The International Grid Trust Federation Charter
Definition of the FederationThe International Grid Trust Federation (IGTF) is a body to establish common policies and guidelines between its Policy Management Authorities (PMAs) members and to ensure compliance to this Federation Document amongst the participating PMAs. The IGTF does not provide identity assertions but instead ensures that - within the scope of this federation document - the assertions issued by accredited authorities of any of its member PMAs meet or exceed an authentication profile relevant to the accredited authority.
This document is authoritative for all operations and actions of the IGTF.
MembershipThe International Grid Trust Federation consists of the Asia Pacific Grid Policy Management Authority, the European Policy Management Authority for Grid Authentication in e-Science, and The Americas Grid Policy Management Authority. Each PMA is represented in the IGTF via its chair. By virtue of its membership of a PMA, each member of a PMA is subject to the IGTF Federation document and is thus a member of the Federation.
General ArchitectureThe member PMAs are responsible for accrediting authorities that issue identity assertions. The PMAs do not themselves issue such assertions; the authentication authorities will provide identity assertions for use in inter-organisational resource access.
The IGTF maintains a set of authentication profiles (APs) that specify the policy and technical requirements for a class of identity assertions and assertion providers. For each AP different stipulations regarding identity management, operational requirements, and site security may be in effect. The management and continued evolution of an AP is assigned by the IGTF to a specific member PMA. Proposed changes to an AP will be circulated by the chair of the PMA managing the AP to all chairs of the IGTF member PMAs. All of the PMA chairs, after approval by their PMA, are required to endorse the proposed changes before the modified AP will come into effect. The IGTF will maintain a list of supported authentication profiles and their managing PMAs in the information repository.
Each of the PMAs will accredit credential-issuing authorities and document the accreditation policy and procedures. Authorities accredited by a PMA are always subject to the policies and practices of a specific AP as decided by the accrediting PMA. The PMA's decision regarding accreditation of an authority is based on at least the (publicly available) documents describing the policies and practices of the authority. Authentication profiles will stipulate additional requirements for accreditation. Any changes to the policy and practices of a credential-issuing authority after accreditation will void the accreditation unless the changes have been approved by the accrediting PMA prior to their taking effect.