Title: MAS Municipal Authentication System Valentino Ditoma Deputy Director of eGovernment Technologies Anc
1 MAS(Municipal Authentication System)Valentino
DitomaDeputy Director of eGovernment
TechnologiesAncitel S.p.A.
2Municipal Autentication System
- Framework for web applications that manages
- - Authentication
- - Authorisation
- - CRM
- Modular architecture
- Currenty used by 18 Italian municipalities and
being validated at European level through the
eTEN project CARMEN
3Municipal Autentication System
- System based on the knowledge gained during the
Italian Identity card experimental project of the
Ministry of the Interior to manage the identity
of citizens regarding public services - Aiming at providing a standard solution for
service authentication of all public
administrations by 2006
4Municipal services in which is being used
- Payment of local taxes and fines
- Access by citizens, civil servants and police to
protected citizen data (civil register) - Remote filing of applications (administrative
procedures, building licenses, etc.) - Retrieval of certificates issued by public
administrations - Public authorisation procedures to enterprises
- Managing of authorisation flows involving
different administrations.
5Next Step
- The user authentication system will be presented
to local service providers so they can
authenticate automatically in their own web
services all citizens identified by the portal of
the municipality - (it is just needed to install the client
application in the server of the provider)
6 Authentication Server
7Authentication Server goals
- Centralized Authentication server
- Single Sign On
- Allows different authentication methodologies
- Enables access to multiple data sources to verify
user credentials
8Authentication Server centralized authentication
Service 1
Authentication Server
Service x
Token of authentication
Authenticated Access
Browser
Service n
9Authentication ServerCommunication protocol
WEB Service
INTERNET
Request of Service (1)
http request redirected to AS (2)
Browser Internet
Access to Service by authenticated user(5)
MUNICIPALINTRANET
http request redirected to Service (4)
Authentication Server(AS)
Request of authentication (3)
10Authentication Server Single SignOn
- Centralized Authentication
- Possibility of accessing many web services
(federated) through a single user
authentication - Services are federated on the Authentication
Server
11Authentication Server authentication methodology
- Possibility of configuring different
authentication systems
Pre-existing Authentications (ex. login/password)
Authentication Server
eID card
Extensions New authentication systems
12Authentication Server access to external
databases
- User validation through pre-existing external
databases
Authentication Server
CheckUserID / Password
CheckUserID / Password
DB
LDAP
13Authentication Server service integration
- Integration through Apache module
- Transparency of web services
- Java library
- DLL module for Microsoft
14Authentication Server schema
CIE
HTTPS
Browser
C
Servizio A
Internet
L
Web
Servizio B
Internet
I
Server
E
Servizio C
Postazione Internet
N
T
Servizio D
Modulo
custom
del comune
Tomcat
Modulo
Custom
AuthAdmin
AS CORE
Modulo LDAP
(
Auth
)
Black List
Modulo CIE
Verifica validit
à
CIE
certificati
Modulo DB
DB
DB
Basi dati
DB
Server Autenticazione
Basi dati comunali
o nazionali
15 Authorization Server
16Authorization Server goals
- Centralizes authorizations
- RBAC Model
- Single interface with Services
- Secure comunication with Services
- Multi-platform
- Independent from Authentication Server
17Authorization Server RBAC model
Users
Roles
Resources
Permissions
Resource Permissions
18Authorization Server modules
- Possibility to configure CUSTOM authorization
modules
Authorization Server
CheckAuthorization
CheckAuthorization
Custom Module
DB
19Authorization Server integration of services
- Java library
- DLL module for Microsoft
20 Customer Relationship Management
21CRM goals
- Retrieve the information
- Determine the categories of users
- Manage the multi-channel interaction with
users/citizens - Tracing service
- Statistics
22CRM repository of information
- CRM centralizes the user information (user
attributes)
User attributes
Registration in mailing list
Preferences
23CRM categories of users
Attribute 1 ltoperatorgt value
Attribute n ltoperatorgt value
Category X
24CRM multichannel services
-
- CRM gives the possibility to send messages
through different channels
Mail
WEB Messages (Popup)
SMS
E-Mail
25CRM WEB messages
Authentication Server
Web Access
Browser
Web Message
CRM Server
26CRM tracing
- Centralized tracing system for anonymous
searches, respecting users private data
WEB service 1
Access 1
Trace 1
Trace 2
Browser
CRM Server
Access 2
WEB Service 2
27 Service On Line survey
28SOL what is it ?
- a secure electronic voting system
- an open source WEB application
- reproduces voting conditions as in a real
election process (List of Voters issued by the
Municipality polling station ballot box
ballot counting)
29SOL architecture
AUTHS
AS
DB
Voting authorisation
Authentication by administrator AVS
Authentication by administrator BCS
AVS Admin
Authentication of the user
BCS Admin
AVS CORE
BCS CORE
BCSClient
AVSClient
Xml cryptographed on HTTP
Controller
Controller
BCS Public
Applet JAVA
Browser Internet
eIDcard
30SOL polling procedure
Request decoding of encrypted key
AVS
BCS
Private key
Ballot authorisation request
Sending of encrypted ballotAuthorisation
Public KEY
Applet Java Voter