Added Business Value

  • Standardized access control to critical applications (Tax-On-Web, Intervat…)
  • Single sign-on
  • Delegation of power through mandates management

The Challenge

The Identity and Access Management (IAM) project of the Federal Public Services (FPS) Finances (Belgian Ministry of Finances) started in 2005. FPS Finances set up an IAM service for its ~30.000 internal users. Over the years, the IAM service has been successfully and progressively integrated to an increasing number of business applications.

In 2010, a second project was initiated to extend the internal users IAM service to external users (citizens or mandated users like accountants,…). The project has been called FedIAM. The purpose of the project is to authenticate and to authorize external users to access SPF Finances internal applications, the best known application being Tax-On-Web.

The Project & Paradigmo

Paradigmo has delivered the complete FedIAM project as subcontractor of Oracle, in a firm fixed-price agreement. The project started in September 2010 and was delivered in January 2012. It has been in production since March 2012. The project was led by a project manager of Oracle and delivered by 4 engineers of Paradigmo. The engineering effort has been estimated to ~1000 man/days.

Paradigmo currently participates in the ongoing operation and support of the IAM/FedIAM platform.

The Solution

The main technical components covering the delivery of the project are:

  • OpenSSO, the web access manager originally developed and supported by Sun Microsystems
  • The Federal Authentication Service (FAS) of Fedict (now BOSA) that authenticates the external users and provides some authorization attributes
  • The “Policy Manager”, an ABAC security policy authoring tool. It has been extended in the context of the FedIAM project in order to provision security policies to IAM and FedIAM environments concurrently
  • The “Mandate” database. This is an authorization database that has been integrated to provide additional authorization information.

Technical configuration

  • Performance based on the Sun OpenSSO solution
  • Separation of business and IT functions by outsourcing access rights control ('coarse-grained' and ‘fined-grained’)
  • Security policies control implemented by the security analyst



Buro & Design Center – Suite 511b
Esplanade 1 – box 91
B-1020 Brussels
T: +32 2 427 55 02
Axis Parc
Rue Fond Cattelain, 2
B-1435 Mont-Saint-Guibert