Aggiornamento con Avvisi AgID

italia · Feb 4, 2021 · 29a15be · 29a15be
1 parent 4e2732e
commit 29a15be
Show file tree

Hide file tree

Showing 7 changed files with 296 additions and 77 deletions.
diff --git a/code-samples/idp-metadata.xml b/code-samples/idp-metadata.xml
@@ -1,6 +1,8 @@
 <md:EntityDescriptor xmlns:md = "urn:oasis:names:tc:SAML:2.0:metadata"
     xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
     xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance"
+    xmlns:fpa="https://spid.gov.it/invoicing-extensions"
+    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
     entityID="http://spid.identityprovider.it"
     ID="_2ini49248n98dn984n...">
     <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
@@ -39,4 +41,35 @@
         <saml:Attribute xsi:type="xsi:string" Name="address"/>
         <saml:Attribute xsi:type="xsi:string" Name="digitalAddress"/>
     </md:IDPSSODescriptor>
+    <md:Organization>
+        <md:OrganizationName xml:lang="it">SPID Identity Provider</md:OrganizationName>
+        <md:OrganizationDisplayName xml:lang="it">SPID Identity Provider</md:OrganizationDisplayName>
+        <md:OrganizationURL xml:lang="it">https://spid.identityprovider.it</md:OrganizationURL>
+    </md:Organization>
+    <md:ContactPerson contactType="billing">
+        <md:Extensions>
+            <fpa:CessionarioCommittente>
+            <fpa:DatiAnagrafici>
+            <fpa:IdFiscaleIVA>
+                <fpa:IdPaese>IT</fpa:IdPaese>
+                <fpa:IdCodice>983745349857</fpa:IdCodice>
+            </fpa:IdFiscaleIVA>
+            <fpa:Anagrafica>
+                <fpa:Denominazione>Destinatario Fatturazione</fpa:Denominazione>
+            </fpa:Anagrafica>
+            </fpa:DatiAnagrafici>
+            <fpa:Sede>
+                <fpa:Indirizzo>via tante cose</fpa:Indirizzo>
+                <fpa:NumeroCivico>12</fpa:NumeroCivico>
+                <fpa:CAP>87100</fpa:CAP>
+                <fpa:Comune>Cosenza</fpa:Comune>
+                <fpa:Provincia>CS</fpa:Provincia>
+                <fpa:Nazione>IT</fpa:Nazione>
+            </fpa:Sede>
+            </fpa:CessionarioCommittente>
+        </md:Extensions>
+        <md:Company>example s.p.a.</md:Company>
+        <md:EmailAddress>[email protected]</md:EmailAddress>
+        <md:TelephoneNumber>+39 84756344785</md:TelephoneNumber>
+    </md:ContactPerson>
 </md:EntityDescriptor>
diff --git a/code-samples/response.xml b/code-samples/response.xml
@@ -1,67 +1,183 @@
-<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
-    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
-    ID="_66bc42b27638a8641536e534ec09727a8aaa" 
-    Version="2.0" 
-    InResponseTo="_4d38c302617b5bf98951e65b4cf304711e2166df20" 
-    IssueInstant="2015-01-29T10:01:03Z" 
-    Destination="http://spid-sp.it">
-	<saml:Issuer NameQualifier="”https://spidIdp.spidIdpProvider.it”
-	    Format=" urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
-		spididp.it 
-	</saml:Issuer>
-	<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-		............. 
-	</ds:Signature>
-	<samlp:Status>
-		<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> 
-	</samlp:Status>
-	<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
-	    ID="_27e00421b56a5aa5b73329240ce3bb832caa" 
-	    IssueInstant="2015-01-29T10:01:03Z" Version="2.0">
-		<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
-			spididp.it
-		</saml:Issuer>
-		<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-			......
-		</ds:Signature>
-		<saml:Subject>
-			<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" 
-			    NameQualifier="http://spidIdp.spididpProvider.it">
-				_06e983facd7cd554cfe067e 
-			</saml:NameID>
-			<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
-				<saml:SubjectConfirmationData Recipient="https://spidSP.serviceProvider.it/" 
-				NotOnOrAfter="2001-12-31T12:00:00" 
-				InResponseTo="_4d38c302617b5bf98951e65b4cf304711e2166df20">
-				</saml:SubjectConfirmationData>
-			</saml:SubjectConfirmation>
-		</saml:Subject>
-		<saml:Conditions NotBefore="2015-01-29T10:00:33Z" 
-		    NotOnOrAfter="2015-01-29T10:02:33Z">
-			<saml:AudienceRestriction>
-				<saml:Audience>
-					https://spidSP.serviceProvider.it 
-				</saml:Audience>
-			</saml:AudienceRestriction>
-		</saml:Conditions>
-		<saml:AuthnStatement AuthnInstant="2015-01-29T10:01:02Z">
-			<saml:AuthnContext>
-				<saml:AuthnContextClassRef>
-					https://www.spid.gov.it/SpidL1
-				</saml:AuthnContextClassRef>
-			</saml:AuthnContext>
-		</saml:AuthnStatement>
-		<saml:AttributeStatement xmlns:xsi="http://www.w3.org/2001/XMLSchemainstance">
-			<saml:Attribute Name="familyName">
-				<saml:AttributeValue xsi:type="xsi:string">
-					Rossi
-				</saml:AttributeValue>
-			</saml:Attribute>
-			<saml:Attribute Name="spidCode">
-				<saml:AttributeValue xsi:type="xsi:string">
-					ABCDEFGHILMNOPQ 
-				</saml:AttributeValue>
-			</saml:Attribute>
-		</saml:AttributeStatement>
-	</saml:Assertion>
+<samlp:Response Destination="https://that.spid.example.org/saml2/acs/post" ID="_5e728601-9ad4-4686-b269-81d107a8194a" InResponseTo="id-wr6bt7ZpfqiYVrqTd" IssueInstant="2021-02-04T15:41:59Z" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
+    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
+        http://localhost:8080
+    </saml:Issuer>
+    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+        <ds:SignedInfo>
+            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+            <ds:Reference URI="#_5e728601-9ad4-4686-b269-81d107a8194a">
+                <ds:Transforms>
+                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+                </ds:Transforms>
+                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+                <ds:DigestValue>
+                    ...
+                </ds:DigestValue>
+            </ds:Reference>
+        </ds:SignedInfo>
+        <ds:SignatureValue>
+            ...
+        </ds:SignatureValue>
+        <ds:KeyInfo>
+            <ds:X509Data>
+                <ds:X509Certificate>
+                    ...
+                </ds:X509Certificate>
+            </ds:X509Data>
+        </ds:KeyInfo>
+    </ds:Signature>
+
+    <samlp:Status>
+        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+    </samlp:Status>
+
+    <saml:Assertion ID="_bebbed6a-2f6c-43d9-b151-f214d0c61de0" IssueInstant="2021-02-04T15:41:59Z" Version="2.0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+        <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
+            https://that.spid.idp.example.org/metadata
+        </saml:Issuer>
+        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+            <ds:SignedInfo>
