Using the Generic Plug-In SPI

Server-side Generic Plug-Ins

On the server side, the generic plug-in SPI A Service Provider Interface (SPI) consists of a set of constant definitions and method declarations without implementations and intended to be called or used in a pre-determined generic manner with a set of outputs that meet pre-determined abstract rules and expectations. makes it possible for ActivID CMS to access user attributes on repositories other than the LDAP Lightweight Directory Access Protocol directory. The server-side generic plug-ins are also called enrollment plug-ins An enrollment plug-in is involved every time a user attribute is set or retrieved by ActivID CMS. This makes it possible to map user attributes to repositories other than ActivID CMS’ standard LDAP (for example, such as IDMS, databases, or XML files)..

Generic Client Plug-In Infrastructure

The generic client plug-in infrastructure allows customization of the ActivID CMS issuance workflow steps that occur on the client. Client-side generic plug-ins allow customers deploying ActivID CMS to enroll data such as a user picture or biometrics at issuance time.

The client-side plug-ins are defined as scriptable codes (for example, JavaScript) integrated into the HTML pages generated by ActivID CMS at the issuance workflow step for which the client plug-in has been configured. The client plug-in can in turn invoke custom controls.

The generic client plug-in can be used in conjunction with the enrollment plug- ins. The results of a client plug-in call can be forwarded to a server enrollment plug-in. Conversely, a server enrollment plug-in can be used to prepare data for a client plug-in.

The ActivID CMS plug-in configuration defines which plug-ins are to be invoked at each step and the input/output parameters for each plug-in.

About the Credential Provider SPI

The Credential Provider Service Provider Interface (SPI) allows ActivID CMS to integrate with third-party credential sources through third- party credential providers.

About the Card and Credential Management API (CCM API)

The following figure illustrates the card and credential interaction and management using the CCM API.

Card and Credential Management Using the CCMAPI

The CCM API facilitates programmatic management of devices and credentials, including allowing external applications to:

  • Remotely update the content of a device or smart card’s chip (Card synchronization),

  • Manage users’ personal data,

  • Request and manage device issuances,

  • Manage device credentials, and

  • Unlock devices.

Real-life integrations using the CCM API include:

  • Physical Access Integration (PACS)

  • Identity Management System Integration

  • External help desk applications

  • Customized device issuance/unlock kiosks

  • Batch management/issuance of devices

For detailed information about developing plug-ins using the Generic plug-in SPI, refer to About the Generic Plug-In SPI.