DRAFT NIH Organizational Person Schema
(4 March 2008)

Note: Quotations in examples are not part of the suggested value unless otherwise noted.

Objectclass: nihInetOrgPerson (OID 2.16.840.1.113762.0.2.1)
An entry of this type represents a person that uses NIH resources and services including but not limited to: current and past NIH employees, contractors, tenants of NIH facilities, participants in the NIH visiting porgrams, registered users of NIH computer facilities, grantees, reviewers, council members, collaborators, vendors, and parking permit holders.

Subclass of inetOrgPerson.

Table of Contents

1. Labeling Attributes

2. Personnel Attributes 3. General Attributes 4. Personal Attributes 5. Mail Address Attributes 6. Delivery Address Attributes 7. Physical Address Attributes 8. Organizational Attributes 9. Security Attributes 10. Ancillary Attributes Appendix A: Examples

1. Labeling Attributes

1.1 Common name
Displayable name representative of individual as well as the displayable form of a person's NIH unique identifier in the form "xxx-xxxx-xxx" (see "serialNumber"). At least one value must contain the "givenName" and "sn" attribute values (and "middleName" and "generationQualifier" if defined) and the NIH unique identifier in display form. Another value will represent the values of nihCommonGivenName, nihCommonSn, nihCommonMiddleName and nihCommonGenerationQualifier. No comma separated names will be allowed (e.g., lastname, firstname). It is advisable to only include firstnames, middle names, last names, and generation qualifiers in this attribute.
Attribute name: cn
OID: 2.5.4.3
Format: DirectoryString{64}
Source: Computed from "serialNumber", "givenName", "middleName", "sn", "generationQualifier", "nihCommonGivenName", "nihCommonMiddleName", "nihCommonSn", and "nihCommonGenerationQualifier".
Required: yes
MultiValued: True
Example(s): "James DOE", "Jim DOE", "James Michael DOE III", "001-0058-023"
1.2 Personal title
Prefix to name (e.g., Mr, Mrs, Dr, etc.) without periods.
1.3 Given name
Legal first name of person. Must be included in at least one "cn" attribute value which also includes the value of the "sn" attribute. This is automatically formatted with initial capitalization. Hyphen and single quote may not occur as the first or last character; accent may not occur as the first character.
1.4 Middle name or initial
Legal middle name of person, if any. If defined, must be included in a "cn" attribute value which also includes the values for the attributes "sn", "givenName", and, if defined, "generationQualifier". This is automatically formatted with initial capitalization. Hyphen and single quote may not occur as the first or last character; accent may not occur as the first character.
1.5 Surname
Legal last name of person. Must be included in at least one "cn" attribute value which also includes the value of the "givenName" attribute. This is automatically capitalized to avoid problems with mixed case surnames. Hyphen and single quote may not occur as the first or last character; accent may not occur as the first character.
1.6 Generation qualifier
Generation qualifier of person, if any, without periods. If defined, must be included in a "cn" attribute value which also includes the values for the attributes "sn", "givenName", and, if defined, "middlename".
1.7 Commonly used given name
Informal first name of person used in daily business happenings. This attribute may not be changed without the help of an approved NIH Enterprise Directory interface since the set of all nihCommon* values must be included as one value of the "cn" attribute. This is automatically formatted with initial capitalization. Hyphen and single quote may not occur as the first or last character; accent may not occur as the first character.
1.8 Commonly used middle name or initial
Informal middle name of person, if any, used in daily business happenings. This attribute may not be changed without the help of an approved NIH Enterprise Directory interface since the set of all nihCommon* values must be included as one value of the "cn" attribute. This is automatically formatted with initial capitalization. Hyphen and single quote may not occur as the first or last character; accent may not occur as the first character.
1.9 Commonly used surname
Informal last name of person used in daily business happenings. This attribute may not be changed without the help of an approved NIH Enterprise Directory interface since the set of all nihCommon* values must be included as one value of the "cn" attribute. This is automatically capitalized to avoid problems with mixed case surnames. Hyphen and single quote may not occur as the first or last character; accent may not occur as the first character.
1.10 Commonly used generation qualifier
Informal generation qualifier of person, if any, without periods, used in daily business happenings. This attribute may not be changed without the help of an approved NIH Enterprise Directory interface since the set of all nihCommon* values must be included as one value of the "cn" attribute.
1.11 Suffix qualifier
Suffix qualifier of person, if any, without periods. Can be representative of degrees and other titles. Value may be included in a "cn" attribute value.
1.12 Initials
A person's initials, without periods, of some or all of an individuals names NOT INCLUDING the surname. Can be appended with "sn" to create a displayable name (e.g., "J M Doe"). This attribute value is derived from the first characters of the "givenName" attribute and "middleName" attribute, if any. Value may be included in a "cn" attribute.
1.13 NIH Unique Identifier
The NIH unique identifier assigned to a person by the NIH Enterprise Directory (NED) in the form of 9 sequential digits with a ISO 7064 MOD 10,11 check digit. Only one unique identifier exists per NIH person. This value is always in non-display form "xxxxxxxxxx". The displayable form "xxx-xxxx-xxx" can always be found in the "cn" attribute (see "cn").

