Difference between revisions of "Welcome to the GFIPM Implementation Portal"

From GFIPM Implementation Wiki
Jump to: navigation, search
Line 33: Line 33:
  
 
Also note that the normative standards listed here do not cover non-IT topics such as governance, policy, or other nontechnical interoperability requirements. Please review [GFIPM U2S Profile] and/or [GFIPM S2S Profile] in conjunction with this document prior to beginning the on-boarding process.
 
Also note that the normative standards listed here do not cover non-IT topics such as governance, policy, or other nontechnical interoperability requirements. Please review [GFIPM U2S Profile] and/or [GFIPM S2S Profile] in conjunction with this document prior to beginning the on-boarding process.
 
== Getting started ==
 
* [http://www.mediawiki.org/wiki/Manual:Configuration_settings Configuration settings list]
 
* [http://www.mediawiki.org/wiki/Manual:FAQ MediaWiki FAQ]
 
* [https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce MediaWiki release mailing list]
 
 
Consult the [http://meta.wikimedia.org/wiki/Help:Contents User's Guide] for information on using the wiki software.
 

Revision as of 22:27, 13 January 2011

This wiki comprises a collection of accumulated expertise and insights about how to implement information systems that are interoperable with a Global Federated Identity and Privilege Management (GFIPM) federation. It addresses four system implementation scenarios: identity provider, service provider, web service consumer, and web service provider.

GFIPM Background

The Global Federated Identity and Privilege Management (GFIPM) Security Interoperability Demonstration project was initiated in 2005 by the Global Security Working Group (GSWG) to investigate the concept of federated identity and privilege management (FIPM) as a candidate solution for information sharing interoperability challenges that have arisen in the law enforcement and justice community. Jointly funded by the Department of Justice (DOJ) and the Department of Homeland Security (DHS), the demonstration project successfully met all of the initial objectives and resulted in the creation of several valuable products, including a set of draft interoperability specifications, a freely available implementation of GFIPM middleware, and an operational pilot GFIPM federation. As a result of this success, the Global Justice Information Sharing Initiative (Global) recognized GFIPM as "the recommended approach for development of interoperable security functions for authentication and privilege management for information exchange among cross-domain justice information sharing systems.

The GSWG established a GFIPM Delivery Team (GFIPM DT) to evolve the initial GFIPM products and specifications into a fully vetted and production-quality capability that can be leveraged across federal, state, local, and tribal justice and public safety communities. The GFIPM DT currently acts as the governance body for a GFIPM pilot operational federation and for day-to-day decisions on developing the GFIPM implementation framework.

For purposes of this document, the term "operational federation" refers to a GFIPM-compliant federation that provides live data to authorized law enforcement users associated with a small number of "early adopter" organizations. This operational pilot federation is the National Information Exchange Federation (NIEF). NIEF allows law enforcement organizations to engage in the process of sharing controlled unclassified information (CUI) with each other in a cost-effective and scalable manner. The Georgia Tech Research Institute (GTRI) is currently acting as the Federation Manager for NIEF with the GFIPM DT acting as the NIEF Board of Directors. (The roles of Federation Manager and Federation Board of Directors are defined in the GFIPM Governance Guideline document [GFIPM Gov].)

Additional information on Global and GFIPM can be found at http://it.ojp.gov/gfipm.

About This Wiki

The purpose of this wiki is to provide implementers with essential information and instructions on how to integrate information systems into a GFIPM federation such as NIEF. These systems may include existing user databases or directories, and/or various existing or planned databases, portals, or other mission information resources. The document provides an organized collection of knowledge and insights gained by the initial GFIPM implementers; it will evolve over time to capture additional best practices and insights as they are developed.

Note that some of the key technologies used within GFIPM are relatively new open standards (e.g., OASIS SAML 2.0, WS-Security, and others). Given that most justice-community organizations will presumably be interested in integrating their existing, older legacy systems with these new technologies in a GFIPM federation, it is likely that they will encounter unique implementation challenges for which there is no established "best" solution. This document provides implementers with guidance based on initial experience, but it does not address all possible implementation scenarios. For the benefit of the entire GFIPM stakeholder community, implementers are encouraged to submit summaries of lessons learned during their GFIPM implementation process to gfipm-support@lists.gatech.edu, so that they can be incorporated into future versions of this document.

Target Audience

The target audience for this document includes managers and technical representatives of prospective GFIPM participant organizations that are planning to implement an identity provider (IDP) and/or a service provider (SP) within a GFIPM federation. It also includes vendors, contractors, and consultants who are required to establish technical interoperability with GFIPM standards as part of their project or product implementation.

GFIPM Normative Technical Standards

The implementation guidance in this document pertains to the use of the following GFIPM normative technical standards.

  • GFIPM Metadata Specification 2.0 - Defines a vocabulary of attributes that can be used to describe facts about federated users and federated service endpoints. The GFIPM Metadata standard is an essential part of the GFIPM concept of federated identity and privilege management.
  • GFIPM Cryptographic Trust Model 1.1 - Defines a cryptographic trust model that provides a technical basis for all trusted communications between service endpoints in a GFIPM federation.
  • GFIPM Web Browser User-to-System Profile 1.1 - Specifies technical interoperability requirements for connection to a GFIPM federation as an IDP or SP.
  • GFIPM Web Services System-to-System Profile 1.0 - Specifies technical interoperability requirements for connection to a GFIPM federation as a Web service consumer (WSC) or Web service provider (WSP).

Each of these standards is evolving. The maintainers of this Implementation Guide will make every attempt to keep its content up to date with respect to changes in the GFIPM technical standards, but in some cases this document may not reflect the most current implementation best practices.

Also note that the normative standards listed here do not cover non-IT topics such as governance, policy, or other nontechnical interoperability requirements. Please review [GFIPM U2S Profile] and/or [GFIPM S2S Profile] in conjunction with this document prior to beginning the on-boarding process.

Retrieved from "https://impl.gfipm.net/mwiki/index.php?title=Welcome_to_the_GFIPM_Implementation_Portal&oldid=26"