Federation Id
Active / In UseFull Formal Attribute Name
gfipm:2.0:user:FederationId
Abbreviated Formal Attribute Name
FederationId
Definition
The persistent, federation-unique identifier for the user, comprising a federation part, an optional trusted identity broker (TIB) part, an identity provider (IDP) part, and a local ID. All parts of the identifier are delimited by colons. The general format of a federation ID for a user is: "{Federation}:[TIB:{TIB}:]IDP:{IDP}:USER:{User ID}".
{Federation} is required, and is a globally unique federation identifier. It must contain only alphanumeric characters and dashes. Federation identifiers are managed via the GFIPM Federation Name Registry. Information about this registry is available at the following URL.
http://gfipm.net/fed-registry.html
"TIB" and {TIB} are required only for identities asserted by trusted identity brokers. {TIB} must uniquely identify a trusted identity broker within the federation. It must contain only alphanumeric characters and dashes.
"IDP" and {IDP} are required. If preceded by a TIB part, {IDP} must uniquely identify an identity provider that is brokered by the TIB within the federation. If not preceded by a TIB identifier, {IDP} must uniquely identify an identity provider that is NOT brokered by a TIB within the federation. {IDP} must contain only alphanumeric characters and dashes.
"USER" and {User ID} are required, and must uniquely identify a user from the identity provider indicated in the IDP part. The format of {User ID} is undefined, and is intended to match the format in which the IDP stores local user IDs. Typical format choices may include email address or X.509 common name.
{Federation} is required, and is a globally unique federation identifier. It must contain only alphanumeric characters and dashes. Federation identifiers are managed via the GFIPM Federation Name Registry. Information about this registry is available at the following URL.
http://gfipm.net/fed-registry.html
"TIB" and {TIB} are required only for identities asserted by trusted identity brokers. {TIB} must uniquely identify a trusted identity broker within the federation. It must contain only alphanumeric characters and dashes.
"IDP" and {IDP} are required. If preceded by a TIB part, {IDP} must uniquely identify an identity provider that is brokered by the TIB within the federation. If not preceded by a TIB identifier, {IDP} must uniquely identify an identity provider that is NOT brokered by a TIB within the federation. {IDP} must contain only alphanumeric characters and dashes.
"USER" and {User ID} are required, and must uniquely identify a user from the identity provider indicated in the IDP part. The format of {User ID} is undefined, and is intended to match the format in which the IDP stores local user IDs. Typical format choices may include email address or X.509 common name.
Data Type
Text
Version Number
2.0
Usage Information
None Provided
Example Content
"DOJTB:IDP:XYZ:USER:johndoe@example.org",
"NIEF:IDP:RISS:USER:riss.user@rissnet.net",
"NIEF:TIB:CJIS-Portal:IDP:RISS:USER:riss.user@rissnet.net",
"CONNECT:IDP:XYZ12:USER:johndoe99"
"NIEF:IDP:RISS:USER:riss.user@rissnet.net",
"NIEF:TIB:CJIS-Portal:IDP:RISS:USER:riss.user@rissnet.net",
"CONNECT:IDP:XYZ12:USER:johndoe99"
NIEM Xpath
N/A
NIEM Definition
N/A
Source
GFIPM Metadata Straw Man
Misc. Notes
Will eventually be deprecated and superseded by https://nief.org/attribute-registry/attributes/user/nief/UniqueSubjectId/1.0/