2. Personnel Attributes

2.1 Organizational title
The organizational title that this person holds within the organization. The value should include the organizational name that reflects the scope of the title, separate by a comma.
2.2 Organizational status
A person's category of employment. One of the following values will be chosen.
2.3 Business category
Terms that identify the business, technical, special interests, or functions of a person. This atttribute may be represented more than once.
2.4 Summer employment person
Set to "Y" to indicate that that the person is a temporary employee during the period May 1 to September 30 of current year. It may be set to "Y" only if the "organizationalStatus" attribute has a value of EMPLOYEE, FELLOW, GUEST, or VOLUNTEER. If the attribute does not exist, the person is considered a non-summer employee. Summer status persons may not obtain NIH parking hangers, and are not listed in the NIH Telephone and Service Directory nor the HHS email directory. They are automatically authorized for NIH Library services and their badges expire on or before September 30th of the current year. There are no other meaningful values for this attribute.
2.4 Position Sensitivity
The person's job position sensitivity level commensurate with the public trust responsibilities and attributes of the position as they relate to the efficiency of the Federal service in accordance with Title 5 Code of Federal Regulations Parts 731, 732. These numerical sensitivity levels are the codings used on all security questionnaires (SFs-85, 85P, and 86) and on various personnel forms, e.g. Position Description (OF-8), and SFs 50 and 52.

Valid values are the digits 1 through 6.
These levels relate to position sensitivity designations as follows:
1 = Non-Sensitive
2 = National Security Noncritical-Sensitive
3 = National Security Critical-Sensitive
4 = National Security Special-Sensitive
5 = Public Trust Moderate Risk
6 = Public Trust High Risk
2.5 Intramural Professional Designation
The person's intramural professional designation (IPD). Intramural professional designations are assigned to all NIH intramural staff for the purpose of identifying their relative level in the NIH research hierarchy.

3. General Attributes

3.1 Preferred email address
Preferred work email address of person. Also known as attribute "rfc822mailbox".
3.2 Email Forwarding address
Email forwarding address of person used by NIH email aliasing software to forward email sent to a person via an email address of the form "@nih.gov". A NIH unique email address (nihUniqueMail) needs to exist in order for this to be populated and used.
3.3 NIH unique email address
The person's NIH unique email forwarding address of the form "xx#x" which is used in the process of forwarding email to the person via addresses containing "@nih.gov". This is currently assigned by the NIH Email Forwarding System (PH).
3.4 Labeled URI
Labeled URL to resources related to this person. This consists of a URL followed by a label. Since space characters are not allowed to appear unencoded in URLs, there is no ambiguity about where the label begins. This atttribute may be represented more than once. Multiple values generally indicate different related resources but may indicate different locations for the same resource. Note that in some cases it may be helpful to include in the label some indication of the kind and/or size of the resource referenced. Reference IETF RFC 2079, RFC 1738 and RFC 2396.
3.5 Description
Text which describes the person object.
3.6 Email nicknames
Nicknames from the NIH Email Directory & Forwarding Service (PH). These names are single word nicknames that can be used in conjunction with the CSO/PH mail forwarding software.
This attribute will be used when the NIH Enterprise Directory takes on some of the abilities of the current NIH Email Directory & Forwarding Service (PH).
3.7 HHS unique email identifier
The person's HHS unique email identifier is the username (local) part of the SMTP email address for the HHS domain "@nih.hhs.gov". An HHS unique email identifier will not be reused for 90 days after the owner is inactivated in NED. HHS unique email identifiers generated by NED have the form First.LastN, where: Note: that legacy HHS unique email identifiers (have not been generated by NED) may contain non-alphabetic characters.

