Inter-organizational trust in an information sharing federation must be built upon a well-defined federation governance structure, operational policies and procedures, and trusted membership documentation. Towards that objective, GFIPM provides a set of organizational guidelines that implementers can use when establishing a federation. Without the mutual inter-organizational trust created by these guidelines, it would not be possible to establish trust at the technical level of cryptographic standards and protocols. The following artifacts comprise the GFIPM Federation Organizational Guidelines.
GFIPM Governance Guidelines
The GFIPM Governance Guidelines document defines the governance structure for a GFIPM federation, including the parties that play a role in the governance structure (e.g. Board of Directors, Federation Management, Identity Providers, Service Providers, Trusted Identity Brokers, etc.) and the decisions to be made by each party.
GFIPM Operational Policies and Procedures Guideline
The GFIPM Operational Policies and Procedures Guideline document describes the operational policies and procedures that govern the basic operation of a federation for trusted information sharing, including federation membership, change management for federation standards, help desk policies, etc. It also contains some normative language related to operational protocol between parties in the federation.
GFIPM Membership Agreements Set
The GFIPM Membership Agreements Set is a guideline specifying a set of documents that must be submitted or completed by each member of a GFIPM federation during the membership application process. It includes a signed agreement, similar to a memorandum of understanding (MOU), submitted by a member to indicate its willingness to obey the rules as specified in the GFIPM Operational Policies and Procedures Guideline.