Data Classification Verification Algorithms
You can use verification algorithms in a Data Classification policy object of type Regular Expression to filter the regular expression results. This will enforce additional restrictions and validations on matched phrases. The verification algorithm will take as an input each one of the data classification policy objects’ regular expression match result strings, and will remove results that do not meet the criteria defined within the algorithm.
File Access Manager comes with a set of verification algorithms out of the box for standard verifications, such as Luhn, for credit card numbers, or SSN algorithms. In addition, you can write a verification algorithm, upload it to the File Access Manager website, and use it in data classification policy objects.
Out of the Box Verification Algorithms
Verification algorithms for common rules are pre-loaded in File Access Manager:
- Luhn (Credit Card Number)
- US SSN
- Netherlands BSN
- Israeli ID
- IBAN
- South African ID
The dropdown list of verification algorithms in the Rule Criteria screen includes out of the box algorithms, as well as algorithms uploaded by the user.
Creating a Verification Algorithm
The assembly must target .NET Standard 2.1 or .NET 6.0. These will be referred to as the supported .NET platforms.
- You may write only one implementation class of the
IDataClassificationVerifier
interface per assembly. - It is only possible to upload one assembly per verification algorithm. In case your code requires usage of additional referenced assemblies, you must pack them all into one assembly.
Note
Verification algorithm assemblies written in previous versions of File Access Manager (in .NET Framework 4.5) must be removed, re-written to target one of the supported .NET platforms as mentioned above, and uploaded again.
Walkthrough
- Create a new .NET Framework Class Library targeting a supported .NET platform.
- In your project, add a reference to the assembly
FAM.DataClassification.Verifiers.dll
. This assembly is provided by SailPoint, and contains theIDataClassificationVerifier
interface. This assembly can be downloaded from Compass. - Create a new class that implements the
IDataClassificationVerifier
interface. - This class must provide an implementation of the only public method defined in the interface named “Verify”. This method takes as an argument a match result string and returns a boolean that denotes if the verification passed or failed.
- Build your project, and upload the output assembly as described in the Verification Algorithms screen.
This uploaded verification algorithm will now be available in the verification algorithm dropdown list of the Policy Object screen, alongside the other built-in or uploaded algorithms.
Examples
Below is an example of code to create a verification DLL that verifies that the number passed is even.
using FAM.DataClassification.Verifiers;
namespace VerificationAlgorithmExample
{
public class EvenNumberVerificationAlgorithm : IDataClassificationVerifier
{
/// <summary>
/// Example for a custom verifier that verifies that the input is an even number
/// </summary>
/// <param name="value">A regular expression match result</param>
/// <returns>True if passed verification, False if failed</returns>
public bool Verify(string value)
{
if (long.TryParse(value, out long parsedLong))
{
return parsedLong % 2 == 0;
}
return false;
}
}
}