Predefined attributes

The IBM® Security Access Manager for Mobile appliance uses attributes to provide information about users and devices that try to access a protected resource. The appliance also includes a set of commonly used attributes called predefined attributes.

Five values describe each predefined attribute:

Category
Type
Data type
Source type
Source

Table 1. Predefined attribute categories. Categories indicate the type of information that each attribute conveys.
Category	Category description
Action	Indicates the user action.
Environment	Indicates when and how the user is trying to access the resource.
Resource	Gives information about what the user is trying to access.
Subject	Indicates who is trying to access the resource.

Table 2. Predefined attribute types
Type	Type description
Access policy	The administrator uses policy attributes to create policies.
Risk profile	The administrator uses risk attributes to create risk profiles.

Table 3. Predefined attribute data types. Each predefined attribute has a data type. Data types are classifications that identify the possible values for each type of attribute.
Data type	Data type description
Boolean	Condition that refers to two possible values: True False
Date	Date of the request.
Integer	Number that can be written without a fractional or decimal component.
String	Sequence of characters.
Time	Time of the request.
X500Name	Values with distinguished names.

Table 4. Predefined attribute source types. Source types indicate the source of each attribute.
Source type	Source type description
Active	Collected by the attribute collection service. The administrator must add JavaScript to the application so that active attributes can be collected. For example: system fonts.
Derived	Generated by a policy information point (PIP). For example: risk score.
Passive	Collected from the browser by the external authorization service (EAS) and placed into an XACML request. Attributes with this source type are collected by the policy enforcement point (PEP) without installing more software or challenging the client to provide more details. For example: user-agent HTTP header and client IP address.

Table 5. Predefined attribute sources. Sources indicate where the attributes originate from.
Source	Source description
Attribute collection service	Collects information about the user device such as browser information, the operating system of the device, and the language of the device.
Consent external authentication interface	Asks the user for a device registration decision.
Device fingerprint count PIP	Counts the number of devices that are associated with the user.
Geolocation PIP	Looks up the location of the user that is based on the IP address.
HTTP headers	Provides information about the request.
IP reputation PIP	Generates the IP reputation. See IP reputation for more information about IP reputation.
`POST` data	Collects information about the user and sends it to the external authorization service (EAS) as `POST` data. The EAS inserts this `POST` data into the decision request.
Risk engine	Generates the risk score. See Risk score calculation for more information about risk score calculation.
System time	Keeps the time of the system.
Security Access Manager credential	Collects information about the user from Security Access Manager.
Worklight® JavaScript PIP	Parses the `POST` data from a Worklight adapter invocation and returns custom attributes that are created from the data that is contained within the `POST` from the `parameters` element.