Use and configure sensitive attribute definitions to customize the level of client data access and encryption protection needed.
For a PingDirectory server instance, data encryption only applies to the on-disk storage. Although it doesn't automatically protect information accessed or replicated between servers, the server offers mechanisms to provide that protection, such as SSL, StartTLS, and SASL.
All client communication using either SSL or StartTLS encryption and all replication traffic using SSL encryption helps ensure that the data is protected from unauthorized individuals who might eavesdrop on network communication. You can enable this communication security independently of data encryption.
If data encryption is enabled, you should use secure communication to protect network access to that data.
Protecting client data access isn't as simple as enabling secure communication. In some cases, you might want to allow insecure access to some data. In other cases, you might need to have additional levels of protection in place to ensure that some attributes are more carefully protected. To achieve varying levels of protection, use sensitive attribute definitions.
The following table explains the sensitive attribute definitions and their configuration properties.
Sensitive attribute | Configuration details |
---|---|
|
Specifies the set of attribute types whose values might be considered sensitive. You must provide at least one attribute type and define all specified attribute types in the server schema. |
|
Indicates whether the set of sensitive attributes that might contain sensitive information should automatically be updated to include any operational attributes maintained by the PingDirectory server itself. This includes the |
|
Indicates whether sensitive attributes can be used in filters. This applies not only to the filter used in search requests, but also to filters that can be used in other places, such as the assertion and join request controls. The value of this property must be one of the following:
|
|
Indicates whether sensitive attributes can be included in entries created by
The value of this property must be one of the following:
|
|
Indicates whether sensitive attributes can be targeted by the assertion used in a compare operation. The value of this property must be one of the following:
|
|
Indicates whether sensitive attributes can be updated using modify operations. The value of this property must be one of following:
|
By default, allow-in-returned-entries
,
allow-in-filter
, allow-in-add
,
allow-in-compare
, and allow-in-modify
properties
have values of secure-only
only. This prevents the possibility of
exposing sensitive data in the clear to anyone able to observe network
communication.
Sensitive attributes and client connection policies
If a client connection policy references a sensitive attribute definition, any restrictions imposed by that definition are enforced for clients associated with this client connection policy. If multiple sensitive attribute definitions are associated with a client connection policy, the server uses the most restrictive combination of all of those sets.
Sensitive attributes and other security mechanisms
The sensitive attribute definitions work in conjunction with other security mechanisms defined in the server and can only be used to enforce additional restrictions on clients.
Never use sensitive attribute definitions to grant a client additional access to
information that it didn't have already through other means. For example, if the
employeeSSN
attribute is declared a sensitive attribute and the
allow-in-returned-entries
property has a value of
Secure-only
, then the employeeSSN
attribute is only
returned to those clients that have both permissions granted by the access control rules
defined in the server and are communicating with the server over a secure
connection.
The employeeSSN
attribute is stripped out of entries returned to
clients normally authorized to see it if they are using insecure connections. It is also
stripped out of entries for clients normally not authorized to see it even if they have
established secure connections.