There are two layers of GFIPM technical standards: GFIPM Core Technical Standards and Guidelines and GFIPM Communication Profiles. Both layers are described below.

GFIPM Core Technical Standards and Guidelines

Building on the inter-organizational trust established through the GFIPM Federation Organizational Guidelines, the GFIPM Core Technical Standards and Guidelines serve to enable inter-organizational communications that are both cryptographically trusted and well understood by all parties involved. The following artifacts comprise the GFIPM Core Technical Standards and Guidelines.

GFIPM Metadata 1.0

The GFIPM Metadata 1.0 Specification defines a high-level conceptual model for describing metadata about users and system entities within an information-sharing federation. Its XML-based structure and content are based on NIEM 2.0, and it defines metadata concepts in an optional and over-inclusive manner. Please note that this spec has been deprecated in favor of the GFIPM Metadata 2.0 Specification.

Download the GFIPM Metadata 1.0 Spec (ZIP)

GFIPM Metadata 2.0

The GFIPM Metadata 2.0 specification builds on GFIPM Metadata 1.0 and incorporates new attributes about users, system entities, information resources, information-sharing actions, and environmental conditions within an information-sharing federation. Version 2.0 also differs from version 1.0 in that it specifies a flat (non-structured) data attribute model. Many of its attributes are still derived from NIEM attributes, but it does not retain NIEM’s XML structure.

Download the GFIPM Metadata 2.0 Spec (ZIP)

Browse the GFIPM Metadata 2.0 Specification Online (Opens in a New Window)

GFIPM Cryptographic Trust Model

The GFIPM Cryptographic Trust Model defines a normative schema for a GFIPM Cryptographic Trust Fabric, which is document shared among all members of a GFIPM federation. A GFIPM Cryptographic Trust Fabric document contains public key material and system entity metadata for each trusted endpoint in the federation. The spec also defines a set of processes by which the GFIPM Cryptographic Trust Fabric document is created, distributed, and updated based on changes in federation membership. In addition, it defines a normative set of rules that all federation members must follow during inter-organizational transactions to ensure that all transactions properly utilize the cryptographic trust fabric. The standard incorporates normative standards from SAML 2.0 and the GFIPM Metadata 2.0 spec.

Download the GFIPM Cryptographic Trust Model Spec (PDF)

GFIPM Federation Certification Practice Statement Template

The GFIPM Federation Certification Practice Statement (CPS) Template provides a non-normative CPS template and CPS authoring guidance to the certificate authority (CA) within any GFIPM federation. It contains recommendations that the CA can follow when writing its own CPS. This CPS template is based on IETF RFC 3647,Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework.

Download the GFIPM Federation Certification Practice Statement Template (MS Word)

GFIPM Federation Member Certificate Policy Template

The GFIPM Federation Member Certificate Policy (CP) Template provides a template and authoring guidance to any GFIPM federation on how to write its own Member CP. A federation’s Member CP specifies certificate and key management policies that all members of the federation must follow to ensure the integrity of cryptographic keys used for sensitive information-sharing transactions. This CP template is based on IETF RFC 3647, Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework.

Download the GFIPM Federation Member Certificate Policy Template (MS Word)

GFIPM Communication Profiles

GFIPM defines a suite of normative communication profiles that allow specific types of transactions and other communications to occur between federation participants. Each of these profiles builds upon the GFIPM Core Technical Standards and Guidelines as well as the GFIPM Federation Organizational Guidelines. The following artifacts comprise the GFIPM Communication Profiles.

GFIPM Web Browser User-to-System Profile

The GFIPM Web User-to-System Profile is a normative specification that defines a set of protocols and bindings for web browser-based interaction between users and resources across trust domains within a federation. It leverages parts of the SAML 2.0 specification, specifically Web Single Sign-On (SSO) and Single Log-Out (SLO). It also leverages the GFIPM Core Technical Standards and Guidelines.

Download the GFIPM Web Browser User-to-System Profile (PDF)

GFIPM Web Services System-to-System Profile

The GFIPM Web Services System-to-System Profile is a normative specification that defines a complete, composable web services protocol stack for basic system-to-system GFIPM use cases. It addresses relatively low-level details such as the proper use of the WS-Security standard for building SOAP messages that can be trusted within the context of the GFIPM Cryptographic Trust Model. It also describes how to properly compose and constrain web services industry standards for use within a GFIPM federation.

Download the GFIPM Web Services System-to-System Profile (PDF)

GFIPM.net

Global Federated Identity and Privilege Management

GFIPM Technical Standards