Data provided to an organization’s online service from the government’s client authentication service is considered a set of one or more identity attributes. In this context, an attribute is a statement about an individual’s identity – are they who they claim to be?
Attributes associated with an individual identity are returned to an online service via a system interface. How those attributes are used, either for authorization or other purposes, is up to your organization.
The following are examples of attribute data that your online service could possibly receive:
- Given Name(s)
- Date of Birth
- Identity Assurance Level
- Derived Fields (e.g. “Person Is Over 19” = “True” or “False”)
Identity attributes are defined on a per-service basis and are to be documented in the Information Sharing Requirements Schedule (attached to a Service Agreement) (PDF) between the two organizations. Only the specific identity attributes that meet the needs of an organization's service should be used. These must be clearly defined as part of the requirements.
An identifier refers to a sequence of characters (letters and/or numbers) that represents an individual. These identifiers allow systems to refer to the same person over time without being affected by things such as name changes.
With the BC Services Card, there are many identifiers an individual may have. The authentication service manages internal system identifiers, also called "directed identifiers" or DIDs, but does not manage external identifiers like Drivers Licence numbers, Personal Health numbers, etc.
During the authentication process, the identifier specific to the service and client will be used. For example:
- When a cardholder logs into a health service, the authentication service provides the health identifier
Using directed identifiers protects identities without revealing any personal information held between multiple services.