Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015
eID standardization from a national perspective: SPID
L. BoldrinM. De LazzariJune 25 2015
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015
Slide 2
SPID - Italian Public Digital Identity System
SPID in eIDAS eID network
eIDAS standardization space for eID
some remarks
Contents
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015
SPID
2015/6/24 Slide 3
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015SPID
from smart-card toSAML-based federation
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015SPID
Low•SPID Level 1•one factor •(e.g. user/pwd)
Substantial• SPID Level 2• two factors• (e.g. user/pwd +
OTP)
High• SPID Level 3• PKI based• (e.g. smartcard /
token/UICC?) LoA2 ISO‐IEC 29115
LoA3 ISO‐IEC 29115
LoA4 ISO‐IEC 29115
SPID Levels of assurance depend very much on the
authentication mechanism
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015SPID
Trust Relationship
Request Access to Services
Authorize Access
Authentication
ID Validation
Service provider ID provider
Usersauthentication tools
• auth. mechanism are defined in
general security terms
• practical implementations are
open (compliance must be
checked against UNI norm)
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015
SPID in eIDAS eID network
2015/6/24 Slide 7
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015SPID in eIDAS eID network
SPIDIdentity Provider ITALY
COUNTRY C
COUNTRY BService provider
Users
eIDAS eID network
Italian C-PEPS
eIDAS in-
bound
SPID out-
bound
Country BS-PEPS
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015SPID in eIDAS eID network
Identity Provider
ITALY
COUNTRY C
COUNTRY B
Service provider
Users
eIDAS eID network
Italian S-PEPS
eIDAS out-
bound
SPID in-
bound
Country BC-PEPS
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015SPID in eIDAS eID network: expected deploy
SPIDIdentity Provider
ITALY
COUNTRY C
COUNTRY B
Service provider
Users
eIDAS eID network
SPIDIdentity Provider
SPIDIdentity Provider
ItalyC-PEPS
Italy CommS-PEPS 2
Italy CommS-PEPS 1
Italy PAS-PEPS
Service provider
Country BPEPSCountry B
PEPSCountry BPEPS
Country BPEPSCountry B
PEPSCountry CPEPS
Appeal to commercial SP to be tested!
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015
eIDAS standardization space for eID
2015/6/24 Slide 11
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015
Slide 12
eIDAS standardization space for eID
Cooperation
Assurance levels
Interoperability framework
(Cost policy)
Notification
INSIDE eIDAS
centralized hub, centralized db, directory service, etc.
Member States eID schemes
eu ID
roles / attributes
OUTSIDE eIDAS
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015
Slide 13
eIDAS standardization space for eID
EIF
Notification
Cooperation
Assurance levels
interoperability framework
(cost policy)
Notification
eIDAS Regulation
IA / cooperation group
MAP to European Interoperability Framework
IA
IA
IA
regulation
IA / cooperation group
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015
some remarks
2015/6/24 Slide 14
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015lessons from eSignature standardization
from eSig to eID
Standardization areas: first guess(take form eSig rationalised framework &
adapt)
Signature Creation & Validation
TSPs supporting eSignature
Trust ApplicationService Providers
Trust Service Status List Providers
Signature Creation & other related Devices
Cryptographic Suites
2 3
Authentication Process
ID Service providers
ID Service Status List Providers
Authentication Devices
Cryptographic Suites
1
4 5
6
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015lessons from eSignature standardization
Document types: first guess
Policy & Security Requirements
Guidance
Conformity Assessment
Testing Compliance & Interoperability
Technical Specifications
...limited tothe super-national quota
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015lessons learned from eDeliverynational stand-alone initiatives (PEC, DE-Mail,
Incamail ...)
global sector-specific standard
(UPU)
european standard proposal (ETSI-
REM)
GW approach
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015remarks from a commercial perspective
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015remarks from a commercial perspective
Information Copyright © InfoCert 2015
InfoCert eID standardization ‐ SPID perspective
2015remarks from a commercial perspective