<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>Sign with Singpass Archives - Netrust</title>
	<atom:link href="https://www.netrust.net/blog/category/sign-with-singpass/feed/" rel="self" type="application/rss+xml" />
	<link>https://www.netrust.net/blog/category/sign-with-singpass/</link>
	<description>Netrust</description>
	<lastBuildDate>Wed, 24 Sep 2025 04:15:30 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://www.netrust.net/wp-content/uploads/2021/05/Netrust-favicon-01.png</url>
	<title>Sign with Singpass Archives - Netrust</title>
	<link>https://www.netrust.net/blog/category/sign-with-singpass/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>OIDC vs OAuth2.0</title>
		<link>https://www.netrust.net/blog/oidc-vs-oauth2-0/</link>
		
		<dc:creator><![CDATA[Shan Chin Ding]]></dc:creator>
		<pubDate>Wed, 24 Sep 2025 04:15:30 +0000</pubDate>
				<category><![CDATA[Cyber Security]]></category>
		<category><![CDATA[Sign with Singpass]]></category>
		<guid isPermaLink="false">https://www.netrust.net/?p=12097</guid>

					<description><![CDATA[<p>In today’s digital environment, making sure authentication and authorisation are handled securely is essential for any modern application. Two major standards that help solve these challenges are OAuth 2.0 (Open Authorisation) and OpenID Connect (OIDC). Although they are often discussed together and may seem similar at first glance, it’s important, especially for developers, system architects, and security teams, to understand the</p>
<p>The post <a href="https://www.netrust.net/blog/oidc-vs-oauth2-0/" data-wpel-link="internal">OIDC vs OAuth2.0</a> appeared first on <a href="https://www.netrust.net" data-wpel-link="internal">Netrust</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p>In today’s digital environment, making sure authentication and authorisation are handled securely is essential for any modern application. Two major standards that help solve these challenges are OAuth 2.0 (Open Authorisation) and OpenID Connect (OIDC). Although they are often discussed together and may seem similar at first glance, it’s important, especially for developers, system architects, and security teams, to understand the key differences between them, since each serves a unique role. In this blog, we will examine the differences between the two standards, as one of them has been adopted by Singpass as part of its digital identity ecosystem.</p>
<p><strong><img fetchpriority="high" decoding="async" class="alignnone size-full wp-image-12101" src="https://www.netrust.net/wp-content/uploads/2025/09/shutterstock_2465677723.jpg" alt="digital environment, authentication and authorisation OIDC vs OAuth2.0" width="500" height="282" srcset="https://www.netrust.net/wp-content/uploads/2025/09/shutterstock_2465677723.jpg 500w, https://www.netrust.net/wp-content/uploads/2025/09/shutterstock_2465677723-300x169.jpg 300w" sizes="(max-width: 500px) 100vw, 500px" /></strong></p>
<p><strong>Why is understanding the differences so important? </strong></p>
<p>Without a proper understanding of both, it could lead to misapplying the protocols—such as using OAuth for authentication without OIDC—which can introduce serious security vulnerabilities like impersonation attacks. This misunderstanding may also lead to flawed or insecure implementations. A clear separation of concerns between authentication and authorisation not only helps in choosing the correct protocol but also supports the development of scalable, maintainable architectures. It ensures reliable integration with identity providers (IdPs), social login platforms, and federated identity systems.</p>
<p><strong>Let&#8217;s now examine the key differences between the two standards.</strong></p>
<p>OAuth 2.0 is an authorisation framework that allows third-party applications to access a user’s resources with limited permissions without requiring direct access to the user’s credentials. Its primary role is to handle authorisation, not authentication. As such, it does not provide any user identity information. The protocol issues an Access Token, which grants access to protected resources, but it does not define or include an ID Token. OAuth 2.0 is best suited for use cases where an application needs to interact with APIs or access user data on behalf of the user.</p>
<p>In contrast, OpenID Connect (OIDC) is an identity layer built on top of OAuth 2.0 that adds standardised authentication capabilities. It enables clients to verify a user&#8217;s identity and securely retrieve basic profile information in a consistent, interoperable way. OIDC introduces the ID Token, a JSON Web Token (JWT) that contains identity claims such as the user&#8217;s name, email, and other profile details. Unlike OAuth 2.0, which only issues an Access Token, OIDC provides both an Access Token and an ID Token, with the latter specifically intended for identity verification. OIDC is ideal for scenarios where applications need to authenticate users and access their personal profile data.</p>
<p><strong>Which Protocol is right for you?</strong></p>
<p>Selecting the right protocol depends on the purpose your application is meant to serve. Here are some general guidelines to help you determine whether OAuth 2.0 or OIDC is the better fit. If your application’s primary focus is to manage access to user resources without needing to confirm who the user is, then OAuth 2.0 is the appropriate choice. It is ideal when authentication is handled elsewhere, and all you need is secure access control using tokens, especially in scenarios involving APIs or backend services. On the other hand, if your application requires user login, identity verification, or access to personal details like name and email, OpenID Connect (OIDC) is more suitable. OIDC is also the better option when implementing Single Sign-On (SSO) across multiple systems.</p>
<p><strong><img decoding="async" class="alignnone size-full wp-image-12102" src="https://www.netrust.net/wp-content/uploads/2025/09/shutterstock_448662868.jpg" alt="digital environment, authentication and authorisation OIDC vs OAuth2.0" width="500" height="337" srcset="https://www.netrust.net/wp-content/uploads/2025/09/shutterstock_448662868.jpg 500w, https://www.netrust.net/wp-content/uploads/2025/09/shutterstock_448662868-300x202.jpg 300w" sizes="(max-width: 500px) 100vw, 500px" /></strong></p>
<p><strong>Singpass has adopted the OpenID Connect (OIDC) protocol.</strong></p>
<p>To modernise how users authenticate across digital services in Singapore, Singpass uses OpenID Connect (OIDC) to ensure smoother integration for both public and private platforms through a consistent and widely accepted approach. OIDC not only helps confirm who the user is but also supports secure access to services across web and mobile environments. It introduces ID tokens that carry trusted identity details, making interactions more secure while reducing the risk of impersonation. For developers, the protocol removes complexity by offering reliable tools and predictable structures, speeding up integration. All of this makes the application able to meet growing demands around digital identity and privacy.</p>
<p>&nbsp;</p>
<p class="ai-optimize-25">Interested in learning about the basics of OpenID Connect (OIDC)? Check out this related blog <a href="https://www.netrust.net/blog/the-basics-of-openid-connect-oidc/" data-wpel-link="internal">here</a>:</p>
<blockquote class="wp-embedded-content" data-secret="bOISXXGrpZ"><p><a href="https://www.netrust.net/blog/the-basics-of-openid-connect-oidc/" data-wpel-link="internal">The Basics of OpenID Connect (OIDC)</a></p></blockquote>
<p><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted"  title="&#8220;The Basics of OpenID Connect (OIDC)&#8221; &#8212; Netrust" src="https://www.netrust.net/blog/the-basics-of-openid-connect-oidc/embed/#?secret=4FlGhha5b6#?secret=bOISXXGrpZ" data-secret="bOISXXGrpZ" width="600" height="338" frameborder="0" marginwidth="0" marginheight="0" scrolling="no"></iframe></p>
<p class="ai-optimize-26">Follow us on <a href="https://www.linkedin.com/company/netrust-pte-ltd" data-wpel-link="external" rel="external noopener noreferrer"><strong>LinkedIn</strong></a> for the latest happenings/updates.</p>
<p>The post <a href="https://www.netrust.net/blog/oidc-vs-oauth2-0/" data-wpel-link="internal">OIDC vs OAuth2.0</a> appeared first on <a href="https://www.netrust.net" data-wpel-link="internal">Netrust</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>The Basics of OpenID Connect (OIDC)</title>
		<link>https://www.netrust.net/blog/the-basics-of-openid-connect-oidc/</link>
		
