Building on the inter-organizational trust established through the GFIPM Organizational Guidelines, the GFIPM Core Technical Standards and Guidelines serve to enable inter-organizational communications that are both cryptographically trusted and well understood by all parties involved. The following artifacts comprise the GFIPM Core Technical Standards and Guidelines.
GFIPM Attribute Registry
The GFIPM Attribute Registry defines attributes about users, system entities, information resources, information-sharing actions, and environmental conditions within an information-sharing federation.
GFIPM Cryptographic Trust Model
The GFIPM Cryptographic Trust Model defines a normative schema for a GFIPM Cryptographic Trust Fabric, which is document shared among all members of a GFIPM federation. A GFIPM Cryptographic Trust Fabric document contains public key material and system entity metadata for each trusted endpoint in the federation. The spec also defines a set of processes by which the GFIPM Cryptographic Trust Fabric document is created, distributed, and updated based on changes in federation membership. In addition, it defines a normative set of rules that all federation members must follow during inter-organizational transactions to ensure that all transactions properly utilize the cryptographic trust fabric. The standard incorporates normative standards from SAML 2.0 and the GFIPM Metadata 2.0 spec.
GFIPM Member Certificate Policy Template
The GFIPM Member Certificate Policy (CP) Template provides a template and authoring guidance to any GFIPM federation on how to write its own Member CP. A federation’s Member CP specifies certificate and key management policies that all members of the federation must follow to ensure the integrity of cryptographic keys used for sensitive information-sharing transactions. This CP template is based on IETF RFC 3647, Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework.
GFIPM defines a suite of normative communication profiles that allow specific types of transactions and other communications to occur between federation participants. Each of these profiles builds upon the GFIPM Core Technical Standards and Guidelines as well as the GFIPM Federation Organizational Guidelines. The following artifacts comprise the GFIPM Communication Profiles.
GFIPM Web Browser User-to-System Profile
The GFIPM Web User-to-System Profile is a normative specification that defines a set of protocols and bindings for web browser-based interaction between users and resources across trust domains within a federation. It leverages parts of the SAML 2.0 specification, specifically Web Single Sign-On (SSO) and Single Log-Out (SLO). It also leverages the GFIPM Core Technical Standards and Guidelines.
GFIPM Web Services System-to-System Profile
The GFIPM Web Services System-to-System Profile is a normative specification that defines a complete, composable web services protocol stack for basic system-to-system GFIPM use cases. It addresses relatively low-level details such as the proper use of the WS-Security standard for building SOAP messages that can be trusted within the context of the GFIPM Cryptographic Trust Model. It also describes how to properly compose and constrain web services industry standards for use within a GFIPM federation.