Attribute Meta Model

Rainer Hörbe, Identinetics GmbH

Version: 2013-02-18

Attribute Meta Model

• PurposeDescribe the static properties of attributes in the context of federated identity management

• Shall be synchronized with the use cases and attribute flows of FIM, like attribute life cycle management, service provisioning, assertion and consent

Properties of Attributes (1)

• Basic set: Name/Value pair• Core set: OID/URN, Display Name, Type, Value• Type: simple, complex• Representation: size, value domain, occurrence,

encryption• Presentation: Language, display size• Integrity Rules: is mandatory, more complex rules• Derivation rule: e.g. age from birthdate

Properties of Attributes (2)

• Uniqueness: global/local, temporal/eternal• Scoping: explicit (parameter list), implicit (contained

in value)• Semantic: attributes with same OID might have

different connotations -> needs mapping and alignment

• Management: date created/changed• Member in schema/bundle/set• Availability: AP refuses to send requested attribute,

e.g. “not available“ in STORK

Properties of Attributes (3)

• Quality-related attributes:– Time since last verification– Process used for verification– Quality assurance (level, policy reference, liability)– Original issuer

Related policies

• Policies that operate on attributes, but are no properties of attributes

• Service provisioning: up-front (e.g. SCIM) or ad-hoc (e.g. SAML attribute assertion as part of WebSSO or attribute query)

• Attribute release policy• Expiration policy (RP must not store/use data

longer than)• Protection policy (e.g. implied by PII level)