wordpress blog stats
Connect with us

Hi, what are you looking for?

Summary: Draft India Enterprise Architecture (InDEA) Framework 2.0

Protocols on sharing data, linking databases, and establishing digital structures for government projects have been proposed.

The Ministry of Electronics and Information Technology (MeitY) released a consultation paper on India Enterprise Architecture Framework (InDEA) 2.0 on January 25, 2022. Federated digital IDs accessible by various systems and connected to certain common and unique identifiers like Aadhaar or mobile numbers, interoperable networks, data sharing with the private sector, etc., are some of the key recommendations included in the paper.

InDEA is a non-prescriptive framework to guide and enable the creation of digital ecosystems in the public sector, according to the consultation paper. The earlier version of InDEA released in 2019 was not widely adopted so MeitY constituted a steering committee that met eight times between August 2020 to January 2022 (and a working group) to create the framework for an InDEA 2.0. Members of these bodies include Pramod Varma, Chief Architect of UIDAI; Ajay Prakash Sawhney, Secretary at MeitY; Sachin Puniyani, Amazon Web Services; among others. 

The creation of federated IDs and data sharing with the private sector could have an impact on the digital privacy and autonomy of individuals. Comments can be submitted via email until February 27, 2022 at ajai@cdac.in.

Architecture of state and central government systems under InDEA

The paper proposes an architecture for State and Central government projects to follow, based on interoperability and the creation of an ecosystem.

A few components will be common to all of them under this framework, such as:

Advertisement. Scroll to continue reading.
  • Ecosystem standards, specifications, and governance
  • Building blocks like registries, directory, and an InDEA architecture portal

It also provides certain conditions:

For central government projects on the concurrent list: For central government projects dealing with subjects on the concurrent list like health, education, agriculture, etc., as well as private organisations which operate in such domains and have a pan-India presence, there will be:

  • Core, common, and reference building blocks created for each sector (or subjects like health, education, etc)
  • Core components like registries and directories managed by entities that are legally empowered to do so
  • Common applications built in consultation with state governments
  • Broadly have three layers: Domain core, domain national, and domain state

For state government projects: The paper proposes the State InDEA Architecture Pattern (ISAP) which provides citizen-facing services. This must have:

  • Three layers: Core, common applications, and domain/ sectoral ecosystems. The state core will be the ‘focal point’ of integration with state and national-level applications.
  • Focus on developing 2 to 3 domains like HR and finance first
  • The possibility of leveraging national-level common and reference building blocks

Characteristics recommended for Federated IDs

Citing cost-cutting and providing citizen services as reasons for creating single-source registries that allow other registries to validate their data against it using APIs, the paper proposes linking registries. It defines these linkages as:

(i) One registry adding another registry’s ID to its records after appropriate user authentication.
(ii) One registry or system trying to validate the end-user by using the entry of the end-user in another registry through an API. Any such linking in both the scenarios should be compliant to appropriate policies/law.

According to the paper, the features of such IDs should be as follows:

Design controls and privacy protections: Each ‘federated registry’ should have its own set of rules, purpose, workflow, etc., and should not be used universally. The design should be such that the individual is placed at the centre with a “meaningful choice for them to control and manage their own record within the registry.” Each registry should also ensure personal data protection, security, and full consent access.

Maintaining ‘uniqueness’ of a record:

i) Unique IDs should be issued internally to registries so that the records can be pulled up easily, the paper recommends. These should ideally be user generated so it is easy for them to use as well; but if not, a random number can be generated and linked to the (not unique) ID.

ii) Aadhaar linkage should be done with IDs when ‘State controlled’ uniqueness is needed. ‘State-controlled’ uniqueness is described in the paper as something like Aadhaar which is used to issue financial benefits, subsidies to citizens, and can only be issued once. Apart from this, other Aadhaar-based, linked, or derived IDs can also be used (for linking with the State ID).

Advertisement. Scroll to continue reading.

What about IDs that don’t need to have state-controlled uniquesness? Phone numbers or other IDs – which the paper recognises as common identifiers – can be used along with voluntary linkage with Aadhaar. This “minimizes the need to remember and use many IDs,” the paper said.

Creation of ‘digital building blocks’ through registries:

  • All registries should be built to be reused as a ‘single source of truth’ or a digital building block which can be sued for citizen service delivery later.
  • Authentication/Single Sign-on (SSO) and e-KYC mechanisms should be enabled.
  • Cross-domain use of SSO should be enabled, which should be able to identify multiple points of failure as well as any security breaches.
  • One-click enrollment should be allowed from other digital IDs that are whitelisted by the registry provider.

