| security-requirements | May 2026 | |
| Lindström | Informational | [Page] |
This specification defines security requirements for participants in the Sweden Connect identity federation. It establishes baseline requirements for transport protection, cryptographic algorithms, key lengths, and key rollover that apply to both the SAML and the OpenID Connect parts of the federation. The requirements herein extend, and are intended to be read together with, the existing Sweden Connect SAML and OpenID Connect profiles.¶
Sweden Connect operates an identity federation comprising both a SAML 2.0 federation and an OpenID Connect federation. Participants of either federation include Identity Providers, OpenID Providers, Service Providers, Relying Parties, and other supporting entities, all of which rely on cryptographic mechanisms to authenticate peers, protect messages in transit, and assert claims about subjects.¶
To ensure a consistent and adequate level of security and interoperability across the federation, a common set of requirements is needed for how transport security is applied, which cryptographic algorithms and key lengths are acceptable, and how keys are rolled over without disrupting other parties.¶
This specification collects these requirements in one place. It is intended to be read together with the "Sweden Connect SAML Deployment Profile" [SAML.SC.Profile] or the "OpenID Connect Profile for Sweden Connect" [OIDC.SC.Profile], extending and, where applicable, tightening the requirements stated in those documents.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
All transactions MUST be protected in transit by TLS as described in [NIST.800-52].¶
For the Sweden Connect SAML federation, all parties MUST conform to the applicable recommendations in [SAML.Security].¶
For the Sweden Connect OpenID Connect federation, all parties MUST conform to the applicable recommendations in section 16, "Security Considerations", of [RFC6749], and to those found in "OAuth 2.0 Threat Model and Security Considerations" [RFC6819].¶
All entities compliant with this profile MUST follow the guidelines in [NIST.800-131A] regarding the use of algorithms and key lengths. Specifically, the following requirements apply to signature and encryption keys:¶
RSA public keys MUST be at least 2048 bits in length. 3072 bits or more is RECOMMENDED.¶
EC public keys MUST be at least 256 bits in length (signature only).¶
Participants in the Sweden Connect SAML federation MUST comply with the algorithm requirements given in Section 8 of [SAML.SC.Profile].¶
Section 7.1 of [OIDC.Sweden.Profile] defines cryptographic requirements that are extended by this specification in order to facilitate federation interoperability.¶
Participants in the Sweden Connect OpenID Connect federation MUST comply with the algorithm requirements specified below.¶
All entities MUST support validation of signatures using any of the following algorithms:¶
RS256, RSASSA-PKCS1-v1_5 using SHA-256, as defined in Section 3.3 of [RFC7518].¶
RS384, RSASSA-PKCS1-v1_5 using SHA-384, as defined in Section 3.3 of [RFC7518].¶
RS512, RSASSA-PKCS1-v1_5 using SHA-512, as defined in Section 3.3 of [RFC7518].¶
ES256, ECDSA using P-256 and SHA-256, as defined in Section 3.4 of [RFC7518].¶
ES384, ECDSA using P-384 and SHA-384, as defined in Section 3.4 of [RFC7518].¶
ES512, ECDSA using P-521 and SHA-512, as defined in Section 3.4 of [RFC7518].¶
All entities MUST support encryption using any of the following algorithms:¶
RSA-OAEP, RSAES OAEP using default parameters, as defined in Section 4.3 of [RFC7518].¶
RSA-OAEP-256, RSAES OAEP using SHA-256 and MGF1 with SHA-256, as defined in Section 4.3 of [RFC7518].¶
ECDH-ES, ECDH Ephemeral Static direct key agreement, as defined in Section 4.6 of [RFC7518].¶
An entity holding an RSA protocol key MUST support decryption using any of the following algorithms:¶
RSA-OAEP, RSAES OAEP using default parameters, as defined in Section 4.3 of [RFC7518].¶
RSA-OAEP-256, RSAES OAEP using SHA-256 and MGF1 with SHA-256, as defined in Section 4.3 of [RFC7518].¶
An entity holding an EC protocol key MUST support decryption using the following algorithm:¶
ECDH-ES, ECDH Ephemeral Static direct key agreement, as defined in Section 4.6 of [RFC7518].¶
A participant in the Sweden Connect federation wishing to update any of its keys MUST do so without disrupting other parties in the federation. This is especially important for SAML Identity Providers and OpenID Connect Providers.¶
The following requirements regarding key rollover apply:¶
An entity wishing to start using a new signature key MUST publish this key (or certificate) in its metadata before putting it into use. The time between publication and initial use MUST be at least as long as the validity period of the published metadata.¶
exp claim of the entity's Entity Statement; see Section 3.1.1 of [OpenID.Federation].¶
Once a new signature key has been put into use, the previous key SHOULD be removed from the entity's metadata.¶
An entity that begins using a new encryption/decryption key MUST remove the previous key from its metadata immediately, but MUST retain the ability to use it for decryption for a limited time afterwards. This time MUST be at least as long as other parties may hold a valid cached version of the entity's metadata. The same validity periods as for signing keys above apply.¶
For SAML entities, Section 2.1.1.2 of [SAML.SC.Profile] MUST be adhered to.¶
OpenID Connect entities consuming peer metadata MUST be able to handle multiple keys with the same usage.¶
kid parameter for all keys in its JWK Set. This specification changes this requirement to REQUIRED.¶
Copyright (c) The Swedish Agency for Digital Government (Digg), 2015-2026. All Rights Reserved.¶
[[ To be removed from the final specification ]]¶
-00¶