4. Personal Attributes (access restricted)

4.1 Home telephone number
Home telephone number of person in full international form (inital '+' followed immediately by country code followed by space separated phone number). This attribute may contain extensions by following the number by a space then 'x' then immediately followed by the extension. For example, "x35".
4.2 Home facsimile telephone number
Home facsimile telephone number of person in full international form (inital '+' followed immediately by country code followed by space separated phone number). The number can be followed by an optional bit string (formatted according to ITU-T Recommendation T.30).
4.3 Personal mobile telephone number
Personal mobile telephone number of person in full international form (inital '+' followed immediately by country code followed by space separated phone number). This attribute may contain extensions by following the number by a space then 'x' then immediately followed by the extension. For example, "x35".
4.4 Personal pager telephone number
Personal pager telephone number of person in full international form (inital '+' followed immediately by country code followed by space separated phone number). This attribute may contain extensions by following the number by a space then 'x' then immediately followed by the extension. For example, "x35".
4.5 Residential postal address
Person's full residential postal address, including street address, city, state, and postal code.
4.6 Emergency contact name, phone, description
In case of emergencies the name of the person, their telephone number and a description in the form "NAME::PHONE::DESCRIPTION", (NOTE: the separator is two colons '::') where NAME and PHONE is mandatory and phone in international form like the "telephoneNumber" attribute (see "telephoneNumber"). DESCRIPTION is optional. DESCRIPTION can be anything to make contact easier, for example, person's relationship to the individual, phone's location, availability times, etc..
4.7 Personal email address
Non-work associated email address of person.
4.8 Thumbnail photo
JPEG thumbnail photograph of person.
4.9 Photo
JPEG photograph of person.

5. Mail Address Attributes

5.1 U.S. postal address
Person's full work U.S. Postal Service address, including street address, city, state, postal code, etc., to which mail can be sent.
5.2 U.S. postal code
U.S. Postal Service ZIP code found in "postalAddress" attribute.
5.3 NIH mail stop number
4-digit NIH mail stop designation of person.

6. Delivery Address Attributes

6.1 Private courier delivery address
Work delivery address for private couriers (e.g., FedEx, UPS, etc.). Usually contains the "nihPhysicalPostalCode" attribute.

7. Physical Address Attributes

7.1 Physical locality of office
The geographical area, locality , or city where the person is physically located.
7.2 State name of physical office location
State name of location of the person's office.
7.3 Country name of physical office location
Always equal to "US".
7.4 Street address of physical office location
The physical address of the person's office (street address of building). Value may be included in the "nihPhysicalAddress" attribute.
7.5 Room number of physical office location
Physical location of a person. May specify room number, cube number, floor number, or any other meaningful number used to identify a person's physical location. Value may be included in the "nihPhysicalAddress" attribute.
7.6 Building name of physical office location
Building number or name of physical location of a person. Value may be included in the "nihPhysicalAddress" attribute.
7.7 House identifier of physical office location
Same value as "buildingName" attribute.
7.8 Physical office location address
Address of physical location of person. This can be made up of the attributes "street", "buildingName", "roomNumber", "l", "st" and "nihPhysicalPostalCode".
7.9 Site code
This is the NIH site code for a building. This code allows building names to be unambiguous if two should have the same number or name on different campuses. It consists of the state abbreviation "st" and a NIH campus abbreviation separated by a hyphen '-'.
7.10 Physical Postal Code
This is the postal code area that defines the physical office location of a person. Value may be included in the "nihPhysicalAddress" attribute and "nihDeliveryAddress" attribute. There are some cases in which one's mail delivery postal code is different from their physical postal code due to the use of a central mail processing facility. The processing facility may be recognized by a particular postal code even though the person is not physically located in the area defined by the postal code.

