Upwards view of a crane against a cloudy, orange sky
Image: James Sullivan (@iamjsullivan) on unsplash.com


There are three participants in the initial SafeEntryBC prototype:

  • an essential service employer
  • a essentials services provider, and
  • an owner of a facility with one or more controlled access entry points.

The SafeEntryBC demo allows you to “put on the hat” of each participant to see how the system works for them. Here’s a quick summary of what each of them do.

Organization Owner/Director

  1. An owner of an essential services provider organization designates their company as such on a new web service (called the Essential Services Gateway) run by BC Registries, identifying the essential services they provide. In the future, this service will be opened up to all organizations and all services.
  2. The owner invites employees of the organization to join and collect credentials about the services they provide.

In future, owners may want to host an issuing service application on their own system, integrating the service with their own systems to simplify the invitation and credential issuing processes.

Service Provider

  1. A service provider receives the invitation to use the Essential Services Gateway web service.
  2. In preparation for using the service, they get a compatible digital wallet app, and a credential with basic information about
  3. They are issued a credential from the service indicate their status as an essential service provider and the organization for whom they work.
  4. Based on the types of services they offer, they may be required to collect credentials from other issuers. For example, in this prototype, a service provider collects their BC Personal Health Number credential from the BC Health Gateway, and then uses that credential to get the results of a COVID-19 test in a credential issued by a lab that performed the test.
  5. A service provider then uses the Essential Services Gateway to have credentials issued to them about the places they need to go to provide services. Although self-issued, the credentials are issued by the Gateway, and both the service provider and the organization for which they are working are legally responsible for the proper use of the issued credentials.
  6. When entering a SafeEntryBC access-controlled entrance, the service provider:
    1. Scans the SafeEntryBC QR Code with their digital wallet app on their phone.
    2. Is asked if they want to share the request information from the credentials they possess.
    3. Wait until the “gatekeeper” accepts or rejects the offered credentials.
    4. If accepted, service provider is granted access.

Facility Owner/Monitor

  1. The facility owner carries out the prerequisite steps for setting up one or more SafeEntryBC locations.
  2. For each location, the facility owner selects from a series of preset options the credentials required for granting access.
  3. The facility owner displays a QR code at the entrance in a safe manner. The QR code might be printed or displayed on a monitor.
  4. The facility owner monitors a web page associated with the location. When a scan is presented to request access, the page updates with the provided credentials.
  5. Based on the information and any other information available, access is granted or refused, with the decision presented to the person requesting access.

The definition of a SafeEntryBC location is extremely flexible. It can be any controlled access point where those requesting access can be required to present digital credentials. This might include:

  • Extended Care Facilities
  • Hospitals
  • Jurisdictional Borders
  • Factories
  • Work Camps
  • Dorms
  • Private Homes

Also In This Section


Need to speak to someone in the BC community about Digital Trust? Get in touch.