Among the most used methods are:

• Social Engineering: exploiting user data to get to other personal information;
• Skimming: credit card cloning performed during the withdrawal operation;
• Bin raiding: retrieve tax information, bank statements, bills or any other documentation bearing personal information;
• Phishing: sending of personal e-mails and cleverly counterfeit advertising banners that can induce the user to communicate confidential information.

The 2-factor (2FA) or multi-factorial (MFA) authentication mechanisms are used in some services to guarantee the user greater control over their data. However, even with these tools, a hacker may be able to obtain other information relevant to our identity.

Among the most used methods are:

• Social Engineering: exploiting user data to get to other personal information;
• Skimming: credit card cloning performed during the withdrawal operation;
• Bin raiding: retrieve tax information, bank statements, bills or any other documentation bearing personal information;
• Phishing: sending of personal e-mails and cleverly counterfeit advertising banners that can induce the user to communicate confidential information.

The 2-factor (2FA) or multi-factorial (MFA) authentication mechanisms are used in some services to guarantee the user greater control over their data. However, even with these tools, a hacker may be able to obtain other information relevant to our identity.

SPID covers 44% of the population, far from the levels of the more advanced European countries, such as the Netherlands (79%), Sweden (78%), Norway (74%) and Finland (55%).

There are 5,300 public administrations out of over 22,000 that allow citizens to use SPID to access at least one digital service.

SPID covers 44% of the population, far from the levels of the more advanced European countries, such as the Netherlands (79%), Sweden (78%), Norway (74%) and Finland (55%).

There are 5,300 public administrations out of over 22,000 that allow citizens to use SPID to access at least one digital service.

Identity management is achieved thanks to identity management systems, or a set of technologies that communicate identities in a common network. These are based on time-tested frameworks, IT protocols, and security models.

The models can be the “Scandinavian Model” if managed by private companies, while as “Continental Model” if managed by governmental entities.

The objectives of identity management are:

1. Network identification
2. Network authentication
3. Network authorization

Identity management is achieved thanks to identity management systems, or a set of technologies that communicate identities in a common network. These are based on time-tested frameworks, IT protocols, and security models.

The models can be the “Scandinavian Model” if managed by private companies, while as “Continental Model” if managed by governmental entities.

The objectives of identity management are:

1. Network identification
2. Network authentication
3. Network authorization

As of today, the actors communicate through two different systems:

1. Centralized Model (Silos Model): the user has a direct relationship with the SP, who manages the personal data in his / her database
2. Federated Model: the user does not have a direct relationship with the RP, while it is the IdP who manages the personal data in its database

As of today, the actors communicate through two different systems:

1. Centralized Model (Silos Model): the user has a direct relationship with the SP, who manages the personal data in his / her database
2. Federated Model: the user does not have a direct relationship with the RP, while it is the IdP who manages the personal data in its database

The federated model is the most used as it guarantees levels of interoperability and security. The role of the IdPs is predominant and they are referred to as federated IdPs.

Three generations of federated identity frameworks/protocols have been developed since 2005:

• Security Assertion Markup Language (SAML),
• OAuth,
• OpenID Connect

Using OpenID Connect, logins via social networks such as Facebook, Google, Twitter, etc. they have become standard across websites.

The federated model is the most used as it guarantees levels of interoperability and security. The role of the IdPs is predominant and they are referred to as federated IdPs.

Three generations of federated identity frameworks/protocols have been developed since 2005:

• Security Assertion Markup Language (SAML),
• OAuth,
• OpenID Connect

Using OpenID Connect, logins via social networks such as Facebook, Google, Twitter, etc. they have become standard across websites.

Despite all the work carried out on federated identity since 2005, it is not yet able to provide us with the maximum degree of security in the use of our digital identity. This happens for a number of reasons:

• There is no one IDP that works with all sites and apps. Thus, users need more than one IDP;
• Many users and sites are reluctant to have a “middleman”;
• Large IDPs are susceptible to attacks from cybercriminals. Databases are frequently attacked by intruders via SQL Injection.
• The user has multiple identities that do not speak to each other

SAML 2.0 (Security Assertion Markup Language) is a framework that authenticates and authorizes an IDP to pass an authentication token to an SP or RP.

SAML 2.0 refers to the XML variant language. The IDP transmits an XML document, the so-called SAML assertion to the SP when the user attempts to access these services. The SP requires authorization and authentication to the identifier from the IDP. When the IDP confirms, the user enters.

