Ministry of Infrastructure and Transport

About About
- Excellence
- Open Source
- Team
- Case History
- Partners
Solutions Solutions
- Education
  A complete and tested solution for the world of Education
- Healthcare
  A complete and tested solution for the world of Healthcare
- PA
  A complete and tested solution for the world of Public Administration
- Financial
  A complete and proven solution for the word of Finance
- Tailored
  A completely customized and proven solution for your needs
Develop Develop
Blog
Support
Contacts Contacts
Certifications

What we have made for Ministry of Infrastructure and Transport

In 2021, the Directorate-General for Digitalization of the Ministry of Infrastructure and Transport has decided to update its infrastructure for accessing IT services by integrating it with strong authentication systems based on Digital Identity in order to further improve the technical security level and to avoid any possible risk of attacks or negligence deriving, for example, from the presence of obsolete components. With the support of Tirasa s.r.l., a company long established in the Open Source community and specialized in Identity & Access Management (IAM), an upgrade process was begun which then resulted in a broader solution for managing identities and accesses.

The solution

MIT's first request for Tirasa was, in fact, to update Apereo CAS to the latest version available, in order to guarantee greater reliability and a high security level within its authentication infrastructure. Later, thanks to Tirasa's experience in the IAM field and given its great ability to perceive the needs and expectations of its customers, MIT decided to extend its infrastructure by introducing a digital identity management system based on Apache Syncope, the Identity Manager Open Source conceived and developed by Tirasa and donated to the Apache Software Foundation in 2012.

This system represents a centralized solution for managing permissions and access control and it is integrated with different applications to which it guarantees Single Sign-On (SSO) access, protection from unauthorized/unrecognized requests and centralized management of sessions and permissions.

The given solution allows users to authenticate themselves using classic credentials verified on the Active Directory resource (internal users), or via SPID/CIE/CNS/eIDAS credentials, verified by delegating authentication to an external gateway for authentication via Public Digital Identity, or using verified credentials in Multi-Factor Authentication (MFA) through an integration with Microsoft Azure Active Directory.

In particular, the integrated use of a gateway for authentication via Public Digital Identity with policies for granting authorizations and access to all the applications that can be implemented via Apereo CAS and Apache Syncope allows to manage cases in which the access to specific applications must be guaranteed to personnel which is off-duty because in leadership or detached position or because he’s retired.

The access to integrated applications occurs in SSO, in compliance with the authorizations, defined centrally, according to Group-Based Access Control (GBAC) and/or Attribute-Based Access Control (ABAC) policies. In practice, the assignment to certain groups and/or the value of certain attributes, specific to the user or relating to a group assignment, may involve access, or not, to certain application services.

Reported benefits

The authentication infrastructure based on Apache Syncope allows dynamic management and continuous monitoring of access permissions to the application services offered by the Ministry.

The possibility of using a centralized and user-friendly administration console brings a huge benefit to the system administrators who, delegated to monitor and configure the system as a whole, can leverage on valid and reliable help for quickly implementing complex business logics, aimed at guaranteeing greater security and detailed controls.

Thanks to the given solution, today MIT can boast a complete and integrated IAM platform, easy to manage and monitor, absolutely robust and secure and totally in line with the specific needs of the Ministry.

The Ministry is fully satisfied with the new authentication infrastructure and recognizes all the potential due to the Open Source technology. It is also aware that Tirasa's skills, experience and support have allowed it to build a tool with great flexibility and simplicity of integration.

About Ministry of Infrastructure and Transport

The Ministry of Infrastructure and Transport (MIT) is the competent Italian governing body that plans and manages infrastructures, network systems and national information systems, which deals with public works and all those projects aimed at improving the quality of life of people and to overcome territorial disparities, and which addresses the challenge of sustainable mobility in the management of the entire transport system (road, rail, air and maritime). Furthermore, thanks to the collaboration with the Italian Port Authority-Coast Guard, it monitors maritime traffic and regulates the main safety mechanisms at sea.

