1 / 15

ARPA

ARPA. A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region. The problem. In the ICT world the security and the privacy are fundamental and it’s very important for the citizens to have access to their information in a secure way.

raisie
Download Presentation

ARPA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region

  2. The problem • In the ICT world the security and the privacy are fundamental and it’s very important for the citizens to have access to their information in a secure way. • For this reason it’s important to have not only a secure access system, like an electronic card, but an infrastructure that permits a secure authenticated access to all services offered by Public Administration

  3. Tuscany ITC infrastructure • RTRT (Regional Telematic Network) • An infrastructure that connects in a secure way all Public Administration in Tuscany • CART (Applicative Cooperation of/for Tuscany Region) • An infrastructure that permits interoperability of different applications • A PKI • An infrastructure for the emission of CNS

  4. ARPA • Over this infrastructures Tuscany Region has built ARPA, a infrastructure that permits an unique authenticated and secure access point to all services offered by Tuscany Public Administration

  5. ARPA An infrastructure that permits: • Authentication and identification in a secure way using an electronic card (CIE or CNS) • Role or qualify verification and moreover offers • A personalized desktop with all available services offered by P.A. according to the identity user and his roles

  6. The architectural model

  7. The architectural model • Portal Area : secure access to services based on digital certificates • Role Manager Area : this component manages the right link between user and his roles • Services Area : Available services according to the credentials of the user

  8. Role certification providers • The role verification takes place inquiring one or more external data sources which are distributed on several organizations (role certification providers) • The role certification providers (RCP) offer authenticated access to data sources in order to verify roles and associated attributes • All the above informations builds the digital user credentials, according to established rules, (a kind of role certificate) necessary to access to the services

  9. Identity federation According to e-government specifications Tuscany Region intends to inteoperate with other public administration services according to federate digital identity. • In this scenario the problem is: a domain of a public administration intends to make available its services to another domain. How does the first domain identify the users of the other external domain? • With the identity federation the server domain trusts in the process by which the other external client domain has generated the user digital credentials. It trusts in this process as it would be its own (domain’s trust). • Moreover if the services access is restricted to a particular class of users based on their role the mutual trust includes also the role certification process.

  10. Role of tuscany Region • In this scenario Tuscany Region with ARPA acts as: • Identity and attribute provider for the other trusted domains • Service provider: it receives users digital credentials created by federated trusted domains and it uses them for services access

  11. Federation • Business agreements between Tuscany Region and other Public Administration to set courses of actions and responsability about delivering services using a federated model • Use of public key cryptographic systems to warrant authenticity, integrity and confidentiality of identity transactions. • Use of standard (SAML)

  12. Public Administration benefits • Increasing the access to its services • Having an infrastructure to verify the roles in a dynamic way • Mantaining control of policy access to its services

  13. Users benefits • Unique access identification • Having an unique desktop with all available services offered by Public Administration

  14. ENTI LOCALI 2.Role assignment ISP 1 ISP 2 1. Authentication by electronic card RT RT 3.Send user credentials to the applications Internet @ Federations of secure portals

  15. Thanks a lot for the invitation and for the kind attention Laura Castellani – laura.castellani@regione.toscana.it

More Related