LogoLogo
PlatformUse CasesCommunityBlog
1.2
1.2
  • 🏠Home
  • 🍩PLATFORM
    • Architecture
    • Modules
      • Program & Beneficiary Management System
        • Program Management
        • Program Disbursement Cycles
        • Beneficiary Management
        • ID Verification
        • Beneficiary Registry
        • Eligibility
          • Proxy Means Test
        • Deduplication
        • Enrolment
        • Entitlement
        • Disbursement
          • In-kind Transfer
          • Digital Cash Transfer
          • Voucher
        • Self Service Portal
        • Document Management
        • Multi-tenancy
        • Notifications
        • Accounting
        • Administration
          • Multi-tenancy
          • RBAC
          • i18n
      • Social Registry
      • Registration Tool Kit
        • ODK Collection App
      • SPAR
      • G2P Cash Transfer Bridge
        • File-based Payment Backend
      • 4Sure Verifier
    • Monitoring and Reporting
    • Logging
    • Privacy and Security
      • Key Manager
      • Key Manager Architecture
    • Interoperability
    • Integrations
      • OpenG2P eSignet Integration
      • OpenG2P M-Pesa Integration
      • OpenG2P Mojaloop Integration
    • Technology Stack
    • Reference
      • ↔️API
    • Releases
      • 1.1.0
        • Release Notes
    • License
      • OpenG2P Support Policy
    • FAQ
  • ⛎USE CASES
    • Use Cases
      • Immediate Assistance On Demand
      • Registration using Self Service Portal
      • Registration in Low Connectivity Areas
      • Service Provider Reimbursement
  • 🗄️DEPLOYMENT
    • Deployment Architecture
    • Infrastructure Setup
      • Hardware Requirements
      • Wireguard Server Setup
      • Rancher Setup
      • NFS Server Setup
      • OpenG2P K8s Cluster Setup
      • Loadbalancer Setup
    • External Components Setup
      • PostgreSQL Server Deployment
      • Keycloak Deployment
      • Minio Deployment
      • ODK Central Deployment
      • Kafka Deployment
      • Logging & OpenSearch Deployment
      • Keymanager Deployment
      • eSignet Deployment
    • OpenG2P Modules Deployment
      • PBMS Deployment
        • Post Install Configuration
      • Social Registry Deployment
      • GCTB Deployment
      • SPAR Deployment
        • SPAR Post Installation Configuration
      • Reporting Deployment
    • Deployment Guides
      • Giving Access to Users
      • Packaging OpenG2P Docker
      • SSL Certificates using Letsencrypt
      • Install WireGuard Client on Desktop/Laptop
      • Install WireGuard Client on Android Device
      • Make Environment Publicly Accessible using AWS LB Configuration
  • 👨‍💻DEVELOPER ZONE
    • Getting Started
      • Installing OpenG2P On Linux
    • Repositories
      • openg2p-mts
        • MTS Connector
        • OpenG2P Registry MTS Connector
      • openg2p-documents
      • openg2p-formio
        • G2P Formio
      • openg2p-registry
        • G2P Registry: Rest API Extension Demo
        • G2P Registry: Additional Info REST API
        • G2P Registry: Bank Details Rest API
        • G2P Registry: Additional Info
        • G2P Registry:Bank Details
        • G2P Registry:Membership
        • G2P Registry: Group
        • G2P Registry: Individual
        • G2P Registry: Base
        • G2P Registry: Rest API
      • openg2p-program
        • OpenG2P Program Payments: In Files
        • OpenG2P Program: Documents
        • OpenG2P Program Payment (Payment Hub EE)
        • G2P Programs: REST API
        • G2P Program : Program Registrant Info Rest API
        • OpenG2P Entitlement: Differential
        • G2P Program Payment Manager: Payment Interoperability Layer
        • G2P Program Approval
        • OpenG2P Entitlement Voucher
        • OpenG2P Program Assessment
        • OpenG2P Program Reimbursement
        • OpenG2P Program Registrant Info
        • OpenG2P Program Payment Cash
        • OpenG2P Program Payment Simple Mpesa Payment Manager
        • OpenG2P Programs Cycleless
        • OpenG2P Programs Autoenrol
        • OpenG2P Entitlement In-kind
        • G2P SelfServicePortal
        • OpenG2P Program Payment: G2P Connect Payment Manager
        • G2P Notifications: Wiserv SMS Service Provider
        • G2P: Proxy Means Test
      • openg2p-testing
      • openg2p-fastapi-template
      • openg2p-fastapi-common
        • OpenG2P FastAPI Common
        • OpenG2P FastAPI Auth
