Predefined attributes

An appliance with Advanced Access Control uses attributes to provide information about users and devices that try to access a protected resource. The appliance also includes a set of commonly used attributes called predefined attributes.

1. accessTime
   
2. action
   
3. authenticationLevel
   
4. authenticationMechanism
   
5. authenticationMechanismTypes
   
6. authenticationMethod
   
7. authenticationTypes
   
8. browserPlugins
   
9. colorDepth
   
10. currentDate
    
11. currentTime
    
12. deviceFonts
    
13. deviceLanguage
    
14. deviceName
    
15. devicePlatform
    
16. fiberlink.maas360.device.compliance.state
    
17. fiberlink.maas360.device.ids
    
18. fiberlink.maas360.device.ownership
    
19. fiberlink.maas360.device.jailbroken
    
20. fiberlink.maas360.device.last.reported
    
21. fiberlink.maas360.device.managed.status
    
22. fiberlink.maas360.device.match.found
    
23. geoCity
    
24. geoCountryCode
    
25. geoLocation
    
26. geoRegionCode
    
27. groups
    
28. groupsDN
    
29. http:accept
    
30. http:acceptEncoding
    
31. http:acceptLanguage
    
32. http:host
    
33. http:uri
    
34. http:userAgent
    
35. ipAddress
    
36. ipReputation
    
37. oauthScopeResource
    
38. oauthScopeSubject
    
39. qop
    
40. qradar.uba.risk.score
    
41. registeredDeviceCount
    
42. resource
    
43. riskScore
    
44. scheme
    
45. screenAvailableHeight
    
46. screenAvailableWidth
    
47. screenHeight
    
48. screenWidth
    
49. userConsent
    
50. userDN
    
51. username
    
52. worklight.adapter.adapter
    
53. worklight.adapter.balance.account
    
54. worklight.adapter.parameters
    
55. worklight.adapter.procedure
    
56. worklight.adapter.transfer.account.from
    
57. worklight.adapter.transfer.account.to
    
58. worklight.adapter.transfer.amount
    
59. worklight.device.id
    
60. worklight.version.app
    
61. worklight.version.native
    
62. worklight.version.platform
    

Categories

Category	Description
Action	The user action.
Environment	When and how the user is trying to access the resource.
Resource	Information about what the user is trying to access.
Subject	Who is trying to access the resource.

Type

Type	Description
Access policy	The administrator uses policy attributes to create policies.
Risk profile	The administrator uses risk attributes to create risk profiles.

Data type

Data type	Description
Boolean	Condition that refers to two possible values: True False
Date	Date of the request.
Integer	Number that can be written without a fractional or decimal component.
String	Sequence of characters.
Time	Time of the request.
X500Name	Values with distinguished names.

Source type

Source type	Description
Active	Collected by the attribute collection service. The administrator must add JavaScript to the application so that active attributes can be collected. For example: system fonts.
Derived	Generated by a policy information point (PIP). For example: risk score.
Passive	Collected from the browser by the external authorization service (EAS) and placed into an XACML request. Attributes with this source type are collected by the policy enforcement point (PEP) without installing more software or challenging the client to provide more details. For example: user-agent HTTP header and client IP address.

Source

Source	Description
Attribute collection service	Collects information about the user device such as browser information, the operating system of the device, and the language of the device.
Consent external authentication interface	Asks the user for a device registration decision.
Device fingerprint count PIP	Counts the number of devices associated with the user.
Fiberlink MaaS360 PIP	Retrieves device attributes from the registered MaaS360 device inventory.
Geolocation PIP	Looks up the location of the user based on the IP address.
HTTP headers	Provides information about the request.
IP reputation PIP	Generates the IP reputation. See IP reputation for more information about IP reputation.
POST data	Collects information about the user and sends it to the external authorization service (EAS) as POST data. The EAS inserts this POST data into the decision request.
Risk engine	Generates the risk score. See Risk score calculation for more information about risk score calculation.
System time	Keeps the time of the system.
Security Verify Access credential	Collects information about the user from Security Verify Access.
Worklight JavaScript PIP	Parses the POST data from a Worklight adapter invocation and returns custom attributes that are created from the data that is contained within the POST from the parameters element.

Parent topic: Attributes