Grosseto (Italy) develops the OpenPortalGuard eID system

Published on: 14/06/2009
Document

In 2003 the Italian Ministry of the Interior decided to launch a pilot project for the use of eID cards in Italy, and asked a contractor to develop the necessary software. The municipality of Grosseto was not satisfied with the resulting application, which had technical shortcomings as well as a restrictive license, and decided to develop its own system based on open source and open standards. In the process, Grosseto became part of an international network of public bodies working on open source eID solutions.

Policy Context

Many Italian municipalities face budgetary constraints and are reluctant to spend more money than is absolutely necessary. The municipalities were nonetheless obliged to issue the eID cards, just as the had issued the previous paper ID cards. For the initial project a budget of about € 400.000 was given to Grosseto for the eID cards and related hardware, as well as for the software to use them. Furthermore, an access point on the Internet had to be developed that would lead citizens and the administration to the right services offered (i.e. changing place of residence, filling out tax forms, or accessing the population register). Initially Grosseto had contracted a technology provider chosen by the Ministry, which developed an access control system for Grosseto and a few other communities. This company had a budget of about € 200.000. The contract with this company stated that the system itself would be free of charge once developed, but the Internet browser plug-in necessary for the authentication of users would be licensed to the municipalities to distribute to its citizens. This was a small but ultimately critical piece of the system, which would have made the municipality depended on the technology provider. For the municipality this meant future costs higher than what was feasible for them. It gradually became evident that for Grosseto to develop its own access control system would save money in the long run, while at the same time offering greater interoperability, which was one of the biggest shortcomings of the previous system.

Description of target users and groups

The OpenPortalGuard has users from all over the municipality of Grosseto. Although the system should be used by the citizens mainly, a card reader is necessary, which is a barrier for many. Within the municipality administration, the system is used on a daily basis by most employees.

Description of the way to implement the initiative

Obtaining know-how of the subject was perhaps the most important step in the transition away from the proprietary solution offered by the service provider towards an Open Source solution. Grosseto's IT expert Bud Bruegger had to find his way in the Open Source ecosystem to get into the subject. As he had worked in Open Source projects before, such as Euspirit.org, and also holds a PhD in engineering, he was well acquainted with researching in an Open Source environment. “We got one part of the know-how from another municipality that was developing their own system […] and we got a hell of a lot know-how from the Open Source community” he says. The communities of Apache and Mod-Python in particular, along with the Porvoo group - a forum for the discussion of good practice in eID - turned out to be the most valuable sources of information, as they offered a meeting point for people from all kinds of fields and discussions on eID systems. After acquiring the know-how, the next step was to build a network of communities that faced the same problems and also wanted to develop a system better suited to not only national but international standards (see Cooperation with other public bodies below). Participating in the community and gaining the expertise in the field eventually enabled Bruegger to get a clear image of what was necessary, and what was possible to develop from his side. For the development of the Open Portal Guard, these steps were essential, because they enabled him to avoid certain mistakes and to reuse the code others had successfully developed.

Technology solution

With the help of the Open Source community and other municipalities, Grosseto's IT team eventually managed to develop Grosseto's own eID access control system, called Open Portal Guard. Largely relying on existing systems that were made available through several platforms, such as Apache, they managed to include all the features that the previous system lacked. The access control system is now capable of reading eID cards from all of Italy as well as several other European countries, while providing all the functionalities required by the Italian eID system. At the same time, using proven SSL standards made the software more secure and reliable.

Technology choice: Open source software

Track record of sharing

The IT team came to work more closely with the municipality of Trento, which is located in the north of Italy. Just like Grosseto, the municipality of Trento faced the problem of having a non-standardized authentication mechanism and was keen on developing its own system. The cooperation between the two municipalities became an important ingredient in he successful development of the software, as both had similar problems and goals. Nonetheless the team was also in close contact with other municipalities, such as Prato, which also gave highly valuable input to the discussions throughout the process. At the same time, the team also looked around in the Open Source ecosystem to find what others had done and what components was already in use. They came across a reverse proxy that was developed by a Belgian team of developers and released into the Apache community. The Belgian developers also faced the issue of interoperability, and were equally keen on developing a product that would meet their demands. With Grosseto's increasing involvement in the Porvoo Group, which serves as an important forum for eID related issues on a European level, this eventually led to the development of the Porvoo interoperability demonstrator. This protocol enabled the access control system to differentiate between nationalities, and to attribute the appropriate rights and identities to each card.

Lessons learnt

Bud Bruegger is convinced that it is possible to achieve a lot if one interacts within a community that offers direct and quality advice. For the OpenPortalGuard project it was therefore not the most difficult and time-consuming part to actually develop the software, but “the biggest problem was the know-how”, which the Grosseto team had to acquire. As most “local governments don't have the resources” to dedicate large parts of their budgets to projects like this, it becomes even more appropriate to start with an Open Source approach, which makes it possible to build on other people's work. It was therefore a key success factor for Bruegger to work with the Open Source community, as this allows for projects with small financial resources to succeed. Without this possibility it would have been nearly impossible to acquire the know-how to develop a system on their own. Another important aspect for the success of Open Source software project like OpenPortalGuard is having the a team that is familiar with the Open Source ecosystem. For someone who considers Open Source solutions solely as a means to cut costs without investing in the community, success is less likely in the eyes of Grosseto's IT team. A “fertile ground” of Open Source knowledge, as Bruegger puts it, is thus very helpful when starting a project with such an approach. “You have to know what questions to ask, and you have to be willing to give back to the community”, he explains. Moreover there needs to be a management in the background that is willing to take sometimes tough decisions, and believes in the project. This clearly helped the development to quite some extent.

Scope: Local (city or municipality), Regional (sub-national)