Home / Products
API menu

KPN / Federated identity and access management

Building trust in the european data economy

Trusted data access with FIAM

Organizations in Europe are preparing for a future in which data must be shared more securely, more often and with more parties across sectors and ecosystems. Developments such as the EU Data Act and the rise of data spaces increase the need for trusted data access that is secure, traceable and continuously controllable, while keeping the data owner in control.

Federated Identity & Access Management (FIAM) is KPN’s managed trust and access service for compliant data sharing between organizations. FIAM connects data holders, data owners and data consumers through one federated trust model, with KPN as a neutral infrastructure provider for trusted access. It is not a data platform or a place where data is stored. Instead, FIAM provides the identity, authorization and validation layer that makes data sharing scalable, auditable and directly revocable, while the data owner retains control over what data is shared, with whom and under which conditions.

Supplier logo KPN
Federated identity and access management

Specifications

OAuth 2.0 with JWS client assertion.

X.509 certificate chain for trust validation.

Short-lived tokens enforce current consent.

Technical references

Explainer

How it works

FIAM creates a federated trust network based on the iSHARE trust framework in which participants operate with verifiable organizational identities and shared access agreements. This makes trust reusable: instead of setting up separate trust, legal and onboarding arrangements for every new connection, organizations can rely on one common trust model for secure and scalable collaboration.

A data consumer onboards through FIAM by registering its organization, completing identity verification through eHerkenning and providing an eSeal certificate for machine-to-machine communication. During onboarding, the organization accepts the applicable iSHARE and KPN terms and, where relevant, the provider-specific terms connected to a data service. FIAM then supports the authorization process by recording or validating the permissions under which access may be granted.

When a data consumer requests access, FIAM validates at runtime whether the organization is trusted, whether the required authorization is in place and whether access is still permitted at that moment. This supports a zero-trust approach in which every access request is checked individually, continuously and in context. If permissions, consent or conditions change, access can be withdrawn immediately.

API access

FIAM supports standards-based API access using short-lived tokens and certificate-based authentication. This links API calls to a verified organization and ensures that access always reflects the latest valid permissions.

Detailed technical information about authentication flows, token handling and endpoints is available on the dedicated FIAM API page.

Terms and commercial model

FIAM brings together multiple roles in one ecosystem, including data providers, service providers and data consumers. KPN operates the FIAM trust infrastructure, including participant onboarding, identity validation and the federated trust services needed to enable secure, scalable and compliant access.

Organizations evaluating FIAM should distinguish between access to FIAM as a trust service and the commercial terms that may apply to an underlying data service. Data or service providers may charge a fair fee for making a data product available, for example based on the scope of the dataset, the service level or the expected usage. Those commercial terms are determined by the provider, not by KPN.

For organizations that onboard in FIAM, the onboarding portal presents the applicable FIAM terms and, where relevant, the provider-specific terms connected to a data service. These conditions must be accepted before access can be activated. KPN facilitates the FIAM infrastructure as a neutral intermediary and does not set prices for data transactions between provider and consumer unless explicitly stated for a KPN-provided service.

In summary:

  • Data consumer - Requests and accesses data services through FIAM under valid authorization and accepted provider terms.

  • Data or service provider - Makes data products or services available and defines the applicable commercial conditions for access.

Start onboarding your organization

To onboard your organization, go to the FIAM Onboarding Portal at https://fiamonboarding.kpn.com. Before you start, make sure the requirements below are in place so the onboarding process can be completed without delay.

  • Review the applicable terms and conditions for the data ecosystem you want to join. Please read the relevant documents in advance, as these must be accepted explicitly in the final step of onboarding.

  • An eHerkenning (EH3) login with authorization for the KPN B.V. service 'FIAM - Onboarding Portal for Data Access'. If you do not yet have eHerkenning, or if you need more information, please check the KPN eHerkenning page.

  • An eIDAS Qualified or Advanced eSeal certificate, which provides your organization with a legally verifiable digital stamp for tamper-proof machine-to-machine data exchange. If you do not yet have an eSeal certificate, or if you need more information, please check the KPN eSeal page.

Do you have everything you need? Start the onboarding process and request access to the data services for which your organization has been authorized.

Questions? Contact us at fiam@kpn.com.

Customers also viewed

Need help?

Contact our customer service.

Ask your questionFAQs



Home / Products