In Belgium, BOSA, the governmental unit for Digital Transformation, has developed secure digital ‘keys’ for citizens to communicate with public bodies. The middleware for the eID is released as open source and contributions are active from the community.
BOSA is the Federal Public Service Policy and Support in Belgium, formerly known as Fedict. BOSA has a unit for digital transformation which supports the government and federal organisations in their digital transformations:
The DG (unit for digital transformation, ed) is the driving force behind the evolution and the digital reforms of the federal government. This DG provides advice and develops projects in connection with the new technologies, with particular attention for citizens and businesses.
The unit has a GitHub page of 60 repositories, with varying projects, in line with its responsibilities: web content management, identification & security, data exchange, infrastructure, and other services. BOSA develops in open source, with pull-requests and issues open from any community member, which are just some benefits for open source type of development. In this way the unit can benefit from the open source principle, which gives more spotlight on the code and thereby faster identification of mistakes and security issues.
A notable project of BOSA is the eID (electronic identification) middleware. In Belgium, the national identification cards have an integrated chip that record all personal data. Citizens have to download the eID software and acquire a card reader, then, thanks to the eID middleware, one can carry out multiple electronic transactions. Middleware means that the component is neither a part of the operative system, nor of the user interface, rather, it is in-between. The eID middleware enables citizens to:
- Communicate with secure websites that require eID authentication
- Sign documents and emails using the eID
- Using the viewer, read the identity data on eID cards, verify their validity, and store them for future usage
- Using the provided API, do all of the above in custom applications.
The eID solution is intended to provide security for identification between citizens and public organisations, and provide guides for when a citizen should act in one’s own name or can act in the name of another, such as one’s child. It is therefore extremely important that contributors in the open source repository help finding bugs.
The project is released on a copyleft license LGPL-3.0, which allows for studying, sharing, modifying, and using for commercial and private use. The choice of open source for the eID is based on the willingness to target developers. Other governments are also welcomed to fork the project to adapt to their own national eID schemes, and thereby further enhance transparency.
Final take-aways
- Belgium has introduced digital keys for the interaction between citizens and the public.
- The source code for the middleware for the digital identification is public on Github.
- The unit for digital transformation also works with web content management, data exchange, infrastructure etc.