GFIPM Technical Standards

The GFIPM Metadata 1.0 specification defines a high-level conceptual model for describing metadata about users and system entities within an information-sharing federation. Its XML-based structure and content are based on NIEM version 2.0, and it defines metadata concepts in an optional and over-inclusive manner.

Download the GFIPM Metadata 1.0 Spec (ZIP)

The GFIPM Metadata 2.0 specification builds on GFIPM Metadata 1.0 and incorporates new attributes about users, system entities, information resources, information-sharing actions, and environmental conditions within an information-sharing federation. Version 2.0 also differs from version 1.0 in that it specifies a flat (non-structured) data attribute model. Many of its attributes are still derived from NIEM attributes, but it does not retain NIEM's XML structure.

Download the GFIPM Metadata 2.0 Spec (ZIP)
Browse the GFIPM Metadata 2.0 Specification Online (Opens in a New Window)

The GFIPM Cryptographic Trust Model defines a normative schema for a GFIPM Cryptographic Trust Fabric, which is document shared among all members of a GFIPM federation. A GFIPM Cryptographic Trust Fabric document contains public key material and system entity metadata for each trusted endpoint in the federation. The spec also defines a set of processes by which the GFIPM Cryptographic Trust Fabric document is created, distributed, and updated based on changes in federation membership. In addition, it defines a normative set of rules that all federation members must follow during inter-organizational transactions to ensure that all transactions properly utilize the cryptographic trust fabric. The standard incorporates normative standards from SAML 2.0 and the GFIPM Metadata 2.0 spec.

Download the GFIPM Cryptographic Trust Model Spec (PDF)

The GFIPM Federation Certification Practice Statement (CPS) Template provides a non-normative CPS template and CPS authoring guidance to the certificate authority (CA) within any GFIPM federation. It contains recommendations that the CA can follow when writing its own CPS. This CPS template is based on IETF RFC 3647, Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework.

PLEASE NOTE: This document has been deprecated. An updated version will be available soon.

Download the GFIPM Federation Certification Practice Statement Template (MS Word)

The GFIPM Federation Member Certificate Policy (CP) Template provides a template and authoring guidance to any GFIPM federation on how to write its own Member CP. A federation's Member CP specifies certificate and key management policies that all members of the federation must follow to ensure the integrity of cryptographic keys used for sensitive information-sharing transactions. This CP template is based on IETF RFC 3647, Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework.

Download the GFIPM Federation Member Certificate Policy Template (MS Word) COMING SOON

The GFIPM Web User-to-System Profile is a normative specification that defines a set of protocols and bindings for web browser-based interaction between users and resources across trust domains within a federation. It leverages parts of the SAML 2.0 specification, specifically Web Single Sign-On (SSO) and Single Log-Out (SLO). It also leverages the GFIPM Core Technical Standards and Guidelines.

Download the GFIPM Web Browser User-to-System Profile (PDF)

The GFIPM Web Services System-to-System Profile is a normative specification that defines a complete, composable web services protocol stack for basic system-to-system GFIPM use cases. It addresses relatively low-level details such as the proper use of the WS-Security standard for building SOAP messages that can be trusted within the context of the GFIPM Cryptographic Trust Model. It also describes how to properly compose and constrain web services industry standards for use within a GFIPM federation.

Download the GFIPM Web Services System-to-System Profile (PDF) COMING SOON