User Attribute Mapping
Jump to navigation
Jump to search
Go back |
---|
This article will help you develop attribute mapping documentation, which describes how your organization plans to map its local policies and locally stored attributes about users into attributes conforming to the NIEF Attribute Registry. Your attribute mapping documentation is useful for earning attribute related Trustmarks and for publishing within the NIEF Trust Fabric.
Tips
- Before you edit the file, rename it to include your IDP name in the file name.
- Make certain you have the following in your spreadsheet:
- a row for every GFIPM Metadata attribute that your IDP asserts
- an explanation of the source of the values and how you plan to map from the source to the GFIPM attribute
- For additional examples of a Local Attribute Mapping Form, please contact gfipm-support@lists.gatech.edu to request them.
Note
At this point, you should have completed the GFIPM Information Sharing Plan for an Identity Provider and the Local Attribute Mapping Form.
| |||
Semantic Intent of Mapping |
| ||
|
|
| |
First name of user | Given Name | Calculated from Local Attribute CN (Common Name) from ABCD Directory | Take substring to the first space in CN starting from the left. |
The unique federation-wide identifier for this user | Federation ID | Fixed text plus Local Attribute (e-mail address) from the ABCD Directory for this user | "GFIPM:IDP:ABCD:USER:" + e-mail |
ABCD does not have an attribute to indicate whether a user is a public safety officer. This derivation should yield a reliable indicator if the user is a public safety officer or working at the behest of one. | Public Safety Officer Indicator | Derived from Local Attributes in Directory | "true" if (departmentNumber contains 'Police' OR 'Patrol' OR 'Sheriff' OR '911') OR (title contains 'Officer' OR 'OFFICER' OR 'Dispatch' OR 'Sheriff' OR 'District' OR 'Patrol' OR 'Lieutenant' OR 'Sergeant') OR (postalAddress = 'police') |
Derive if a user is legitimately a sworn law enforcement officer even though ABCD does not store this information in our directory | Sworn Law Enforcement Officer Indicator | Derived from Local Attribute Criminal Intelligence permission | All our SLEO users who go through 28 CFR training are given the Criminal Intelligence permission in our directory. If a user has this permission, our IDP will assert this indicator. |
The contact e-mail for questions about ABCD or the identity information in the ABCD SAML assertion. This is the ABCD help desk e-mail address. | Identity Provider Organization Point of Contact E-mail Address Text | Fixed text | techsupport@abcd.gov |
Go back |
---|