U.S. flag

An official website of the United States government, Department of Justice.

Global Federated Identity and Privilege Management (GFIPM): Web Browser User-to-System Profile

NCJ Number
Date Published
April 2012
33 pages
Publication Series

This document addresses the needs of justice organizations seeking ways to provide secured access to multiple agency information systems with one single logon; its main chapter on GFIPM Web Browser User-to-System profile includes 14 subsections on topics including presentation and user interface, use of SAML 2.0 Web SSO Profile and Single Logout (SLO) profile, use of GFIPM user metadata, Trust Fabric, error handling, and more; it also includes two appendices with sample GFIPM XML artifacts and details of the document history.


This document specifies technical interoperability requirements for connection to an operational Global Federated Identity and Privilege Management (GFIPM) federation in the Web Browser User-to-System use case. Its target audience includes technical representative of prospective federation participants who intend to join a GFIPM federation as identity provider organizations (IDPOs), service provider organizations (SPOs), or both, as well as vendors, contractors, and consultants who are required to establish technical interoperability with a GFIPM federation as part of their project or product implementation. This document’s focus is only on issues of technical interoperability; it excludes discussion of governance, policy, and other nontechnical interoperability requirements. The GFIPM framework provides the justice community and its partner organizations with a standards-based approach for implementing federated identity. Common use of these standards across federation systems is crucial to their interoperability. Leveraging the Global Justice XML and National Information Exchange Model (NIEM), a standard set of XML-based elements and attributes (collectively referred to as GFIPM metadata) about a federation user’s identities, privileges, and authentication can be universally communicated.

Date Published: April 1, 2012