Version 2.0 of the Metadata Specification provides a significant expansion of the scope of the previous versions, which defined attributes pertaining to users and entities; this document includes three new categories of attributes as well as user and entity attributes, and more; this document provides the full range of metadata that can pertain to an information sharing transaction and the access control policies that a transaction must conform to.
The Global Federated Identity and Privilege Management (GFIPM) Metadata 2.0 specification defines common syntax and semantics for metadata describing users; entities; resources, including sensitive data objects, databases, and documents; actions, such as attempts by users or entities to access resources; and the data-sharing environment. The document is divided into ten sections, with the first being an introduction and the tenth being a call for feedback from users; the second section provides the scope of the GFIPM Metadata Specification; the third section discusses metadata package contents; section four provides a summary of changes to previous versions; section five provides the rationale for the change from XML to flat attribute model; section six is on SAML assertion encoding rules for user attributes; section seven discusses trust fabric encoding rules for entity attributes; and sections eight and nine discuss encoding and use of new attribute categories, and metadata extensions and changes, respectively. This metadata can be for identification, authentication, privilege management, auditing, and personalization across a federation. The GFIPM metadata has been developed based on data requirements and feedback from GFIPM Delivery Team members, Global Security Working Group (GSWG) members, and other GFIPM stakeholders. The GFIPM Metadata Specification can include any attribute that represents a concept meeting the following criteria: two or more agencies can agree on the attribute’s applicability to identity and privilege management for the purpose of secure interagency information sharing; two or more agencies can agree on a common definition and content for the attribute; and the attribute is semantically distinct from existing GFIPM attributes. The authors expect this GFIPM metadata specification to undergo additional iterations over time, and express their desire for comments and feedback from a broader community of reviewers to expand the perspective beyond the requirements of the contributors that have led to the current version.