Credential Manager Classes

This section introduces and briefly describes the classes used in the Credential Manager.

The CredentialManagerFactory class constructs the desired CredentialManager using the supplied CredentialManagerFactory configuration parameters.

The parameters consist of:

Either:

  • CONFIG_URL—URL of the CredentialManager service in ActivID CMS.

Or both of the following:

  • CONFIG_HOST_NAME—Hostname of the CredentialManager service in ActivID CMS.

  • CONFIG_HOST_PORT—Port number of the CredentialManager service in ActivID CMS.

And:

  • CONNECT_TIMEOUT—Represents the client timeout used when connecting to the ActivID CMS HTTP server hosting the corresponding ActivID CMS service. A value of zero (0) means that there is no client timeout; the client timeout is determined by the server settings. The timeout value is for each connection attempt; the default value is zero.

  • CONNECT_RETRY—Represents the number of retry attempts permitted for connecting to the ActivID CMS service host. The default value is 1.

For Java implementations:

  • CONFIG_TRUSTSTORE (optional)—Truststore containing the root or intermediate certificate that issued the server certificate. If not present, the default Java truststore is used.

  • CONFIG_TRUSTSTORE_PWD (optional)—Password to the truststore.

  • CONFIG_KEYSTORE (mandatory)—Keystore which contains client certificate.

  • CONFIG_KEYSTORE_PWD (mandatory)—Password to the keystore.

  • CONFIG_ TRUSTMANAGERS (optional)—TrustManagers containing the root certificate.

  • CONFIG_ KEYMANAGERS (optional)—KeyManagers containing client certificate.SSL

A collection of credential elements (see the CredentialElement section for details) that in combination provides identity-proofing services to the Credential owner.

A credential contains the following:

  • A unique identifier for the credential.

  • Zero (0) or more CredentialElements.

Other attributes include:

  • id—Represents a CredentialId object, which includes an identifier and the type. The type can be one of the following:

    • CRED_ID_TYPE_PIN

    • CRED_ID_TYPE_SQ

    • CRED_ID_TYPE_PASSWORD

    • CRED_ID_TYPE_PKI

    • CRED_ID_TYPE_SKI

    • CRED_ID_TYPE_VCI (Virtual Contact Interface)

  • created

  • modified

  • state—state can be one of the following:

    • CRED_STATUS_ACTIVE

    • CRED_STATUS_SUSPENDED

    • CRED_STATUS_REVOKED

  • profileId

  • description

A fragment of a credential (see the Credential section). In combination, a collection of CredentialElements make up a Credential and provide identity-proofing services to its owner. Each credential contains zero or more CredentialElements.

Each CredentialElement consists of the following:

  • The owning/parent Credential's unique identifier

  • The element type can be one of the following:

    • CRED_ELEMENT_TYPE_PIN

    • CRED_ELEMENT_TYPE_PASSWORD

    • CRED_ELEMENT_TYPE_CERTIFICATE

    • CRED_ELEMENT_TYPE_SQ

    • CRED_ELEMENT_TYPE_VCI_CVC

    • CRED_ELEMENT_TYPE_VCI_PAIRING_CODE

  • A boolean that indicates whether this is a reference to an element or a value

  • The value or the reference information

  • The type of encoding for the value

For an example of using CredentialElement objects, see Setting a Security Question Answer

A unique CredentialId is a credential identifier that consists of the following:

  • The type can be one of the following:

    • CRED_ID_TYPE_PIN (PIN)

    • CRED_ID_TYPE_SQ (security question/answer)

    • CRED_ID_TYPE_PASSWORD (initial password)

    • CRED_ID_TYPE_PKI (PKI)

    • CRED_ID_TYPE_SKI

    • CRED_ID_TYPE_VCI (Virtual Contact Interface)

  • ID—An identifier that can be a combination of a type and an identifier, and which must represent a unique credential.

An Entry represents a concrete configuration value with the labeling and sensitivity information required to display the value in a presentation layer where appropriate. An entry contains the following:

  • A unique identifier,

  • A human-readable (or localizable) label for display on the user interface,

  • A boolean that indicates whether the entry's value is sensitive data; if true, any external components are requested to protect it (especially where displayed or persisted), and

  • The entry value.

For more information, see getProfileDynamicEntries.

An EntryTemplate provides information about the entries needed as an input when importing credentials. It contains the following components:

  • key—A string that serves as the entry identifier.

  • label—A human-readable string which can also be used for localization.

  • boolean—Indication of whether the value attribute (if populated) is read-only.

An external operation communicates a request from ActivID CMS to an external entity to perform a process related to the managed credential. The attributes of an ExternalOperation include the following:

  • The transaction identifier with which the ExternalOperation is associated.

  • The identifier of the credential provider that requested the ExternalOperation.

  • The type of ExternalOperation.

  • The script the external entity is to execute.

  • The input parameters required for the ExternalOperation.

  • The response parameters resulting from processing of the ExternalOperation.

  • (Optional) The credential profile identifier.

This is the identifier for the supported transaction (for example, an ActivID CMS supported credential transaction is Device Unlock). The other management operations that Credential Manager supports include Action, Operation, or Process.