		<dc:creator><![CDATA[Harpreet Singh Kang]]></dc:creator>
		<pubDate>Wed, 26 Jun 2024 01:30:19 +0000</pubDate>
				<category><![CDATA[Cyber Security]]></category>
		<category><![CDATA[Sign with Singpass]]></category>
		<guid isPermaLink="false">https://www.netrust.net/?p=11006</guid>

					<description><![CDATA[<p>Singpass login has become the de-facto option for authentication for Singapore residents. Given the ease at which a user can authenticate with Singpass, it is the obvious choice when presented with multiple login options on a site.  Singpass uses a protocol called OpenID Connect(OIDC) to achieve this seamless and secure authentication session with our applications. How exactly does your application use</p>
<p>The post <a href="https://www.netrust.net/blog/the-basics-of-openid-connect-oidc/" data-wpel-link="internal">The Basics of OpenID Connect (OIDC)</a> appeared first on <a href="https://www.netrust.net" data-wpel-link="internal">Netrust</a>.</p>
]]></description>
										<content:encoded><![CDATA[<div class="wpb-content-wrapper"><h6><div class="vc_row wpb_row vc_row-fluid position-relative has-canvas"></div><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner "><div class="wpb_wrapper"></div></div></div></a>
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			
		</div>
	</div>
</h6>
<p>Singpass login has become the de-facto option for authentication for Singapore residents. Given the ease at which a user can authenticate with Singpass, it is the obvious choice when presented with multiple login options on a site.  Singpass uses a protocol called OpenID Connect(OIDC) to achieve this seamless and secure authentication session with our applications.</p>
<p><strong><img loading="lazy" decoding="async" class="alignnone wp-image-11010 size-full" src="https://www.netrust.net/wp-content/uploads/2024/06/Log-in-with-Singpass.png" alt="Log in with Singpass OpenID Connect OIDC authentication" width="400" height="293" srcset="https://www.netrust.net/wp-content/uploads/2024/06/Log-in-with-Singpass.png 400w, https://www.netrust.net/wp-content/uploads/2024/06/Log-in-with-Singpass-300x220.png 300w" sizes="auto, (max-width: 400px) 100vw, 400px" /></strong></p>
<h6><strong>How exactly does your application use OIDC to authenticate you?</strong></h6>
<p>The OpenID Connect protocol (OIDC), is an identity protocol that builds upon the mechanisms of OAuth 2.0. OAuth 2.0 provides a resilient foundation that allows you to securely transmit JSON Web Tokens (JWT) containing your details over the internet using signatures (JSON Web Signature &#8211; JWS) and encryption (JSON Web Encryption &#8211; JWE). To provide reliable authentication, the OIDC protocol defines the attributes that should be within the JWT to identify the authenticated user as well as making it mandatory for it to be a JWS to be able to verify the source of the authentication.</p>
<h6><strong>How does OpenID Connect Work?</strong></h6>
<p>Before diving into the details, let&#8217;s familiarise ourselves with a few key terms:</p>
<p><strong>OpenID Provider (OP) or Identity Provider (IdP):</strong> A system that creates, maintains, and manages identity information and also provides authentication services to relying applications.</p>
<p><strong>Relying Party:</strong> An application or website that outsources its user authentication function to an IDP.</p>
<p><strong>Identity Token (ID token):</strong> It contains at a bare minimum an identifier for the user and information about how and when the user authenticated.</p>
<h6><strong>OpenID Connect provides three types of flows for authenticating users &#8211; implicit flow, authorisation code flow and a hybrid flow</strong></h6>
<p><strong>Implicit Flow:</strong> The ID token is returned directly to the application’s front end through the redirect URI.</p>
<p><strong>Authorisation Code Flow:</strong> The ID token is not returned directly, applications are given an authorisation code that can be consumed to retrieve the ID token from a backend server.</p>
<p><strong>Hybrid Flow:</strong> The ID token is returned directly to the application’s front end through the redirect URI along with an authorisation code.</p>
<p>Out of these, authorisation code flow is the most secure implication.</p>
<h6><strong>So how does the authorisation code flow work? </strong></h6>
<h1><img loading="lazy" decoding="async" class="alignnone wp-image-11009 size-full" src="https://www.netrust.net/wp-content/uploads/2024/06/authorisation-code-flow-work.jpg" alt="authorisation code flow work OpenID Connect OIDC Singpass login" width="789" height="600" srcset="https://www.netrust.net/wp-content/uploads/2024/06/authorisation-code-flow-work.jpg 789w, https://www.netrust.net/wp-content/uploads/2024/06/authorisation-code-flow-work-300x228.jpg 300w, https://www.netrust.net/wp-content/uploads/2024/06/authorisation-code-flow-work-768x584.jpg 768w" sizes="auto, (max-width: 789px) 100vw, 789px" /></h1>
<p>&nbsp;</p>
<ol>
<li>User lands on a page that requires them to login before they can view resources – the user clicks on the “LOGIN” button.</li>
<li>The relying party redirects to the identity provider (eg. Singpass), specifying where the user should be redirected to after authentication along with other parameters relevant to the OIDC protocol</li>
<li>The user performs authentication on the identity provider page</li>
<li>If the login is successful, the identity provider redirects to the relying party along with an authorisation code</li>
<li>The relying party sends the authorisation code through a back channel to the identity provider’s server and receives an ID token in exchange.</li>
<li>The relying party validates the ID token and retrieves the user’s details from the token.</li>
</ol>
<h6><strong>What is the benefit of using the OIDC Protocol?</strong></h6>
<ol>
<li><strong>SSO</strong></li>
</ol>
<p>The OIDC protocol allows applications to integrate with an identity provider and perform single sign-on. This enhances the user’s experience, allowing them to log in once and access the different applications supported within the SSO session.</p>
<ol start="2">
<li><strong>Widely adopted and Standardized</strong></li>
</ol>
<p>It allows applications that support OIDC to be interoperable and easily integrated into various identity providers. Being a widely adopted standard, many libraries are available in various technologies that further simplify the integration.</p>
<ol start="3">
<li><strong>Security</strong></li>
</ol>
<p>The standard ensures that the credentials the application receives can be verified with the use of signatures to ensure that the source of the identity is legitimate. Additionally, it provides relying parties and identity providers the option to encrypt users’ credentials so that they will be secure in transit.</p>
<h6><strong>Conclusion</strong></h6>
<p>OpenID Connect enables businesses to build more secure, user-friendly applications that leverage modern authentication standards. Whether you&#8217;re building server-side applications, single-page applications, or complex hybrid systems, OpenID Connect provides the flexibility and security needed to manage user identities effectively.</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>Follow us on <a href="https://www.linkedin.com/company/netrust-pte-ltd" data-wpel-link="external" rel="external noopener noreferrer"><strong>LinkedIn</strong></a> for the latest happenings/updates.</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
</div><p>The post <a href="https://www.netrust.net/blog/the-basics-of-openid-connect-oidc/" data-wpel-link="internal">The Basics of OpenID Connect (OIDC)</a> appeared first on <a href="https://www.netrust.net" data-wpel-link="internal">Netrust</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Fast, Secure and Hassle-Free: Sign with Singpass</title>
		<link>https://www.netrust.net/blog/fast-secure-and-hassle-free-sign-with-singpass/</link>
		
