The Forefront Identity Manager Certificate Management (FIM CM) Provision API is an extensibility mechanism for FIM CM. You can use it to develop applications that must customize request processing workflows beyond what is available through policy configurations in FIM CM.
The FIM CM Provision API supports the following FIM CM policies:
- Software and Smart Card Enroll
- Software and Smart Card Recover
- Smart Card Unblock
- Smart Card Offline Unblock
- Smart Card Retire
The FIM CM Provision API provides a rich object model for working with request workflows and policies in FIM CM. This API is part of the larger set of extensibility mechanisms in FIM CM. These extensibility mechanisms include the following:
- FIM CM Provision API
Overview
- FIM CM Notification API
Overview
- FIM CM Customizable
Interfaces Overview
- FIM CM SQL API
Overview
These extensibility mechanisms complement each other. When used together, they provide highly customized applications that use FIM CM as the basis for certificate and smart card management.
Applications that you develop with the FIM CM Provision API can customize specific workflow actions or override all of the user interaction with the FIM CM server. As a software developer, you determine what FIM CM functionality to customize based on your needs. You can use the FIM CM Provision API to build and deploy a custom request application quickly and easily, with minimal effort to integrate it with FIM CM.
Usage Scenarios
You can use the FIM CM Provision API to create various applications that address different customization scenarios. The following scenarios are examples of how you can use the FIM CM Provision API:
- Create applications that require custom
communication and interaction with a smart card outside the
standard methods that are used by FIM CM. This enables you to
control the interaction and communication with a smart card.
- Create applications that require that
certificate-based provisioning and custom data be written to a
smart card. For example, if a smart card and middleware support a
channel that is not supported for FIM CM, then you can customize
the enrollment and recovery process to take advantage of this
advanced smart card communication. Alternatively, if you want to
support a smart card type that is not supported by FIM CM, you can
use enrollment, recover, unblock, offline unblock, and retire to do
this.
- Create Web applications to support smart card
management workflows that supplement what is available in FIM CM
policies.
- Create a custom registration application that
requires custom processing outside the standard FIM CM process and
integration with existing third-party systems. For example, you can
implement a Federal Information Processing Standards Publication
201 (FIPS 201) Personal Identity Verification (PIV) registration
process that includes biometric data collection and identity source
document validation of the applicants as part of the registration
process.
- Extend FIM CM smart card provisioning
capabilities to include provisioning for biometric information that
is collected and stored on the smart card as part of the issuance
process. For example, you can write an application that collects
biometric data before a user can initiate or execute an enrollment
request. You can store the biometric data in a database, and then
relate it to the user and the smart card for which the user has
enrolled. In addition, you can verify that biometric data on a
recovery operation.
- Extend FIM CM smart card provisioning
capabilities to include provisioning for other smart card devices,
such as hybrid smart cards and one-time-password devices. For
example, you can write an application that puts certificates on a
smart card-like device that is not supported by FIM CM
directly.
- Extend the printing capabilities of FIM CM
smart cards so they integrate with smart card printing solutions
that are not supported by FIM CM directly. For example, FIM CM
supports printing smart cards using Data Card ID Works 5.1,
Enterprise Edition. Therefore, if you have your own printing
solution, you can write an application that prints a smart card and
issues certificates to it using your custom printing solution.
- Integrate the FIM CM smart card issuance
process with physical access systems. For example, you can write an
application that issues certificates and puts them on a smart card,
prepares the smart card for a physical access system, and prepares
the infrastructure for physical access.
In This Section
Related Sections
External Resources
Send comments about this topic to Microsoft.
© 2007 Microsoft Corporation. All rights reserved.