GFIPM uses a standardized XML credential as the key part of federated identity to be used by members and partners of the justice community. Using the GFIPM credential will allow information to be shared in a new way-with reduced management burden and improved security and on a broader scale. It represents a strategic change and dramatic improvement in the way justice organizations establish the electronic trust needed to share information.
At the highest level of concept within the GFIPM model, there are three vital components that must interact between users of multiple systems:
Within a federation, organizations play one or both of two roles: identity provider and/or service provider. The identity provider is the authoritative entity responsible for authenticating an end user and asserting an identity for that user in a trusted fashion to trusted partners. The identity provider is responsible for account creation, provisioning, password management, and general account management. This may be achieved with existing locally accepted security mechanisms and tools.
Federation partners who offer services or share resources are known as service providers. The service provider relies on the identity provider to assert information about a user via an electronic user credential, leaving the service provider to manage access control and dissemination based on a trusted set of user credential assertions. As mentioned above, an organization that is a service provider can also be an identity provider.
For further details, see GFIPM Overview or download the PDF file below for offline reading.