Best Practice

  • TYPE: Combined Session DATE: Thursday, April 19, 2012 TIME: 16:30-17:30 LOCATION: Galerie


Siemens CIT Human Resources Solutions provides national and international IT applications for every individual key aspect in Siemens’ HR environment.

Compliant, secure and effective management of user accounts and roles is required to fulfill the strong legal regulations and operational requirements.

With its DirX Service HRS operates an Identity and Access Management System for request, reactivation, modification and deactivation of user accounts in various systems and cloud services (SAP and Non-SAP).  Highlights are the  easy to use Self-Service for the request of own access rights and role assignments, the comprehensive role management and real-time provisioning.

The presentation covers the organizational, operational and technical aspects of the implementation and service delivery.


The Europol IAM initiative started back in 2007 with the analysis of requirements and strategic planning, involving all key business stakeholders. Based on the results of this analysis and the strategic drivers identified, the implementation started in a phased process consisting of eight releases until now which has reached its current level of maturity. The solution nowadays serves a wide range of different groups of users, from internal employees of Europol, to the member state users and to national contact points.

As part of the project, a metadata management framework has been implemented to support the configuration of complex access requests and the various types of approvals required. Given that these differ between partners and units of Europol and depending on the users involved, this is a highly complex challenge. These processes support a variety of requirements, including

  • Access requests for all resource types
  • Flexible business approval logic which can be based on all attributes in the metadata system without requiring code changes
  • Specific approval workflows for training units, with training being a mandatory requirement before getting access to Europol systems
  • Identity vetting and background security checks plus additional security clearance checks

Core focus was put on the overall security architecture of the solution and also the implementation of extensive auditing and logging capabilities to fulfil the stringent security and data protection requirements. From a security perspective, a wide variety of rules and mechanisms have been defined and implemented to detect, notify and disallow form tampering, backend data manipulation, xss injection (Cross site scripting) and other form of attacks / manipulation, going far beyond pure audit logs commonly found in Identity Provisioning tools and supporting a broader view.

Besides these features, Identity Federation will be supported as well. That allows Europol to use strong two-factor-authentication mechanisms implemented in the participating organizations to be used together with the central solutions provided by Europol.


Salah Bohoudi studied Electrical Engineering and computer science in Deft Technical university. Since then he has worked in the IT Industry for more than 15 years in a variety of different information security roles. In the first half of his career Salah worked at AtosEuroponext leading the...

Log in to download the presentation:  


Session Links


European Identity & Cloud Conference 2012

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • Apr 17 - 20, 2012 Munich, Germany