- Intelligence Community
- Contact Us
The Data Encoding Specification for the IC Full Service Directory Schema V1.0 codifies the set of Lightweight Directory Access Protocol (LDAP) attributes that IC elements are expected to provide when participating in the Intelligence Community Full Service Directory (IC FSD) architecture. The collection of attributes defined in the specification results in an overarching IC FSD Schema that is suitable for describing IC Entities within the TS/SCI environment. IC Entities may fall into the categories of an “IC Person” or “IC Non-Person Entity”, with the latter being used to define objects such as servers, devices, appliances, applications, and services that exist within the IC enterprise. The IC FSD Schema described in the specification is designed for implementation within LDAPv3-compliant directory servers.
The Data Encoding Specification for the IC Full Service Directory Schema V1.0 defines detailed specifications for attributes that IC elements are expected to provide to the Intelligence Community Full Service Directory (IC FSD). Its function is to facilitate the availability, accuracy, and standardization of these attributes across the IC TS/SCI enterprise, building a consistent basis for capabilities including directory services, email functions, and attribute-based access control decisions. The specification defines:
This XML Data Encoding Specification for Intelligence Content Discovery and Retrieval (CDR) defines detailed implementation guidance for using result sets in service responses applicable to the IC and Department of Defense (DoD) and information produced by, stored, or shared within and between the IC and DoD. The Content Discovery and Retrieval (CDR) Search Component specifies the use of result sets in service responses. As the DoD Discovery Metadata Specification (DDMS) is the Intelligence Community (IC) and Department of Defense (DoD) standard representation for resource metadata, and the IC Information Resource Metadata (IRM) standard is a supplement to it, providing guidance on how to search for DDMS and IRM encoded data is important. This document provides implementation guidelines for the use of DDMS and IRM in query request expressions and query responses for the CDR Search Specifications.
This is the first release of the specification and therefore provides no backward capability.
Compliance with this specification is measured against all aspects of the technical and documentary artifacts contained within the specification release package.
This specification is maintained by the IC Chief Information Officer via the Data Coordination Activity (DCA) and Content Discovery & Retrieval Integrated Project Team
Latest Approved Version
This specification is designed to fulfill a number of requirements in support of the transformational efforts of the Intelligence Community. Many of these requirements are articulated in IC Directives.
This specification includes design features capable of:
The IC Enterprise Authorization Attribute Exchange between IC Attribute Services, Authorization Attribute Set v1.0 codifies the minimum set of enterprise-level authorization attributes that IC elements are expected to provide if they participate in the Intelligence Community Unified Authorization and Attribute Service (UAAS) architecture. It provides a common, consistent way to identify IC enterprise authorization attributes of IC persons produced by, stored within, or shared throughout the IC’s TS/SCI information domain.
The name, definition, cardinality, and controlled vocabulary for each attribute are defined in order to promote interoperability between UAAS-compliant attribute services established by participating IC Agencies. The set of authorization attributes described in the specification is designed for implementation within products and servers that are capable of supporting the Encrypted Mode option of the OASIS SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based Systems, Committee Specification 01.
IC Enterprise Authorization Attribute Exchange between IC Attribute Services, Authorization Attribute Set v1.0 establishes detailed requirements for enterprise-level authorization attributes that IC elements are expected to provide if they participate in the Intelligence Community Unified Authorization and Attribute Service federation. Its function is to facilitate the availability, accuracy, and standardization of these attributes across the IC TS/SCI enterprise, building a consistent basis for the exchange of this information between IC Elements.
Defining the mandatory minimum set of IC enterprise authorization attributes and values for sharing through the IC UAAS federation supports consistent and assured information sharing across the enterprise. The IC UAAS supports Attribute-Based Access Control (ABAC) to promote on-demand access to information and other resources by IC users and services, and reduces authorization vulnerabilities by strengthening the access control decision process.
The primary audience for this document is the implementer and/or administrator who must configure an Attribute Service to meet the requirements for participation in the IC UAAS federation. The audience for this document also includes those responsible for implementing and managing the capabilities that create, provide, modify, store, exchange, search, display, or further process IC enterprise authorization attributes.
Latest Approved Version
You have selected to open
If you would like to not see this alert again, please click the
"Do not show me this again" check box below