User Attribute Mapping: Difference between revisions

From NIEF Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
{|
{|
!class="gfipmnav"|[[Develop a NIEF Information Sharing Plan for an Identity Provider|Go back]]
!class="gfipmnav"|[[How to Develop a NIEF Information Sharing Plan for an Identity Provider|Go back]]
|}
|}




This article will help you develop attribute mapping documentation, which describes how your organization plans to map its local policies and locally stored attributes about users into attributes conforming to the [https://nief.org/attribute-registry/ NIEF Attribute Registry].  Your attribute mapping documentation is useful for earning attribute related Trustmarks and for publishing within the [https://nief.org/trust-fabric/ NIEF Trust Fabric].
This article will help you develop attribute mapping documentation, which describes how your organization plans to map its local policies and locally stored attributes about users into attributes conforming to the [https://nief.org/attribute-registry/ NIEF Attribute Registry].  Your attribute mapping documentation is useful for earning attribute related Trustmarks ([https://artifacts.trustmarkinitiative.org/lib/trust-interoperability-profiles/nief-mandatory-attributes/1.0/ NIEF Mandatory] and [https://artifacts.trustmarkinitiative.org/lib/trust-interoperability-profiles/nief-highly-recommended-attributes/1.0/ NIEF Highly Recommended]) and for publishing within the [https://nief.org/trust-fabric/ NIEF Trust Fabric].


'''Tips'''
'''Tips'''
Line 17: Line 17:


{| border="1" cellpadding="2"
{| border="1" cellpadding="2"
|+ align="top" style="background: black; color: white" | '''Local Attribute Mapping Form Example'''
|+ align="top" style="background: black; color: white" | '''NIEF Attribute Mapping Example'''
| colspan="4" |
| colspan="4" |
<center>'''GFIPM Attribute Map - Identity Provider Name: <Your Organization>'''</center>
<center>'''NIEF Attribute Map - Identity Provider Name: <Your Organization>'''</center>
|-
|-
| rowspan="2" | '''Semantic Intent of Mapping'''
| rowspan="2" | '''Semantic Intent of Mapping'''
| colspan="3" |
| colspan="3" |
<center>'''Mapping Rule From Local Attribute/Policy to GFIPM Metadata'''</center>
<center>'''Mapping Rule From Local Attribute/Policy to NIEF Attribute'''</center>
|-
|-
|
|
<center>'''GFIPM Metadata Attribute'''</center>
<center>'''NIEF Attribute'''</center>
|
|
<center>'''Mapping Method'''</center>
<center>'''Mapping Method'''</center>
Line 60: Line 60:


{|
{|
!class="gfipmnav"|[[Develop a NIEF Information Sharing Plan for an Identity Provider|Go back]]
!class="gfipmnav"|[[How to Develop a NIEF Information Sharing Plan for an Identity Provider|Go back]]
|}
|}

Latest revision as of 19:19, 23 January 2019

Go back


This article will help you develop attribute mapping documentation, which describes how your organization plans to map its local policies and locally stored attributes about users into attributes conforming to the NIEF Attribute Registry. Your attribute mapping documentation is useful for earning attribute related Trustmarks (NIEF Mandatory and NIEF Highly Recommended) and for publishing within the NIEF Trust Fabric.

Tips

  • Create a spreadsheet from the sample table below.
  • Make certain you have the following in your spreadsheet:
    • A row for every NIEF Attribute that your IDP asserts
    • An explanation of the source of the values and how you plan to map from the source to the NIEF attribute.
  • For additional examples of an attribute mapping documentation, please contact help@nief.org to request them.


NIEF Attribute Mapping Example
NIEF Attribute Map - Identity Provider Name: <Your Organization>
Semantic Intent of Mapping
Mapping Rule From Local Attribute/Policy to NIEF Attribute
NIEF Attribute
Mapping Method
Local Source Attribute
First name of user Given Name Calculated from Local Attribute CN (Common Name) from ABCD Directory Take substring to the first space in CN starting from the left.
The unique federation-wide identifier for this user Federation ID Fixed text plus Local Attribute (e-mail address) from the ABCD Directory for this user "GFIPM:IDP:ABCD:USER:" + e-mail
ABCD does not have an attribute to indicate whether a user is a public safety officer. This derivation should yield a reliable indicator if the user is a public safety officer or working at the behest of one. Public Safety Officer Indicator Derived from Local Attributes in Directory "true" if (departmentNumber contains 'Police' OR 'Patrol' OR 'Sheriff' OR '911') OR (title contains 'Officer' OR 'OFFICER' OR 'Dispatch' OR 'Sheriff' OR 'District' OR 'Patrol' OR 'Lieutenant' OR 'Sergeant') OR (postalAddress = 'police')
Derive if a user is legitimately a sworn law enforcement officer even though ABCD does not store this information in our directory Sworn Law Enforcement Officer Indicator Derived from Local Attribute Criminal Intelligence permission All our SLEO users who go through 28 CFR training are given the Criminal Intelligence permission in our directory. If a user has this permission, our IDP will assert this indicator.
The contact e-mail for questions about ABCD or the identity information in the ABCD SAML assertion. This is the ABCD help desk e-mail address. Identity Provider Organization Point of Contact E-mail Address Text Fixed text techsupport@abcd.gov


Go back