Signing up for a new credit card; Logging in to HealthHub to check your vaccination status; Filling up registration forms on a kiosk. What do they have in common? All these processes have been simplified with the advent of Singpass services. The days of manually filling up forms are over as creating a new account is as easy as just one click of a button. Likewise, one no longer has to manually key in credentials for logging into a government website. All it takes is just a scan of the QR Code using your Singpass mobile app and Voilà, you are now logged in to the system and free to use its services.
The pitfalls of implementing Singpass Services
As convenient and seamless as it seems from an end user’s perspective, it is not the same for the developers who were integrating their application to enable Singpass services. The whole implementation process can be tough and tedious as it demands knowledge and skills from various domains, including but not limited to authentication protocols like OpenID Connect (OIDC) and 0Auth2.0, Public Key Infrastructure (PKI), Cryptography, and Web Technology.
The implementation of just one Singpass service could already take up a significant amount of time, such as understanding the concepts involving the relevant services. However, Netrust’s Singpass Authentication Module (SAM) allows a business application to integrate directly via its simple REST API without worrying about complying with Singpass’ standards and requirements.
My colleague Harpreet, discussed the general functionalities of SAM and its involvement in supporting Singpass in his recent blog post titled ‘Incorporating Singpass into Your Digital Services’. Let us further dive into how SAM fulfills the technical requirements of Singpass.
Technical and Security requirements from Singpass
Referencing the diagram, in the out-of-band interactions with Singpass, knowledge of technology such as JSON Web Token (JWT), JSON Web Keys (JWK), and JSON Web Key Store (JWKS) is required. A business application is required to handle cryptographic functions and processes like signing, verification, encryption, and decryption of the JWTs.
The cryptographic keys involved are the Elliptical Curve (EC) keys. To provide ease of key exchanges, both parties (Client and Singpass) also have to set up a Public Accessible JSON Web Key Set (JWKS) endpoint and retrieve the other parties’ public keys for cryptographic purposes. This allows key rotations to be done with minimal downtime across all parties.
What does Netrust’s Singpass Authentication Module (SAM) do?
With that said, SAM ticks all the new requirement changes and implementation as it hosts the JWKS endpoints and provides an automated exchange of the signing and encryption keys involved.
Apart from this basic functionality, SAM is also a one-stop solution that supports the enablement of multiple Singpass services like Login with Singpass/Corppass, MyInfo, MyInfoBiz, and Verify. This allows business applications the flexibility of integrating with multiple Singpass services at present or to do so in the future.
Over the years since Singpass services went live, there have been multiple iterations to the Singpass service to improve processes, workflow and security. An example is the authentication protocol migration from (SAML) to National Digital Identity (NDI) OIDC and Singpass Corppass (SPCP) OIDC to NDI OIDC. It is also important to note that different Singpass services are currently using different authentication protocols, e.g. MyInfo on SPCP OIDC and login with Singpass on NDI OIDC. As such, maintaining the differing implementations across the different services is a resource-consuming task. Clients can save themselves the trouble of constantly updating their codes to fulfil the ever-changing requirements of Singpass with SAM. With the Singpass API definition changes being transparent to the applications, minimal to no changes are required for applications.
If you are looking to improve your eServices’ process and workflow by incorporating Singpass services with minimal effort, SAM is your go-to solution. SAM will take care of all the out-of-band integration and supports all the latest technology and security requirements, providing the ease for clients to constantly keep up with the changes.
Over the years, Netrust has worked closely with Singpass as a partner and is vastly experienced with the integration of its services. We have successfully helped both clients in the public and private space to enable their business application’s consumption of Singpass services across different environments (On-premise, commercial, and government cloud platforms.
Should you have any further queries regarding any of the Singpass service integration or Singpass Authentication Module (SAM), do contact us here.
Follow us on LinkedIn for the latest happenings/updates.
References:
https://api.singpass.gov.sg/library/login/developers/overview-at-a-glance
https://www.netrust.net/2021/12/01/incorporating-singpass-into-your-digital-services/
https://api.singpass.gov.sg/library/verify/business/introduction
https://api.singpass.gov.sg/library/login/business/introduction
https://api.singpass.gov.sg/library/myinfo/business/introduction
https://api.singpass.gov.sg/library/myinfobiz/business/introduction