Who owns NIEF?
The National Identity Exchange Federation Center (“NIEF Center”) is a non-profit 501(c)(3) legal entity and a subsidiary of the Georgia Tech Applied Research Corporation. The NIEF Center is managed and operated through the Georgia Tech Research Institute (GTRI) under contract with the U.S. Dept. of Justice, in conjunction with GTRI’s role in supporting the Global Federated Identity and Privilege Management (GFIPM) program.While NIEF is run as a 501(c)(3) legal entity, it is really a justice-based identity federation which has been constructed using the Global Federated Identity and Privilege Management (GFIPM) standards to provide an operational, national identity federation for the purpose of secure information sharing within the justice, homeland security, emergency management, and public safety communities.
Who can apply to become a member of NIEF?
Membership in NIEF is open to all U.S. justice, homeland security, emergency management, and public safety agencies, as well as other agencies and organizations that provide information services to these communities.
What is the value of joining NIEF?
If you join NIEF as an IDP, you will immediately benefit from the wealth of justice-related information resources at all levels of government that are already available to you from the current NIEF partners. If you join NIEF as a SP, you will immediately benefit from its more than 95,000 users, representing various justice-related organizations, who can access your information resources (subject to your access control policy) without requiring you to manage any additional user accounts.
How much does it cost to join NIEF?
There are currently no membership fees levied by NIEF on its members. This policy is subject to change, however. As NIEF grows and its administrative needs increase, NIEF may consider alternative funding mechanisms to ensure long-term sustainability of the federation.Despite having no formal fee structure, NIEF membership is not “free”, as it entails certain requirements that impose certain costs on its member agencies. These requirements and associated costs include the following.
- Member agencies are required to participate in NIEF’s governance process, which typically entails a time commitment by one or more agency representatives.
- Member agencies typically incur costs to support the development of software that allows their existing systems to conform to the NIEF technical specifications.
- Member agencies typically incur costs to support the ongoing operation of systems that are connected to NIEF. These support costs typically include server hardware costs, ongoing system administration costs, and costs associated with additional help desk support that may arise due to a greater user base for the systems and services provided by the agency.
How does NIEF protect user identity information?
NIEF has adopted a suite of technical standards that are built on the Security Assertion Markup Language (SAML), SOAP-based Web Services (WS-*), and emerging RESTful industry standards and protocols, and require the protection of personally identifiable information (PII) in transit using FIPS 140-2 compliant cryptography.
What can NIEF partners do with the identity information?
NIEF service providers are required by policy to limit their use of PII to making authorization decisions, dynamically provisioning accounts, and performing audit logging. Any additional use of PII about a user is prohibited unless the following conditions are met: (1) the user’s IDP must agree to it, and (2) it must be disclosed to the user.
Does NIEF engage in “inter-federation” arrangements with other federations?
No. NIEF previously attempted to support the “inter-federation” concept via a “Trusted Identity Broker” (TIB) model, in which a “Trusted Identity Broker Organization” (TIBO) would act as a broker between one federation and another. But we discovered that the TIB/TIBO model carried unacceptable consequences in terms of legal liability for NIEF and its member agencies, so we no longer support the TIBO membership role. In lieu of the TIB/TIBO model, NIEF now supports a trustmark-based approach that enables many aspects of “inter-federation” connectivity without the challenges and drawbacks of the TIB/TIBO approach.
Can I create separate data exchange agreements with NIEF partners?
Yes. The primary goal of NIEF is to enable a wider range of secure information exchanges among its member agencies. In support of this goal, NIEF provides a basic infrastructure consisting of governance, policies and procedures, cryptographic trust, and open standards for securely sharing identity information about users and non-user (system) entities. NIEF members are encouraged to leverage this federated security infrastructure to meet their business information exchange goals. For example, NIEF enables and supports all of these data exchange relationships.
- Some member agencies operate on a fee-based service model, and want to charge other member agencies for access to services.
- Some member agencies regard NIEF membership as a minimal security requirement and impose additional peer-to-peer requirements on other NIEF members as a prerequisite for information exchanges with those agencies.
- Some member agencies join NIEF despite having pre-existing business relationships with one or more other NIEF members and technology infrastructure in support of those relationships.
- In these cases and others, NIEF seeks to enable new, more efficient ways of sharing data where possible, while also supporting pre-existing relationships and business processes where required.
How can I determine whether my partners are already in NIEF?
You can see at a glance which agencies are already members of NIEF by visiting the List of NIEF Members.
How can I determine what resources are available in NIEF?
The list of resources available to users through NIEF is not publicly available; however, prospective NIEF members can obtain this information by contacting the NIEF federation manager.
What steps must I take to prepare to join NIEF?
The steps required to prepare your organization for joining NIEF will differ depending on several factors, including your level of readiness for implementing federated identity technologies and the specific information-sharing goals you want to achieve. The GFIPM Implementation Portal provides detailed, step-by-step guidance for implementing a GFIPM identity provider or service provider.