The table below addresses roles and responsibilities from a GFIPM organizational standpoint.
GFIPM Organizational Roles and Responsibilities
Federation Manager Organization (FMO)
1. Vet prospective federation member organizations for membership.
2. Provide authentication credentials to member organizations.
3. Provide mechanism for authenticating member organizations.
Identity Provider Organization (IDPO)
1. Vet end users for access to the federation.
2. Provide authentication credentials to end users.
3. Authenticate end users.
4. Generate user assertions containing GFIPM metadata.
Service Provider Organization (SPO)
1. Provide application-level services to federation end users.
2. Perform access control based on GFIPM metadata.
Trusted Identity Broker Organization (TIBO)
1. Vet brokered IDPOs and their IDPs.
2. Represent brokered IDPs to the federation.
3. Generate user assertions containing GFIPM metadata on behalf of users from brokered IDPs.