Federal identity and access management (IAM Bund)
Federal identity and access management (IAM Bund) ensures that the right people and applications have the right access to Federal Administration resources at the right time.
IAM Bund programme for nationwide coordination
In order to coordinate IAM at federal level and to strive for a joint solution and an IAM Bund overall system, the FITSU led the key ICT project "IAM Bund programme", which was successfully completed in December 2016. This created the foundations and necessary framework conditions for achieving the objectives set out in the federal IAM strategy.
After the programme ended, the management of IAM Bund was taken over by the FITSU as a permanent task. It is responsible for the top three architectural levels.
- Alignment of the services of IAM Bund with the IAM sub-strategy, which is based on the business needs for IAM services;
- Definition and maintenance of architectural principles and specific business requirements for IAM Bund services;
- Definition and maintenance of an integral target architecture with the aim of both ensuring interoperability and allowing agility through partial autonomy on the physical architecture level.
The integral architecture of IAM Bund is broken down into logically consistent and largely independent sub-systems. These sub-systems have other drivers for their management action (e.g. extremely high economic efficiency for the IAM of standard services or maximum reliability/integrity for the military IAM (ICAM)).
Each sub-system of IAM Bund follows a very specific business need and is managed by a (largely independent) management organisation. The relevant external influencing factors are:
- market model IAM v2, which subjects certain IAM services to a principle of centralism and allows the independent development of certain IAM services only under specific conditions;
- interoperability requirements, which are intended to ensure the interaction of all IAM services of the Federal Administration;
- restrictions on autonomy in order to maintain flexibility in the overall system.
The IAM of standard services is managed integrally by the standard service. Nevertheless, each standard service determines its own IAM services according to its own needs. The IAMvv2 market model is of course always taken into account. The standard IAM service provides a sounding board for the eIAM service that provides regular information on the development status of eIAM and a roadmap for the short and long term.
In the long term, the two management systems of the FDFA and the EAER (and their services) will be integrated into the standard services and their IAM systems. At present, however, they are still managed autonomously.
The military IAM sub-system will be implemented as part of the ICAM project and later (2023/2024) managed as a line task by the AFCSO.
The DIP IAM is currently managed by the FOITT as an independent PAMS IAM service. It is not yet known to what extent this will be transferred to the standard service at some point in the future.
Operation and development of IAM services
Every service provider in the Federal Administration implements and operates IAM services. Either these services are managed by a dedicated management system and a designated and dedicated management organisation or the service provider manages these services autonomously.