With the uptake of eGovernment services, applications and information have become highly accessible and available. However, not all information should be freely accessible, and proper access control should be put in place especially when it concerns highly confidential information managed by the government. This can be achieved by managing access and this preferably without compromising the efficiency of access receiving for legitimate requests.
The solution of the Flemish government offers safety and efficiency for identity and access management. The mission of the identity- and access management solution is to:
The vision of the identity- and access management solution:
The solution addresses two aspects:
As mentioned, the solution focuses on 2 aspects:
1. Identity management (IDM):
The central system of the Flemish government that is used to grant access to target applications by allocating user rights.
Functions of identity management:
2. Access management (ACM)
The central system of the Flemish government that is used to obtain access to target applications. ACM will guard the access to a target application and functions as a front door when users want to access applications.
Functions of access management:
WebIDM: is a custom component, used by Local Admins to assign user rights of an application to users. WebIDM provisions user rights of users of accessible target groups to multiple user repositories. More specific, WebIDM encompasses following functionalities:
ForgeRock OpenIDM: the open source OpenIDM component retrieves information of WebIDM and passes this on via specific connectors to relevant user repositories, e.g. a central Identity Database (IDD) or databases of clients that require certain information to be stored locally.
ForgeRock OpenDJ: This open source component is the main target user repository for IDM and is used by ACM to find out if a user has a role assigned that grants him/her access to a certain application. It is the link between user management and access management.
Activiti: This open source component delivers workflow services to the IDM solution.
Identity Database (IDD): The identity database is an OpenDJ LDAP database from which ACM extracts information about the user.
ACM 3+: The ACM platform authenticates the users and takes authorization decisions to decide whether or not a user can use the application. This happens either via the SAML 2.0 federation protocol via a redirect from the application to the latest version of access management or by securing the web application with an ACM reverse proxy.
For access management there is a focus on future-oriented support for authentication (federation) and new technological evolutions such as mobile authentication.
For identity management, the custom components are built as generically as possible, which means alternative, newer and better technologies can easily be put in place when necessary.
Interfaces between the IDM components were specifically designed to facilitate operational support and root cause analysis in case of incidents or events.
The solution is built in cooperation with external subject matter and product experts. External expertise helps the Flemish Government to stay up to date with the latest trends and evolutions in the market, drives a future oriented approach and helps establish roadmaps that tackle the gap between current and target state.
The solution provides standard onboarding capabilities & processes for application integration, but aims to provide an answer to all client specific requirements in function of the budget the client can allocate to accommodate the change. New functionalities might be developed in a co-finance setup. While doing this, the importance of identity management being of service to users and other clients is taken into account. The Flemish government continuously aims for user-friendliness and uniformity.
The solution reuses the following existing standards:
The solution reuses the following authentic sources:
The benefits of the solution also support the view of ‘Vlaanderen Radicaal Digitaal’. This project, initiated by the Flemish government, aims to make the digital communication between citizens/enterprises and government easier and more understandable. Several principles are defined to achieve this goal and the solution of the Flemish supports these principles.