		<dc:creator><![CDATA[Larry Lee]]></dc:creator>
		<pubDate>Wed, 12 Apr 2023 01:30:09 +0000</pubDate>
				<category><![CDATA[Cyber Security]]></category>
		<category><![CDATA[Digital Signing]]></category>
		<category><![CDATA[Sign with Singpass]]></category>
		<guid isPermaLink="false">https://www.netrust.net/?p=8093</guid>

					<description><![CDATA[<p>Digital signing is becoming increasingly popular as more and more transactions move online. It is a secure and efficient way to sign documents electronically, saving time and reducing the need for physical signatures. In Singapore, Singpass provides a solution for digital signing, allowing users to sign documents digitally with ease. In this blog post, we will discuss how to use Singpass</p>
<p>The post <a href="https://www.netrust.net/blog/fast-secure-and-hassle-free-sign-with-singpass/" data-wpel-link="internal">Fast, Secure and Hassle-Free: Sign with Singpass</a> appeared first on <a href="https://www.netrust.net" data-wpel-link="internal">Netrust</a>.</p>
]]></description>
										<content:encoded><![CDATA[<div class="wpb-content-wrapper"><h6><div class="vc_row wpb_row vc_row-fluid position-relative has-canvas"></div><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner "><div class="wpb_wrapper"></div></div></div></a>
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			
		</div>
	</div>
</h6>
<p>Digital signing is becoming increasingly popular as more and more transactions move online. It is a secure and efficient way to sign documents electronically, saving time and reducing the need for physical signatures. In Singapore, Singpass provides a solution for digital signing, allowing users to sign documents digitally with ease. In this blog post, we will discuss how to use Singpass for digital signing using nSignHub and the benefits of doing so.</p>
<p><strong>What is Sign with Singpass?</strong></p>
<p>Sign with Singpass is a feature of the Singpass system that allows users to sign documents electronically. It provides a secure and convenient way to sign documents online, eliminating the need for physical signatures. Sign with Singpass uses a digital certificate to verify the identity of the signatory and ensures the integrity of the signed document.</p>
<p><img loading="lazy" decoding="async" class="alignnone wp-image-8097" src="https://www.netrust.net/wp-content/uploads/2023/04/Sign-with-Singpass-QR.jpg" alt="" width="650" height="367" srcset="https://www.netrust.net/wp-content/uploads/2023/04/Sign-with-Singpass-QR.jpg 830w, https://www.netrust.net/wp-content/uploads/2023/04/Sign-with-Singpass-QR-300x169.jpg 300w, https://www.netrust.net/wp-content/uploads/2023/04/Sign-with-Singpass-QR-768x433.jpg 768w" sizes="auto, (max-width: 650px) 100vw, 650px" /></p>
<p><strong>What is nSignHub?</strong></p>
<p><a href="https://www.netrust.net/nsignhub/" data-wpel-link="internal">nSignHub</a> is a cloud-based electronic signing workflow solution that allows users to send, sign, track and manage signature processes using a browser or mobile device.</p>
<p>It allows users to utilize the following for their workflow requirements</p>
<ul>
<li>Tracking of documents in the workflow</li>
<li>Signing using electronic, digital signatures including Sign with Singpass</li>
<li>E-Sign documents with nSignHub digital witness certificates for added security</li>
<li>Audit reports on signing activities during the workflow</li>
</ul>
<p><img loading="lazy" decoding="async" class="alignnone wp-image-8098" src="https://www.netrust.net/wp-content/uploads/2023/04/nSignHub-Dashboard.png" alt="" width="600" height="338" srcset="https://www.netrust.net/wp-content/uploads/2023/04/nSignHub-Dashboard.png 800w, https://www.netrust.net/wp-content/uploads/2023/04/nSignHub-Dashboard-300x169.png 300w, https://www.netrust.net/wp-content/uploads/2023/04/nSignHub-Dashboard-768x432.png 768w" sizes="auto, (max-width: 600px) 100vw, 600px" /></p>
<p><strong>Signing with Singpass using nSignHub!</strong></p>
<p>Signing with Singpass has never been so easy with nSignHub.<br />
Using our intuitive interface and signature selection fields, users can utilize digital signing with Singpass at a click of a button.</p>
<p><strong>Three components must be by your side before utilizing this feature</strong><br />
1. Purchase Your nSignHub Account<br />
2. Your mobile phone that has the Singpass mobile application installed<br />
3. The document that you intend to sign with</p>
<h6><span style="text-decoration: underline;"><strong>4 Easy Steps to Sign with SingPass</strong></span></h6>
<p>1. <strong>Upload</strong> your document using your nSignHub Account</p>
<p><img loading="lazy" decoding="async" class="alignnone wp-image-8100" src="https://www.netrust.net/wp-content/uploads/2023/04/Step-1-of-nSignHub-1024x855.png" alt="" width="700" height="584" srcset="https://www.netrust.net/wp-content/uploads/2023/04/Step-1-of-nSignHub-1024x855.png 1024w, https://www.netrust.net/wp-content/uploads/2023/04/Step-1-of-nSignHub-300x250.png 300w, https://www.netrust.net/wp-content/uploads/2023/04/Step-1-of-nSignHub-768x641.png 768w, https://www.netrust.net/wp-content/uploads/2023/04/Step-1-of-nSignHub.png 1282w" sizes="auto, (max-width: 700px) 100vw, 700px" /></p>
<p>2. Click on <strong>Sign With Singpass</strong> and scan the QR code with your Singpass Mobile Application</p>
<p><img loading="lazy" decoding="async" class="alignnone wp-image-8099" src="https://www.netrust.net/wp-content/uploads/2023/04/Step-2-Sign-with-Singpass.png" alt="" width="600" height="467" srcset="https://www.netrust.net/wp-content/uploads/2023/04/Step-2-Sign-with-Singpass.png 842w, https://www.netrust.net/wp-content/uploads/2023/04/Step-2-Sign-with-Singpass-300x233.png 300w, https://www.netrust.net/wp-content/uploads/2023/04/Step-2-Sign-with-Singpass-768x597.png 768w" sizes="auto, (max-width: 600px) 100vw, 600px" /></p>
<p>3. Click on <strong>Approve</strong> on your Singpass Mobile Application</p>
<p><img loading="lazy" decoding="async" class="alignnone wp-image-8102" src="https://www.netrust.net/wp-content/uploads/2023/04/Step-3-Approval-on-Singpass-App-473x1024.png" alt="" width="400" height="866" srcset="https://www.netrust.net/wp-content/uploads/2023/04/Step-3-Approval-on-Singpass-App-473x1024.png 473w, https://www.netrust.net/wp-content/uploads/2023/04/Step-3-Approval-on-Singpass-App-139x300.png 139w, https://www.netrust.net/wp-content/uploads/2023/04/Step-3-Approval-on-Singpass-App-768x1663.png 768w, https://www.netrust.net/wp-content/uploads/2023/04/Step-3-Approval-on-Singpass-App-710x1536.png 710w, https://www.netrust.net/wp-content/uploads/2023/04/Step-3-Approval-on-Singpass-App.png 946w" sizes="auto, (max-width: 400px) 100vw, 400px" /></p>
<p>4. <strong>Verify</strong> your signed document in your nSignHub account</p>
<p><img loading="lazy" decoding="async" class="alignnone size-large wp-image-8101" src="https://www.netrust.net/wp-content/uploads/2023/04/Step-4-Verify-to-Sign-1024x332.png" alt="" width="1024" height="332" srcset="https://www.netrust.net/wp-content/uploads/2023/04/Step-4-Verify-to-Sign-1024x332.png 1024w, https://www.netrust.net/wp-content/uploads/2023/04/Step-4-Verify-to-Sign-300x97.png 300w, https://www.netrust.net/wp-content/uploads/2023/04/Step-4-Verify-to-Sign-768x249.png 768w, https://www.netrust.net/wp-content/uploads/2023/04/Step-4-Verify-to-Sign.png 1461w" sizes="auto, (max-width: 1024px) 100vw, 1024px" /></p>
<p>With this feature release, we enable nSignHub users &amp; external parties to utilise Secure Electronic Signatures on nSignHub.</p>
<p>This enables them to sign using legally binding signatures on all documents when utilizing nSignHub.</p>
<p>So try out nSignHub today for your Sign with Singpass requirements for your organisation!</p>
<p>Reach out to us at <a href="https://www.netrust.net/contact-us/" data-wpel-link="internal">https://www.netrust.net/contact-us/</a> or drop us an email at <a href="mailto:sales@netrust.net">sales@netrust.net</a> now.</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>Follow us on <a href="https://www.linkedin.com/company/netrust-pte-ltd" data-wpel-link="external" rel="external noopener noreferrer"><strong>LinkedIn</strong></a> for the latest happenings/updates.</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
</div><p>The post <a href="https://www.netrust.net/blog/fast-secure-and-hassle-free-sign-with-singpass/" data-wpel-link="internal">Fast, Secure and Hassle-Free: Sign with Singpass</a> appeared first on <a href="https://www.netrust.net" data-wpel-link="internal">Netrust</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>To thine own self be true; Signing professionally using nSignBasic</title>
		<link>https://www.netrust.net/blog/to-thine-own-self-be-true-signing-professionally-using-nsignbasic/</link>
		
