Chief Information Officer
IC Technical Specifications
IC Enterprise Attribute Exchange Between IC Attribute Services Unified Identity Attribute Set
Overview
IC Enterprise Attribute Exchange Between IC Attribute Services Unified Identity Attribute Set (UIAS) codifies the minimum set of enterprise-level authorization attributes that IC elements are expected to provide if they participate in the Intelligence Community Unified Authorization and Attribute Service (UAAS) architecture. It provides a common, consistent way to identify IC enterprise authorization attributes of IC persons produced by, stored within, or shared throughout the IC’s TS/SCI information domain. The name, definition, cardinality, and controlled vocabulary for each attribute are defined in order to promote interoperability between UAAS-compliant attribute services established by participating IC Agencies. The set of authorization attributes described in the specification is designed for implementation within products and servers that are capable of supporting the Encrypted Mode option of the OASIS SAML V2.0 Attribute Sharing Profile for X.509 Authentication-Based Systems, Committee Specification 01.
This specification is maintained by the IC Chief Information Officer via the Data Standards Coordination Activity (DSCA) and Web Services Security Working Group (WSS WG).
Technical Specification Downloads
Latest Approved Public Release:
- IC Enterprise Attribute Exchange Between IC Attribute Services Unified Identity Attribute Set (V2021-NOV - Standalone Package)
- IC Enterprise Attribute Exchange Between IC Attribute Services Unified Identity Attribute Set (V2021-NOV - Convenience Package)
- IC Enterprise Attribute Exchange Between IC Attribute Services Unified Identity Attribute Set (V2021-NOV - Light Package)
Mission Requirements
IC Enterprise Attribute Exchange Between IC Attribute Services Unified Identity Attribute Set establishes detailed requirements for enterprise-level authorization attributes that IC elements are expected to provide if they participate in the Intelligence Community Unified Authorization and Attribute Service federation. Its function is to facilitate the availability, accuracy, and standardization of these attributes across the IC TS/SCI enterprise, building a consistent basis for the exchange of this information between IC Elements.
Defining the mandatory minimum set of IC enterprise authorization attributes and values for sharing through the IC UAAS federation supports consistent and assured information sharing across the enterprise. The IC UAAS supports Attribute-Based Access Control (ABAC) to promote on-demand access to information and other resources by IC users and services and reduces authorization vulnerabilities by strengthening the access control decision process.
The primary audience for this document is the implementer and/or administrator who must configure an Attribute Service to meet the requirements for participation in the IC UAAS federation. The audience for this document also includes those responsible for implementing and managing the capabilities that create, provide, modify, store, exchange, search, display, or further process IC enterprise authorization attributes.