        • OpenG2P Common: G2P Connect ID Mapper
      • social-payments-account-registry
      • g2p-cash-transfer-bridge
      • openg2p-deployment
      • openg2p-documentation
      • openg2p-helm
      • openg2p-theme
      • openg2p-portal-api
      • openg2p-mosip
      • openg2p-notifications
      • openg2p-packaging
      • openg2p-importers
        • G2P ODK Importer
      • openg2p-documents
      • openg2p-reporting
      • openg2p-self-service-portal
      • openg2p-portal
      • odoo-json-field
      • spar-ui
      • openg2p-auth
      • openg2p-voucher-scanner-app
      • openg2p-security
      • openg2p-mts
      • server-auth
      • openg2p-data
      • openg2p-esignet
      • spar-load-test
      • 4sure
    • Testing
      • Test Workflow
      • Automation Framework
  • 👩‍💻COMMUNITY
    • Contributing
    • Code of Conduct
  • 📔USER GUIDES
    • Platform Guides
      • Registration
        • Self Register Online
        • ODK
          • Create a Project for a Program
          • Create a Form
          • Upload a Form
          • Upload revised Form
          • Test a Form
          • Publish a Form
          • Provide Form Access to Field Agent
          • Download Form on ODK Collect
          • Delete a Form
          • Register Offline
        • ODK Importer
          • Customize the ODK Importer Configuration based on the ODK Form Fields
      • Authentication
        • Integrate with MOSIP e-Signet
      • Deduplication
        • Deduplicate Registrants
      • Eligibility and Program Enrollment
        • Enrol Registrants into Program
        • Program
          • Create Manager Type
            • Create Eligibility Manager Types
              • Create Default Eligibility Manager
              • Create ID Document Eligibility Manager
              • Create Phone Number Eligibility Manager
            • Create Deduplication Manager Types
              • Create ID Deduplication Manager
              • Create Phone Number Deduplication
            • Create Notification Manager Types
              • Create SMS Notification Manager
              • Create Email Notification Manager
              • Create Fast2SMS Notification Manager
            • Create Entitlement Manager Type
              • Create Default Entitlement Manager
              • Create Voucher Entitlement Manager
            • Create Payment Manager Types
              • Create Payment Hub EE Payment Manager
              • Create Payment Interoperability Layer Payment Manager
              • Create Default Payment Manager
              • Create Cash Payment Manager
              • Create File Payment Manager
          • Create Program
          • Map Self-Service Portal Form
          • Create Eligibility Manager under Program
          • Create Deduplication Manager under Program
          • Create Notification Manager under Program
          • Configure Program Manager under Program
          • Create Entitlement Voucher Template
        • Configuration
          • Configure Proxy Means Test
          • Configure ID Types
          • Configure Entitlement Manager under Program
          • Configure Payment Manager in Program
        • Approval
          • Create and Approve Program Cycle
          • Multi-Stage Approval
        • MTS Connector
          • Create MTS Connector
            • Create ODK MTS Connector
            • Create OpenG2P Registry MTS Connector
        • Settings
          • Create User and Assign Role
        • Website
          • Create Self-Service Portal Form
      • Notification
        • Send Notifications to Individual Registrants
        • Prepare and Send Payment
      • Entitlement
        • Install SmartScanner App
      • Cash Transfer
        • Reimbursement
          • Submit Reimbursement Using the Service Provider Portal
          • Reimburse the service provider
      • Accounting and Reporting
      • SPAR
        • Self Update ID with Financial Address information
        • Admin Guide to Link ID with Financial Address information
      • 4Sure
        • Verify Digital Credentials using 4Sure
        • Verify and Populate the form in ODK Collect using 4Sure
    • Documentation Guides
      • Documentation Guidelines
      • OpenG2P Module Doc Template
  • BLOG
    • Articles
      • OpenG2P and SDG Goals
      • OpenG2P - A Building Block for DPI
    • Case Studies
Powered by GitBook
LogoLogo

