Tuesday, April 14, 2015

Italia Login as Citizen Life Management Platform

Italia Login promises to be the most innovative government platform for citizens, also called “the home for citizens”. This project is part of a set of accelerator initiatives to support Italy’s digital growth for the next 5 years.
Italia Login will provide an integrated API platform and supporting technologies which allow better joint participation of the public and private sectors for developing added value services for citizens and enterprises.
The following diagram shows a high-level model of the planned Italia Login interactions (extracted from these governo.it slide).


Citizens will log in to Italia Login using their digital identity (managed by an Identity Provider that is compliant with SPID — the Public System for digital identity), and then they can have access to any apps, provided by the public and private sector, based on their profile.

From a design standpoint, Italia Login shows many similarities with the Life Management Platform concept introduced by Kuppinger-Cole's advisory note (see details here). Life Management Platform has the goal of allowing individuals to consolidate all relevant online data from their lives, and provides tools to manage the essential information of every person’s life and making it usable for other parties.

Consider the following use case:
A citizen needs to enroll his child, through an online service, to an elementary school that facilitates the selection of subsidized school meals in case of parents who are eligible for the subsidy.
The enrollment process requires a citizen's personal details and documents about the situations which must be released by another agency (in this case, the National Social Insurance Agency).
The document attesting to the parents’ economic situation is necessary to demonstrate the eligibility for access to the subsidy.
The main requirements for this use case are the ability to centralize the access to the distributed resources (personal financial details) and enable a data sharing mechanism between the producer of the details (the agency) and the service consumer (the school enrollment application).
Italia Login can provide an essential platform for personal data sharing among distributed online services with the goal of supporting an advanced online service for citizens.

Challenges to mitigate risks
Unlocking the value of personal data in a decentralized and distributed system network requires new approaches for protection and security, accountability, and rights and responsibilities for managing user data, which can be summarized as follows:
  • Provide a new approach to protect and secure decentralized and distributed resources. 
  • Provide the ability to know who has data about you, and where the data is located. 
  • Provide a new approach that helps individuals understand how and when data is collected. 
  • Empower individuals more effectively and efficiently. 

Applying the User-Managed Access (UMA) model to the Italia Login Platform
User-Managed Access (UMA) is a profile of OAuth 2.0. UMA defines how resource owners can control protected-resource access by clients operated by arbitrary requesting parties, where the resources reside on any number of resource servers, and where a centralized authorization server governs access based on resource owner policies.

UMA provides these functions to empower the individual to make choices regarding control and access of their data.

The following scenario shows how UMA can be applied to address the challenges and enable a citizen life management platform:
  1. The Citizen log in (using SPID credential) at the resource server, which expose the resource/API to access the “Financial Status”. 
  2. The Citizen decides to share (using a special button at the resource server) the resource with the Italia Login Platform, enabling a delegated authorization for the resource. 
  3. The resource “Financial Status” is now under the control of the Citizen at the Italia Login platform as “protected resource” and any attempt to access to the resource by an autonomous third third app must be authorized by the user, without the need to share any credentials. 
  4. Italia Login, providing an application and API ecosystem, allows to third-party (i.e. Elementary School App) to access remote resource (i.e. “Financial Status”) through the protected API. 
  5. At this point, the Enrollment process can be initialised by the Citizen, launching the Elementary School App, which starts requesting the consent to allow the app to access to the remote resource (Financial Status). 
  6. The Elementary School App acts as a Client for the remote resource, and it is able to access to the necessary information to apply for facilitated condition, based on the Citizen’s Financial Status. 
  7. In order to create trust relationship between the Client and the Resource Server, the Client must be authorized by proofing specific “trusted claims”, leveraging SPID infrastructure (using OpenID Connect claims, or SAML-based attributes), and evaluated by the Italia Login platform acting as Authorization Server. 
As the above diagram shows, UMA can play a fundamental role to protect distributed resources with a centralized approach, leveraging the Identity ecosystem (SPID), where the user is able to control personal information within an API ecosystem enabling new opportunities based on the sharing economy paradigm.

About UMA
User-Managed Access Work Group at Kantara Initiative wiki page.
User-Managed Access (UMA) Version 1.0 has been Approved by unanimous Member support as a Kantara Initiative Recommendation, the highest level of technical standardization Kantara Initiative can award.
User-Managed Access awarded 2014 Best Innovation in Information Security Award from European Identity & Cloud Conference (EIC 2014, Munich).

Friday, February 20, 2015

SPID and User Perspective about Privacy

In the last blog, I’ve introduced the Italian Digital Identity Initiative, called SPID (Sistema Pubblico Identit√† Digitali).

Technically, SPID will provide an Identity ecosystem for trusted digital identities based on a federated Identity Management system, where citizen can access to public administration (or private) online service using trusted credentials, with the goals to improve accessibility, trust and online security.

With SPID, from an user experience standpoint, when user attempts to access to a online service (Service Provider or Relying Party), he/she is redirect to a Identity Provider (IdP) for the authentication process.

The mechanism is based on SAMLv2 protocol, where the Service Provider (SP) initializes the process (SP-initiated-SSO), requiring an authentication assertion, with a specific level of assurance, to the Identity Provider. Based on user authentication the IdP releases an authentication assertion to the SP.

This approach introduces a potential issue about the user’s privacy, indeed the direct interaction between the SP and IdP, allow the IdP to trace the user transaction with online services, that is the IdP know which government service (or private services) they’re accessing. Considering that the Identity Providers will be, mainly, private companies, this can be a real threat to the user's privacy, which need to be addressed with appropriate regulations and technical solutions.

A possible approach to this problem, with the goal to mitigate user's privacy issue, is the Identity Hub model, which is used in other digital identity initiatives around the world, like Connect.Gov (US) and Gov.UK Verify (UK).

Connect.Gov, for example, acts as Hub and it’s in charge to manage the communication between customers, online agency applications and Identity Providers. "The service allows customers to establish their identity in a secure, privacy-enhancing manner, while also providing government agencies assurance of valid customer identification."