		<dc:creator><![CDATA[Lai Yong Xing]]></dc:creator>
		<pubDate>Wed, 15 Feb 2023 01:30:39 +0000</pubDate>
				<category><![CDATA[Cyber Security]]></category>
		<category><![CDATA[Digital Signing]]></category>
		<category><![CDATA[Sign with Singpass]]></category>
		<guid isPermaLink="false">https://www.netrust.net/?p=7593</guid>

					<description><![CDATA[<p>In William Shakespeare’s Hamlet, Act 1 Scene 3, Polonius gave his son Laertes the advice ‘This above all: to thine own self be true,’. This is advice we all can get behind, however when signing documents today your personal identity would typically get mixed up with your professional identity. What are some options available to sign documents solely, in your professional</p>
<p>The post <a href="https://www.netrust.net/blog/to-thine-own-self-be-true-signing-professionally-using-nsignbasic/" data-wpel-link="internal">To thine own self be true; Signing professionally using nSignBasic</a> appeared first on <a href="https://www.netrust.net" data-wpel-link="internal">Netrust</a>.</p>
]]></description>
										<content:encoded><![CDATA[<div class="wpb-content-wrapper"><div class="vc_row wpb_row vc_row-fluid position-relative has-canvas"></div><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner "><div class="wpb_wrapper"></div></div></div></a>
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			
		</div>
	</div>
<p>In William Shakespeare’s Hamlet, Act 1 Scene 3, Polonius gave his son Laertes the advice ‘This above all: to thine own self be true,’. This is advice we all can get behind, however when signing documents today your personal identity would typically get mixed up with your professional identity. What are some options available to sign documents solely, in your professional capacity, today?</p>
<p><img loading="lazy" decoding="async" class="alignnone wp-image-7595" src="https://www.netrust.net/wp-content/uploads/2023/02/shutterstock_1741769819-1-300x185.jpg" alt="Identity Signing personal identity " width="500" height="308" srcset="https://www.netrust.net/wp-content/uploads/2023/02/shutterstock_1741769819-1-300x185.jpg 300w, https://www.netrust.net/wp-content/uploads/2023/02/shutterstock_1741769819-1-1024x631.jpg 1024w, https://www.netrust.net/wp-content/uploads/2023/02/shutterstock_1741769819-1-768x474.jpg 768w, https://www.netrust.net/wp-content/uploads/2023/02/shutterstock_1741769819-1-1536x947.jpg 1536w, https://www.netrust.net/wp-content/uploads/2023/02/shutterstock_1741769819-1-2048x1263.jpg 2048w" sizes="auto, (max-width: 500px) 100vw, 500px" /></p>
<ul>
<li>Handwritten Signatures – Your unique drawn signature on paper, the same signature is typically used for both personal and professional capacities. Typically, your designation is written down if it is meant for work.</li>
<li>Electronic Signatures – The platform creates a digital signature (Big plus here!) to protect the document after you have applied the drawn signature. The digital signature itself does not contain information unique to yourself, and is hence not a Secure Electronic Signature (SES).</li>
<li>Sign with Singpass – Digital signatures backed by the Singpass, available if you can use Singpass Mobile. At no cost, however, it only lets you sign in your personal capacity<sup>[1]</sup>.</li>
</ul>
<p>All of these are great and are still in use today, but why settle for just these options when you can use nSignBasic to get distinct identities?</p>
<p>Netrust is Singapore’s only <a href="https://www.imda.gov.sg/regulations-and-licensing-listing/electronic-transactions-act-and-regulations/controller-of-certification-authorities/accredited-cas-in-singapore" data-wpel-link="external" rel="external noopener noreferrer">commercial IMDA-accredited CA</a>. We can issue digital identities in your personal capacity, professional capacity or even representing the organization you are working for. It can be stored in different formats such as a PFX file, in a FIPS USB token or a HSM just to name a few. Signatures are done using nSignBasic also fulfills SES requirements in the Electronics Transactions Act. For more information on nSignBasic please refer to our other blog post, <a href="https://www.netrust.net/2022/02/09/nsignbasic-the-new-face-of-document-signing/" data-wpel-link="internal">nSignBasic &#8211; The New Face of Document Signing</a>.</p>
<p>But that’s not all we have to offer. Organizations that require a large number of certificates or need certificates to be issued on demand to a system can integrate with our REST API<sup>[2]</sup>. Such use cases would typically be getting certificates issued for internal staff. In conjunction with other software, certificates can also be used to authenticate users! Who says certificates can only be used for SSL? nSignBasic is the cornerstone of your digital identity requirements, and the sky is the limit on possible use cases.</p>
<p>Get your digital identity with us now! Check out <a href="https://www.netrust.net/nsignbasic/" data-wpel-link="internal">nSignBasic</a> for more information. You can also <a href="https://www.netrust.net/nsignbasic/#1644300782351-3-4" data-wpel-link="internal">buy it online</a> immediately. For other enquiries such as a large number of certificates or getting certificates issued programmatically feel free to contact our sales team at <a href="mailto:sales@netrust.net">sales@netrust.net</a>.</p>
<p>Do you just need to get a document signed with Singpass? You can use <a href="https://nsignsg.netrust.net/" data-wpel-link="external" rel="external noopener noreferrer">nSignSG</a>, a free service from the #NetrustGivesBack initiative to get it done fuss-free.</p>
<p>&nbsp;</p>
<p>Follow us on <a href="https://www.linkedin.com/company/netrust-pte-ltd" data-wpel-link="external" rel="external noopener noreferrer"><strong>LinkedIn</strong></a> for the latest happenings/updates.</p>
<p>&nbsp;</p>
<pre>[1] Information is accurate at the time of publication.

