THE ITALIAN ELECTRONIC IDENTITY CARD: OVERALL ARCHITECTURE AND IT INFRASTRUCTURE
In this paper we describe the overall process of deployment of the Italian Electronic Identity Card: the way it is issued, services it is used for, organizations involved in the process, and the Information Technology (IT) infrastructure enabling the effective management of the whole process while ensuring the mandatory security functions. Organizational complexity lies in the distribution of responsibilities for the management of Personal Data Registries (on which identity of people is based) which is an institutional duty of the more than 8000 Italian municipalities, and the need of keeping a centralized control on all processes dealing with identity of people as prescribed by laws and for national security and police purposes. Technical complexity stems from the need of efficiently supporting this distribution of responsibilities while ensuring, at the same time, interoperability of IT-based systems independent of technical choices of the organizations involved, and fulfilment of privacy constraints. The IT architecture defined for this purpose features a clear separation between security services, provided at an infrastructure level, and application services, exposed on the Internet as Web Services. This approach has allowed to easily design and implement secure interoperability, since - notwithstanding the huge variety of IT solutions deployed all over the Italian Municipalities to manage Personal Data Registries - existing application services have not required major changes to be able to interoperate.