Added business value

For members of the public:

  • Simple, standardised public access to all applications connected to the FAS 
    • For end users (citizens)
    • For those holding mandates (e.g. accountants)
  • Range of authentication methods (from username/password to identity card)
  • Users able to rely on adequate protection of confidential information (e.g. Tax-on-web)

For providers:

  • Your identity can be clearly established, allowing you to gain access to many services
  • New applications can be easily added for the entire government sector (federal, regional and local)
  • New authentication systems can be added easily
  • Flexible – central mandate management

The context 

BOSA, the Federal Public Service Policy and Support (formerly known as Fedict), is working hard to develop and enhance e-government.

In the past, you literally had to walk through a gateway or door in order to get to work and access your files. Today, you may have online access to your digital files that is based on your identity. Employees used to have to walk to a filing cabinet to look something up, but now they simply log in to a database, and a similar situation also applies in the relationship between a business and its customers. You can, for example, pay for online purchases by logging on to PayPal.

Each application requires a customised level of security, of course, and the importance of the user experience also varies from one application to the next. A regular password is probably sufficient for something that you subsequently need to sign for. The highest level of assurance is required for accessing Tax-on-web or other sensitive public services, and gaining access must be easy and user-friendly. It is therefore crucial for BOSA that your identity can be established reliably at any time, and that such data is stored securely. 

The project and Paradigmo

E-government is continuing to grow. And identity is the cornerstone for this. To guarantee secure identification, BOSA selected ForgeRock to support identity and access management for the Federal Authentication Service (FAS). Paradigmo, which is specialised in identity and access management, is a ForgeRock partner. Paradigmo handled the migration from FAS to ForgeRock's OpenAM. “ForgeRock is a flexible system. Although the software is open source, extensive support is provided,” said David Mampaey, Service Manager at BOSA. “There is no other product on the market that can be compared to ForgeRock.”

BOSA used to work only with the eID and tokens. However, there are now dozens of systems emerging that you can use to log in, such as Google Authenticator. This application uses a one-time password and is already available. Moreover, authentication based on iris recognition or other forms of biometric identification are emerging. BOSA therefore needs to work on new authentication methods that will lead to more people making use of the digital services provided by the government, but that still enable citizens to log on in a secure manner.

The solution

ForgeRock provides a secure connection between the government and citizens. CSAM (Common Secure Access Management System), the result of collaboration between various public services, is the system used to access some 800 digital applications provided by the federal government and regional and local authorities. BOSA takes care of the one-time, secure identification of an individual. At the same time, it supplies information to the 800 applications. For example, BOSA ensures that the applications used in central databases can check which people have been given a particular mandate for a particular business, for example for filing VAT returns or bidding for public tenders. 

Paradigmo and system integrator NRB/Trasys provide BOSA with support in day-to-day operations and in the event of incidents under a service level agreement (SLA). As it turns out, there is little need of this agreement. BOSA started out six years ago with 2 million user licences; today there are 3.2 million. This steady growth is certain to continue.

Technical configuration

  • Creation of an Identity Provider (IdP) based on the ForgeRock OpenAM technology
  • Creation of complex authentication systems, drawing on the flexibility offered by OpenAM
  • OpenAM code expanded to include Java modules, in order to enable special uses 
  • Creation of an adaptive user interface for authentication, which supports all terminal types


Buro & Design Center – Suite 511b
Esplanade 1 – box 91
B-1020 Brussels
T: +32 2 427 55 02
Axis Parc
Rue Fond Cattelain, 2
B-1435 Mont-Saint-Guibert