The Complete Magazine on Open Source

Government leverages open source to build DigiLocker for Indian citizens

SHARE
/ 7949 0

Digilocker

DigiLocker is an initiative by the government to offer Indian citizens a free platform to store and access important documents. The platform uses several open source technologies to deliver a mass solution and contributes back to the ever-growing community.

As the world is moving towards the concept of digital government and e-governance, Prime Minister Narendra Modi has sketched out his vision for the Digital India model. This envisages transforming India into a digitally empowered society. DigiLocker is perhaps the government’s largest project based on open source technologies. It has already attracted over two million Indians who have uploaded their documents on the dedicated cloud storage space that is available for free.

“DigiLocker is targeted at paperless governance. It is a platform to issue and verify certificates and documents digitally, and thus eliminate the use of physical documents,” says Debabrata Nayak, additional director, National e-Governance Division (NeGD).

A small team behind a big project

Nayak is leading an in-house development team of just around 14 people who have developed DigiLocker. The team includes some government personnel as well as individuals from private firms.

“Our technical team is a mix of people with a background in PHP, Java, .NET and Python, and we prefer those with previous experience in open source technologies. We have individuals from various domains such as the government, banking, insurance, services and products,” Nayak says.

The team collectively contributed to a robust solution to ultimately enable paperless governance. Unlike a traditional cloud storage solution like Dropbox or Google Drive, DigiLocker comes in two separate parts. One part is designed to store links to documents that are issued to you by the government agencies that have signed up with DigiLocker, while the other can be used to upload any legacy or old documents that you wish to. There is also 1GB of space to store documents on the cloud.

Apart from various multi-skilled engineers, the team at NeGD has Amit Ranjan, who co-founded SlideShare, which was recently acquired by Microsoft-owned LinkedIn. Ranjan brings the spirit of the startup to DigiLocker.

Nayak feels that finding the right talent for open source development is quite easy nowadays but searching for open source contributors is still difficult. “The culture of actively contributing to open source projects has yet to become mainstream in India among the IT community,” he explains.

Multiple components under one roof

DigiLocker sports three major components – a repository, an access gateway and cloud-based dedicated personal storage. The repository is used to archive e-documents, whereas the gateway provides a secure mechanism for users to access documents from various online repositories, and the cloud storage gives space to store documents on the Web.

DigiLocker

The way DigiLocker works

Building a solution for the masses is not an easy task for any team. And the people at NeGD, too, faced many challenges while designing DigiLocker.

“Although the open source projects provide you ready solutions, you have to own them completely to be able to scale them for millions of users,” says Ranjan, while describing the prime challenge in deploying open source solutions for DigiLocker.

To solve the problem of scale, the NeGD team divided the entire project into certain phases. “The phases provide concrete goals regarding the number of users and files. Additionally, the infrastructure is constantly monitored, adjusted and fine-tuned with every major release. Scaling an application is an ongoing process, and needs constant changes in architecture and the solutions used. At the same time, we realise that every primary issuer on DigiLocker brings unique challenges, and we learn new lessons now and then,” Ranjan states.

Security measures to deliver a safe and secure platform

DigiLocker comes with Aadhaar integration to offer citizens a secured solution to store e-documents online. Also, there is the eSign option to let users self-attest their documents. The NeGD team uses some other security measures to make DigiLocker a safe and secure platform for the public.

“We are taking all the precautionary measures to ensure data is protected and uncompromised,” Ranjan asserts. The platform follows the OWASP (Open Web Application Security Project) security standards and guidelines. Additionally, there is a 256-bit SSL encryption layer on the server that is hosted in an ISO 27001 security-certified data centre. Data is regularly backed up with proper redundancy, and a one time password (OTP) is generated at the time of each sign-up to authenticate users. Security audits have also been conducted by a recognised audit agency to ensure safety and security.

“We follow standard software development practices of uniform coding standards, guidelines and reviews. Every product release is reviewed and tested internally for security vulnerabilities before it is deployed,” says Ranjan.

Open source technologies power this solution for the masses

DigiLocker is based on open source platforms including PHP, Python and Node.js. On the server front, there is Nginx and Apache, while MonoDB is used to enable the gateway access and MariaDB is deployed for user account related metadata.

“Open source technology gives you the freedom to try, test and scale your solution, one step at a time. One has so much choice of open source products and frameworks to choose from nowadays,” says Amit Jain, product manager.

The entire platform that brings the cloud storage solution to millions of Indian citizens is based on ownCloud Server. In fact, DigiLocker is supposedly the largest installation of ownCloud Server.

“With over two million users, DigiLocker is the largest installation of ownCloud Server worldwide. This demonstration of the capability of community software has created excitement in the ownCloud community. We are in constant touch with the ownCloud team and provide inputs for the community from time to time. We are also working on making DigiLocker source code available to the community under open source license,” says Amit Savant, technical product manager, NeGD.

Instead of proprietary solutions, the team led by Nayak opted for open source technologies to easily scale DigiLocker. “It would have been a mammoth task to deploy a proprietary solution of the scale of DigiLocker, which is meant for a billion people, if it succeeds,” Nayak says.

As the number of users grows, the NeGD team aims to scale up DigiLocker using more open source solutions. “Scaling up the application will be a constant endeavour with the growing number of issuers and requestors in the DigiLocker ecosystem. We are always experimenting with newer technologies that will help us make DigiLocker better,” Savant says.

The platform already has frameworks like Nginx and Memcached that offer high scalability. However, the team at NeGD’s New Delhi headquarters is planning to expand its existing coverage by deploying more community-based technologies.

Savant says there are plans to use only MongoDB for the gateway engine of the platform. “We have already developed an academic repository for DigiLocker, using MongoDB, and have developed the necessary skills within the team. We now think we are ready to take these skills to the next level,” he adds.

In addition to the open source NoSQL database for the gateway, the team is set to implement an OpenStack-based cloud for the dynamic computing environment. Deployment of GlusterFS—apart from RabbitMQ for messaging and GearMan for backend job processing—is in the pipeline.

“Open source technologies are better suited for government operations. These technologies can be customised and scaled in-house to suit your requirements. You are not locked in with one software vendor for the life of a project,” Nayak concludes.