AURA โ€” One-Page Workshop Summary Full kit  ยท  Airline  ยท  Airport  ยท  Demonstrator  ยท  Blueprint โ€” biometrics simulated  
Partner Workshop ยท Leave-Behind

AURA on one page

Automated Universal Recognition Architecture ยท KSIA Terminal 6
INTEGRATION BLUEPRINT โ€”
NOT A LIVE PILOT ยท
BIOMETRICS SIMULATED

What AURA is

A privacy-first biometric identity platform that lets a passenger move through the airport on one verified identity โ€” created once at enrollment and reused at security and boarding โ€” without storing raw face images.

It coordinates with the systems an airport already runs (airline, AODB, document checks, staff SSO) without leaking personal data or losing control of it. This document describes the integration blueprint; biometrics are simulated and partner systems are mocked to contracts in this phase.

Why token-based integration matters

AURA hands partners a meaningless claim-ticket (a token) โ€” never a passenger's real identity or biometrics. Partners coordinate about a passenger using that token; only AURA's on-prem vault at KSIA can resolve a token back to a person.

  • Authenticated โ€” mutual on every call
  • Encrypted โ€” TLS in transit, always
  • Token-based โ€” references, not raw data
  • Audited โ€” every exchange, by token

Minimum credible pilot integration set

IntegrationWhy it's in the minimum setOwner
INT-1 Airline DCSValidate the journey against a real bookingAirline
INT-2 Airport AODBCorrect flight & gate context at the gateAirport
INT-3 Document AuthAnchor identity to a genuine document at enrollmentProvider
INT-5 Staff SSOTrustworthy staff identities to drive RBACAirport
INT-6 Matching simulatedThe deterministic gate decision โ€” on-prem onlyKSIA (internal)
INT-7 NotificationMobile-first passenger guidance (recommended)Provider

Gov/Border (INT-4) and Analytics (INT-8) are designed but not built this phase; INT-4 only enters the pilot if KSIA / the regulator mandates it.

Trust-boundary principle

โ”€โ”€ UNTRUSTED (partners) โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”Šโ”€โ”€ TRUSTED (AURA / KSIA) โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ airline / airport / doc / cloud โ”Š integration layer (validates) โ†’ resolve token (ON-PREM) โ”Š KSIA vault + matching engine (crown jewels) โ€” never leave site
Two hard lines that never move & are enforced in code: (1) Biometric templates never cross an external boundary โ€” only the on-prem engine (INT-6) touches them. (2) Raw identity stays on-prem โ€” partners get tokens. Forbidden fields are actively blocked from external connectors (request rejected + audited): template_data, raw_image, selfie, given_name, family_name, document_number.

Real today vs simulated

REAL Integration contracts & flows (INT-1,2,3,5,6,7) as contract-shaped mocks ยท token issuance/resolution ยท server-enforced RBAC ยท tamper-evident audit ยท fail-safe fallback logic.

SIMULATED Biometric capture & matching (INT-6) โ€” deterministic decision, no real biometrics, same contract a real engine will use later.

NOT USED Live passenger / production data โ€” synthetic, non-personal test data only. NOT BUILT INT-4 gov/border & INT-8 analytics (designed only).

Fail-safe in one breath

  • Fail safe, not open โ€” a failed check โ†’ REFER to human, never auto-ALLOW
  • Gates keep working โ€” the decision is on-prem, so a cloud/partner outage doesn't strand validated journeys
  • Async never blocks โ€” slow partners queue & retry; the passenger isn't held up
  • Humans own edge cases โ€” manual override, fully audited

Partner workshop questions

  • Booking identifier โ€” airline booking token (preferred) or PNR?
  • Token lifetime & scope for partners?
  • AODB delivery โ€” events/webhooks, read API, or both? Stale-data handling?
  • SSO protocol & role/group mapping (OIDC/SAML)? MFA & break-glass?
  • Auth per interface โ€” mutual TLS and/or signed short-lived tokens?
  • Retry & idempotency policy on writes (e.g. boarding push)?
  • Document-image handling (INT-3) โ€” discard raw after check?
  • Is Gov/Border (INT-4) mandated for the pilot, or deferred?
  • On-prem hosting for INT-6 / vault confirmed inside KSIA?
  • SLAs, support, incident escalation & fallback ownership?
Grounded in AURA's Stage 6 Integration Readiness design and the working connector mocks (INT-1, 2, 3, 5, 6, 7) in the current demonstrator. Field names are illustrative and confirmed per partner during onboarding. This is an integration blueprint, not a live pilot; biometrics remain simulated and AI is limited to two read-only assistive features that advise but never decide. ยท Full kit: /partners ยท Airline: /partners/airline ยท Airport: /partners/airport