> For the complete documentation index, see [llms.txt](https://docs.esignet.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.esignet.io/readme/principles.md). # Principles eSignet is designed with the architectural principles mentioned below. These architecture principles are core to developing the system's features and greatly influence how and why specific software design patterns are used. #### Data Privacy eSignet prioritizes user privacy by minimizing data exposure and ensuring secure interactions: * **No PII Data Storage by eSignet:** eSignet does not store any personally identifiable information (PII); sensitive data is processed transiently for authentication and never retained. * **Privacy-Enabled Token (PSUT):** Instead of sharing user IDs, eSignet issues a unique **Partner Specific User Token (PSUT)** for each user-relying party pair. * **Protection of Sensitive Data:** Sensitive information is never stored or logged in clear text. * **User Controlled Consent:** Users have full control over what data is shared with relying parties. #### No Vendor Lock-in eSignet is built to be **vendor-neutral** and **open-source**, promoting maximum flexibility, interoperability, and independence: * **Open Standards Across the Stack** eSignet adheres to open standards across its entire architecture, enabling seamless integration with a wide range of identity systems and infrastructures. * **No Dependence on Proprietary Solutions** Organizations are free to use their preferred biometric devices, software components, and infrastructure without being tied to a specific vendor or ecosystem. * **Open Source Foundation** As an open-source product, eSignet provides full transparency and avoids proprietary lock-in, allowing adopters to customize, extend, and audit the solution based on their requirements. #### Commodity Computing eSignet is optimized for cost-efficiency and scalability: * **Containerized Backend:** All eSignet backend services run as **Docker containers**, eliminating dependencies on specialized hardware or specific cloud providers. * **Multi-Platform Support:** It can be deployed on any general-purpose **virtual machine (VM)** that supports Docker. * **Avoids Vendor Lock-in:** Organizations are free to use their existing cloud or on-premise infrastructure. #### Secure By Design Security is a core principle of eSignet, ensuring end-to-end protection: * **Trusted Integrations:** eSignet only integrates with verified and **trusted applications**. * **Fraud Prevention:** Authentication is tied to specific transactions, reducing the risk of unauthorized access. * **Centralized Key Management:** A robust key management system ensures secure cryptographic operations. * **API Security:** All the data modification APIs (Client management end points) are protected using **OAuth 2.0**, ensuring secure access control. All state-changing APIs are protected with OAuth 2.0, enforcing authenticated and authorized access. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.esignet.io/readme/principles.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.