Using the Generic Plug-In SPI to Customize ActivID CMS Issuance

This section introduces the fourth of the use cases—support for using the Generic Plug-In SPI A Service Provider Interface (SPI) consists of a set of constant definitions and method declarations without implementations and intended to be called or used in a pre-determined generic manner with a set of outputs that meet pre-determined abstract rules and expectations. to customize device issuance. Use cases are comprised of subsections that briefly describe and define how some types of ActivID CMS functionality can be integrated into a custom application:

Use Case: Allowing ActivID CMS to Enroll and/or Verify User Attributes

Use Case Goal

To customize the ActivID CMS issuance workflow to create a client-side plug-in using the ActivID Generic Plug-In SPI by adding enrollment and verification steps (which can include biometrics, photographs, signatures, or additional methods for the authentication of identity) on the issuance/unlock workstation.

Context

Certain integrations can require the validation of biometric data such as fingerprints prior to the device issuance and/or during the device unlock operation.

Objectives

Extend the ActivID CMS workflow and increase the security level using a variety of alternate enrollment/verifications (which can include biometrics, photographs, signatures, or additional methods for authentication of identity).

Solution

To create a client-side generic plug-in that validates the additional attributes prior to the device issuance or during a device unlock operation, you can use the ActivID Generic Plug-in SPI.

The Generic Plug-in SPI infrastructure allows for customization of the ActivID CMS issuance workflow steps that occur on the client. Client plug-ins are defined as scriptable code (for example, in JavaScript) that are integrated into the HTML pages generated by ActivID CMS at the issuance workflow step for which the client plug-in has been configured. The client plug-in can in turn invoke custom controls.

The generic client plug-in can be used in conjunction with enrollment plug-ins An enrollment plug-in is involved every time a user attribute is set or retrieved by ActivID CMS. This makes it possible to map user attributes to repositories other than ActivID CMS’ standard LDAP (for example, such as IDMS, databases, or XML files)., so that the results of a client plug-in call can be forwarded to a server enrollment plug-in, and conversely a server enrollment plug-in can be used to prepare data for a client plug-in. The ActivID CMS plug-in configuration defines which plug-ins are to be invoked at each step and the input/output parameters for each plug-in.

Examples

A client-side generic plug-in can be invoked at various steps in the device issuance process (for example, during pre-issuance, during device issuance, or during device unlock) on the issuance workstation when performing biometric checks or cardholder information enrollment.

For More Information

For more information, refer to About the Generic Plug-In SPI.