EIM Mapping Lookup Algorithm

The following algorithm is used when doing a mapping lookup using either Get EIM Target Identities from the Source (eimGetTargetFromSource) or Get EIM Target Identities and Credentials from the Source (eimGetTargetCredsFromSource) API.

  1. Check if both the source and target registries support mapping lookup operations. If not, return no data.
  2. Specific source association to target association
    • Check for source associations to EIM identifier(s) using the specified source registry user name and source registry. If none is found, go to step 3.
    • Check for target associations to the EIM identifier(s) using the specified target registry. If none are found, go to step 3.
    • If additional information is specified, check if any of the target identities have the same additional information. If not, go to step 3.
    • Return the target identity(ies) for the specified target registry.
  3. Specific source association to target association using source group registries
    • Check if the specified source registry is a member of any group registries. If not, go to step 4.
    • Repeat these steps for each group registry:
      • Check if the group registry supports mapping lookup operations. If not, go to next group registry.
      • Check for source associations to EIM identifier(s) using the specified source registry user name and the group registry name. If none are found, go to next group registry.
      • Check for target associations to the EIM identifier(s) using the specified target registry. If none are found, go to next group registry.
      • If additional information is specified, check if any of the target identities have the same additional information. If not, go to next group registry.
      • Add the target identity(ies) for the specified target registry to the return list.
    • If entries were added to the list, then return.
  4. Specific source association to target association using target group registries
    • Check if the specified target registry is a member of any group registries. If not, go to step 5.
    • Check for source associations to EIM identifier(s) using the specified source registry user name and source registry. If none are found, go to step 5.
    • Repeat these steps for each group registry:
      • Check if the group registry supports mapping lookup operations. If not, go to next group registry.
      • Check for target associations to the EIM identifier(s) using the group registry name. If none are found, go to next group registry.
      • If additional information is specified, check if any of the target identities have the same additional information. If not, go to next group registry.
      • Add the target identity(ies) for the group registry name to the return list.
    • If entries were added to the list, then return.
  5. Specific source association to target association using source and target group registries
    • Check if the specified source registry is a member of any group registries. If not, go to step 6.
    • Check if the specified target registry is a member of any group registries. If not, go to step 6.
    • Repeat these steps for each source group registry:
      • Check if the source group registry supports mapping lookup operations. If not, go to next source group registry.
      • Check for source associations to EIM identifier(s) using the specified source registry user name and source group registry name. If none are found, go to next source group registry.
      • Repeat these steps for each target group registry:
        • Check if the target group registry supports mapping lookup operations. If not, go to next group registry.
        • Check for target associations to the EIM identifier(s) using the target group registry name. If none are found, go to next target group registry.
        • If additional information is specified, check if any of the target identities have the same additional information. If not, go to next target group registry.
        • Add the target identity(ies) for the target group registry name to the return list.
    • If entries were added to the list, then return.
  6. Check if the domain supports policy associations. If not, return no data.
  7. Check if the target registry supports policy associations. If not, return no data.
  8. Certificate filter policy associations
    • Check if the source registry is an X.509 registry. If not, go to step 10.
    • Check if there is a certificate policy filter value that matches the source identity. If not, go to step 10.
    • Check for certificate filter policy associations for the certificate filter policy value to the target registry. If none are found, go to step 9.
    • If additional information is specified, check if any of the target identities have the same additional information. If not, go to step 9.
    • Return the target identity(ies) for the specified target registry.
  9. Certificate filter policy associations using target group registries
    • Check if specified target registry is a member of any group registries. If not, go to step 10.
    • Repeat these steps for each target group registry:
      • Check if the target group registry supports policy associations. If not, go to next group registry.
      • Check for certificate filter policy associations for the certificate filter policy value to the group registry. If none are found, go to next group registry.
      • If additional information is specified, check if any of the target identities have the same additional information. If not, go to next group registry.
      • Add the target identity(ies) for the group registry name to the return list.
    • If entries were added to the list, then return.
  10. Default registry policy associations
    • Check for default registry policy associations for the source registry to the target registry. If none are found, go to step 11.
    • If additional information is specified, check if any of the target identities have the same additional information. If not, go to step 11.
    • Return the target identity(ies) for the specified target registry.
  11. Default registry policy associations using source group registries
    • Check if the specified source registry is a member of any group registries. If not, go to step 12.
    • Repeat these steps for each group registry:
      • Check if the group registry supports policy associations. If not, go to next group registry.
      • Check for default registry policy associations for the group registry to the target registry. If none are found, go to next group registry.
      • If additional information is specified, check if any of the target identities have the same additional information. If not, go to next group registry.
      • Add the target identity(ies) for the specified target registry to the return list.
    • If entries were added to the list, then return.
  12. Default registry policy associations using target group registries
    • Check if the specified target registry is a member of any group registries. If not, go to step 13.
    • Repeat these steps for each group registry:
      • Check if the group registry supports policy associations. If not, go to next group registry.
      • Check for default registry policy associations for the source registry to the group registry. If none are found, go to next group registry.
      • If additional information is specified, check if any of the target identities have the same additional information. If not, go to next group registry.
      • Add the target identity(ies) for the group registry name to the return list.
    • If entries were added to the list, then return.
  13. Default registry policy associations using source and target group registries
    • Check if the specified source registry is a member of any group registries. If not, go to step 14.
    • Check if the specified target registry is a member of any group registries. If not, go to step 14.
    • Repeat these steps for each source group registry:
      • Check if the source group registry supports policy associations. If not, go to next source group registry.
      • Repeat these steps for each target group registry:
        • Check if the target group registry supports policy associations. If not, go to next group registry.
        • Check for default registry policy associations for the source group registry to the target group registry. If none are found, go to next target group registry.
        • If additional information is specified, check if any of the target identities have the same additional information. If not, go to next target group registry.
        • Add the target identity(ies) for the target group registry name to the return list.
    • If entries were added to the list, then return.
  14. Default domain policy associations
    • Check for default domain policy associations to the target registry. If none are found, go to step 15.
    • If additional information is specified, check if any of the target identities have the same additional information. If not, go to step 15.
    • Return the target identity(ies) for the specified target registry.
  15. Default domain policy associations using target group registries
    • Check if the specified target registry is a member of any group registries. If not, return no data.
    • Repeat these steps for each group registry:
      • Check if the group registry supports policy associations. If not, go to next group registry.
      • Check for default domain policy associations to the group registry. If none are found, go to next group registry.
      • If additional information is specified, check if any of the target identities have the same additional information. If not, go to next group registry.
      • Add the target identity(ies) for the group registry name to the return list.
    • Return to caller.


