This project report is divided into eight chapters and one appendix, including: project background and objectives; Federated Identity and Privilege Management concept; project overview, with details about approach, project participants, and assumptions and constraints; architecture, including Identity Provider structure and single sign-on integration points, Security Assertion Markup Language usage profile for GIFPM, and more; project execution and timeline; pilot federation, including sections on Criminal Information Sharing Alliance (CISA) the Pennsylvania Justice Network (JNET); lessons learned and conclusions; next steps, including GFIPM standards development, violation, and vetting, and establishment of Federation Governance Structure; and the appendix includes related initiatives and standards, such as e-authentication, Law enforcement Information Sharing Program (LEISP), and more.
This document presents the report for the Global Federated Identity and Privilege Management (GFIPM) Security Interoperability Demonstration project (demo project). This project addresses the problem of achieving secure information sharing in order to improve the operational efficiency and effectiveness of organizations and agencies involved in carrying out their respective responsibilities to preserve, protect, and promote the public safety of the nation and its citizenry. The demo project sought to achieve the following objectives: to demonstrate that registered subscribers of one federation participant can access the web-based resources of another federation participant without the requirement to register with more than one federation participant; to demonstrate that federation participants can retain control over their resources and make local dissemination and access control decisions based on a shared set of user attributes; to demonstrate single sign-on (SSO) across federation web applicants; to demonstrate federated authentication and authorization between disparate local technologies and vendor implementations; and to establish a baseline of common attributes for identity and authorization assertions. The project produced several outcomes and deliverables, including a set of draft GFIPM standards, an initial set of freely available GFIPM federation infrastructure middleware and tools, extensive documentation including lessons learned and technical point papers, and most importantly, an operational GFIPM pilot federation.