Other functionality recommendations:

  • Create an ID alliance among government providers
  • Adopt universal open API specifications like OpenID, OAuth, etc. to facilitate interoperability
  • Encourage use of ePramaan and Digilocker for others to provide services to citizens

Proposal for verifiable credentials

The paper also proposes that entities adopting InDEA 2.0 provide documents that are digitally accessible, verifiable, and come with consent-based access. This should be done by adopting:

  • A common, machine-readable specification for credentialing.  InDEA 2.0 proposes to adopt the W3C V4, an internally accepted specification but the paper ‘highly recommends’ that specific government domains create their own standardisation to go on top of the W3C V4 for domain interoperability.
  • A credential issuing platform to provide such credentials and allow citizens to share such credentials by email, messaging apps, or download and print them with a QR code. The platform should also be able to revoke such credentials.
  • A DEPA or API-based structure to provide access to data. Since the Data Empowerment and Protection Architecture (DEPA) is not in place yet, the paper recommends that APIs should be set up in a way that it can later be used for DEPA as well. The access to data should also be in line with MeitY’s consent and sharing principles.

Proposal for more open networks

Referring to an up-and-coming startup ecosystem and a huge population, the paper pushes for an open-network approach to different government applications and platforms.

It gave three recommendations for setting up such a network

  • It should be a decentralised network that is open source and interoperable.
  • Its formation should be done by working with communities to ensure sustainable development and rapid adoption of open-source networks.
  • A participant-led, co-opted, not-for-profit entity should be set up to run such a network and ensure adoption, sustainable growth, etc.

How should the InDEA 2.0 framework be implemented?

To implement the InDEA 2.0 framework, the paper recommends instituting:

Policy enablers

  • A procurement policy that enables an outcome-based procurement process and SLA-led payment terms (presumably per the policy document for the contractors). However, the paper says that this should be used sparingly.
  • Public-Private Partnerships where the private sector is responsible for building and designing. Meanwhile, the public sector helps in giving its data, easing licensing and statutory provisions, etc.
  • Government should share its data with the private sector. It should create policies to enable sharing of data with safeguards for those ‘requiring it for beneficial purposes’, the paper says. The government should also identify data sets that can be shared.
  • Rules relating to IT safeguards, grievance redressal mechanism, engaging with public sector agencies for data, compliance requirements, trust, standards, and protocols should be set up by MeitY.

Technology enablers

  • Sandboxes should be used to check the technical and regulatory compliance, commercial viability, and scalability of a solution. A reference architecture for such a sandbox could also be created, the paper suggests.
  • Data exchanges should be set up to help consumers and providers of data discover each other, their data, and exchange this data with each other with transparency and ease, while complying with policies. According to the paper, this will help in the creation of a data economy worth $500 billion by 2025.
  • ‘Gamechangers’ or tech which is ‘innovative, disruptive, impactful and pan-India’ like UPI should be encouraged to be discovered by government departments, the paper says.
  • Operational guidelines that allow collaborative development of a system with other members of the ecosystem, APIs to develop services on an application, and reusing existing applications.

Create a blueprint, hold consultations with stakeholders

The paper lays out how a government department should start building the parts of a (public-sector facing digital) ecosystem. It recommends:

  • Creating a vision document for the next five years for the domain being developed
  • Creating a blueprint with a scope and chosen architectures among those laid out under the InDEA framework for different government departments
  • Setting up domain and technical standards for such a system
  • Setting up an implementation framework consisting of a body that can take all decisions related to the management and sustenance of a project.

It also recommended consulting with academia, civil society, industry, and government stakeholders as well as adopting InDEA 1.0. The paper says that InDEA 2.0 does not supersede the earlier version and the latter can still be leveraged.

Key features of InDEA 1.0

In its earlier iteration, the framework proposed 8 reference models for different domains. Briefly, these were:

  • Performance Reference Model
  • Business Reference Model
  • Application Reference Model
  • Data Reference Model
  • Technology Reference model
  • Integration Reference Model
  • Security Reference Model

Similar to InDEA 2.0, this framework focused on principles of interoperability, open-source technology, data sharing, etc., to create a digital ecosystem for the public sector, but it was fragmented into various other sectors.

Also Read:

Have something to add? Post your comment and gift someone a MediaNama subscription.

Advertisement. Scroll to continue reading.
Written By

I cover health technology for MediaNama, among other things. Reach me at anushka@medianama.com

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