Technical Specifications for the Swedish eID Framework

This is the overview page for the Swedish eID Framework specifications. Listed below are the specifications from the latest official version (November 2021), along with the latest updates (drafts).

An introduction to the Swedish eID Framework

Overview documents that describes the different parts of the Swedish eID Framework.

Tekniskt ramverk - Introduktion

Introduction to the Swedish eID Framework

Swedish eID Framework - Registry for identifiers

This document defines the structure for identifiers assigned by the Swedish Agency for Digital Government (DIGG) and provides a registry for assigned identifiers.

03 - Registry for Identifiers

Draft version 1.8:

03 - Registry for Identifiers - Draft

Authentication Specifications

Below follows a listing of all specifications concerning user authentication.

OpenID Connect will be introduced as an alternative to SAML. Therefore we point out the protocol for the specifications below.

SAML: Deployment Profile for the Swedish eID Framework

This is the main specification for the Swedish eID Framework. It defines a SAML profile including metadata, request- and response processing as well as extensions for signature services.

02 - Deployment Profile for the Swedish eID Framework

Draft version 1.8:

02 - Deployment Profile for the Swedish eID Framework - Draft

SAML: Attribute Specification for the Swedish eID Framework

This document specifies an attribute profile for the Swedish eID Framework. The attribute profile defines attributes for use within the Swedish eID Framework, and a number of defined attribute sets that may be referenced by other documents as means to specify specific attribute release requirements.

04 - Attribute Specification for the Swedish eID Framework

Draft version 1.8:

04 - Attribute Specification for the Swedish eID Framework - Draft

SAML: Entity Categories for the Swedish eID Framework

This specification contains the Entity Category definitions that are defined for the Swedish eID Framework and that should be supported by Service Providers and Identity Providers that are part of the federation.

06 - Entity Categories for the Swedish eID Framework

Draft version 1.9:

06 - Entity Categories for the Swedish eID Framework - Draft

eIDAS Constructed Attribute Specification for the Swedish eID Framework

This document extends “Attribute Specification for the Swedish eID Framework”, providing specifications for constructed attributes.

The concept of constructed attributes is introduced in Swedish national authentication nodes (proxy nodes) delivering identity assertions to Swedish Service Providers based on user authentication with a foreign eID.

11 - eIDAS Constructed Attributes Specification for the Swedish eID Framework

SAML: Implementation Profile for BankID Identity Providers within the Swedish eID Framework

SAML implementation profile for Identity Providers implementing BankID support.

12 - BankID Profile for the Swedish eID Framework

SAML: Principal Selection in SAML Authentication Requests

This specification defines an element that may be included in the Extensions element of a SAML AuthnRequest where the requesting Service Provider can specify matching criteria that may be used by the Identity Provider to select the particular user that should be authenticated.

14 - Principal Selection in SAML Authentication Requests

Signature Specifications

Below follows a listing of the specifications we define for Federated Central Signing Services.

Implementation Profile for using OASIS DSS in Central Signing Services

This document specifies an implementation profile for exchange of sign requests and responses using the OASIS DSS protocol, enhanced by the DSS Extensions for Federated Central Signing Services.

07 - Implementation Profile for using DSS in Central Signing Services

Certificate Profile for Certificates Issued by Central Signing Services

This document specifies a certificate profile for certificates issued by a signature service.

08 - Certificate Profile for Central Signing Services

DSS Extension for Federated Central Signing Services

This specifications defines elements that extends the <dss:SignRequest> and <dss:SignResponse> elements of the OASIS DSS protocol.

09 - DSS Extension for Federated Signing Services

Signature Activation Protocol for Federated Signing

This document specifies a Signature Activation Protocol (SAP) and its data elements for implementation of Sole Control Assurance Level 2 (SCAL2) according the European standards prEN 419241 - Trustworthy Systems Supporting Server Signing.

13 - Signature Activation Protocol

Draft version 1.2:

13 - Signature Activation Protocol - Draft

Signature Validation Tokens

The "Signature Validation Token" draft specifications have been replaced with IETF drafts. See https://github.com/swedenconnect/IETF-SVT.

The Sweden Connect Federation

For participants of the Sweden Connect-federation, the normative specification Tekniska anslutningsregler för Sweden Connect-federationen should also be read.

Currently only in Swedish.

GitHub

The specifications for the Swedish eID Framework are stored on GitHub at https://github.com/swedenconnect/technical-framework. The master branch is where new development is performed, and each official release has its own branch.

Older versions

• June 2014
• April 2015
• October 2015
• March 2017
• June 2018
• January 2020

Feedback and Questions

If you have feedback or questions regarding the Technical Framework join the Sweden Connect Slack Workspace.

Click here to ask for an invitation.

Working Group

The Working Group for the Swedish eID Framework is responsible of development of future versions of the framework.

Copyright © The Swedish Agency for Digital Government (DIGG), 2015-2023. All Rights Reserved.