Components - eSignet
Connecting secure components for seamless identity verification.
Last updated
Was this helpful?
Connecting secure components for seamless identity verification.
Last updated
Was this helpful?
The image below represents a block diagram of eSignet, illustrating various components, layers, and external systems that work together to provide secure identity verification.
Clients utilizing OpenID Connect within the OAuth 2.0 framework are commonly referred to as Relying Parties (RPs).
In the case of VC issuance, they are simply OAuth 2.0 clients. To ensure enhanced security, eSignet exclusively supports confidential clients.
This is the user interface component of eSignet, developed using React JS. Its main functionality is to handle user authentication and obtain user consent. eSignet UI seamlessly integrates with the UI REST endpoints provided by esignet-service.
One notable feature of the eSignet UI is its support for multiple languages.
eSignet UI also offers QR code-based login with support for multiple digital wallets.
In addition, eSignet UI is compatible with MOSIP SBI 2.0 for biometric capture.
Furthermore, the eSignet UI provides flag-based captcha validation for OTP login.
This service is the primary backend Spring Java application that incorporates various layers and integrates with other components mentioned on this page.
Core components: The eSignet core library is used to manage core service interfaces, constants, exceptions, validators, and utility methods.
Service layer: This layer represents the implementation of the interfaces defined in the eSignet core library. Each protocol implementation is a separate service, such as the complete OIDC protocol implementation being part of the oidc-service and VCI protocol implementations residing in the vci-service.
Service modules utilize caching to enhance transaction access and update speeds, as well as to prevent the need for persistent storage of transaction details.
Persistent storage is only used for OIDC client registration details.
Kafka is employed to support asynchronous operations during wallet-based logins.
Rest APIs: The eSignet-service module exposes REST endpoints for the functionality implemented in the service layer modules.
Key Manager
Key Manager is used for secure key management and cryptography functionalities required by the eSignet service component.
It can be integrated with an HSM (hardware security module) for the secure storage of keys.
Typically, Key Manager is run as a service, but it is used as a library in the eSignet Service to minimize the effort of managing extra containers.
It depends on the data layer for maintaining the metadata on keys.
Plugins: Integration points with external systems are designed to be pluggable, allowing easy integration with any ID system. The pluggable integration points are as follows:
The ID System is a fundamental identity repository that stores demographic and biometric details (if applicable).
Storage Options: This can be a database or a dedicated system.
Verification & Data Sharing: Facilitates identity verification and enables secure data exchange with eSignet.
The Systems depend on identity providers, such as eSignet, to authenticate and verify the identities of users before granting them access to protected resources or services.
are software-based platforms used to securely store and share the certified credentials of the wallet holder. Stored credentials can be used for login with the eSignet, once the credentials are binded with the RSA key pair and the corresponding public key is shared with eSignet.
To know more about the key binding process please refer to .
Lastly, the landing page of the eSignet UI showcases the available endpoints.
- for identity verification
- for auditing all events
- for key binding of a user and wallet
All plugin interfaces are defined in the module.
The provides a user-friendly registration interface that allows users to securely create and manage accounts.
