How to Deploy a GFIPM Service Provider in an Operational Federation

This article presents the steps required to deploy an SP on the operational federation to ensure its connection and interoperability to the GFIPM Trust Fabric.

During your deployment in the test environment, you were able to use all the test environment's resources. If you are now deploying your SP in the NIEF operational federation, here are the equivalent production resources that you can leverage:

• Publicly accessible information about NIEF is available at https://nief.gfipm.net/.
• The NIEF Trust Fabric document is located at https://nief.gfipm.net/trust-fabric/nief-trust-fabric.xml.

Note that there are no test IDPs or SPs in an operational federation such as NIEF. The operational federation contains live data, and test identities should never be used within it.

Any new SP must be "connected" to the NIEF federation (or your own GFIPM federation) by adding the SP to the federation's trust fabric. The trust fabric update process consists of these steps:

1. Provide your SP's entity metadata to the federation manager.
2. The federation manager adds the new entity to the federation trust fabric.
3. All participants load the new federation trust fabric into their IDPs and SPs.

Before or during your deployment, you must also fill out an Implementation Documentation Form for SP and submit it to your federation manager as part of the membership application process. A template of this form is available from your federation manager. It requests the following information.

• SP software platform details (OS, Web Server, SAML Software, etc.)
• GFIPM Metadata enablement of resources
• Network configuration notes

Your ability to test your SP in the operational federation will be limited because of the lack of test IDPs in the operational federation. According to the usage policies of most SPs in an operational federation, only real users using real identities (with valid user data, permissions, and privileges) are permitted to use (i.e., test) the production systems. Therefore, when executing your SP's Test Plan in the operational federation, you must perform the necessary tests using real users (from your organization and others). As before, write a Test Report to be distributed within your organization and to all testing partners.

To publicize your organization's resources to federation users, you must supply a list of your GFIPM-available resources to the federation manager, including the following information about each resource:

• Resource name
• Resource description
• How to use the resource
• Access control policy
• Usage scenarios

Extensive examples for the above information are available at http://nief.gfipm.net/ for each of the existing participants.