User Attribute Mapping

From NIEF Wiki
Jump to navigation Jump to search
Go back


This article will help you develop attribute mapping documentation, which describes how your organization plans to map its local policies and locally stored attributes about users into attributes conforming to the NIEF Attribute Registry. Your attribute mapping documentation is useful for earning attribute related Trustmarks (NIEF Mandatory and NIEF Highly Recommended) and for publishing within the NIEF Trust Fabric.

Tips

  • Create a spreadsheet from the sample table below.
  • Make certain you have the following in your spreadsheet:
    • A row for every NIEF Attribute that your IDP asserts
    • An explanation of the source of the values and how you plan to map from the source to the NIEF attribute.
  • For additional examples of an attribute mapping documentation, please contact help@nief.org to request them.


NIEF Attribute Mapping Example
NIEF Attribute Map - Identity Provider Name: <Your Organization>
Semantic Intent of Mapping
Mapping Rule From Local Attribute/Policy to NIEF Attribute
NIEF Attribute
Mapping Method
Local Source Attribute
First name of user Given Name Calculated from Local Attribute CN (Common Name) from ABCD Directory Take substring to the first space in CN starting from the left.
The unique federation-wide identifier for this user Federation ID Fixed text plus Local Attribute (e-mail address) from the ABCD Directory for this user "GFIPM:IDP:ABCD:USER:" + e-mail
ABCD does not have an attribute to indicate whether a user is a public safety officer. This derivation should yield a reliable indicator if the user is a public safety officer or working at the behest of one. Public Safety Officer Indicator Derived from Local Attributes in Directory "true" if (departmentNumber contains 'Police' OR 'Patrol' OR 'Sheriff' OR '911') OR (title contains 'Officer' OR 'OFFICER' OR 'Dispatch' OR 'Sheriff' OR 'District' OR 'Patrol' OR 'Lieutenant' OR 'Sergeant') OR (postalAddress = 'police')
Derive if a user is legitimately a sworn law enforcement officer even though ABCD does not store this information in our directory Sworn Law Enforcement Officer Indicator Derived from Local Attribute Criminal Intelligence permission All our SLEO users who go through 28 CFR training are given the Criminal Intelligence permission in our directory. If a user has this permission, our IDP will assert this indicator.
The contact e-mail for questions about ABCD or the identity information in the ABCD SAML assertion. This is the ABCD help desk e-mail address. Identity Provider Organization Point of Contact E-mail Address Text Fixed text techsupport@abcd.gov


Go back
Retrieved from "https://wiki.nief.org/index.php?title=User_Attribute_Mapping&oldid=49"