IGTF Federation Charter Document

The IGTF – through its members – develops guidance, coordinates requirements, and harmonizes assurance levels, for the purpose for supporting trust between distributed IT infrastructures for research. This goal is accomplished by the members of the IGTF through coordination of providers of trust information (authorities) and consumers thereof (relying parties) and by agreement to sets of common standards, minimum requirements, and best practices for policy, technical security, and operational trust.

For the purpose of establishing and maintaining and identity federation service, the IGTF maintains a set of authentication profiles (APs) that specify the policy and technical requirements for a class of identity assertions and assertion providers. The member PMAs are responsible for accrediting authorities that issue identity assertions with respect to these profiles. The PMAs do not themselves issue such assertions; the authentication authorities will provide identity assertions for use in inter-organisational resource access.

For each AP different stipulations regarding identity management, operational requirements, and site security may be in effect. The management and continued evolution of an AP is assigned by the IGTF to a specific member PMA. Proposed changes to an AP will be circulated by the chair of the PMA managing the AP to all chairs of the IGTF member PMAs. All of the PMA chairs, after approval by their PMA, are required to endorse the proposed changes before the modified AP will come into effect. The IGTF will maintain a list of supported authentication profiles and their managing PMAs in the information repository.

Each of the PMAs will accredit credential-issuing authorities and document the accreditation policy and procedures. Authorities accredited by a PMA are always subject to the policies and practices of a specific AP as decided by the accrediting PMA. The PMA’s decision regarding accreditation of an authority is based on at least the (publicly available) documents describing the policies and practices of the authority. Authentication profiles will stipulate additional requirements for accreditation. Any changes to the policy and practices of a credential-issuing authority after accreditation will void the accreditation unless the changes have been approved by the accrediting PMA prior to their taking effect.

The IGTF shall support and foster activities, and maintain and make available guidelines, to support the establishment of global trust for distributed IT infrastructures to support authorization, attribute management, credential management, and collaboration on IT security issues, to the extent relevant for its participant members and member PMAs and member relying parties.

The IGTF consists of the Asia Pacific Grid Policy Management Authority, the European Policy Management Authority for Grid Authentication in e-Science, and The Americas Grid Policy Management Authority. Each PMA is represented in the IGTF via its chair. By virtue of its membership of a PMA, each member of a PMA is subject to the IGTF Federation document and is thus a member of the Federation.