IDPRS Authentication and Authorization

The following privileges are default privileges assigned to the IDPRS for a typical PIV Personal Identity Verification (technical standard of "HSPD-12") deployment.

The PIV solution leverages ActivID CMS capabilities to assign specific privileges to authenticated users with specific roles. ActivID CMS makes it possible to modify these privileges depending on the deployment policy.

• ActivID CMS only accepts requests from an authenticated IDPRS submitted by an appropriate role.

• The IDPRS authenticates to ActivID CMS using a PKI SSLv3.0 client authentication and may optionally use PKI credentials stored in a smart card.

ActivID CMS makes it possible to configure an IDPRS role with the following privileges (at a minimum):

• User creation/deletion/retrieval including adding/deleting/retrieving user enrollment attributes.

• User device policy and card layout retrieval.

• User card (approved) issuance, re-issuance, and renewal (permanent replacement), post-issuance actions creation/deletion/retrieval.