Monday, December 15, 2014

The Italian Digital Identity Initiative: SPID

Last week was published in the Gazzetta Ufficiale, the Decree of the President of the Council of Ministers (DPCM 24 ottobre 2014) about the regulations to implement the Italian Digital Identity Initiative, called "Sistema Pubblico di Identità Digitale" (SPID).

SPID is a set of credentials to access to the public administration online service, and also to private sector online service (i.e. e-commerce company) if they will adhere to the initiative.

SPID defines a Federated Identity Management system, based on SAMLv2 standard, where are involved Citizens, Service Providers (SP), Identity Providers (IdP), Attribute Providers(AA) and the Digital Agency for Italy, in the role of accreditation and registry authority.
The following picture describes a high level architecture and flow of  SPID-ready access to a online service.

  1. Access request.
  2. Redirect to Identity Provider.
  3. Credential request.
  4. Authentication.
  5. Redirect to the Service Provider with the Authentication Assertion (SAMLv2).
  6. Attributes request.
  7. Response with verified attributes.

Technical specification and interface (draft) are available here (Italian).