ID Contact is a system for setting up authenticated communication between end-users and an organisations support agents. The motivating use case for ID-Contact is for Dutch municipalities to verify citizen identity communicating over chat, telephone, video call or other remote communication channels.
The ID Contact core acts as an orchestrator for communications, allowing setup of authenticated communication using any of the supported authentication and communication methods. It is assisted in this by the communication and authentication plugins which handle the actual interfacing with the various methods of communication and authentication. Together, this set of components enables use any combination of authentication and communication methods with only a minimal amount of work for adding new such methods.
An overview of an ID contact system with all its components.
In order to provide a common framework for the plugins, information about end-users in ID Contact consists of one or more attributes. Each attribute is a single piece of labelled information about the end-user, such as their name, birthday, BSN. Which of these attributes is used can vary based on the intent with which the end-user started their ID Contact session, providing a flexible framework with built in support for privacy-by-design principles.
The ID-Contact Core has two main responsibilities:
- Discovery of authentication and communication methods for the UI.
- Setting up the session flow based on end-users choices.
When the end-user indicates a desire to communicate, they will first encounter the core's web component. This component asks the core for allowed communication and authentication methods and presents these options to the end-user. It then gathers and informs the core of the end-users choices.
After this choice-gathering phase, it is the responsibility of the core to setup the actual authentication-communication flow. It coordinates with the plugins for the users chosen methods to setup authentication, communication, and ensure that the information gathered during authentication ends up with the agent.
Authentication plugins form the glue between ID Contact and the authentication services. It is their responsibility to coordinate the authentication flow.
An authentication plugin provides three major pieces of functionality:
- Provide routing to and from the authentication flow from other parts of the ID Contact session flow.
- Provide gathering and transformation of end-user information into attributes.
- Export attributes to other components in the ID Contact session.
Communication plugins form the glue between ID Contact and the communication services. It is their responsibility to coordinate the end-users communication and to ensure all attributes end up with the agent.
A communication plugin provides 3 major pieces of functionality:
- Route the end-user towards the actual communication system.
- Provide pairing of end-users to agents.
- Accept attributes and display these to the relevant agent.
A basic ID Contact session is collaboration between these three components, and roughly consists of three steps.
The session starts with the end-user indicating an intent to communicate. At this point, they are presented with choices for how to authenticate, and how to communicate by the core. After picking their preferred methods, the core sets up the session, and refers the user to the authentication flow.
Next, the user needs to authenticate. At this point, the authentication plugin becomes responsible for guiding the end-user through this process. Upon completion, the plugin packages up the obtained attributes and sends these to the communication plugin. It also redirects the end-user to the communication plugin.
Finally, the communication plugin takes over to handle the actual task of communication. It routes the user to the actual communication system used, and pairs them to an appropriate agent. The communication plugin is also responsible for providing the agent with the received information about the user, and in general handles the rest of the session.