What are GFIPM Technical Roles and Responsibilities?

The table below addresses roles and responsibilities from a GFIPM Technical standpoint.

GFIPM Technical Roles and Responsibilities

Role

Responsibilities

Certificate Authority (CA)

1. Sign cryptographic certificates for member systems.

2. Sign the GFIPM Cryptographic Trust Fabric document.

3. Distribute the GFIPM Cryptographic Trust Fabric document to all member organizations.

Identity Provider (IDP)

1. Perform authentication for end users.

2. Generate SAML assertions containing GFIPM metadata about users.

3. Conform to the GFIPM Web Browser User-to-System Profile.

SAML Service Provider (SP)1

1. Provide Web-based access to application-level services for end users.

2. Enforce resource access control policies based on GFIPM metadata from IDPs.

3. Conform to the GFIPM Web Browser User-to-System Profile.

Web Service Consumer (WSC)

1. Provide a connecting point through which a member organization can connect to GFIPM Web Services providers (WSPs).

2. Conform to the GFIPM Web Services System-to-System Profile.

Web Service Provider (WSP)

1. Provide Web Services-based access to application-level services for member organizations and their end users.

2. Conform to the GFIPM Web Services System-to-System Profile.

Authorization Service (AS)

1. Make authorization decisions on behalf of other GFIPM Web Services providers (WSPs) and issue tokens that can be used at those WSPs.

2. Conform to the GFIPM Web Services System-to-System Profile.

Validation Service (VS)

1. Provide validation of tokens, including GFIPM User Assertions, on behalf of other GFIPM Web Services providers (WSPs).

2. Conform to the GFIPM Web Services System-to-System Profile.

Trusted Identity Broker (TIB)

1. Generate SAML assertions containing GFIPM metadata about users from brokered IDPs.

2. Conform to the GFIPM Web Browser User-to-System Profile.