Specifications for the Swedish eID Framework

January 2020

Copyright © The Swedish Agency for Digital Government (DIGG), 2015-2020. All Rights Reserved.

This is the January 2020 version of the Swedish eID Framework. As of January 17th, 2020 it replaces the previous June 2018 release as the official version for the Swedish eID Framework.

If you have feedback or questions regarding the Technical Framework make a post to the "Tekniskt ramverk"-thread on https://forum.eidasweb.se.

Changes since last version

Below follows a listing of all significant changes since the June 2018 of the Swedish eID Framework.

• The introduction document for the Swedish eID Framework is now also available in English. See 00 - Introduction to the Swedish eID Framework.
• The Deployment Profile for the Swedish eID Framework specification now contains the section Cryptographic Algorithms listing the requirements for crypto algorithm support for being compliant with the Swedish eID Framework.
• The specification Principal Selection in SAML Authentication Requests was introduced. It defines a SAML extension that may be used by a service provider to inform an identity provider about a known identity of a user. The Deployment Profile for the Swedish eID Framework defines how, and when, the extension may be used.
• The Swedish eID Framework is no longer normativaly dependent upon SAML2Int.
• Section 7, Authentication for Signature, of the "Deployment Profile for the Swedish eID Framework" specification was where "Sign Message Authentication Context URIs" were deprecated and the use of the signMessageDigest attribute was introduced.
• In order to facilitate algorithm interoperability between peers, additions concerning "Metadata Profile for Algorithm Support" [SAML2MetaAlgSupport] was added to the Deployment Profile for the Swedish eID Framework specification. This includes requirements for how an entity should declare preferred algorithms in its metadata entry, and how these should be interpreted.
• The Attribute Specification for the Swedish eID Framework specification now defines the signMessageDigest attribute that should be used instead of the special purpose sigmessage Authentication Context URI:s. The specification also adds a definition of a HSA-ID attribute.
• The Entity Categories for the Swedish eID Framework specification now defines the "secure-authenticator-binding" entity category. Its main purpose is that service providers may indicate in their metadata that they wishes that QR-codes is used for Mobile BankID (and Freja eID). The specification also defines the service entity category "loa3-hsaid" that is to be used as an alternative to loa3-pnr when HSA-ID is the primary user attribute (and not a personal identity number).
• The Certificate Profile for Certificates Issued by Central Signing Services specification was updated with the section Extended Authentication Information. This extension makes it possible to store additional information about a user's authentication in a signing certificate (for example a transactionID).
• The Implementation Profile for BankID Identity Providers within the Swedish eID Framework specification was updated with the following:
  • Requirements for ensuring that only the intended user can see a sign message.
  • Requirements that a BankID IdP should include the <psc:RequestedPrincipalSelection> element in its metadata, and recommendations and requirements for the <psc:PrincipalSelection> extension.
  • Directives how to behave when a user cancels an operation.
  • The requirements for how an identity provider should behave when it needs the user personal identity number. This includes QR-code handling and use of the <psc:PrincipalSelection> extension.

Each document also contains a "Changes between versions" section where you can see what has been updated for that particular specification.

For a detailed list of changes you can view all changes in GitHub using this link: https://github.com/swedenconnect/technical-framework/compare.

Check out the GitHub project for this release: https://github.com/swedenconnect/technical-framework/projects/3. Here you can see all the GitHub issues describing each change that was made to the specifications.

Introduction

Overview that describes the different parts of the Swedish eID Framework.

Tekniskt ramverk - Introduktion | pdf download - In Swedish

Introduction to the Swedish eID Framework | pdf download - In English

Specifications

• 02 - Deployment Profile for the Swedish eID Framework - version 1.6 | pdf download
• 03 - Registry for Identifiers - version 1.6 | pdf download
• 04 - Attribute Specification for the Swedish eID Framework - version 1.6 | pdf download
• 06 - Entity Categories for the Swedish eID Framework - version 1.7 | pdf download
• 07 - Implementation Profile for using DSS in Central Signing Services - version 1.4 | pdf download
• 08 - Certificate Profile for Central Signing Services - version 1.2 | pdf download
• 09 - DSS Extension for Federated Signing Services - version 1.3 | pdf download
• 11 - eIDAS Constructed Attributes Specification for the Swedish eID Framework - version 1.1 | pdf download
• 12 - BankID Profile for the Swedish eID Framework - version 1.2 | pdf download
• 13 - Signature Activation Protocol - version 1.1 | pdf download
• 14 - Principal Selection in SAML Authentication Requests - version 1.0 | pdf download

Download a ZIP-file of all specifications in PDF-format.

All specifications are also available in Markdown format on GitHub - https://github.com/swedenconnect/technical-framework. Here you can follow the further development of the Swedish eID Framework.