Two main security features of SAML

• Authentication
• Authorization

SAML 2.0 (Security Assertion Markup Language) is a framework that authenticates and authorizes an IDP to pass an authentication token to an SP or RP.

SAML 2.0 refers to the XML variant language. The IDP transmits an XML document, the so-called SAML assertion to the SP when the user attempts to access these services. The SP requires authorization and authentication to the identifier from the IDP. When the IDP confirms, the user enters.

Two main security features of SAML

• Authentication
• Authorization

How is access guaranteed?

The website we want to access via Facebook receives an access token from the oAuth 2 Server. When the website calls the API for the information, it delivers the received token and thus is granted access. oAuth 2 does not specify how this token should be verified.

The choice that is regularly implemented is to issue a token with limited and self-referential time validity, i.e. signed with asymmetric cryptography: a JWT.

In this way, the website has a time window to access the requested information and cannot change its access rights because it does not have the private key to change the token.

How is access guaranteed?

The website we want to access via Facebook receives an access token from the oAuth 2 Server. When the website calls the API for the information, it delivers the received token and thus is granted access. oAuth 2 does not specify how this token should be verified.

The choice that is regularly implemented is to issue a token with limited and self-referential time validity, i.e. signed with asymmetric cryptography: a JWT.

In this way, the website has a time window to access the requested information and cannot change its access rights because it does not have the private key to change the token.

The decision to use a framework rather than another is not always immediate. Many struggles to grasp the differences between OAuth 2.0, OpenID Connect, and Security Assertion Markup Language (SAML).

• SAML 2.0 creates a trust relationship on a digital signature. In fact, the SAML tokens issued by the identity provider are XML-signed, the application validates the signature itself and the certificate it presents.
• SAML 2.0. is independent of OAuth.
• OAuth2 creates the trust relationship on a direct HTTP call from the application to the identity.

The decision to use a framework rather than another is not always immediate. Many struggles to grasp the differences between OAuth 2.0, OpenID Connect, and Security Assertion Markup Language (SAML).

• SAML 2.0 creates a trust relationship on a digital signature. In fact, the SAML tokens issued by the identity provider are XML-signed, the application validates the signature itself and the certificate it presents.
• SAML 2.0. is independent of OAuth.
• OAuth2 creates the trust relationship on a direct HTTP call from the application to the identity.
• OpenID Connect further expands this to allow obtaining the identity without this additional step involving calling from the application to the identity provider.
• OAuth 2.0 is a framework that controls the authorization for access to any protected resource, while OpenID Connect and SAML 2.0 are both standards referring only to the federated model.

The sectors most affected by cyber-attacks were financial services (171 euros for stolen information), the energy sector (165 euros), and the pharmaceutical sector (164 euros).

The sectors most affected by cyber-attacks were financial services (171 euros for stolen information), the energy sector (165 euros), and the pharmaceutical sector (164 euros).

The Public Digital Identity System (SPID) is a digital identity consisting of a username, password and token. These strictly personal data enable the identification of the citizen and the use of online services of the public administration and private adherents.

The security protocol on which the SPID digital identity is based is SAML 2.0. and it is a federated model.

SPID is a federated management system and includes several subjects:

1. Italian citizen (user)
2. the digital identity manager (IdP). This is a subject, which must be accredited by the Agency for Digital Italy the manager of qualified attributes who can certify qualified attributes, such as the possession of a qualification, membership of a professional order;
3. the public or private Service Provider (SP).

The Public Digital Identity System (SPID) is a digital identity consisting of a username, password and token. These strictly personal data enable the identification of the citizen and the use of online services of the public administration and private adherents.

The security protocol on which the SPID digital identity is based is SAML 2.0. and it is a federated model.

SPID is a federated management system and includes several subjects:

1. Italian citizen (user)
2. the digital identity manager (IdP). This is a subject, which must be accredited by the Agency for Digital Italy the manager of qualified attributes who can certify qualified attributes, such as the possession of a qualification, membership of a professional order;
3. the public or private Service Provider (SP).

Verification of a user’s identity takes place through the exchange of data, called assertions. Each assertion, therefore, makes it possible to ascertain that authentication took place correctly at a given moment in time and with a correct authentication method. The exchange of such information takes place between an IdP and an SP.

Through the IdP software, the user receives an OTP (One-Time-Password) generated and visible to both the user and the IdP. This mechanism reinforces the security of the identification process, it is defined as two-factor authentication (2FA).