Moreover, MIT provides several online services which can be accessed by different users, both internal and external to the Ministry. Therefore, MIT has its own authentication infrastructure to control access to resources and to safely manage the users. This infrastructure is based on Apereo CAS and, then, it has all the advantages of an Open Source product, from openness and adaptability to the guarantee of data portability.

A complete and tested solution for the world of Public Administration

We have solved complex problems in a simple way

Read the stories of who did already choose Tirasa for digital identities

ASL CN1

Healthcare

Tirasa provided a project for ASL CN1 to improve access management and identity management in the healthcare sector. The implemented solution was designed to manage access for about 8000 users, including doctors, healthcare operators, technicians, administration staff, and external visitors, providing them with access rights or restrictions depending on their identities.

With the proposed solution, ASL CN1 has achieved a scalable, robust and secure authentication and identity management system that meets the needs of thousands of users.

Azienda ULSS 6 EUGANEA

Healthcare

The overall goal is to renew and standardize user management and the whole process of authorization for IT services.

The solution is based on Apache Syncope with the support of Tirasa for product implementations and customizations.

Esercito Italiano

The Italian Army, through its department dedicated to management, development and security of network and system / service infrastructures, needs to manage thousands of users on heterogeneous sources as Oracle databases, LDAP, Zimbra and Active Directory: the typical scenario which an Identity Management system should rule.

The Open Source selection resulted in Apache Syncope and Tirasa, which provided ts activities to support the Army staff in building the best IdM system possible, for their own specific needs.

Gordon Food Service

Tailored

Tirasa has joined the IDaaS (Identity as a Service) project at Gordon Food Service after an initial phase where access policy enforcement via entitlements was already implemented through Okta. It centralized authentication and authorization features for all company applications, about 400,000 users.

Being aware of how fundamental it is to manage identities and user permissions on applications at the core of our infrastructure, we have started a long-running process to rebuild our approach on top of Cloud Computing and best-of-breed software components, with help by Tirasa to streamline Apache Syncope. (Team Lead at Gordon Food Service)

Istituto Zooprofilattico Sperimentale dell'Abruzzo e del Molise "Giuseppe Caporale"

Distributed on around 20 web applications, the Institute makes its IT services available to several of these internal users but especially to tens of thousands of externals which daily operate on them. With the intention of renewing and standardizing its services, IZSAM has recently highlighted the following specific needs.

After a PoC built by Tirasa and based on Apereo CAS and Apache Syncope, the Institute decided to proceed on this path by engaging Tirasa itself to realize the whole infrastructure.

iWelcome

Tailored

Digital transformation is the key word in today’s businesses. Identity Management is a pivotal element of this transformation, however traditional IAM does not suffice. iWelcome’s Identity & Access Management as a service, provides all the capabilities for organizations to interact with their employees, being inside or outside the organization, towards both internal and cloud applications.

Provisioning is involved with managing the internal data sources and external via specific connectors for representation of users, groups and attributes. This component often needs to be tailored to meet the requirements of a specific deployment. The enterprise support of Tirasa, gave us the manageability, scalability and flexibility to connect and protect millions of consumers at enterprise customers

Nivo1

Tailored

AP Express by Nivo1 is a SaaS platform that provides accounts payable automation, and has experienced significant growth in its customer base, as well as application features. Nivo1 recently embarked on an important enhancement to AP Express: allow customers to authenticate users with their internal identity services.

Tirasa built for Nivo1 a full-blown, integrated, IAM platform based on the Open Source tools as Apache Syncope and Apereo CAS, granting full control, on customer base, to both user lifecycle and differentiated authentication and authorization. This combination of tools gives Nivo1 a distinct competitive advantage.

Ospedali Riuniti di Ancona

Healthcare

The ongoing push towards administrative and clinic processes' improvement caused a deep review of pre-existing users and access management. In particular, the need of centralized authentication and authorization mechanisms emerged.

Currently the whole infrastructure, based on Apache Syncope, manages about 5.000 users, periodically synchronized with HR.

PlainID

Tailored

PlainID is the go-to Authorization solution, securing digital assets with one unified policy based authorization platform. PlainID provides IAM teams with a simple and intuitive means to control their organization’s entire authorization process.

