170 likes | 573 Views
ARPA. A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region. The problem. In the ICT world the security and the privacy are fundamental and it’s very important for the citizens to have access to their information in a secure way.
E N D
ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region
The problem • In the ICT world the security and the privacy are fundamental and it’s very important for the citizens to have access to their information in a secure way. • For this reason it’s important to have not only a secure access system, like an electronic card, but an infrastructure that permits a secure authenticated access to all services offered by Public Administration
Tuscany ITC infrastructure • RTRT (Regional Telematic Network) • An infrastructure that connects in a secure way all Public Administration in Tuscany • CART (Applicative Cooperation of/for Tuscany Region) • An infrastructure that permits interoperability of different applications • A PKI • An infrastructure for the emission of CNS
ARPA • Over this infrastructures Tuscany Region has built ARPA, a infrastructure that permits an unique authenticated and secure access point to all services offered by Tuscany Public Administration
ARPA An infrastructure that permits: • Authentication and identification in a secure way using an electronic card (CIE or CNS) • Role or qualify verification and moreover offers • A personalized desktop with all available services offered by P.A. according to the identity user and his roles
The architectural model • Portal Area : secure access to services based on digital certificates • Role Manager Area : this component manages the right link between user and his roles • Services Area : Available services according to the credentials of the user
Role certification providers • The role verification takes place inquiring one or more external data sources which are distributed on several organizations (role certification providers) • The role certification providers (RCP) offer authenticated access to data sources in order to verify roles and associated attributes • All the above informations builds the digital user credentials, according to established rules, (a kind of role certificate) necessary to access to the services
Identity federation According to e-government specifications Tuscany Region intends to inteoperate with other public administration services according to federate digital identity. • In this scenario the problem is: a domain of a public administration intends to make available its services to another domain. How does the first domain identify the users of the other external domain? • With the identity federation the server domain trusts in the process by which the other external client domain has generated the user digital credentials. It trusts in this process as it would be its own (domain’s trust). • Moreover if the services access is restricted to a particular class of users based on their role the mutual trust includes also the role certification process.
Role of tuscany Region • In this scenario Tuscany Region with ARPA acts as: • Identity and attribute provider for the other trusted domains • Service provider: it receives users digital credentials created by federated trusted domains and it uses them for services access
Federation • Business agreements between Tuscany Region and other Public Administration to set courses of actions and responsability about delivering services using a federated model • Use of public key cryptographic systems to warrant authenticity, integrity and confidentiality of identity transactions. • Use of standard (SAML)
Public Administration benefits • Increasing the access to its services • Having an infrastructure to verify the roles in a dynamic way • Mantaining control of policy access to its services
Users benefits • Unique access identification • Having an unique desktop with all available services offered by Public Administration
ENTI LOCALI 2.Role assignment ISP 1 ISP 2 1. Authentication by electronic card RT RT 3.Send user credentials to the applications Internet @ Federations of secure portals
Thanks a lot for the invitation and for the kind attention Laura Castellani – laura.castellani@regione.toscana.it