Technical Specifications for the Sweden Connect Framework
This is the overview page for the Sweden Connect specifications. Listed below are the specifications from the latest official version (December 2024), along with the latest updates (drafts).
An introduction to the Sweden Connect Framework
Overview documents that describes the different parts of the Sweden Connect Framework.
Sweden Connect - Registry for identifiers
This document defines the structure for identifiers assigned by the Swedish Agency for Digital Government (Digg) and provides a registry for assigned identifiers.
Version 1.8
Authentication Specifications
Below follows a listing of all specifications for user authentication.
SAML: Deployment Profile for the Swedish eID Framework
This is the main SAML specification for the Sweden Connect Framework. It defines a SAML profile including metadata, request- and response processing as well as extensions for signature services.
Version 1.8
OIDC: OpenID Connect Profile for Sweden Connect
This profile is an extension of The Swedish OpenID Connect Profile for the Sweden Connect identity federation.
The profile aims to get a baseline security and to facilitate interoperability between relying parties and OpenID providers within the Sweden Connect identity federation.
Version 1.0
SAML: Attribute Specification for the Swedish eID Framework
This document specifies a SAML attribute profile for the Sweden Connect Framework. The attribute profile defines attributes for use within the Sweden Connect federation, and a number of defined attribute sets that may be referenced by other documents as means to specify specific attribute release requirements.
Version 1.8
OIDC: OpenID Connect Claims and Scopes Specification for Sweden Connect
This specification extends the Claims and Scopes Specification for the Swedish OpenID Connect Profile with OpenID Connect claims and scopes for usage within the Sweden Connect federation.
Version 1.0
OpenID Connect Claims and Scopes Specification for Sweden Connect
SAML: Entity Categories for the Swedish eID Framework
This specification contains the Entity Category definitions that are defined for the Sweden Connect Framework and that should be supported by Service Providers and Identity Providers that are part of the federation.
Version 1.9
eIDAS Constructed Attribute Specification for the Swedish eID Framework
This document provides specifications for constructed attributes.
The concept of constructed attributes is introduced in Swedish national authentication nodes (proxy nodes) delivering identity assertions to Swedish Service Providers based on user authentication with a foreign eID.
Version 1.2
eIDAS Constructed Attributes Specification for the Swedish eID Framework
SAML: Principal Selection in SAML Authentication Requests
This specification defines an element that may be included in the Extensions element of a SAML AuthnRequest where the requesting Service Provider can specify matching criteria that may be used by the Identity Provider to select the particular user that should be authenticated.
Version 1.0
SAML: User Message Extension in SAML Authentication Requests
This specification defines an element that may be included in the Extensions element of a SAML authentication request where the requesting Service Provider can specify a "user message" that is to be displayed for the user by the Identity Provider during the authentication phase.
Version 1.0
SAML: Implementation Profile for BankID Identity Providers within the Swedish eID Framework
SAML implementation profile for Identity Providers implementing BankID support.
Version 1.4
eIDAS Identity Binding
Informational document that outlines the process for binding an eIDAS-notified electronic identity (eID) to an individual's personal identification number in the Swedish Population Register.
Binding eIDAS Identities to Records in the Swedish Population Register
Signature Specifications
Below follows a listing of the specifications we define for Federated Central Signing Services.
Implementation Profile for using OASIS DSS in Central Signing Services
This document specifies an implementation profile for exchange of sign requests and responses using the OASIS DSS protocol, enhanced by the DSS Extensions for Federated Central Signing Services.
Version 1.6
Implementation Profile for using DSS in Central Signing Services
Certificate Profile for Certificates Issued by Central Signing Services
This document specifies a certificate profile for certificates issued by a signature service.
Version 1.2
DSS Extension for Federated Central Signing Services
This specification defines elements that extends the <dss:SignRequest> and <dss:SignResponse>
elements of the OASIS DSS protocol.
Version 1.5
Signature Activation Protocol for Federated Signing
This document specifies a Signature Activation Protocol (SAP) and its data elements for implementation of Sole Control Assurance Level 2 (SCAL2) according the European standards prEN 419241 - Trustworthy Systems Supporting Server Signing.
Version 1.2
Signature Validation Tokens
The "Signature Validation Token" draft specifications have been replaced with IETF drafts. See https://github.com/swedenconnect/IETF-SVT.
The Sweden Connect Federation
For participants of the Sweden Connect federation, the normative specification Tekniska anslutningsregler för Sweden Connect-federationen should also be read.
Currently only in Swedish.
GitHub
The specifications for the Sweden Connect Framework are stored on GitHub at https://github.com/swedenconnect/technical-framework. The master branch is where new development is performed, and each official release has its own branch.
Older versions
Feedback and Questions
If you have feedback or questions regarding the Technical Framework open an Issue.
Copyright © The Swedish Agency for Digital Government (Digg), 2015-2024. All Rights Reserved.