attribute meta model rainer hörbe, identinetics gmbh version: 2013-02-18
TRANSCRIPT
Attribute Meta Model
Rainer Hörbe, Identinetics GmbH
Version: 2013-02-18
Attribute Meta Model
• PurposeDescribe the static properties of attributes in the context of federated identity management
• Shall be synchronized with the use cases and attribute flows of FIM, like attribute life cycle management, service provisioning, assertion and consent
Properties of Attributes (1)
• Basic set: Name/Value pair• Core set: OID/URN, Display Name, Type, Value• Type: simple, complex• Representation: size, value domain, occurrence,
encryption• Presentation: Language, display size• Integrity Rules: is mandatory, more complex rules• Derivation rule: e.g. age from birthdate
Properties of Attributes (2)
• Uniqueness: global/local, temporal/eternal• Scoping: explicit (parameter list), implicit (contained
in value)• Semantic: attributes with same OID might have
different connotations -> needs mapping and alignment
• Management: date created/changed• Member in schema/bundle/set• Availability: AP refuses to send requested attribute,
e.g. “not available“ in STORK
Properties of Attributes (3)
• Quality-related attributes:– Time since last verification– Process used for verification– Quality assurance (level, policy reference, liability)– Original issuer
Related policies
• Policies that operate on attributes, but are no properties of attributes
• Service provisioning: up-front (e.g. SCIM) or ad-hoc (e.g. SAML attribute assertion as part of WebSSO or attribute query)
• Attribute release policy• Expiration policy (RP must not store/use data
longer than)• Protection policy (e.g. implied by PII level)