Enabling Platform

SPID

Public System for Digital Identity

SPID is the digital identity card for the citizens: a single credential system, with a verified identity, that can be integrated on public and private websites.

SPID

Intro

SPID (Public System for Digital Identity) is the solution that allows the Italian citizens to access all online services of the Public Administration with a single Digital Identity (username and password) that can be used from computers, tablets and smartphones. Citizens can get SPID through a series of private companies under agreements (known as Identity Providers); once the verification procedure is completed (which certifies the identity of the applicant), you are released a set of credentials that can be used on all the websites (called Service Providers).

Advantages for citizens:

  • A single set of credentials for all public websites (and private websites too), secure and easy to remember
  • The verification process, after which the credentials are released, needs to be done only once
  • SPID is free

Advantages for Service Providers:

  • Secure and certified identification of users
  • No need to handle custom registration/verification processes, thus reduced costs
  • Qualified attributes (birth date/place, gender, e-mail, phone etc.)
  • Other attributes already populated by users (home address etc.)

SPID can be integrated in the websites of the Public Administration, but also on private websites. In the first case the service is free, while for privates fees are applied. There are several advantages for including SPID in private websites: banks and insurance companies, for instance, can easily recognize users who want to open an account just by accepting their SPID login, without any additional verification process.

How to become a Service Provider

  1. Read the technical docs and use the open source components you can find in Developers Italia.
  2. Use the test Identity Provider for simulating the authentication process and verifying that your implementation is correct.
  3. Get in touch with other developers via Slack.
  4. Follow the accreditation procedore described in the AGID website.

SPID is based on the SAML2 protocol, thus the integration can be done in several ways:

  • by integrating one of the Developers Italia SDKs directly in the application;
  • by applying a middleware (like Shibboleth) to the web server;
  • by adding an external Identity Access Management component.

In addition, the “Enter with SPID” official button must be included in the Service Provider website, that allows users to choose their Identity Provider. The application/middleware/IAM then generates an AuthnRequest that is later sent to the Identity Provider via a browser redirect.

The Service Provider must update the Identity Provider metadata whenever they are added, removed or when their certificates are updated. This update must be reflected in the “Enter with SPID” button too.

Enter the forum Chat on Slack (#spid) (sign up)

In addition, a public issue tracker is available.

The Developers Italia community developed a large amount of open source components (SDK, examples of code) ready to use, and it also developed the test Identity Provider. Anyone can contribute to the improvement of such components or to the development of new ones (see the roadmap).

Resources

  • Test Identity Provider

    Test environment that can be used for troubleshooting a Service Provider implementation. It provides full validation against the official SPID rules and can be run as a local application too

back to contents