[2] Subject to RA agreement with Netrust.</pre>
</div><p>The post <a href="https://www.netrust.net/blog/to-thine-own-self-be-true-signing-professionally-using-nsignbasic/" data-wpel-link="internal">To thine own self be true; Signing professionally using nSignBasic</a> appeared first on <a href="https://www.netrust.net" data-wpel-link="internal">Netrust</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Digital Signing &#8211; Where Do I Start?</title>
		<link>https://www.netrust.net/blog/digital-signing-where-do-i-start/</link>
		
		<dc:creator><![CDATA[Mark Lim]]></dc:creator>
		<pubDate>Wed, 14 Sep 2022 01:30:20 +0000</pubDate>
				<category><![CDATA[Cyber Security]]></category>
		<category><![CDATA[Digital Signing]]></category>
		<category><![CDATA[Life]]></category>
		<category><![CDATA[Sign with Singpass]]></category>
		<guid isPermaLink="false">https://www.netrust.net/?p=6682</guid>

					<description><![CDATA[<p>We’re on the brink of the Digital Era and soon approaching the post-Digital Era. Many things are slowly being replaced by technology. When ordering food, we will order it through food delivery applications. We book transportation through ride-hailing transport services instead of hailing a taxi from the street. Clearly, technology is an essential tool that we cannot avoid, it plays an</p>
<p>The post <a href="https://www.netrust.net/blog/digital-signing-where-do-i-start/" data-wpel-link="internal">Digital Signing &#8211; Where Do I Start?</a> appeared first on <a href="https://www.netrust.net" data-wpel-link="internal">Netrust</a>.</p>
]]></description>
										<content:encoded><![CDATA[<div class="wpb-content-wrapper"><h6><div class="vc_row wpb_row vc_row-fluid position-relative has-canvas"></div><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner "><div class="wpb_wrapper"></div></div></div></a>
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			
		</div>
	</div>
</h6>
<p>We’re on the brink of the Digital Era and soon approaching the post-Digital Era. Many things are slowly being replaced by technology. When ordering food, we will order it through food delivery applications. We book transportation through ride-hailing transport services instead of hailing a taxi from the street. Clearly, technology is an essential tool that we cannot avoid, it plays an important part in the majority of our lives because of the convenience and security it provides. Somehow, when it comes to signing there is a lack of this practice and the use of technology to perform Digital Signing.</p>
<p><span style="text-decoration: underline;"><strong>Sharing with local tertiary students</strong></span></p>
<p><img loading="lazy" decoding="async" class="alignnone size-medium wp-image-6687" src="https://www.netrust.net/wp-content/uploads/2022/08/Scan-QR-Sign-with-Singpass-300x225.jpg" alt="Scan QR Sign with Singpass" width="300" height="225" srcset="https://www.netrust.net/wp-content/uploads/2022/08/Scan-QR-Sign-with-Singpass-300x225.jpg 300w, https://www.netrust.net/wp-content/uploads/2022/08/Scan-QR-Sign-with-Singpass-768x576.jpg 768w, https://www.netrust.net/wp-content/uploads/2022/08/Scan-QR-Sign-with-Singpass.jpg 1024w" sizes="auto, (max-width: 300px) 100vw, 300px" /><img loading="lazy" decoding="async" class="alignnone size-medium wp-image-6686" src="https://www.netrust.net/wp-content/uploads/2022/08/Sharing-with-Students-on-Digital-Signing-300x225.jpg" alt="Sharing with Students on Digital Signing" width="300" height="225" srcset="https://www.netrust.net/wp-content/uploads/2022/08/Sharing-with-Students-on-Digital-Signing-300x225.jpg 300w, https://www.netrust.net/wp-content/uploads/2022/08/Sharing-with-Students-on-Digital-Signing-768x576.jpg 768w, https://www.netrust.net/wp-content/uploads/2022/08/Sharing-with-Students-on-Digital-Signing.jpg 1024w" sizes="auto, (max-width: 300px) 100vw, 300px" /></p>
<p>A conversation I had with a student from the local tertiary school during my sharing on <strong>Digital Signing &amp; Identity</strong>.</p>
<p>Student: “I have a question for you. You shared on digital signing but I am just a student and not in the working world yet. When is the right time &amp; where should I start with digital signing?”</p>
<p>Mark: “You have to start right now. From submission of your Final Year Project Reports to something as simple as a Student Acknowledgement Form. All can be digitally signed. The reasons are it is more secure and it ties a unique digital identity to the work you accomplished”.</p>
<p><span style="text-decoration: underline;"><strong>What is Digital Signing?</strong></span></p>
<p><img loading="lazy" decoding="async" class="alignnone size-medium wp-image-6684" src="https://www.netrust.net/wp-content/uploads/2022/08/Digital-Signing-Document-300x192.jpg" alt="Digital Signing Document Electronic" width="300" height="192" srcset="https://www.netrust.net/wp-content/uploads/2022/08/Digital-Signing-Document-300x192.jpg 300w, https://www.netrust.net/wp-content/uploads/2022/08/Digital-Signing-Document-1024x655.jpg 1024w, https://www.netrust.net/wp-content/uploads/2022/08/Digital-Signing-Document-768x492.jpg 768w, https://www.netrust.net/wp-content/uploads/2022/08/Digital-Signing-Document-1536x983.jpg 1536w, https://www.netrust.net/wp-content/uploads/2022/08/Digital-Signing-Document-2048x1311.jpg 2048w" sizes="auto, (max-width: 300px) 100vw, 300px" /></p>
