How did a public digital identity system work? Who are the main players, the authentication process? The example of electronic voting. The digital identity ecosystem, known by the acronym SPID (Public System of Digital Identity), allows authentication to online services of the public administration, or private adherents, quickly and safely. It works well, and we must hope for a greater extension and evolution that will provide new benefits for the citizens.
How A Public Digital Identity System Works
A public digital identity system focuses on the first two letters, Identification and Authentication. Not the second A ( Authorization ) because it is functional to the data processing rights or the third A ( Accountability) because it is functional to the attribution of responsibilities for the activities carried out. Identification means recognizing a unique name of a subject (person or tangible or intangible object) within a domain.
Your name, username, social security number, e-mail address, and so on. We mean the demonstration that whoever is using that name is the correct owner by authentication. Authentication is the relevant aspect of digital identity. The goodness of the method is evaluated in terms of safety, speed, and practicality, depending on the context and technological evolution. There are various types of solutions to verify authenticity, generally through a specific characteristic that can only be associated with that name.
Some examples: something you know, such as a password or PIN; something you own, for example, a passport, a smart card, or a cookie on your PC; something distinctive, such as a fingerprint, iris scan, or facial geometry; something you do, such as signing or unlocking an encrypted message. Last but not least, someone you trust who guarantees it is true, such as a notary or an entity that provides identity services.
The Three Actors Of The Public Digital Identity System
The ecosystem of public digital identity involves three actors who exchange messages. First of all, there is the citizen (“principal” or “citizen”), who requests a service from an entity (“service provider”), which manages the privileges and permissions to access the service it provides, of which it has also defined the terms of use and the attributions of responsibility. The service provider, however, only requests the authentication service from another entity (“identity provider”), which has acquired, through a physical recognition (or equivalent), the ability to guarantee the identity of the subject requesting the service.
The authentication process is fast and flexible because access control communications run fast on digital highways using specific protocols, for example SAML 2.0 (Security Assertion Markup Language). The cryptography used in response to the previous security requirement. Both applied to messages and the communication channel. The use of graphically appealing web pages on any networked device guarantees the simplicity of the identification request, while the automatisms highlight the practicality of the solution.
SPID is this ecosystem. And it works fine. Good functioning does not mean that we have arrived at our destination. At this point, like any system in the world of computer science, the improvement path towards version 2.0 should begin. The first step is done, now others are waiting. How to find them is simple, with a little creativity. Just think about the expectations that there are, or can be imagined, around digital identity systems.
SPID And Identity Provider
SPID is a public system, but identity providers are profitable companies where personal data protection is not at the top of their mission and cannot even be expected to be. The digital identity is unique in a domain but not unique at all. It is possible to have more than one, perhaps differentiated by the level of security required. Having multiple identity providers ensures the resilience of the ecosystem, reduces the impact on disservices, provides better performance, and avoids monopolistic situations.
To allow greater flexibility of digital identities, with important or minimal personal data, you can think of having two types of identity providers, the “trustee” who guarantee only the identity, and the custodian (“custodian”) who knows our data and also manages the authorization to such data. Physical recognition (or equivalent) is preparatory for issuing digital identity.
It is always required. However, it would not be necessary for the “trustees” if, upon a new request for the creation of digital identity, they delegated the recognition to the “custodian” and, if so, they could also receive a minimum set of data ( for example, the real name, a flag of majority for control, or others of minimal impact on a personal level).
Perhaps one of the most photocopied documents ever for online registrations. Today, we must also manage the expiration of the identification documents, while this would not help. The custodian records the registry changes and, if necessary, automatically propagates the changes to the credentials to the trustees. In this way, coherently, the trustees will be private companies that manage only the recognition of the users assigned to the applicant. They know only the minimal set of personal data and the digital certificate necessary for the custodian to trace the true physical identity.
The advantages are a clear separation between the processing of personal data and digital identification data, avoiding excess processing. The custodian must be under public authority management, as is already the case with identity cards. The custodian’s activity would be limited to recognizing individuals who register with a normal trustee or managing the authorization of access to specific categories of personal data based on pre-established roles. For example, an emergency room accesses all health data,
The SPID In The Authentication Process
When we use the SPID as the first step of the authentication process, one is asked to choose one’s trustee from a list of trustees, and then the recognition takes place with the one selected. You can make this step automatic. By imposing a naming convention on the names of the users, it is possible to ask to respect a protocol similar to the address of the mailboxes. The domain would represent the name of the trustee, while the name can be any string without any need to report information referable to the person’s real name.
One use of this anonymization can serve to contain fake news or haters. It is sufficient to force public chats or social networks to allow the registration of only users identified by an identity provider. In this way, the person does not expose any personal data. Still, if false information or slander is disseminated, it will be easy for the authorities to trace the real identity quickly.
Given that the custodian is in the management domain of a public authority, one can also think about giving legal value to documents on smartphones. For example, through the IO App authenticated by the custodian, one could obtain an identity card or driving license. For the police, the verification of the integrity of the contents would be immediate.
The SPID In Electronic Voting
A further application of SPID, more complex but more fascinating, is electronic voting, which means using a device to vote inside a voting booth but being able to do it from home connected to the Internet. Let’s consider that today, taking an online exam is no longer surprising. To do this, we install software that takes control of the device, webcam, and audio so that remote control by the examiner, both the environment and the examiner, is possible—nothing else.
The prerequisites of the vote are:
- The freedom of expression of the vote.
- The certain identity of the voter.
- The secrecy of the vote.
The certain identity is of the device or user used, and therefore something more is needed than pure digital authentication. A hypothetical digital polling station procedure requires activating special software on the voter’s mobile device to authenticate the custodian and identify the person. The voter will be warned that by proceeding with the installation, the software will take control of the audio and video of the device but not of the screen, and remotely, by an electoral team, the environment will be monitored to exclude conditioning and recognize the person.
The screen will not be virtualized to allow for the right level of secrecy, and the team will communicate compliance with the rules with text notifications. A teller will be able to observe several voters simultaneously, will authorize the registration of the vote in the absence of infringements, and the chairman will verify the work of the tellers. Physical polling booths will also have computers to vote. The usable software is the same, but the configuration changes. The software is on self-starting USB with the default digital certificate and disabling webcam, audio, and keyboard.
The vote will be expressed with only the mouse or touchscreen with a procedure similar to the mobile device (but without remote control). The advantages are considerable, no paper cards to print or endorse or scrutinize, rapid start-up and closing phases of the polling station, immediate results upon closure, and without disputes. The level of security is comparable to a traditional polling station and makes other alternatives, such as postal voting, useless.
Also Read: WHAT IS THE BEST CAD CAM SOFTWARE?