The following algorithm is used when doing a mapping lookup using either Get EIM Target Identities from the Identifier (eimGetTargetFromIdentifier) or Get EIM Target Identities and Credentials from the Identifier (eimGetTgtCredsFromIdentifier) API.

  1. Check if the target registry supports mapping lookup operations. If not, return no data.
  2. Specific target association to the identifier
    • Check for target associations to the EIM identifier using the specified target registry. If none are found, go to step 3.
    • If additional information is specified, check if any of the target identities have the same additional information. If not, go to step 3.
    • Return the target identity(ies) for the specified target registry.
  3. Specific target association to the identifier using target group registries
    • Check if the specified target registry is a member of any group registries. If not, go to step 4.
    • Repeat these steps for each group registry:
      • Check if the group registry supports mapping lookup operations. If not, go to next group registry.
      • Check for target associations to the EIM identifier using the group registry. If none are found, go to next group registry.
      • If additional information is specified, check if any of the target identities have the same additional information. If not, go to next group registry.
      • Add the target identity(ies) for the specified target registry to the return list.
    • If entries were added to the list, then return.
  4. Check if the domain supports policy associations. If not, return no data.
  5. Check if the target registry supports policy associations. If not, return no data.
  6. Default domain policy associations
    • Check for default domain policy associations to the target registry. If none are found, go to step 7..
    • If additional information is specified, check if any of the target identities have the same additional information. If not, go to step 7.
    • Return the target identity(ies) for the specified target registry.
  7. Default domain policy associations using target group registries
    • Check if the specified target registry is a member of any group registries. If not, return no data.
    • Repeat these steps for each group registry:
      • Check if the group registry supports policy associations. If not, go to next group registry.
      • Check for default domain policy associations to the group registry. If none are found, go to next group registry.
      • If additional information is specified, check if any of the target identities have the same additional information. If not, go to next group registry.
      • Add the target identity(ies) for the group registry name to the return list.
    • Return to caller.

[ Back to top | Security APIs | APIs by category ]