SPOCS - Crossborder Access to eGovernment Services

  • TYPE: Business Case Study DATE: Wednesday, May 05, 2010 TIME: 15:00-16:00 LOCATION: IMAX


SPOCS (Simple Procedures Online for Cross-border Services) is a pilot project launched by the European Commission which aims to improve the existing implementations of the Services Directive in Europe. It will deliver specifications and tools for a version 2.0 of the Points of Single Contact established throughout Europe by the end of 2009.

In order to build interoperable, seamless and smarter cross border services various components that require identity and access management have to be integrated. Some of the questions involved are: how to identify a legal person and bind a user to that person, how to verify electronic documents, how to authorise access to electronic document repositories (eSafes), how to identify a registered user of an electronic delivery service. These questions have to be answered in a cross border context between member states that have heterogeneous systems as well as legal frameworks in place.

SPOCS will make use of the results achieved by its "sister projects" STORK and PEPPOL in relation to mutual recognition for the use of electronic identity, documents and signatures.


Martin Spitzenberger works for the ICT unit of the Austrian Federal Chancellery. Among other tasks he is involved with the eID infrastructure (portal federation), the central directory service and base registers of the Austrian administration. At the European level he is representing the Federal...

At the Hospital of the University of Munich many different systems are used for sampling, storing, and processing data for clinical and administrative purposes. Hence several identity databases are existing, i.e. an SAP HR database for personnel management, Microsoft AD for user-registration on clients, a special SAP database for eprocurement, and some others. Now a new area-wide hospital information system (HIS, Siemens i.s.h.med) makes particular demands, because it handles with medical data which are directly used for treatment of patients. Therefore the HIS, its devices, and its network can be seen as a combined medical-engineering device with very high requirements on data security and data privacy by law (see DIN EN 80001). As a specific challenge the HIS handles not only with the identity of the actual user, but also with the identity of a “responsible person”, normally a high qualified physician who can order x-rays and invasive examinations. In many cases the “responsible person” is identical to the user, but not on cases like preparing clinical orders by medical assistants (i.e. order for x-ray examination). Because of limited personal resources in clinical daily routine users will not accept frequent re-registering: single-sign-on is highly recommended. We need one single system for authorization on many systems with very high safety requirements.

We set up a “Who's Who” identity database of our employees based on Siemens' identity and access management (IAM) X.500/LDAP product DirX, which is filled with data of the MS AD database. To verify the authorization, the system searches in the personnel managers' SAP HR database for equality of name, first name, date of birth, job title, ward, and other items. Little differences can be balanced via a defined “matrix of tolerance”. Only after authorization in MS AD and SAP HR the user is able to log in an access application by name and password. Driven by special attributes of MS AD and SAP HR databases, the user's clinical role and the correct “responsible person” are chosen and transmitted to the HIS. The access application is a very comfortable solution for our physicians and nurses, because it offers access not only to the HIS, but also to other applications of clinical interest, e.g. laboratory information system, radiology information system (RIS), picture information and communication system (PACS), applications for presentation of diagnostic findings, and others.

Lessions learned
The IAM system is still under construction, but integration tests (DirX, I.s.h.med, SAP, and MS AD) were successful performed. Approximately 20 percent of all uncovered errors and problems associated with the HIS belong to roles, identity and identity management (i.e. not to be able to do a specific clinical transaction like documentation of a diagnosis). Therefore IAM is an extremely important part of every HIS. Roll-Out of HIS with IAM and its portal application (over 4000 users, approximately 6000 clients and area-wide distributed sub-networks) is on April 7th 2010.


Simon Leutner studied Business Informatics at University of Regensburg. He now works at the hospital of the University of Munich. Currently he is engaged as deputy project manager and systems engineer for the faculty wide IDM project.

Watch videos:  
Log in to download presentations:  


Session Links

SPOCS - Crossborder Access to eGovernment Services

Identity and Access Management at Munich University Hospital


European Identity Conference 2010

Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
  • May 04 - 07, 2010 Munich