8. Organizational Attributes

8.1 Organization
The name of the IC which the person is associated with. If not associated with any particular IC then value shall be "NIH". Both the acronym and full organizational name are represented as separate instances of this attribute.
8.2 Organizational unit
Organization unit for the person. In most cases this attribute will represent the closest organization entity with which a person is associated. It should represent the organizational name corresponding to the person's "nihSAC" organizational code. For some persons this may be at an IC level.
Both the acronym and full organizational name are represented as separate instances of this attribute.
8.3 NIH Standard Administration Code (SAC)
NIH administrative code (SAC) of person's most specific organization. If not associated with any particular IC, the the value shall be "HN" representing NIH.

Reference DHHS General Administrative Manual Chapter 8-69" (p.381)

8.4 Organizational abbreviation path
A space-delimited sequence of organization acronyms for the person from least to most specific order. The path will start with the IC acronym.
This path may be created by parsing the "nihSAC" attribute one organizational level at a time and appending the acronym of the organization. The path is not required to be computed this way and does not have to be a direct interpretation of the official organizational hierarchy.
8.5 Office telephone number
Office telephone number of person in full international form (inital '+' followed immediately by country code followed by space separated phone number). This attribute may contain extensions by following the number by a space then 'x' then immediately followed by the extension. For example, "x35".
8.6 Office facsimile telephone number
Office facsimile telephone number of person in full international form (inital '+' followed immediately by country code followed by space separated phone number). This attribute may contain extensions by following the number by a space then 'x' then immediately followed by the extension. For example, "x35". the number can be followed by an optional bit string (formatted according to ITU-T Recommendation T.30).
8.7 Office mobile telephone number
Office mobile telephone number of person in full international form. (inital '+' followed immediately by country code followed by space separated phone number). This attribute may contain extensions by following the number by a space then 'x' then immediately followed by the extension. For example, "x35".
8.8 Office pager telephone number
Office pager telephone number of person in full international form (inital '+' followed immediately by country code followed by space separated phone number). NIH pager numbers with NIH exchange "102" should be represented so that calling can be initiated from outside the NIH system by using the NIH paging number "+1-800-644-2337" followed by an extension of the pager number. For example, "102-55555" should be represented as "+1-800-644-2337 x55555".
8.9 Office TTY/TDD telephone number
Office TTY/TDD telephone number of person in full international form (inital '+' followed immediately by country code followed by space separated phone number). A TTY or TDD (Telecommunications Device for the Deaf) is designed to allow hearing impaired people to communicate using telephone lines. This attribute may contain extensions by following the number by a space then 'x' then immediately followed by the extension. For example, "x35".
8.10 Company name
Company name for which a person works for if not an NIH employee. This is useful for contractors.
8.11 Company telephone number
Telephone number of the company for which a person works, if not a NIH employee, in full international form (inital '+' followed immediately by country code followed by space separated phone number). This attribute may contain extensions by following the number by a space then 'x' then immediately followed by the extension. For example, "x35". This will usually be the telephone number of the company referenced in the nihCompanyName attribute.
8.12 Secretary
Distinguished name of directory entry of person's secretary or timekeeper. Should contain a NIH unique identifier for specific identification.
8.13 Manager
Distinguished name of directory entry of person's supervisor or project officer. Should contain a NIH unique identifier for specific identification.

9. Security Attributes

9.3 Network authentication username
Sign-on name used to authenticate to various NIH network accessible applications. Acceptable characters are characters a-z nad A-Z and 0-9 only. No special characters. Not to exceed 20 characters.
9.3 Network authentication domain
Sign-on domain used in conjunction with nihSSOUsername used to authenticate to various NIH network accessible applications. This is represented as all upper-cased letters.

