GitHubCommunityWhat's NewContact Us
Edit

Principles

Core principles that define eSignet.

eSignet is designed with the architectural principles mentioned below. These architecture principles are core to developing the system's features and greatly influence how and why specific software design patterns are used.

Data Privacy

eSignet prioritizes user privacy by minimizing data exposure and ensuring secure interactions:

  • No PII Data Storage by eSignet: eSignet does not store any personally identifiable information (PII); sensitive data is processed transiently for authentication and never retained.

  • Privacy-Enabled Token (PSUT): Instead of sharing user IDs, eSignet issues a unique Partner Specific User Token (PSUT) for each user-relying party pair.

  • Protection of Sensitive Data: Sensitive information is never stored or logged in clear text.

  • User Controlled Consent: Users have full control over what data is shared with relying parties.

No Vendor Lock-in

eSignet is built to be vendor-neutral and open-source, promoting maximum flexibility, interoperability, and independence:

  • Open Standards Across the Stack eSignet adheres to open standards across its entire architecture, enabling seamless integration with a wide range of identity systems and infrastructures.

  • No Dependence on Proprietary Solutions Organizations are free to use their preferred biometric devices, software components, and infrastructure without being tied to a specific vendor or ecosystem.

  • Open Source Foundation As an open-source product, eSignet provides full transparency and avoids proprietary lock-in, allowing adopters to customize, extend, and audit the solution based on their requirements.

Commodity Computing

eSignet is optimized for cost-efficiency and scalability:

  • Containerized Backend: All eSignet backend services run as Docker containers, eliminating dependencies on specialized hardware or specific cloud providers.

  • Multi-Platform Support: It can be deployed on any general-purpose virtual machine (VM) that supports Docker.

  • Avoids Vendor Lock-in: Organizations are free to use their existing cloud or on-premise infrastructure.

Secure By Design

Security is a core principle of eSignet, ensuring end-to-end protection:

  • Trusted Integrations: eSignet only integrates with verified and trusted applications.

  • Fraud Prevention: Authentication is tied to specific transactions, reducing the risk of unauthorized access.

  • Centralized Key Management: A robust key management system ensures secure cryptographic operations.

  • API Security: All the data modification APIs (Client management end points) are protected using OAuth 2.0, ensuring secure access control.

All state-changing APIs are protected with OAuth 2.0, enforcing authenticated and authorized access.

Last updated

Was this helpful?