This page provides a brief overview of GFIPM Web Services and the downloadable GFIPM Web Services Implementer Toolkits that are available to implementers.
Brief Primer on GFIPM Web Services
The GFIPM Web Services System-to-System Profile [GFIPM S2S Profile] is a normative specification that enables the implementation of secure, interoperable system-to-system interactions between participating organizations within a GFIPM federated environment. Version 1.0 of [GFIPM S2S Profile] provides normative language for four GFIPM Web Services Service Interaction Profiles (GFIPM-WS SIPs) that are based on SOAP and the related suite of WS-* industry standards. Each GFIPM-WS SIP defines a specific type of system-to-system interaction model.
The GFIPM-WS Consumer-Provider SIP covers the most basic interaction model, in which a Web Service Consumer (WSC) sends a request to a Web Service Provider (WSP) and subsequently receives a response from the WSP. This SIP does not allow for the use of sessions or ancillary token-granting services, and does not allow for transactions to be explicitly performed on behalf of users. The figure below illustrates this SIP.
The GFIPM-WS User-Consumer-Provider SIP covers a more complex interaction model, in which a Web Service Consumer (WSC) sends a request to a Web Service Provider (WSP) on behalf of a user, and subsequently receives a response from the WSP. This SIP allows for the use of a SAML assertion within the WSC’s request message, so that the WSP can make an access control decision based on trusted attributes provided by the user’s Identity Provider (IDP). The figure below illustrates this SIP.
The GFIPM-WS Trusted Identity Broker SIP works just like the GFIPM-WS User-Consumer-Provider SIP (see above), except that the SAML assertion is provided not by the user’s IDP, but by a GFIPM Trusted Identity Broker (TIB) acting on behalf of the user’s IDP. For more information about the concept of a GFIPM TIB and inter-federation trust, please see the GFIPM Trusted Identity Broker Onboarding Guide.
The GFIPM-WS SAML Assertion Delegate Service SIP is intended for use in conjunction with the GFIPM Web Services User-Consumer-Provider SIP and the GFIPM Web Services Trusted Identity Broker SIP. It provides a normative specification for the interaction between a WSC and an Assertion Delegate Service (ADS) for the purpose of acquiring a SAML assertion for a user.
GTRI Implementer Toolkits Available for Download
To support the adoption of GFIPM Web Services by the GFIPM community, the Georgia Tech Research Institute (GTRI) has developed several GFIPM Web Services Implementation Toolkits and made them available to the GFIPM implementer community. These toolkits support the development of secure, cross-platform interoperable SOAP-based web services in both the Microsoft .NET environment and the Java Glassfish/Metro environment. The toolkits support all four of the Service Interaction Profiles (SIPs) that are described above.