10. Ancillary Attributes

10.1 Status of person within organization
Status of person within the NIH directory system.
10.2 NIH unique identifier quality indicator
An indicator of the strength of the association of the NIH unique identifier to the information associated with this entry. This can be useful information when deciding on how much "trust" can be associated with the individual represented by this entry and the unique identifying number.
10.3 NIH unique identifier validator
Distinguished name of directory entry of administrator that validated the personal information associated with the unique identifier of this entry.
10.4 NIH unique identifier validation timestamp
Time at which the validation of the personal information associated with the unique identifier of this entry occured or the last time the information was reviewed for update.
10.5 Entry creation timestamp
The time at which the NIH unique identifier was first associated with this person's identity. This does not reflect the date at which the person was registered in the NIH Enterprise Directory, only the first time ever registered.
10.6 Entry last modify timestamp
Last modifed time of directory entry.
10.7 Entry creator's LDAP distinquished name
Distinguished name of first person to ever registered the NIH unique identifier.
10.8 Entry last modifier's name
Distinguished name of directory entry that last modified this entry. Ought to contain a NIH unique identifier for specific identification.
10.9 NIH operator unlisted directory entry
This attribute controls whether the entry is available to the NIH telephone operators and potentially printed in the NIH Telephone Directory. If set to "Y", this attribute indicates that an entry's information cannot be found by NIH telephone operators via their system. If it does not exist, the entry will be placed in their system. There are no other meaningful values for this attribute.

Note: Since Federal employee public information is subject to FOIA, an entry cannot be unlisted without justification.
10.10 Non-printed telephone directory entry
This attribute controls whether the entry is printed in the NIH Telephone Directory. If set to "Y", this attribute indicates that an entry's information is not printed in the NIH Telephone Directory. If it does not exist, the entry is printed. This attribute is ignored if the "nihDirEntryUnlisted" attribute has a value of "Y". There are no other meaningful values for this attribute.
10.11 nihJpegPhotoDate
Approximate date jpegPhoto photo was taken. This attribute will not be present if there is no jpegPhoto attribute.
10.12 AD account requested flag
Set to "Y" to indicate that an AD account has been requested to to be created for this person. Set to "N" when an AD account has been requested to be disabled for this person.
10.13 AD mailbox requested flag
Set to "Y" to indicate that an AD mailbox has been requested to to be created for this person. Set to "N" when an AD mailbox has been requested to be disabled for this person.
10.14 Red Parking Permit Authorization flag
If set this flag represents a code that indicates the reason a person as been authorized for a red parking permit.

Codes are as follows:

    Attribute name: nihRedParkingAuth
    OID: 2.16.840.1.113762.0.1.78
    Format: DirectoryString{5}
    Source: NEDWeb (RedParking Authorizer only)
    Required: no
    MultiValued: False
    Example(s): "GS15", "CO6", "ICSUB", "GSEQV"
10.15 nihRedParkingModID (Red Parking Permit modifier's LDAP distinquished name)
Distinguished name of directory entry that last modified this entry. Ought to contain a NIH unique identifier for specific identification.
    Attribute name: nihRedParkingModID
    OID: 2.16.840.1.113762.0.1.79
    Format: DN{255}
    Source: System generated
    Required: no
    MultiValued: False
    Example(s): "cn=001-0074-262, ou=people, dc=directory, dc=nih, dc=gov"
10.16 Red Alert Critical Authorization flag
If set, this flag represents a code that indicates that a person as been authorized to be recognized as Red Alert Critical status. The only other value is not to be set.
    Attribute name: nihRACAuth
    OID: 2.16.840.1.113762.0.1.86
    Format: DirectoryString{1}
    Source: NEDWeb (RAC Authorizer)
    Required: no
    MultiValued: False
    Example(s): "Y"

