Security considerations
The primary security consideration for composed attributes is that they can expose the values of other attributes.
For example, if the cn
attribute is composed from the values of the givenName
and sn
attributes, then a user with permission to read the cn
attribute could determine the values of the givenName
and sn
attributes even if they do not have permission to read these attributes directly.
This is not typically a significant concern, and you can address it by ensuring that the user’s access-control configuration restricts access to source attributes used in a composed attribute value pattern and imposes similar restrictions to the composed attribute.