We choose Apache Syncope to carry out the provisioning and account management role as part of our authorization platform, due to its simplicity and flexible adoption to the product needs. Another important consideration was the knowledge and excellent support provided by the Tirasa team

PTC

Tailored

PTC Vuforia is the world’s leading augmented reality platform used by over 200K users worldwide. Vuforia’s Identity Management System was moved from a proprietary solution to one built using Apache Syncope. Apache Syncope was chosen as the Identity Management platform because of the simplicity and flexibility of its REST API and also for its support to import users from various sources.

Tirasa provided timely support and always followed up to ensure that all issues were resolved to satisfaction.

Stichting Bibliotheek.nl

Education

One of the projects was implementing a centralized identity and access management infrastructure. The IAM infrastructure aims to hold all users of the national library in the Netherlands, fed by a continuous feed from the local libraries. This way, all Dutch library members can authenticate and use digital services connected to the IAM infrastructure.

Stichting Bibliotheek.nl is very content with Apache Syncope as a product and intends to extend its services based on it.

SURFnet

Education

SURFnet’s mission is to improve higher education and research by promoting, developing, and operating a trusted, connecting ICT infrastructure that facilitates optimum use of the possibilities offered by ICT.

SURFnet is currently planning how to include Syncope it in its identity management and collaboration middleware for provisioning / deprovisioning needs.

SWM

The Syncope-based solution is initially used in mobile ticketing for public transport customers. Among others, it provides functionality for self-registration, login, password reset, and user suspend/reactivate. The user data is synchronized with other backend systems.

SWM is very satisfied with both the community and the commercial support of Tirasa.

University of Helsinki

Education

Identity and access management is particularly difficult in the university environment because many users have two or more roles. For instance, many students who are close to graduating are also employed by their university departments. In the academic world, many employees have temporary contracts or their work is funded through grants. Because of these factors, it is important that the life-cycle management of identities is not made too aggr...

We have had a few years to get to know Apache Syncope and have gained some in-depth knowledge of its use. For this, the support provided by Tirasa has been a vital aid. We have received help in the form of, for instance, code examples providing a preview of the implementation, as well as solutions to configuration problems and quick fixes to any errors we have discovered.

University of Pavia

Education

The first engagement for Tirasa was a feasibility study about a IAM solution that, besides application level, takes into account all the access control issues to physical resources, like as car parks and restricted areas. The University has further engaged Tirasa to build a real Physical Identity & Access Management (PIAM) solution.

Users can log in via SPID, thanks to the functional extension developed by Tirasa.

University of Porto

Education

The U.Porto combines high quality education focused on individual vocations and talents as well as market needs with the claim to being the greatest birthplace of science in Portugal. It is committed to converting into social assets the talent and innovation from its 14 faculties, one business school and over 50 research centres.

Currently, the U.Porto is the most international of Portugal’s universities thanks to its active cooperation with hundreds of higher education institutions worldwide. The ambition now is to establish the U.Porto as one of the top 100 universities in the world by 2020.

UShareSoft

Tailored

The new module allows management of auditing (reports), policies, roles, users, tasks and entitlements. At present UForge uses this embedded IDM service for authentication and role-based access control (RBAC) authorization through special entitlements. The persistence store behind the IDM service is an SQL store and there is a resource connector, connecting to an LDAP V3 Service, for storage of roles, users and entitlements information, in an ...

The UShareSoft UForge Identity management service, is based on Apache Syncope, which was expressly chosen for it's richly defined and complete RESTful API.

Virgin Voyages

Tailored

In the initial scenario, identities from multiple HR systems (including Workday) were set to be transferred to Azure AD via Okta. The situation was problematic for various factors, including almost no control over the process, several potential points of failure and impractical scaling.

Managing the complexity of identity flows across ships and shore is an extremely delicate and involved task: we did choose Open Source software to rule them all. Trusting Tirasa to build our Identity and Access Management system was simply refreshing.

Ministry of Infrastructure and Transport

PA