1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

Slides:



Advertisements
Similar presentations
What is. Digital Certificate It is an identity.
Advertisements

Identity Network Ideals – Heterogeneity & Co-existence
The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
Secure Communication Architectures.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
Grid Security. Typical Grid Scenario Users Resources.
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
E-region Gabrovo Document interchange between regional administration, municipalities within the region and de-concentrated state administrations for administrative.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
Public Key Infrastructure Ammar Hasayen ….
Republic of Sudan Ministry of Telecoms & Information Technology National Committee for Digital Certification ELECTRONIC ID IN ONLINE ADMISSION FOR UNIVERSITIES.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Module 9: Fundamentals of Securing Network Communication.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.
, Josef NollNISnet NISnet meeting Mobile Applied Trusted Computing Josef Noll,
Active Directory Overview n Course: Operating System n Professor: Mort Anvari n Student: Lina Si n Date: 09/07/02.
Building Security into Your System Bill Major Gregory Ponto.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Connect. Communicate. Collaborate Federation Interoperability Made Possible By Design: eduGAIN Diego R. Lopez (RedIRIS)
SWEB SWEB Security and Privacy Technologies – Implementation Aspects Venue:SWEB Day in APV, Novi Sad Author(s):Dr. Milan Marković Organisations:MISANU.
© 2003 The MITRE Corporation. All rights reserved For Internal MITRE Use Addressing ISO-RTO e-MARC Concerns: Clarifications and Ramifications Response.
State of e-Authentication in Higher Education August 20, 2004.
1 herbert van de sompel CS 502 Computing Methods for Digital Libraries Cornell University – Computer Science Herbert Van de Sompel
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 ICT and E-Business Strategies For Development Geneva, October.
1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Authentication and Authorisation in eduroam Klaas Wierenga, AA Workshop TNC Lyngby, 20th May 2007.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
E-Authentication October Objectives Provide a flexible, easy to implement authentication system that meets the needs of AES and its clients. Ensure.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Omniran CF00 1 Key Concepts of Authentication and Trust Establishment Date: Authors: NameAffiliationPhone Max RiegelNokia Networks+49.
Creating a European entity Management Architecture for eGovernment Id GUIDE Keiron Salt
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Integrating the Healthcare Enterprise The Integration Profiles: Basic Security Profile.
Identity and Access Management
Training for developers of X-Road interfaces
Efficient and secure transborder exchange of patient data
Module 8: Securing Network Traffic by Using IPSec and Certificates
Public Key Infrastructure (PKI)
Message Digest Cryptographic checksum One-way function Relevance
NAAS 2.0 Features and Enhancements
Module 8: Securing Network Traffic by Using IPSec and Certificates
Install AD Certificate Services
Building Security into Your System
Protecting Privacy During On-line Trust Negotiation
WS Standards – WS-* Specifications
Presentation transcript:

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region

2 The problem In the ICT world the security and the privacy are fundamental and it’s very important for the citizens to have access to their information in a secure way. For this reason it’s important to have not only a secure access system, like an electronic card, but an infrastructure that permits a secure authenticated access to all services offered by Public Administration

3 Tuscany ITC infrastructure RTRT (Regional Telematic Network) An infrastructure that connects in a secure way all Public Administration in Tuscany CART (Applicative Cooperation of/for Tuscany Region) An infrastructure that permits interoperability of different applications A PKI An infrastructure for the emission of CNS

4 ARPA Over this infrastructures Tuscany Region has built ARPA, a infrastructure that permits an unique authenticated and secure access point to all services offered by Tuscany Public Administration

5 An infrastructure that permits : Authentication and identification in a secure way using an electronic card (CIE or CNS) Role or qualify verification and moreover offers A personalized desktop with all available services offered by P.A. according to the identity user and his roles ARPA

6 The architectural model

7 Portal Area : secure access to services based on digital certificates Role Manager Area : this component manages the right link between user and his roles Services Area : Available services according to the credentials of the user The architectural model

8 The role verification takes place inquiring one or more external data sources which are distributed on several organizations (role certification providers) The role certification providers (RCP) offer authenticated access to data sources in order to verify roles and associated attributes All the above informations builds the digital user credentials, according to established rules, (a kind of role certificate) necessary to access to the services Role certification providers

9 According to e-government specifications Tuscany Region intends to inteoperate with other public administration services according to federate digital identity. In this scenario the problem is: a domain of a public administration intends to make available its services to another domain. How does the first domain identify the users of the other external domain? With the identity federation the server domain trusts in the process by which the other external client domain has generated the user digital credentials. It trusts in this process as it would be its own (domain’s trust). Moreover if the services access is restricted to a particular class of users based on their role the mutual trust includes also the role certification process. Identity federation

10 In this scenario Tuscany Region with ARPA acts as: Identity and attribute provider for the other trusted domains Service provider: it receives users digital credentials created by federated trusted domains and it uses them for services access Role of tuscany Region

11 Business agreements between Tuscany Region and other Public Administration to set courses of actions and responsability about delivering services using a federated model Use of public key cryptographic systems to warrant authenticity, integrity and confidentiality of identity transactions. Use of standard (SAML) Federation

12 Increasing the access to its services Having an infrastructure to verify the roles in a dynamic way Mantaining control of policy access to its services Public Administration benefits

13 Unique access identification Having an unique desktop with all available services offered by Public Administration Users benefits

Internet 1. Authentication by electronic card Federations of secure portals 2.Role assignment 3.Send user credentials to the applications

15 Thanks a lot for the invitation and for the kind attention Laura Castellani –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.