FIM CM Provision API Overview

The Forefront Identity Manager Certificate Management (FIM CM) Provision API is an extensibility mechanism for FIM CM. You can use it to develop applications that must customize request processing workflows beyond what is available through policy configurations in FIM CM.

The FIM CM Provision API supports the following FIM CM policies:

  • Software and Smart Card Enroll

  • Software and Smart Card Recover

  • Smart Card Unblock

  • Smart Card Offline Unblock

  • Smart Card Retire

The FIM CM Provision API provides a rich object model for working with request workflows and policies in FIM CM. This API is part of the larger set of extensibility mechanisms in FIM CM. These extensibility mechanisms include the following:

These extensibility mechanisms complement each other. When used together, they provide highly customized applications that use FIM CM as the basis for certificate and smart card management.

Applications that you develop with the FIM CM Provision API can customize specific workflow actions or override all of the user interaction with the FIM CM server. As a software developer, you determine what FIM CM functionality to customize based on your needs. You can use the FIM CM Provision API to build and deploy a custom request application quickly and easily, with minimal effort to integrate it with FIM CM.

Usage Scenarios

You can use the FIM CM Provision API to create various applications that address different customization scenarios. The following scenarios are examples of how you can use the FIM CM Provision API:

  • Create applications that require custom communication and interaction with a smart card outside the standard methods that are used by FIM CM. This enables you to control the interaction and communication with a smart card.

  • Create applications that require that certificate-based provisioning and custom data be written to a smart card. For example, if a smart card and middleware support a channel that is not supported for FIM CM, then you can customize the enrollment and recovery process to take advantage of this advanced smart card communication. Alternatively, if you want to support a smart card type that is not supported by FIM CM, you can use enrollment, recover, unblock, offline unblock, and retire to do this.

  • Create Web applications to support smart card management workflows that supplement what is available in FIM CM policies.

  • Create a custom registration application that requires custom processing outside the standard FIM CM process and integration with existing third-party systems. For example, you can implement a Federal Information Processing Standards Publication 201 (FIPS 201) Personal Identity Verification (PIV) registration process that includes biometric data collection and identity source document validation of the applicants as part of the registration process.

  • Extend FIM CM smart card provisioning capabilities to include provisioning for biometric information that is collected and stored on the smart card as part of the issuance process. For example, you can write an application that collects biometric data before a user can initiate or execute an enrollment request. You can store the biometric data in a database, and then relate it to the user and the smart card for which the user has enrolled. In addition, you can verify that biometric data on a recovery operation.

  • Extend FIM CM smart card provisioning capabilities to include provisioning for other smart card devices, such as hybrid smart cards and one-time-password devices. For example, you can write an application that puts certificates on a smart card-like device that is not supported by FIM CM directly.

  • Extend the printing capabilities of FIM CM smart cards so they integrate with smart card printing solutions that are not supported by FIM CM directly. For example, FIM CM supports printing smart cards using Data Card ID Works 5.1, Enterprise Edition. Therefore, if you have your own printing solution, you can write an application that prints a smart card and issues certificates to it using your custom printing solution.

  • Integrate the FIM CM smart card issuance process with physical access systems. For example, you can write an application that issues certificates and puts them on a smart card, prepares the smart card for a physical access system, and prepares the infrastructure for physical access.

In This Section

FIM CM Provision API Fundamentals

FIM CM Provision API Architecture

Programming with the FIM CM Provision API

FIM CM Notification API Fundamentals

External Resources

External Resources for FIM CM