Fill Out a Local Access Policy Mapping Form
| Go back |
|---|
This article will help you fill out a Local Access Policy Mapping Form to translate your plain-English access policies into Boolean logic rules based on GFIPM metadata attributes. The Local Access Policy Mapping Form for your SP is later used as part of your request for federation membership.
The Local Access Policy Mapping Form is a document describing how the organization plans to map its local access control policies into rules that can be expressed using attributes from the GFIPM Metadata standard.
During the federation membership, application-package review, the federation manager will provide a copy of your Local Access Policy Mapping Form (for an SP) to all existing members for review and comment.
The Local Access Policy Mapping Form should be written as a spreadsheet (e.g., Microsoft Excel). A template of this form is included with the membership application forms provided by the federation manager when you request to join the federation. The following table shows the design of the spreadsheet, which includes the headers followed by several rows describing access policy mappings. Note that these examples are from different members, so their derivations are not related to each other.
Tips
- Before you edit the file, rename it to include your SP name in the file name.
- Make certain you have the following in your spreadsheet:
- a row for every local resource that your SP will make available
- an explanation of the policy for resource discovery
- an explanation of the policy for resource access and the corresponding access control rule expressed in GFIPM Metadata attributes
- For additional examples of a Local Access Policy Mapping Form, please contact the federation manager at gfipm-support@lists.gatech.edu.
Note
At this point, you should have completed the GFIPM Information Sharing Plan for a Service Provider and the Local Access Policy Mapping Form.
|
| ||||
|
|
| |||
|
|
|
|
|
|
| Arizona Counter-Terrorism Information Center | Any user with a valid federation login may discover this resource. | ALLOW if: (Given Name is present AND Surname is present AND Telephone Number is present AND Federation ID is present AND Employer Organization Name is present AND Identity Provider Name is present) | Any user with a valid federation login may access this resource. In addition, sufficient audit data is required for all users. | ALLOW if: (Given Name is present AND Surname is present AND Telephone Number is present AND Federation ID is present AND Employer Organization Name is present AND Identity Provider Name is present) |
| New Mexico Complete Arrest Information | Any user with a valid federation login may discover this resource. | ALLOW if: (Given Name is present AND Surname is present AND Telephone Number is present AND Federation ID is present AND Employer Organization Name is present AND Identity Provider Name is present) | To access this resource, a user must be a sworn law enforcement officer with NCIC criminal history certification and criminal history home data search privileges. In addition, sufficient audit data is required for all users. | ALLOW if: (Given Name is present AND Surname is present AND Telephone Number is present AND Federation ID is present AND Employer Organization Name is present AND Identity Provider Name is present) AND (Sworn Law Enforcement Officer Indicator = TRUE) AND (NCIC Certification Indicator is present AND (Criminal History Home Search Data Privilege Indicator = TRUE) |
| Go back |
|---|
