User Attribute Mapping

From NIEF Wiki
Revision as of 19:45, 17 January 2019 by Jeff.Krug (talk | contribs) (Created page with "{| !class="gfipmnav"|Go back |} This article will help you develop attribute mapping documentation, whic...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Go back


This article will help you develop attribute mapping documentation, which describes how your organization plans to map its local policies and locally stored attributes about users into attributes conforming to the NIEF Attribute Registry. Your attribute mapping documentation is useful for earning attribute related Trustmarks and for publishing within the NIEF Trust Fabric.

Tips

  • Before you edit the file, rename it to include your IDP name in the file name.
  • Make certain you have the following in your spreadsheet:
    • a row for every GFIPM Metadata attribute that your IDP asserts
    • an explanation of the source of the values and how you plan to map from the source to the GFIPM attribute


Note

At this point, you should have completed the GFIPM Information Sharing Plan for an Identity Provider and the Local Attribute Mapping Form.


Local Attribute Mapping Form Example
GFIPM Attribute Map - Identity Provider Name: <Your Organization>
Semantic Intent of Mapping
Mapping Rule From Local Attribute/Policy to GFIPM Metadata
GFIPM Metadata Attribute
Mapping Method
Local Source Attribute
First name of user Given Name Calculated from Local Attribute CN (Common Name) from ABCD Directory Take substring to the first space in CN starting from the left.
The unique federation-wide identifier for this user Federation ID Fixed text plus Local Attribute (e-mail address) from the ABCD Directory for this user "GFIPM:IDP:ABCD:USER:" + e-mail
ABCD does not have an attribute to indicate whether a user is a public safety officer. This derivation should yield a reliable indicator if the user is a public safety officer or working at the behest of one. Public Safety Officer Indicator Derived from Local Attributes in Directory "true" if (departmentNumber contains 'Police' OR 'Patrol' OR 'Sheriff' OR '911') OR (title contains 'Officer' OR 'OFFICER' OR 'Dispatch' OR 'Sheriff' OR 'District' OR 'Patrol' OR 'Lieutenant' OR 'Sergeant') OR (postalAddress = 'police')
Derive if a user is legitimately a sworn law enforcement officer even though ABCD does not store this information in our directory Sworn Law Enforcement Officer Indicator Derived from Local Attribute Criminal Intelligence permission All our SLEO users who go through 28 CFR training are given the Criminal Intelligence permission in our directory. If a user has this permission, our IDP will assert this indicator.
The contact e-mail for questions about ABCD or the identity information in the ABCD SAML assertion. This is the ABCD help desk e-mail address. Identity Provider Organization Point of Contact E-mail Address Text Fixed text techsupport@abcd.gov


Go back