The Europol IAM initiative started back in 2007 with the analysis of requirements and strategic planning, involving all key business stakeholders. Based on the results of this analysis and the strategic drivers identified, the implementation started in a phased process consisting of eight releases until now which has reached its current level of maturity. The solution nowadays serves a wide range of different groups of users, from internal employees of Europol, to the member state users and to national contact points.
As part of the project, a metadata management framework has been implemented to support the configuration of complex access requests and the various types of approvals required. Given that these differ between partners and units of Europol and depending on the users involved, this is a highly complex challenge. These processes support a variety of requirements, including
Core focus was put on the overall security architecture of the solution and also the implementation of extensive auditing and logging capabilities to fulfil the stringent security and data protection requirements. From a security perspective, a wide variety of rules and mechanisms have been defined and implemented to detect, notify and disallow form tampering, backend data manipulation, xss injection (Cross site scripting) and other form of attacks / manipulation, going far beyond pure audit logs commonly found in Identity Provisioning tools and supporting a broader view.
Besides these features, Identity Federation will be supported as well. That allows Europol to use strong two-factor-authentication mechanisms implemented in the participating organizations to be used together with the central solutions provided by Europol.