Attribute properties

Edit online

When you add or modify an attribute, you specify properties that make that attribute unique.

Adding attributes

Specify the following properties when you add an attribute:

Name

A unique name for the attribute.

Description

A description of the attribute.

Identifier

The internal name of the attribute that is used in the generated XACML policy.

Issuer

The identifier of the policy information point from which the value of the attribute is retrieved. If an attribute can be returned from multiple policy information points, the issuer property specifies which policy information point to use.

Note: Use this field only if you are using a policy information point. Otherwise, leave this field blank.

Type

Indicates whether the attribute is used for policies or risk profiles or both. If neither check box is selected, the attribute is not available for policies or risk profiles.

Category

The part of the XACML request that the attribute value comes from.

Data type

The type of values that the attribute can handle. In a policy rule with an attribute, the data type indicates how the attribute can be compared to a value. In a risk profile, the risk matchers compare attribute values that have the same data type.

Matcher

An attribute matcher compares the values of a specified attribute in the incoming device fingerprint with the existing device fingerprint of the user.

Storage Domain

The storage domain indicates whether the attribute is stored as a device, session, or behavior attribute.

Device fingerprint data: Consists of attributes that are stored when a device is registered. The incoming device fingerprint is compared against this stored repository of trusted device fingerprints.
Session data: Consists of the session attributes of the user that are stored temporarily until the session times out. However, if the device is registered, the session attributes are also stored as part of the device fingerprint. If session is selected, the attribute is collected in the user’s session.
Behavior data: Is historic data that is stored in the database and used for behavior-based attribute matching. For example, the login timestamps of the user over the previous three months. If an attribute is included in a risk profile configuration and the storage domain is not specified, the default storage domain is device.

Modifying attributes

All the properties for an attribute are displayed. However, you can modify only some of attribute properties. Also, if an attribute is included in a policy, you cannot make further updates to the attribute.

You can modify the following properties:

Editable properties of predefined attributes

Storage Domain: The storage domain indicates whether the attribute is stored as a device, session, or behavior attribute. If session is selected, the attribute is collected in the user’s session. If an attribute is included in a risk profile configuration and the storage domain is not specified, the default storage domain is device.

Editable properties of custom attributes

Name: A unique name for the attribute.
Description: A description of the attribute.
Identifier: The internal name of the attribute that is used in the generated XACML policy.
Issuer: The identifier of the policy information point from which the value of the attribute is retrieved. If an attribute can be returned from multiple policy information points, the issuer property specifies which policy information point to use.
Note: Use this field only if you are using a policy information point. Otherwise, leave this field blank.
Type: Indicates whether the attribute is used for policies or risk profiles or both. If neither check box is selected, the attribute is not available for policies or risk profiles.
Category: The part of the XACML request that the attribute value comes from.
Data type: The type of values that the attribute can handle. In a policy rule with an attribute, the data type indicates how the attribute can be compared to a value. In a risk profile, the risk matchers compare attribute values that have the same data type.
Matcher: An attribute matcher compares the values of a specified attribute in the incoming device fingerprint with the existing device fingerprint of the user.
Storage Domain: The storage domain indicates whether the attribute is stored as a device, session, or behavior attribute. If session is selected, the attribute is collected in the user’s session. If an attribute is included in a risk profile configuration and the storage domain is not specified, the default storage domain is device.