+                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+                <ds:Reference URI="#_bebbed6a-2f6c-43d9-b151-f214d0c61de0">
+                    <ds:Transforms>
+                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+                    </ds:Transforms>
+                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+                    <ds:DigestValue>
+                        6V8qWljmWULO0C0OQit0DaylE+neFN9K8SXR2izWXpw=
+                    </ds:DigestValue>
+                </ds:Reference>
+            </ds:SignedInfo>
+            <ds:SignatureValue>
+                ...
+            </ds:SignatureValue>
+            <ds:KeyInfo>
+                <ds:X509Data>
+                    <ds:X509Certificate>
+                        ...
+                    </ds:X509Certificate>
+                </ds:X509Data>
+            </ds:KeyInfo>
+        </ds:Signature>
+
+        <saml:Subject>
+            <saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" NameQualifier="https://validator.spid.gov.it">
+                    _655df4bc-b372-475e-906d-e71e4d7e98de
+            </saml:NameID>
+            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+                <saml:SubjectConfirmationData InResponseTo="id-wr6bt7ZpfqiYVrqTd" NotOnOrAfter="2021-02-04T15:46:51Z" Recipient="https://that.spid.example.org/saml2/acs/post"/>
+            </saml:SubjectConfirmation>
+        </saml:Subject>
+
+        <saml:Conditions NotBefore="2021-02-04T15:41:59Z" NotOnOrAfter="2021-02-04T15:46:51Z">
+            <saml:AudienceRestriction>
+                <saml:Audience>
+                    http://that.spid.example.org/saml2/metadata
+                </saml:Audience>
+            </saml:AudienceRestriction>
+        </saml:Conditions>
+
+        <saml:AuthnStatement AuthnInstant="2021-02-04T15:41:59Z" SessionIndex="_ec9c5b35-12dc-414d-ad09-5b4610934db8">
+            <saml:AuthnContext>
+                <saml:AuthnContextClassRef>
+                    https://www.spid.gov.it/SpidL1
+                </saml:AuthnContextClassRef>
+            </saml:AuthnContext>
+        </saml:AuthnStatement>
+
+        <saml:AttributeStatement>
+
+            <saml:Attribute Name="spidCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">                       
+                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
+                    AGID-001
+                </saml:AttributeValue>
+            </saml:Attribute>                                          
+            <saml:Attribute Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
+                    SpidValidator
+                </saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute Name="familyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
+                    AgID
+                </saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute Name="placeOfBirth" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
+                    Roma
+                </saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute Name="countyOfBirth" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
+                    RM
+                </saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute Name="dateOfBirth" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:date">
+                    2000-01-01
+                </saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute Name="gender" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
+                    M
+                </saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute Name="companyName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
+                    Agenzia per l'Italia Digitale
+                </saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute Name="registeredOffice" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
+                    Via Listz 21 00144 Roma
+                </saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute Name="fiscalNumber" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
+                    TINIT-GDASDV00A01H501J
+                </saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute Name="ivaCode" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
+                    VATIT-97735020584
+                </saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute Name="idCard" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
+                    CartaIdentità AA00000000 ComuneRoma 2018-01-01 2028-01-01
+                </saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute Name="expirationDate" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:date">
+                    2028-01-01
+                </saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute Name="mobilePhone" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
+                    +393331234567
+                </saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
+                    [email protected]
+                </saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute Name="address" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
+                    Via Listz 21 00144 Roma
+                </saml:AttributeValue>
+            </saml:Attribute>
+            <saml:Attribute Name="digitalAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
+                <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
+                    [email protected]
+                </saml:AttributeValue>
+            </saml:Attribute>
+        </saml:AttributeStatement>
+    </saml:Assertion>
+
 </samlp:Response>
diff --git a/code-samples/sp-metadata.xml b/code-samples/sp-metadata.xml
@@ -1,4 +1,6 @@
 <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+    xmlns:spid="https://spid.gov.it/saml-extensions"
+    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
     entityID="https://spid.serviceprovider.it"
     ID="_0j40cj0848d8e3jncjdjss...">
     <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
@@ -42,4 +44,13 @@
         <OrganizationDisplayName xml:lang="it">Nome service provider</OrganizationDisplayName>
         <OrganizationURL xml:lang="it">http://spid.serviceprovider.it</OrganizationURL>
     </md:Organization>
+    <md:ContactPerson contactType="other">
+        <md:Extensions>
+            <spid:VATNumber>IT12345678901</spid:VATNumber>
+            <spid:FiscalCode>XYZABCAAMGGJ000W</spid:FiscalCode>
+            <spid:Private/>
+        </md:Extensions>
+        <md:EmailAddress>[email protected]</md:EmailAddress>
+        <md:TelephoneNumber>+39 8472345634785</md:TelephoneNumber>
+    </md:ContactPerson>
 </md:EntityDescriptor>
diff --git a/index.rst b/index.rst
@@ -1,14 +1,28 @@
 SPID - Regole Tecniche
 ======================
 