<p>A digital signature is a unique feature embedded in a document in digital form like a fingerprint. A trusted Certificate Authority will be tasked to issue a digital certificate to the individual. The individual will then associate the digital certificate to the document to obtain a digitally signed document.</p>
<p>One key feature of digital signature is that it is used to secure digital documents. Preventing malicious personnel to tamper with digital documents received online. When a digital signature is applied to a specific document, the digital certificate is combined with the data being signed to form a unique fingerprint. These two components of the digital signature are unique, and this makes them more practical than wet signatures/electronic signature because their origin can be authenticated. This cryptographic operation helps in performing the following functions:</p>
<p>– Proving the authenticity of the document and its source<br />
– Ensure that the document has not been tampered with<br />
– Verifying the personal identity</p>
<p>If you would like to know more about the digital signature on digital documents, you could also refer to a post by my colleague Malgene: <a href="https://www.netrust.net/2022/05/25/securing-pdfs-with-digital-signatures/" data-wpel-link="internal">https://www.netrust.net/2022/05/25/securing-pdfs-with-digital-signatures/</a>.</p>
<p><span style="text-decoration: underline;"><strong>nSign Suite of Digital Signing Solutions: nSignSG</strong></span></p>
<p><a href="https://www.netrust.net/nsignsg/" data-wpel-link="internal"><strong>nSignSG</strong></a> is one of the signing solutions from <a href="https://www.netrust.net/nsign/" data-wpel-link="internal"><strong>nSign Suite</strong></a>. It is a live signing platform which is available free for the members of the public to perform digital signing with Sign with Singpass.</p>
<p>4 simple steps to Start Signing using Singpass Mobile App on <strong>nSignSG</strong>.</p>
<ul>
<li>Acknowledge</li>
<li>Upload the Document</li>
<li>Sign using SingPass Mobile App</li>
<li>Complete &amp; Download File.</li>
</ul>
<p>Related Post: <a href="https://www.netrust.net/2021/09/29/enabling-sign-with-singpass-with-nsign/" data-wpel-link="internal">https://www.netrust.net/2021/09/29/enabling-sign-with-singpass-with-nsign/</a></p>
<p>Head over to <a href="https://www.netrust.net/nsignsg/" data-wpel-link="internal"><strong>nSignSG</strong></a> to try out the Sign with Singpass service with your documents and your Singpass Mobile App.</p>
<p><img loading="lazy" decoding="async" class="alignnone size-medium wp-image-6685" src="https://www.netrust.net/wp-content/uploads/2022/08/nSignSG-Sign-with-Singpass-300x142.png" alt="nSignSG Sign with Singpass" width="300" height="142" srcset="https://www.netrust.net/wp-content/uploads/2022/08/nSignSG-Sign-with-Singpass-300x142.png 300w, https://www.netrust.net/wp-content/uploads/2022/08/nSignSG-Sign-with-Singpass-1024x484.png 1024w, https://www.netrust.net/wp-content/uploads/2022/08/nSignSG-Sign-with-Singpass-768x363.png 768w, https://www.netrust.net/wp-content/uploads/2022/08/nSignSG-Sign-with-Singpass.png 1100w" sizes="auto, (max-width: 300px) 100vw, 300px" /></p>
<p>If there are any further enquires or unique signing requirements e.g. <strong><a href="https://www.netrust.net/netrust-integration-with-singpass/" data-wpel-link="internal">Sign with Singpass integration</a></strong> and/or the <strong><a href="https://www.netrust.net/nsign/" data-wpel-link="internal">nSign Suite of Signing solution</a></strong>, do <a href="https://www.netrust.net/contact-us/" data-wpel-link="internal">contact us here</a>.</p>
<p>&nbsp;</p>
<p>Follow us on <a href="https://www.linkedin.com/company/netrust-pte-ltd" data-wpel-link="external" rel="external noopener noreferrer"><strong>LinkedIn</strong></a> for the latest happenings/updates.</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
</div><p>The post <a href="https://www.netrust.net/blog/digital-signing-where-do-i-start/" data-wpel-link="internal">Digital Signing &#8211; Where Do I Start?</a> appeared first on <a href="https://www.netrust.net" data-wpel-link="internal">Netrust</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Enhancing Your Business’ Workflow Process with Singpass Authentication Module (SAM)</title>
		<link>https://www.netrust.net/blog/enhancing-your-business-workflow-process-with-singpass-authentication-module-sam/</link>
		
		<dc:creator><![CDATA[Angus Lim]]></dc:creator>
		<pubDate>Thu, 21 Jul 2022 01:30:57 +0000</pubDate>
				<category><![CDATA[Cyber Security]]></category>
		<category><![CDATA[Sign with Singpass]]></category>
		<guid isPermaLink="false">https://www.netrust.net/?p=6379</guid>

