NIEF Technical Specifications

NIEF has adopted the following technical specifications to ensure security and product compatibility for a wide range of vendor products, as well as interoperability at many levels, including on-the-wire protocol flows and business attribute semantics.

For each spec, we have provided a link to download or view it. Note that in some cases, links to multiple versions of a spec are included. We strongly recommend using the most recent available versions of our specs whenever possible.

Available NIEF Specs:

NIEF Cryptographic Trust Model

The NIEF Cryptographic Trust Model defines a standard for software service endpoint descriptors, also known as “metadata” structures. In NIEF, we refer to these structures as “trust fabric” entries, because each structure represents a trusted endpoint that belongs to a NIEF member agency. To help our member agencies maintain security and trust, we publish a NIEF Trust Fabric XML File containing a full list of service endpoints registered by NIEF members. In addition, we maintain a NIEF Trust Fabric Registry software tool.

Available Versions:

NIEF Web Browser User-to-System Profile

The NIEF Web Browser User-to-System Profile defines a profile of the Security Assertion Markup Language (SAML) Single Sign-On (SSO) Profile, which enables NIEF Identity Provider Organizations (IDPOs) to make secure, trusted assertions about their users for the benefit of NIEF Service Provider Organizations (SPOs).

Available Versions:

NIEF Web Services System-to-System Profile

The NIEF Web Services System-to-System Profile defines a series of Service Interaction Profiles (SIPs) through which NIEF member organizations can engage in various types of secure system-to-system transactions using SOAP and the Web Services (WS-*) suite of standards. Supported patterns include basic system-to-system transactions without users, transactions executed on behalf of users, attribute query/response transactions, and others.

Available Versions:

NIEF REST Services Profile

The NIEF REST Services Profile defines a series of Service Interaction Profiles (SIPs) through which NIEF member organizations can engage in various types of secure transactions using RESTful services and RESTful single sign-on and authorization protocols, including OpenID Connect and OAuth 2. Supported patterns include basic system-to-system transactions without users, transactions executed on behalf of users, attribute query/response transactions, and others.

Available Versions:

NIEF Attribute Registry

The NIEF Attribute Registry defines a set of attribute definitions that capture various concepts necessary to help NIEF member organizations make trust and access control decisions about other NIEF member organizations and users. It includes attribute definitions about users, software service endpoints (non-user “entities”), resources, actions, and environmental conditions. It also includes various “attribute bundles” that represent collections of attributes applicable to specific use cases or applications.

Available Versions:

NIEF Attribute Profile

The NIEF Attribute Profile defines a set of attribute bundles, in the NIEF Attribute Registry, that are applicable to NIEF member organizations. This spec reflects the attribute-asserting capabilities of NIEF IDPOs and the attribute-consuming requirements of NIEF SPOs, and it provides a guideline to help NIEF member organizations understand how they can achieve attribute-level interoperability with each other.

Available Versions:

NIEF Attribute Encoding Rules

The NIEF Attribute Encoding Rules document defines a set of rules for how software endpoints in NIEF should encode attributes from the NIEF Attribute Registry within the context of various protocols and standards.

Available Versions: