Transcript

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015

eID standardization from a national perspective: SPID

L. BoldrinM. De LazzariJune 25 2015

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015

Slide 2

SPID - Italian Public Digital Identity System

SPID in eIDAS eID network

eIDAS standardization space for eID

some remarks

Contents

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015

SPID

2015/6/24 Slide 3

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015SPID

from smart-card toSAML-based federation

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015SPID

Low•SPID Level 1•one factor •(e.g. user/pwd)

Substantial• SPID Level 2• two factors• (e.g. user/pwd +

OTP)

High• SPID Level 3• PKI based• (e.g. smartcard /

token/UICC?) LoA2 ISO‐IEC 29115

LoA3 ISO‐IEC 29115

LoA4 ISO‐IEC 29115

SPID Levels of assurance depend very much on the

authentication mechanism

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015SPID

Trust Relationship

Request Access to Services

Authorize Access

Authentication

ID Validation

Service provider ID provider

Usersauthentication tools

• auth. mechanism are defined in

general security terms

• practical implementations are

open (compliance must be

checked against UNI norm)

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015

SPID in eIDAS eID network

2015/6/24 Slide 7

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015SPID in eIDAS eID network

SPIDIdentity Provider ITALY

COUNTRY C

COUNTRY BService provider

Users

eIDAS eID network

Italian C-PEPS

eIDAS in-

bound

SPID out-

bound

Country BS-PEPS

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015SPID in eIDAS eID network

Identity Provider

ITALY

COUNTRY C

COUNTRY B

Service provider

Users

eIDAS eID network

Italian S-PEPS

eIDAS out-

bound

SPID in-

bound

Country BC-PEPS

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015SPID in eIDAS eID network: expected deploy

SPIDIdentity Provider

ITALY

COUNTRY C

COUNTRY B

Service provider

Users

eIDAS eID network

SPIDIdentity Provider

SPIDIdentity Provider

ItalyC-PEPS

Italy CommS-PEPS 2

Italy CommS-PEPS 1

Italy PAS-PEPS

Service provider

Country BPEPSCountry B

PEPSCountry BPEPS

Country BPEPSCountry B

PEPSCountry CPEPS

Appeal to commercial SP to be tested!

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015

eIDAS standardization space for eID

2015/6/24 Slide 11

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015

Slide 12

eIDAS standardization space for eID

Cooperation

Assurance levels

Interoperability framework

(Cost policy)

Notification

INSIDE eIDAS

centralized hub, centralized db, directory service, etc.

Member States eID schemes

eu ID

roles / attributes

OUTSIDE eIDAS

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015

Slide 13

eIDAS standardization space for eID

EIF

Notification

Cooperation

Assurance levels

interoperability framework

(cost policy)

Notification

eIDAS Regulation

IA / cooperation group

MAP to European Interoperability Framework

IA

IA

IA

regulation

IA / cooperation group

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015

some remarks

2015/6/24 Slide 14

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015lessons from eSignature standardization

from eSig to eID

Standardization areas: first guess(take form eSig rationalised framework &

adapt)

Signature Creation & Validation

TSPs supporting eSignature

Trust ApplicationService Providers

Trust Service Status List Providers

Signature Creation & other related Devices

Cryptographic Suites

2 3

Authentication Process

ID Service providers

ID Service Status List Providers

Authentication Devices

Cryptographic Suites

1

4 5

6

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015lessons from eSignature standardization

Document types: first guess

Policy & Security Requirements

Guidance

Conformity Assessment

Testing Compliance & Interoperability

Technical Specifications

...limited tothe super-national quota

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015lessons learned from eDeliverynational stand-alone initiatives (PEC, DE-Mail,

Incamail ...)

global sector-specific standard

(UPU)

european standard proposal (ETSI-

REM)

GW approach

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015remarks from a commercial perspective

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015remarks from a commercial perspective

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015remarks from a commercial perspective

Information Copyright © InfoCert 2015

InfoCert eID standardization ‐ SPID perspective

2015

thank you!

2015/6/24 Slide 21


Recommended