
Repositories | Tags Released |
---|---|
mosip-compliance-toolkit
mosip-compliance-toolkit-ui
compliance-toolkit-batch-job
compliance-toolkit-testcases
mosip-config
The scope of testing revolved around verifying the compliance of the product as per the specifications published by MOSIP using the below devices:
The Windows Compliance tool kit was tested with the below specifications:
ABIS (Automated Biometric Identification System) Specifications were tested with Fingerprint, Iris and Face modalities as per MOSIP ABIS API specifications.
Secure Biometric Interface (SBI) with Compliance testcases collection and Quality Assessment testcases collection on below modalities
Registration devices for Iris, Face and Fingerprint
Authentication devices for Iris, Face and Fingerprint
Biometric SDK
Quality Check
Match
Extraction
Conversion
The Android Compliance tool kit app v1.4.0 was tested with the below specifications:
Secure Biometric Interface (SBI) with Compliance testcases collection and Quality Assessment testcases collection on below modalities
Registration devices for Iris, Face and Fingerprint
Authentication devices for Iris, Face and Fingerprint
MOSIP interfaces with an Automated Biometric Identification System (ABIS) to perform de-duplication of a resident's biometric data. A country may use multiple ABISs for the same biometric data and evaluate the best ABIS based on de-duplication quality. ABIS is used for 1:N de-duplication. For 1:1 authentication, Biometric SDK is used. MOSIP does not recommend using an ABIS for 1:1 authentication.
Test cases have been tested with MOSIP mock ABIS for compliance with the MOSIP specifications across 29 test cases.
Out of scope: Real ABIS testing in CTK 1.4.0
The Secure Biometric Interface (SBI) is used to interface with biometric devices. The compliance tool kit was tested to ensure that the interface built by the device provider is following the specs and security rules defined in the SBI spec. The device hardware security features are not tested as part of compliance tool kit.
The ‘Android CTK app v1.4.0’ with ‘MOSIP Android Mock SBI’ has been tested for compliance with the specifications. Test cases specific to quality and user interactions have been tested with MOSIP Android mock SBI.
The Android CTK app v1.4.0
with MOSIP Android Mock SBI
has been tested for compliance with the specifications. Test cases specific to quality and user interactions have been tested with MOSIP Android mock SBI and real registration face SBI.
The Windows CTK 1.4.0 with MOSIP windows Mock SBI
has been tested for compliance with the specifications.
The Windows CTK 1.4.0 with MOSIP windows Mock SBI
has been tested for compliance with the specifications.
Out of scope: Real devices testing on Windows and android CTK v1.4.0.
The SDK implementation has been tested to support quality check, match, extraction, and conversion of biometrics. Test cases have been tested with MOSIP mock SDK.
Out of scope: Segmentation testing and Real SDK testing.
mosipqa/compliance-toolkit-batch-job:1.4.0
mosipqa/compliance-toolkit-service:1.4.0
mosipqa/compliance-toolkit-ui:1.4.0
mosipqa/postgres-init:develop
mosipid/config-server:1.1.2
mosipid/kernel-auditmanager-service:1.2.0.1-B1
mosipid/kernel-auth-service:1.2.0.1-B2
mosipqa/authentication-internal-service:release-1.2.0.1
mosipqa/authentication-otp-service:release-1.2.0.1
mosipqa/authentication-service:release-1.2.0.1
mosipid/kernel-keymanager-service:1.2.0.1-B2
mosipqa/keycloak-init:develop
mosipid/partner-management-service:1.2.0.1-B3
mosipqa/partner-onboarder:develop
mosipid/kernel-notification-service:1.2.0.1-B1
Currently, ABIS partners can successfully create SBI and SDK projects in CTK 1.4.0, although role-based constraints to restrict this functionality is planned for future release
Scenarios
Mock ABIS
Total
28
Passed
27
Pending
0
Failed
0
NA
1
Test Rate (%)
100%
Pass Rate (%)
100%
Scenarios
Finger
Iris
Face
Total
35
27
41
Passed
35
27
41
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
90%
100%
Scenarios
Finger
Iris
Face
Total
49
26
45
Passed
49
26
45
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
Scenarios
Finger
Iris
Face
Total
35
27
41
Passed
35
27
41
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
Scenarios
Finger
Iris
Face
Total
55
29
48
Passed
55
29
48
Pending
0
0
0
Failed
0
0
0
Test Rate (%)
100%
100%
100%
Pass Rate (%)
100%
100%
100%
Scenarios
With Mock SDK
Total
65
Passed
65
Pending
0
Failed
0
Test Rate (%)
100%
Pass Rate (%)
100%