GFIPM Technical Specs
There are two layers of GFIPM technical standards: GFIPM Core Technical Standards and Guidelines and GFIPM Communication Profiles. Both layers are described below.
GFIPM Core Technical Standards and Guidelines
Building on the inter-organizational trust established through the GFIPM Organizational Guidelines, the GFIPM Core Technical Standards and Guidelines serve to enable inter-organizational communications that are both cryptographically trusted and well understood by all parties involved. The following artifacts comprise the GFIPM Core Technical Standards and Guidelines.
GFIPM Attribute Registry
The GFIPM Attribute Registry defines attributes about users, system entities, information resources, information-sharing actions, and environmental conditions within an information-sharing federation.
Browse the GFIPM Attribute Registry
GFIPM Cryptographic Trust Model [DEPRECATED]
DEPRECATION NOTICE: This document has been deprecated by the GFIPM Task Team. Agencies and stakeholders that require detailed knowledge of GFIPM trust model recommendations are encouraged to consult the NIEF Cryptographic Trust Model and adapt it to their needs as appropriate. For more information and guidance about this recommendation, please contact help@gfipm.net.
The GFIPM Cryptographic Trust Model defines a normative schema for a GFIPM Cryptographic Trust Fabric, which is document shared among all members of a GFIPM federation. A GFIPM Cryptographic Trust Fabric document contains public key material and system entity metadata for each trusted endpoint in the federation. The spec also defines a set of processes by which the GFIPM Cryptographic Trust Fabric document is created, distributed, and updated based on changes in federation membership. In addition, it defines a normative set of rules that all federation members must follow during inter-organizational transactions to ensure that all transactions properly utilize the cryptographic trust fabric. The standard incorporates normative standards from SAML 2.0 and the GFIPM Metadata 2.0 spec.
Download the GFIPM Cryptographic Trust Model
GFIPM Member Certificate Policy Template [DEPRECATED]
DEPRECATION NOTICE: This document has been deprecated by the GFIPM Task Team. The GFIPM Task Team no longer recommends the organization of new GFIPM federations within the justice community, as this approach tends to fracture the community by creating unnecessary federation boundaries between would-be information sharing partners that belong to different federations. In lieu of establishing a new federation, the GFIPM Task Team now recommends that agencies adopt a componentized, decentralized approach to federated trust, similar to the trustmark-based approach that the National Identity Exchange Federation (NIEF) has adopted. For more information and guidance about how to pursue this approach, please contact help@gfipm.net.
The GFIPM Member Certificate Policy (CP) Template provides a template and authoring guidance to any GFIPM federation on how to write its own Member CP. A federation’s Member CP specifies certificate and key management policies that all members of the federation must follow to ensure the integrity of cryptographic keys used for sensitive information-sharing transactions. This CP template is based on IETF RFC 3647, Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework.
Download the GFIPM Member Certificate Policy Template
GFIPM Communication Profiles
GFIPM defines a suite of normative communication profiles that allow specific types of transactions and other communications to occur between federation participants. Each of these profiles builds upon the GFIPM Core Technical Standards and Guidelines as well as the GFIPM Federation Organizational Guidelines. The following artifacts comprise the GFIPM Communication Profiles.
GFIPM Web Browser User-to-System Profile [DEPRECATED]
DEPRECATION NOTICE: This document has been deprecated by the GFIPM Task Team. Agencies and stakeholders that require detailed knowledge of normative GFIPM SAML Single Sign-On technical requirements are encouraged to consult the NIEF Web Browser User-to-System Profile and adapt it to their needs as appropriate. For more information and guidance about this recommendation, please contact help@gfipm.net.
The GFIPM Web User-to-System Profile is a normative specification that defines a set of protocols and bindings for web browser-based interaction between users and resources across trust domains within a federation. It leverages parts of the SAML 2.0 specification, specifically Web Single Sign-On (SSO) and Single Log-Out (SLO). It also leverages the GFIPM Core Technical Standards and Guidelines.
Download the GFIPM Web Browser User-to-System Profile
GFIPM Web Services System-to-System Profile [DEPRECATED]
DEPRECATION NOTICE: This document has been deprecated by the GFIPM Task Team. Agencies and stakeholders that require detailed knowledge of normative GFIPM Web Services technical requirements are encouraged to consult the NIEF Web Services System-to-System Profile and adapt it to their needs as appropriate. For more information and guidance about this recommendation, please contact help@gfipm.net.
The GFIPM Web Services System-to-System Profile is a normative specification that defines a complete, composable web services protocol stack for basic system-to-system GFIPM use cases. It addresses relatively low-level details such as the proper use of the WS-Security standard for building SOAP messages that can be trusted within the context of the GFIPM Cryptographic Trust Model. It also describes how to properly compose and constrain web services industry standards for use within a GFIPM federation.