France - Information technology services, consulting, software development, internet and support

Description

This consultation covers intellectual services of technical assistance (application architecture, IS security, management of AGILE development, acceptance) and development of the solution in AGILE mode. The scope of services is detailed in each of the four packages
This lot gathers services aiming at assisting the France Digital Identity program in the realization of the other lots of this framework agreement. These services may cover various aspects described below: - Architecture: functional architecture, application architecture and API specification, technical and cloud architecture, operating tools (supervision, traces, backup, etc.), continuous integration and deployment chain, etc. - Architecture: functional architecture, application architecture and API specification, technical and cloud architecture, operating tools (supervision, traces, backup, etc.), continuous integration and deployment chain, etc.- Security: consideration of security in the definition of the architecture (applicative and technical) and the development of the various components of the SGIN, consideration of the security requirements of the ANSSI's reference system of requirements for the qualification of an identification scheme at a high level, assistance with risk analysis and associated coordination, steering and monitoring of the SGIN certification, feeding the product backlogs with security "abuse" stories and ensuring that these elements are properly taken into account, etc.- Product and Agility section: training of the participants in the specificities of the Agile Scrum type method, implementation of the different rituals and the associated tools for this methodology;- Acceptance section: carrying out the global acceptance tests of the SGIN, which are complementary to and do not replace the unit and functional tests of the user stories developed in agile mode as part of batch 4;- Development, deployment and exploitation base section: implementation and maintenance of a container orchestration platform, Kubernetes, on the two regions of the Cloud PI, using the DNUM forge, declined in several environments (development, qualification, pre-production and production), implementation and maintenance of the basic development and exploitation base, on the Cloud infrastructures of the Ministry of the Interior: continuous chain of tests and deployments, supervision service, log management service, backup service. This package also includes the provision of a project platform with 35 work positions and 4 meeting rooms. This platform must be located less than 20 minutes from the Olympiades metro station. The purpose of this lot is the development of an SDK (Software Development Kit)/middleware for the SGIN frontends (Android mobile and ios and computer) and the associated backend at the server level for the management of interactions with the secure titles used during the authentication or digital identity management phases (reading of the title, sequence for authentication, management of the CNIE PIN code). This SDK and backend will thus carry very sensitive security functions for the SGIN and are at the heart of the security that the latter must offer to users. This software stack is therefore an interface that will be used by the higher level application layer and should in particular guarantee operation with all of the secure documents currently recognized:- passports based on the [Icao_9303] specifications;- residence permits for foreigners based on the [Icao_9303] specifications;- the future CNIE based on the [Specs_CNIE] specifications.This SDK will be subject to a First Level Security Certification (CSPN) issued by ANSSI and which must be maintained throughout the duration of the contract. The software environment of the mobile is not considered secure, a particularly robust implementation in terms of security is therefore required between the server (backend) and the title. The purpose of this batch is the development of a photo comparison service, remote identity verification and live recognition. The services consist of:- preparing the service in the different environments of the Ministry of the Interior's cloud. This applies to the facial recognition service as such as well as the associated API for integration with the SGIN;- providing the SDK client software for the acquisition that will be used by the holder of lot 4 in these application developments;- producing the documentation of the solution (architecture file, administration file, operating file) and the API in order to enable the holder of lot 4 to carry out end-to-end integration with the frontends and backend of the SGIN and to provide the administration with all the required knowledge;- accompany the holder of lot 4 in the integration of at least two frontend clients, primarily Android and IOS applications;- accompany the holder of lot 4 in the integration of the feedback of indicators associated with the facial recognition brick;- accompany the holder of lot 4 and lot 1 in the end-to-end testing of the solution. this service includes the acquisition of facial biometric data from a mobile phone, control of the integrity of the transmission chain of these elements between the mobile and the backend, the comparison with the photo of the identity card, verification that it is a living person who really has his mobile in hand.this SDK will be subject to an ad-hoc security evaluation according to a process described by the ANSSI. This SDK will be subject to an ad-hoc security evaluation according to a process described by the ANSSI. It will have to be maintained throughout the duration of the contract. The purpose of this batch is the development and maintenance of the following services:- SGIN core (back-end) Android mobile client, IOS mobile client, web portal (digital identity showcase), SGIN web client, TMA from Alicem (Android mobile application, back-end server, database, Facial recognition services, Interfaces with third-party services). each user application will be the subject of a CSPN;- taking security into account at all levels of development and architecture is an essential element of this future market, CSPNs serving to provide indisputable proof of the implementation and mastery of good security practices;- development using the AGILE method will be based on the following principles: development of user stories for iteration N and preparation of user stories for iteration N+1, as well as maintenance of the components developed. The development is done according to the global release plan of the program prioritized with the MOA and the MOE. The developments entrusted to the holder of this batch mainly concern components of the features type according to the Safe terminology. Each iteration is broken down into action in the following areas: development; OPS / Devops / Secdevops; UI designer; scrum master; UX designer; architecture; other (RGPD, BDD, etc.); data architect/data engineer; Ssi. Under these services, the holder must:- manage the initialization phase which aims to provide a framework for agile, architectural and security implementations. At the end, the conditions of delivery and integration of the software bricks from lots 2 and 3 to lot 4;- ensure the maintenance and operation of Alicem and then of the SGIN;- ensure the integration of the software supplied by the holders of lots 2 and 3;- define with the Product Owner (batch 1 and administration) the user stories for the following iteration N+1;- plan the iteration N with the Product Owner (review of the stories, definition of the acceptance criteria, estimation in story points, validation of the content of the iteration according to the known velocity or the calculated capacity).The team must include in each iteration bug fixes and the reduction of the technical and security debt;- develop and test the user stories defined in iteration N according to the AGILE approach;- deliver the iteration content in working order to the test and pre-production environments;- at the end of the iteration, demonstrate the system (System Demo in the Safe sense) integrating all the components and features developed by all the teams;- update the product documentation (DAT, functional file, operating file, user guide, wiki, safe target, etc.);- at the request of the administration, proceed with the release of the product (Release On Demand);- participate in the preparation of the program rituals, particularly at the end of the iteration (System Demo, Inspect and Adapt, PI Planning);- deliver a final version after four increments.

Opportunity closing date

25 September 2020

Value of contract

£5m-50m