19-07-2012
The secure management of digital identity: the AlmavivA platform. By Claudio De Paoli
19/07/2012
The secure management of digital identity: the AlmavivA platform.
The use of the Internet has extraordinarily changed not just our everyday lives, but also the risk scenarios related to the safety of people and the security of public and private organizations. The challenges of IT security are strongly related to the evolution of ICT technologies. The Web 2.0, in fact, and the spread of the social networks have made available a huge amount of personal information, which can be exploited to launch identity theft attacks and perpetrate fraud and other illegal activities. Moreover, the advent of Cloud Computing technologies raises a set of further questions: data confidentiality guarantees, the security of identity management and protection processes and of access privileges to IT services and resources, conformity to the applicable national regulations and the certainty of the operational continuity of the services. We must strive to effectively upgrade security skills and organizations to this ongoing transformation. But how?
We will discuss the matter with Claudio De Paoli, Chief of the ICT Security Practice of AlmavivA, which, for years now, has been involved in the principal Digital Identity projects at central and local government level.
The secure management of digital identities and the control of access to services is, today, one of the key challenges for Government, also with a view to achieving the objectives that the Public Administration has set itself, in terms of digital innovation.
We need to develop and implement security platforms if we want to strengthen the e-Government applications designed to improve the services to the public and businesses, aiming at achieving a truly open and transparent government, and also with a view to promoting Cloud Computing architectures, as set out in the Digital Agenda, with suitable security features. The challenge will be to combine the efficiency of the services and usability of the platforms for the government entities, with the guarantee of the security and privacy of the digital identities and data of the users. In this specific context, the principal needs emerging today for the security infrastructures, with respect to the management of digital identities and access to online government services, concern the necessity of activating federated architectures capable of protecting the identities, for instance, from the new and sophisticated cybercrime attack techniques, and capable at the same time of guaranteeing the separation of the roles of the IT system operators in particular contexts and for critical applications.
AlmavivA has always been at the forefront of ICT security …
AlmavivA Group traces its roots back to the repositories of information collected by the State – in the fields of accounting, agriculture, healthcare, tax, cultural heritage, social security, defense and security – and has always supported Government in the process of transformation under way. Over the years we have developed some important Identity and Access Management systems for the Country. In particular, within the framework of the Public System of Connectivity (SPC) and CNIPA (now called Agenzia Italia Digitale), we have developed various IAM federated systems conforming to the standard. It is thanks to the evolution of these systems, and to the best experiences built up over the years, that today we are able to present a consolidated platform.
The Identity and Access Management platform was developed by AlmavivA precisely to ensure secure access, by the users and operators, to the online services of the Public Administration. It comprises two complementary and integrated subsystems – Access Manager and Identity Manager – and stands out, among access security systems, because of its focus on the digital identity management requirements and needs of Public Administration bodies desiring to offer online economic and other services entailing the processing of personal and sensitive data, as in the case of healthcare systems. Of particular importance, therefore, is the product’s native conformity to both the standards and best practices in the sector (SOA, SAML, XACML, RBAC, HL7 Pass), and the applicable Italian regulations on Privacy, the provisions for promoting access to IT instruments by disabled persons (the so-called Stanca Law), and the technical rules of the Public System of Connectivity (SPC) and Federated Digital Identity Management provided by the Digital Administration Code.
The Identity and Access Management platform was developed by AlmavivA precisely to ensure secure access, by the users and operators, to the online services of the Public Administration. It comprises two complementary and integrated subsystems – Access Manager and Identity Manager – and stands out, among access security systems, because of its focus on the digital identity management requirements and needs of Public Administration bodies desiring to offer online economic and other services entailing the processing of personal and sensitive data, as in the case of healthcare systems. Of particular importance, therefore, is the product’s native conformity to both the standards and best practices in the sector (SOA, SAML, XACML, RBAC, HL7 Pass), and the applicable Italian regulations on Privacy, the provisions for promoting access to IT instruments by disabled persons (the so-called Stanca Law), and the technical rules of the Public System of Connectivity (SPC) and Federated Digital Identity Management provided by the Digital Administration Code.
Any other characteristics?
Its independence from market vendors, low-impact integration, modularity, adaptability and scalability … But, above all, its solidity, performance and high reliability, also to meet the increasingly pressing needs, by clients, in terms of operational continuity. Suffice it to mention the Public Administration, the large figures involved, the importance of some of the services delivered, the relationship of trust that must necessarily be built up between the public and government organizations, with respect to personal data processing.
Our solution, moreover, easily adapts to the service delivery models best suited to the specific requirements of the central and local government clients, such as insourcing, outsourcing and Cloud Computing.
The topic of the day is the spending review …
From an economical point of view, AlmavivA’s has taken the decision to support the Government’s need to control its spending: we have adopted enterprise licensing, regardless of the number of users, in the case of clients with a large user base on the Internet.
AlmavivA for DigitPa: a digital identity management solution
AlmavivA has developed for DigitPa a solution for managing the Identification, Authentication and Authorisation (IAA) functions enabling users to access Government information systems, in accordance with the CAD requirements and the SPC specifications.
The Public System of Connectivity (SPC) is the set of technological infrastructures and technical guidelines for “federating” the ICT systems of government organizations, agencies, departments and entities, with a view to providing integrated services based on common rules and services. In 2007, AlmavivA was awarded a contract, in a joint venture with HP, for providing evolved Interoperability, Cooperation and Application Security SPCoop services. One of the objectives was to build a solution for managing the Identification, Authentication and Authorization (IAA) functions.
The Public System of Connectivity (SPC) is the set of technological infrastructures and technical guidelines for “federating” the ICT systems of government organizations, agencies, departments and entities, with a view to providing integrated services based on common rules and services. In 2007, AlmavivA was awarded a contract, in a joint venture with HP, for providing evolved Interoperability, Cooperation and Application Security SPCoop services. One of the objectives was to build a solution for managing the Identification, Authentication and Authorization (IAA) functions.
The service developed by AlmavivA – which also uses market platforms – enables users to access, the Government web applications, according to a single sign-on procedure, through a safe system and using individual credentials. The service is developed and managed by the AlmavivA DPC, which can ensure a high level of security and operational continuity. To date, the IAA service developed by AlmavivA has been introduced by the Ministry of Justice, the Public Procurement Authority (AVCP) and the local authority of Rome. We have also developed, for the AVCP and INPDAP, access interfaces to the services delivered by the Internal Revenue Service (Agenzia delle Entrate), consistently with the SPC security and federation standard.
"Services like this can improve the perception of quality and trust in Government services, preventing duplication of information, sources of inefficiencies and insecurity. The IAA service, based on consolidated standards, has introduced the SPC technical specifications, issued after the awarding of the contract, constituting an investment that can be integrated with future use scenarios” is the comment by Francesco Tortorelli, Manager of the DigitPa Office for evolved interoperability and application cooper