					<description><![CDATA[<p>Signing up for a new credit card; Logging in to HealthHub to check your vaccination status; Filling up registration forms on a kiosk. What do they have in common? All these processes have been simplified with the advent of Singpass services. The days of manually filling up forms are over as creating a new account is as easy as just one</p>
<p>The post <a href="https://www.netrust.net/blog/enhancing-your-business-workflow-process-with-singpass-authentication-module-sam/" data-wpel-link="internal">Enhancing Your Business’ Workflow Process with Singpass Authentication Module (SAM)</a> appeared first on <a href="https://www.netrust.net" data-wpel-link="internal">Netrust</a>.</p>
]]></description>
										<content:encoded><![CDATA[<div class="wpb-content-wrapper"><h6><div class="vc_row wpb_row vc_row-fluid position-relative has-canvas"></div><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner "><div class="wpb_wrapper"></div></div></div></a>
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			
		</div>
	</div>
</h6>
<p>Signing up for a new credit card; Logging in to HealthHub to check your vaccination status; Filling up registration forms on a kiosk. What do they have in common? All these processes have been simplified with the advent of Singpass services. The days of manually filling up forms are over as creating a new account is as easy as just one click of a button. Likewise, one no longer has to manually key in credentials for logging into a government website. All it takes is just a scan of the QR Code using your Singpass mobile app and Voilà, you are now logged in to the system and free to use its services.</p>
<p><strong>The pitfalls of implementing Singpass Services</strong></p>
<p>As convenient and seamless as it seems from an end user’s perspective, it is not the same for the developers who were integrating their application to enable Singpass services. The whole implementation process can be tough and tedious as it demands knowledge and skills from various domains, including but not limited to authentication protocols like OpenID Connect (OIDC) and 0Auth2.0, Public Key Infrastructure (PKI), Cryptography, and Web Technology.</p>
<p>The implementation of just one Singpass service could already take up a significant amount of time, such as understanding the concepts involving the relevant services. However, Netrust’s Singpass Authentication Module (SAM) allows a business application to integrate directly via its simple REST API without worrying about complying with Singpass’ standards and requirements.</p>
<p>My colleague Harpreet, discussed the general functionalities of SAM and its involvement in supporting Singpass in his recent <strong><a href="https://www.netrust.net/2021/12/01/incorporating-singpass-into-your-digital-services/" data-wpel-link="internal">blog post</a></strong> titled ‘Incorporating Singpass into Your Digital Services’. Let us further dive into how SAM fulfills the technical requirements of Singpass.</p>
<p><strong>Technical and Security requirements from Singpass</strong></p>
<p><img loading="lazy" decoding="async" class="alignnone size-medium wp-image-6400" src="https://www.netrust.net/wp-content/uploads/2022/07/Technical-and-Security-requirements-from-Singpass-300x289.png" alt="Technical and Security requirements from Singpass" width="300" height="289" srcset="https://www.netrust.net/wp-content/uploads/2022/07/Technical-and-Security-requirements-from-Singpass-300x289.png 300w, https://www.netrust.net/wp-content/uploads/2022/07/Technical-and-Security-requirements-from-Singpass.png 602w" sizes="auto, (max-width: 300px) 100vw, 300px" /></p>
<p>Referencing the diagram, in the out-of-band interactions with Singpass, knowledge of technology such as JSON Web Token (JWT), JSON Web Keys (JWK), and JSON Web Key Store (JWKS) is required. A business application is required to handle cryptographic functions and processes like signing, verification, encryption, and decryption of the JWTs.</p>
<p>The cryptographic keys involved are the Elliptical Curve (EC) keys. To provide ease of key exchanges, both parties (Client and Singpass) also have to set up a Public Accessible JSON Web Key Set (JWKS) endpoint and retrieve the other parties’ public keys for cryptographic purposes. This allows key rotations to be done with minimal downtime across all parties.</p>
<p><strong>What does Netrust’s Singpass Authentication Module (SAM) do?</strong></p>
<p>With that said, SAM ticks all the new requirement changes and implementation as it hosts the JWKS endpoints and provides an automated exchange of the signing and encryption keys involved.</p>
<p>Apart from this basic functionality, SAM is also a one-stop solution that supports the enablement of multiple Singpass services like <a href="https://api.singpass.gov.sg/library/login/business/introduction" data-wpel-link="external" rel="external noopener noreferrer">Login with Singpass/Corppass</a>, <a href="https://api.singpass.gov.sg/library/myinfo/business/introduction" data-wpel-link="external" rel="external noopener noreferrer">MyInfo</a>, <a href="https://api.singpass.gov.sg/library/myinfobiz/business/introduction" data-wpel-link="external" rel="external noopener noreferrer">MyInfoBiz</a>, and <a href="https://api.singpass.gov.sg/library/verify/business/introduction" data-wpel-link="external" rel="external noopener noreferrer">Verify</a>. This allows business applications the flexibility of integrating with multiple Singpass services at present or to do so in the future.</p>
<p>Over the years since Singpass services went live, there have been multiple iterations to the Singpass service to improve processes, workflow and security. An example is the authentication protocol migration from (SAML) to National Digital Identity (NDI) OIDC and Singpass Corppass (SPCP) OIDC to NDI OIDC. It is also important to note that different Singpass services are currently using different authentication protocols, e.g. MyInfo on SPCP OIDC and login with Singpass on NDI OIDC. As such, maintaining the differing implementations across the different services is a resource-consuming task. Clients can save themselves the trouble of constantly updating their codes to fulfil the ever-changing requirements of Singpass with SAM. With the Singpass API definition changes being transparent to the applications, minimal to no changes are required for applications.</p>
<p><img loading="lazy" decoding="async" class="alignnone size-medium wp-image-6401" src="https://www.netrust.net/wp-content/uploads/2022/07/Summary-253x300.png" alt="Summary" width="253" height="300" srcset="https://www.netrust.net/wp-content/uploads/2022/07/Summary-253x300.png 253w, https://www.netrust.net/wp-content/uploads/2022/07/Summary.png 496w" sizes="auto, (max-width: 253px) 100vw, 253px" /></p>
<p>If you are looking to improve your eServices’ process and workflow by incorporating Singpass services with minimal effort, SAM is your go-to solution. SAM will take care of all the out-of-band integration and supports all the latest technology and security requirements, providing the ease for clients to constantly keep up with the changes.</p>
<p>Over the years, Netrust has worked closely with Singpass as a partner and is vastly experienced with the integration of its services. We have successfully helped both clients in the public and private space to enable their business application’s consumption of Singpass services across different environments (On-premise, commercial, and government cloud platforms.</p>
<p>Should you have any further queries regarding any of the <a href="https://www.netrust.net/products/iam/integration-with-singpass/" data-wpel-link="internal">Singpass service integration or Singpass Authentication Module (SAM)</a>, do <a href="https://www.netrust.net/contact-us/" data-wpel-link="internal">contact us here</a>.</p>
<p>Follow us on <a href="https://www.linkedin.com/company/netrust-pte-ltd" data-wpel-link="external" rel="external noopener noreferrer"><strong>LinkedIn</strong></a> for the latest happenings/updates.</p>
<p><strong>References:</strong><br />
<a href="https://api.singpass.gov.sg/library/login/developers/overview-at-a-glance" data-wpel-link="external" rel="external noopener noreferrer">https://api.singpass.gov.sg/library/login/developers/overview-at-a-glance</a></p>
<p><a href="https://www.netrust.net/2021/12/01/incorporating-singpass-into-your-digital-services/" data-wpel-link="internal">https://www.netrust.net/2021/12/01/incorporating-singpass-into-your-digital-services/</a></p>
<p><a href="https://api.singpass.gov.sg/library/verify/business/introduction" data-wpel-link="external" rel="external noopener noreferrer">https://api.singpass.gov.sg/library/verify/business/introduction</a></p>
<p><a href="https://api.singpass.gov.sg/library/login/business/introduction" data-wpel-link="external" rel="external noopener noreferrer">https://api.singpass.gov.sg/library/login/business/introduction</a></p>
<p><a href="https://api.singpass.gov.sg/library/myinfo/business/introduction" data-wpel-link="external" rel="external noopener noreferrer">https://api.singpass.gov.sg/library/myinfo/business/introduction</a></p>
<p><a href="https://api.singpass.gov.sg/library/myinfobiz/business/introduction" data-wpel-link="external" rel="external noopener noreferrer">https://api.singpass.gov.sg/library/myinfobiz/business/introduction</a></p>
</div><p>The post <a href="https://www.netrust.net/blog/enhancing-your-business-workflow-process-with-singpass-authentication-module-sam/" data-wpel-link="internal">Enhancing Your Business’ Workflow Process with Singpass Authentication Module (SAM)</a> appeared first on <a href="https://www.netrust.net" data-wpel-link="internal">Netrust</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Incorporating Singpass into Your Digital Services</title>
		<link>https://www.netrust.net/blog/incorporating-singpass-into-your-digital-services/</link>
		
