Intro

SPID (Public System for Digital Identity) is the solution that allows the Italian citizens to access all online services of the Public Administration with a single Digital Identity (username and password) that can be used from computers, tablets and smartphones. Citizens can get SPID through a series of private companies under agreements (known as Identity Providers); once the verification procedure is completed (which certifies the identity of the applicant), you are released a set of credentials that can be used on all the websites (called Service Providers).

Advantages for citizens:

• A single set of credentials for all public websites (and private websites too), secure and easy to remember
• The verification process, after which the credentials are released, needs to be done only once
• SPID is free

Advantages for Service Providers:

• Secure and certified identification of users
• No need to handle custom registration/verification processes, thus reduced costs
• Qualified attributes (birth date/place, gender, e-mail, phone etc.)
• Other attributes already populated by users (home address etc.)

SPID can be integrated in the websites of the Public Administration, but also on private websites. In the first case the service is free, while for privates fees are applied. There are several advantages for including SPID in private websites: banks and insurance companies, for instance, can easily recognize users who want to open an account just by accepting their SPID login, without any additional verification process.

How to become a Service Provider

1. Read tecnhical documentation.
2. Use and contribute to the open source components available in Developers Italia.
3. Use spid-saml-check to simulate the authentication flow and verify that your implementation is correct.
4. Get in touch with other developers at Slack.
5. Follow the onboarding procedure described here.
6. If you have any further questions or are having problems with onboarding procedure, please contact SPID HelpDesk.

SPID is based on the SAML2 protocol, thus the integration can be done in several ways:

• by integrating one of the Developers Italia SDKs directly in the application;
• by applying a middleware (like Shibboleth Service Provider) to the web server;
• by adding an external Identity Access Management component, like a Proxy.

In addition, the Enter with SPID” official button must be included in the Service Provider website, that allows users to choose their Identity Provider. The application/middleware/IAM then generates an AuthnRequest that is later sent to the Identity Provider via a browser redirect.

The Service Provider must update the Identity Provider metadata whenever they are added, removed or when their certificates are updated. This update must be reflected in the “Enter with SPID” button too.

How to contribute

The Developers Italia community has created a wide range of ready-to-use open source components (SDK, code examples, IAM Proxy, tools). Anyone can contribute to the improvement of existing components or help develop some new. It is important to keep in mind that the resources made available to the community are not intended as regulations but only as support, example and supplementary help for developers.

Get in touch

Enter the forum Chat on Slack (#spid) (sign up)

Resources