Resource Integration Profiles

From GFIPM Implementation Wiki
Jump to: navigation, search
Go back


The following resource integration profiles are based on common categories of resources and applications. Their purpose is to help resource owners better understand the level of effort required to federation-enable specific types of resources. Note that a specific resource may or may not fit neatly into a specific integration profile. This section does not necessarily describe an exhaustive set of resource classes, but rather provides enough detail about the critical differences between resources to illuminate the important issues that must be addressed when federation-enabling them.

For discussions of the actual techniques that can be used for federation enablement of resources that fit these integration profiles, see "Resource Integration Techniques."


Profile 1: Read-Only Content Without Individual User Accounts

A resource in Profile 1 has the following characteristics:

  • It is used for dissemination of information.
  • It does not require a unique pre-provisioned user account for each user.
  • It may require the user's identity and contact information for auditing purposes.
  • It requires some basic information about the user for access control.
  • It does not require personalization data.
  • It has no persistence requirement.


Profile 2: Resource With Individual User Accounts and Dynamic Provisioning

A resource in Profile 2 has the following characteristics:

  • Its provisioning requirement can be met by GFIPM Metadata and leverage the IDP user vetting without the need for any additional out-of-band communication or user vetting during the provisioning process.
  • It requires the user's identity and contact information for auditing purposes.
  • It requires information about the user at account provisioning time for provisioning the account's access control permissions.
  • It may require personalization data.
  • It has a requirement for persistence of user account information between sessions.


Profile 3: Resource With Individual User Accounts and Pre-Provisioning

A resource in Profile 3 has the following characteristics:

  • It requires a unique pre-provisioned user account for each user.
  • Its provisioning requirement cannot be met by GFIPM Metadata and IDP vetting alone, since it requires out-of-band communication to facilitate a direct relationship with the user during the provisioning process. However, GFIPM can provide single sign-on functionality with an account linking capability for it after the provisioning process is complete.
  • It requires the user's identity and contact information for auditing purposes.
  • It requires information about the user at account provisioning time for provisioning the account's access control permissions.
  • It may require personalization data.
  • It has a requirement for persistence of user account information between sessions.


Go back