Solution Design

The IDIM team's business is to help you design a solution that verifies your client’s identity so that they can securely access your services. The solution will authenticate who your clients are, but it won’t authorize which services they’re eligible to access – that technical requirement is up to you.

Get the specifics on how to integrate an identity and authentication solution:

Solution Example

Here’s a fictional use case where the BC Services Card could potentially be used as part of a solution to authenticate a client.

This fictional example illustrates how a parent could use their card to give permission for their child to go on a school field trip using an online service. 

  User System
1 A parent/guardian receives notification to visit a secure online service where they are directed to log in with their BC Services Card. The BC Services Card login page displays a corporate logo for the online service (if not, a standard login logo is shown). The user's login/authentication request is sent using an interface - either Siteminder or SAML.
2

The parent/guardian logs in with their BC Services Card and taps their card against the card reader, enters their passcode and confirms identity information sharing.

Note: If there are any issues with the user's card, passcode or card reader, an error message will be displayed and the login process with be cancelled.

The IDIM service determines the identity information data to be returned and returns it to the online service in a package via the system interface.

The online service uses the data returned (identifiers) to lookup the user (parent/guardian/child) data in their system and determines what the user is authorized to do.
3 The parent/guardian views online permission slip and submits permission for their child to attend the field trip. The online service displays the content authorized for viewing and records appropriate data.
4 The parent/guardian logs out of the online service. The user's session is closed.