-**SPID**, il Sistema Pubblico di Identità Digitale, è la soluzione che permette di accedere a tutti i servizi online della Pubblica Amministrazione con un'unica Identità Digitale (username e password) utilizzabile da computer, tablet e smartphone.
+**SPID**, il Sistema Pubblico di Identità Digitale, è la soluzione che 
+permette di accedere a tutti i servizi online della Pubblica Amministrazione 
+con un'unica Identità Digitale (username e password) utilizzabile 
+da computer, tablet e smartphone.
 Maggiori informazioni sono riportate nel sito `www.spid.gov.it <https://www.spid.gov.it>`_
 
-Le Regole Tecniche definiscono le specifiche per l'integrazione di Identity Provider, Service Provider ed Attribute Authority mediante il protocollo SAML.
-
-.. WARNING::
-    Questo documento è la versione consolidata delle Regole Tecniche emanate dall'Agenzia per l'Italia Digitale, con applicati i successivi Avvisi che le emendano, per una facile consultazione da parte degli sviluppatori. I contenuti sono aderenti ai documenti ufficiali, disponibili nel sito AgID, ma sono presentati secondo una differente struttura dei capitoli e sono arricchiti da informazioni utili indicate con le diciture "Nota" e "Questo paragrafo ha scopo informativo e non normativo".
+Le Regole Tecniche definiscono le specifiche per l'integrazione di 
+Identity Provider, Service Provider ed Attribute Authority mediante il protocollo SAML.
 
+.. note::
+    Questo documento è la versione consolidata delle Regole Tecniche emanate 
+    dall'Agenzia per l'Italia Digitale, con applicati gli 
+    `Avvisi  <https://www.agid.gov.it/it/piattaforme/spid/avvisi-spid>`_ 
+    che le emendano, per una facile consultazione da parte degli sviluppatori. 
+    I contenuti sono aderenti ai documenti ufficiali, disponibili nel sito AgID, ma 
+    sono presentati secondo una differente struttura dei capitoli e sono 
+    arricchiti da informazioni utili indicate con le diciture 
+    "Nota" e "Questo paragrafo ha scopo informativo e non normativo".
+
+    Questo Documento comprende le specifiche contenuto nell **Avviso SPID n34**
+    e precedenti.    
+
 Indice dei contenuti
 --------------------
 
@@ -21,6 +35,7 @@ Indice dei contenuti
    single-sign-on.rst
    single-logout.rst
    attribute-authority.rst
+   soggetti-aggregatori.rst
    registro.rst
    log.rst
    attributi.rst