		<dc:creator><![CDATA[Harpreet Singh Kang]]></dc:creator>
		<pubDate>Wed, 01 Dec 2021 01:30:48 +0000</pubDate>
				<category><![CDATA[Digital Signing]]></category>
		<category><![CDATA[Sign with Singpass]]></category>
		<guid isPermaLink="false">https://netrust.net/?p=5342</guid>

					<description><![CDATA[<p>Introduction: From checking your CPF statements to logging into NS portal to book an IPPT session, every citizen or resident of this country is likely to have experienced Singpass authentication at least once. In fact, most probably use it on a regular basis. From a simple platform that provided basic authentication in its early days, Singpass has bloomed into a service</p>
<p>The post <a href="https://www.netrust.net/blog/incorporating-singpass-into-your-digital-services/" data-wpel-link="internal">Incorporating Singpass into Your Digital Services</a> appeared first on <a href="https://www.netrust.net" data-wpel-link="internal">Netrust</a>.</p>
]]></description>
										<content:encoded><![CDATA[<div class="wpb-content-wrapper"><div class="vc_row wpb_row vc_row-fluid position-relative has-canvas"></div><div class="wpb_column vc_column_container vc_col-sm-12"><div class="vc_column-inner "><div class="wpb_wrapper"></div></div></div></a>
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			
		</div>
	</div>
<p>Introduction: From checking your CPF statements to logging into NS portal to book an IPPT session, every citizen or resident of this country is likely to have experienced Singpass authentication at least once. In fact, most probably use it on a regular basis.</p>
<p>From a simple platform that provided basic authentication in its early days, Singpass has bloomed into a service rich in features (such as two-factor verification and QR code scanning on the Singpass app). It has also become increasingly intuitive to use. In its current state, login can be as simple as clicking a login shortcut and verifying your identity with biometrics within the Singpass app.</p>
<h6><strong>How Netrust fits into the picture?</strong></h6>
<p>The complexities of authentication and keeping it secure are unseen by the common man. The Singpass Authentication Module (SAM) was developed by Netrust as a turnkey solution that handles these complexities for digital services integrating with Singpass.</p>
<p>SAM allows for digital services to integrate with its REST APIs while handling the implementation of all backend communication in accordance with Singpass’s specification. SAM deals with the management and operation of keys for signing and encryption while ensuring it complies with the authentication and authorization protocols used by Singpass.</p>
<p><strong>
	<div class="wpb_text_column wpb_content_element" >
		<div class="wpb_wrapper">
			
		</div>
	</div>
 The Evolution of SAM</strong></p>
<ul>
<li>Netrust Authentication Module (NAM)</li>
</ul>
<p>Since the inception of Singpass in 2003, Netrust has been supporting <a href="https://www.netrust.net/products/iam/integration-with-singpass/" data-wpel-link="internal">integration with Singpass</a> under the name Netrust Authentication Module (NAM). NAM was used by both Singpass and government entities as a library that services could invoke to provide authenticity and integrity of the data being transmitted with the use of digital signatures.</p>
<ul>
<li>SAM SAML</li>
</ul>
<p>In 2015, Singpass introduced SAML-based Federated Authentication (federated systems offer a single access point to several applications across various enterprises) and two-factor authentication. NAM reinvented itself as Singpass Authentication Module (SAM) and offered SAML <a href="https://www.netrust.net/products/iam/integration-with-singpass/" data-wpel-link="internal">integration to Singpass</a>.</p>
<p>SAM allowed for government digital services to retrieve authentication and authorization attributes from both Singpass and Corppass without having to concern themselves with SAML concepts like profiles, assertions, and metadata. The data being received from Singpass/Corppass would be encrypted to provide confidentiality. SAM would decrypt the contents and verify the signature within the response (The X509 certificates being used by Singpass and government agencies for signing and encryption were issued from Netrust CA).</p>
<ul>
<li>SAM OIDC</li>
</ul>
<p>With the advent of NDI, OpenID Connect (OIDC) has become the preferred protocol and has superseded SAML. SAM redesigned itself to include the following functionalities to provide OIDC integration to Singpass.</p>
<ul>
<li style="list-style-type: none;">
<ul>
<li>Construction of token endpoint request</li>
<li>Validation of token endpoint response</li>
<li>The decryption of id and access token</li>
<li>Verification of digital signature on id and access token</li>
<li>Parsing of result set from id and access token</li>
<li>Host JSON Web Key Sets (JWKS) endpoint</li>
<li>Retrieve JWKS from Singpass JWKS endpoint</li>
</ul>
</li>
</ul>
<p>NDI has also introduced Singpass mobile and expanded Singpass into a suite of services that are now available to both government entities and private businesses. From this suite, SAM has the ability to support Myinfo, Myinfo business, and Verify in addition to login with Singpass/CorpPass (<a href="https://www.netrust.net/2021/09/29/enabling-sign-with-singpass-with-nsign/" data-wpel-link="internal">Netrust also supports sign with Singpass, check that out here!</a>).</p>
<p><strong>Conclusion </strong></p>
<p>With technology and protocols ever-evolving, it is definite that Singpass will continue to evolve with the technology and security requirements of its time and you can rest assured that SAM will be right there with it every step of the way.</p>
<p>Should you have any further queries regarding Singpass Authentication Module (SAM), please email our sales team at <a href="mailto:sales@netrust.net">sales@netrust.net</a>.</p>
<p>&nbsp;</p>
<p>Also check out these pages:</p>
<ul>
<li style="list-style-type: none;">
<ul>
<li><a class="row-title" href="https://www.netrust.net/code-signing-certificates/" aria-label="“Code Signing Certificates” (Edit)" data-wpel-link="internal">Code Signing Certificates</a></li>
<li><a href="https://www.netrust.net/nsign-digital-signing-suite-digital-signing-solutions/" data-wpel-link="internal">nSign Digital Signing Suite</a></li>
</ul>
</li>
</ul>
<p>&nbsp;</p>
</div><p>The post <a href="https://www.netrust.net/blog/incorporating-singpass-into-your-digital-services/" data-wpel-link="internal">Incorporating Singpass into Your Digital Services</a> appeared first on <a href="https://www.netrust.net" data-wpel-link="internal">Netrust</a>.</p>
]]></content:encoded>
					
		
		
			</item>
	</channel>
</rss>
