Fill Out a Local Attribute Mapping Form
| Go back |
|---|
This article will help you fill out a Local Attribute Mapping Form, which is a document that describes how your organization plans to map its local policies and locally stored attributes about its users into attributes conforming to the GFIPM Metadata standard. Your IDP mapping form is later used as part of your request for federation membership.
The Local Attribute Mapping Form is briefly described in the Operational Policies and Procedures document (GFIPM OPP 1.1)
During the federation membership, application-package review, the federation manager will provide a copy of your Local Attribute Mapping Form (for an IDP) to all existing members for review and comment.
The Local Attribute Mapping Form should be written as a spreadsheet (e.g., in Microsoft Excel). A template of this form is included with the membership application forms provided by the federation manager when you request to join the federation. The following table shows the design of the spreadsheet, which includes the headers followed by five rows describing attribute mappings. Note that the example data are from different members, so their derivations are not related to each other.
Tips
- Before you edit the file, rename it to include your IDP name in the file name.
- Make certain you have the following in your spreadsheet:
- a row for every GFIPM Metadata attribute that your IDP asserts
- an explanation of the source of the values and how you plan to map from the source to the GFIPM attribute
- For additional examples of a Local Attribute Mapping Form, please contact gfipm-support@lists.gatech.edu to request them.
Note
At this point, you should have completed the GFIPM Information Sharing Plan for an Identity Provider and the Local Attribute Mapping Form.
|
| |||
| Semantic Intent of Mapping |
| ||
|
|
|
| |
| First name of user | Given Name | Calculated from Local Attribute CN (Common Name) from ABCD Directory | Take substring to the first space in CN starting from the left. |
| The unique federation-wide identifier for this user | Federation ID | Fixed text plus Local Attribute (e-mail address) from the ABCD Directory for this user | "GFIPM:IDP:ABCD:USER:" + e-mail |
| ABCD does not have an attribute to indicate whether a user is a public safety officer. This derivation should yield a reliable indicator if the user is a public safety officer or working at the behest of one. | Public Safety Officer Indicator | Derived from Local Attributes in Directory | "true" if (departmentNumber contains 'Police' OR 'Patrol' OR 'Sheriff' OR '911') OR (title contains 'Officer' OR 'OFFICER' OR 'Dispatch' OR 'Sheriff' OR 'District' OR 'Patrol' OR 'Lieutenant' OR 'Sergeant') OR (postalAddress = 'police') |
| Derive if a user is legitimately a sworn law enforcement officer even though ABCD does not store this information in our directory | Sworn Law Enforcement Officer Indicator | Derived from Local Attribute Criminal Intelligence permission | All our SLEO users who go through 28 CFR training are given the Criminal Intelligence permission in our directory. If a user has this permission, our IDP will assert this indicator. |
| The contact e-mail for questions about ABCD or the identity information in the ABCD SAML assertion. This is the ABCD help desk e-mail address. | Identity Provider Organization Point of Contact E-mail Address Text | Fixed text | techsupport@abcd.gov |
| Go back |
|---|