Appendix A: Examples

1. Minimum NIH person object entry (only required attributes) 
    cn = 001-0058-023
cn = James Doe
givenName = James
sn = DOE
serialNumber = 0010058023
o = CIT
o = Center for Information Technology
ou = DSS
ou = Distributed Systems Section
nihSAC = HNU333
organizationalStatus = CONTRACTOR
c = US
nihPersonStatus = ACTIVE
nihUidQuality = 2
nihCreateTimestamp = 19930214131030-0500
nihModifyTimestamp = 19930214131030-0500
2. Full NIH person object entry (all attributes represented) 
    cn = 001-0058-023
cn = James DOE
cn = Jim DOE
cn = James Michael DOE III
cn = Jim Michael DOE
personalTitle = Mr
givenName = James
middleName = Michael
sn = DOE
generationQualifier = III
nihCommonGivenName = Jim
nihCommonMiddleName = M
nihCommonSn = DOE
nihCommonGenerationQualifier = III
nihSuffixQualifier = PhD
initials = J M
serialNumber = 0010058023
title = Team Leader, Distributed Systems Section
organizationalStatus = CONTRACTOR
businessCategory = scientist
businessCategory = engineer
businessCategory = molecular biology
nihPosSensitivity=1
nihIPD=Senior Investigator
mail = jd15e@nih.gov
nihMailForwarding = JDoe@mail.nih.gov
nihUniqueMail = jd15e
labeledURI = http://www.cit.nih.gov Center for Information Technology
labeledURI = http://www.cit.nih.gov/person/James_Doe.gif Portrait [photo]
description = staff
nihEmailNicknames = Jimmy
nihEmailNicknames = James
nihEmailNicknames = spooky
nihHHSUniqueMail= Jim.Doe
homePhone = +1 301 123 4567
homeFax = +1 301 123 4567
personalMobile = +1 301 245 4321
personalPager = +1 301 543 4578
homePostalAddress = 6453 SYCAMORE ST$BALTIMORE MD$29045
nihPersonEmergencyContact = George Jones::+1 301 321 4321::Father
nihPersonEmergencyContact = Mrs. Jones::+1 301 123 9876::9AM-5PM
nihHomeMail = jdoe@erols.com
thumbnailPhoto = <JFIF encoded>
jpegPhoto = <JFIF encoded>
postalAddress = 12 SOUTH DR$BG 12A RM 2025 MSC 1234$BETHESDA MD 20892-1234
postalCode = 20892-1234
nihMailstop = 1234
nihDeliveryAddress = 12 SOUTH DR RM 4039$BETHESDA MD 20814
l = BETHESDA
st = MD
c = US
street = 12 SOUTH DR
roomNumber = 2025
buildingName = 12A
houseIdentifier = 12A
nihPhysicalAddress = BG 12A RM 2025$12 SOUTH DR$BETHESDA MD 20814
nihPhysicalPostalCode = 20814
nihSite = MD-BC
o = CIT
o = Center for Information Technology
ou = DSS
ou = Distributed Systems Section
nihSAC = HNU333
nihOrgPath=CIT OCRS CFB DSS
telephoneNumber = +1 301 496 1234
facsimileTelephoneNumber = +1 301 496 1234
mobile = +1 301 496 2345
pager = +1 301 496 3456
nihTTY = +1 301 496 4321
nihCompanyName = Acme Inc
nihCompanyPhone = +1 301 321 1234 x25
secretary = cn=001-0128-162, ou=people, dc=directory, dc=nih, dc=gov
manager = cn=001-0092-979, ou=people, dc=directory, dc=nih, dc=gov


nihSSOUsername=jdoe
nihSSODomain=NIH
nihPersonStatus = ACTIVE
nihUidQuality = 2
nihUidValidator = cn=001-0092-321, ou=people, dc=directory, dc=nih, dc=gov
nihUidValidationTimestamp = 19930214131030-0500
nihCreateTimestamp = 19930214131030-0500
nihModifyTimestamp = 19930214131030-0500
nihCreatorsName = cn=001-0064-639, ou=people, dc=directory, dc=nih, dc=gov
nihModifiersName = cn=001-0074-262, ou=people, dc=direcotry, dc=nih, dc=gov
nihDirEntryUnlisted = Y
nihDirEntryNoPrint = Y
nihJpegPhotoDate = 2001-02-21
nihADAcctReq = Y
nihADMailboxReq = Y
nihRedParkingAuth = ICSUB
nihRedParkingModID = cn=001-0074-262, ou=people, dc=direcotry, dc=nih, dc=gov
nihRACAuth = Y