Copyright © 2024 OpenG2P. This work is licensed under Creative Commons Attribution International LicenseCC-BY-4.0 unless otherwise noted.

On this page
  • Introduction
  • User authentication and access Control
  • Encryption and data protection
  • Secure input handling
  • Secure deployment
  • FAQ
  1. PLATFORM

Privacy and Security

PreviousLoggingNextKey Manager

Last updated 1 year ago

Introduction

OpenG2P is a robust and versatile platform built upon the Odoo framework, providing governments and organisations with a comprehensive solution for delivering benefits efficiently. As OpenG2P handles sensitive beneficiary information including personally identifiable information (PII), maintaining the highest standards of security is paramount.

User authentication and access Control

  • Multi-factor Authentication (MFA): Building on Odoo's MFA capabilities, OpenG2P allows users to strengthen their authentication process by requiring multiple factors such as passwords, one-time codes, and biometric verification.

  • Role-Based Access Control (RBAC): Administrators define roles and permissions within OpenG2P, ensuring authorised personnel have access to specific functionalities and beneficiary data while preventing unauthorised access.

  • User Groups and Access Rules: OpenG2P builds upon Odoo's user groups and access rules to provide granular control over beneficiary data access, ensuring data confidentiality is maintained.

  • OAuth and OpenID Connect: Additionally, OpenG2P's implementation of OAuth and OpenID Connect offers the option to seamlessly connect with Identity platforms such as MOSIP (Modular Open Source Identity Platform). This integration empowers OpenG2P to leverage established identity systems, enabling beneficiaries and users to authenticate securely using their MOSIP credentials. By bridging the gap between OpenG2P and MOSIP, this feature enhances security, reduces authentication friction, and fosters a unified and trusted user experience. This also extends the usage of bio-metric and VC (Verifiable Credentials) based authentications.

Encryption and data protection

  • Data Encryption: OpenG2P utilizes Odoo's data encryption protocols to secure data transmission between users' browsers and the server, safeguarding beneficiary data during communication.

  • Database Encryption: Sensitive beneficiary data stored in the database is encrypted using established encryption algorithms, providing an additional layer of protection.

  • Attachment Security: Files and attachments uploaded to OpenG2P are securely stored in an S3 bucket and accessed only by authorised users, with unauthorised data exposure.

  • PII Encryption: OpenG2P has a for the registry which encrypts all the PII information stored in the database.

Encryption of data is achieved with production-grade Key Manager module. Learn more >>

Secure input handling

Input security is handled in the following ways:

  • Input validation

  • Memory safe programming language (Python)

  • Type safe programming using Python Pydantic

  • ORM capabilities to avoid SQL Injection threats

Secure deployment

FAQ

OpenG2P is an open source software. How secure is it?

In general, for any product, security is handled at multiple levels.

  • Product security features

We have privacy and security features embedded in our product and we are constantly striving to add more such features. Please refer to above note.

OpenG2P is built over Oodo ERP which is elected as the best secure open source ERP by OWASP in 2021. This is because of the extensive work by the community on the underlying platform. OWASP is the largest security reporting system in the world.

OpenG2P has adopted all the best practices of Oodo. OpenG2P has also adopted the GitHub security validation and have been regularly scanned by GitHub for dependency security.

  • Deployment of secure infrastructure

  • Security policies and processes

OpenG2P team can help review security policies defined by the Governement/System Integrator.

OpenG2P offers support for Kubernetes-based production grade deployment with security features like , , access control, traffic control etc. Learn more >>

While deployment infrastructure is a choice of the implementer/System Integrator we offer secure for implementors. This secure infra comprising of Kubernetes, Wireguard, Istio etc offers high level of data and access security.

🍩
privacy module
Wireguard
Istio
production-grade deployment reference architecture