NIEF Privilege Attribute, v1.0
Specifies requirements for Identity Provider Organizations (IDPOs) that wish to assert one or more National Identity Exchange Federation (NIEF) data privilege attributes on behalf of their users.
Assessment Steps (2)
Does the organization correctly assert this attribute in accordance with the established attribute format rules for the Federated ICAM protocol(s) and conformance or interoperability profile(s) that it uses? Also, does the organization appear to assert attribute values correctly for this attribute?
Provide a sample of a technical protocol assertion (e.g., JSON, XML, SAML, OIDC, etc.) correctly using this attribute.
ENUM_MULTI : Select the attributes that this CSP/IDP asserts for their users.
Does the organization have an appropriate authoritative source for this attribute? This should include details about derivation and life cycle for the attribute, and should align with any specific rules for the attribute for which this trustmark is being earned.
Provide details on how the organization sources the attribute, including attribute specific requirements for validity such as attribute lifecycle, training provider, and restrictions on who can assert the attribute.
Conformance Criteria (1)
When asserting a Federated ICAM data privilege attribute on behalf of a user, an IDPO or APO shall assert the attribute name correctly, in accordance with the appropriate attribute definition. In addition, an IDPO or APO shall assert attribute values for the data privilege attribute in a manner that: (1) conforms to the attribute value format requirements stipulated in the appropriate attribute definition, and (2) faithfully and accurately conveys the latest data privilege information currently known by the IDPO or APO about the user at the time the assertion is made, regardless of whether that information is based on the contents of a local database, a local policy or procedure that applies to the user, or other source.