Specifications for the Swedish eID Framework
June 2018
This is the June 2018 version of the Swedish eID Framework. As of June 19th, 2018 it replaces the previous March 2017 release as the official version for the Swedish eID Framework.
If you have comments on, or questions about the specifications, please use the forum "E-legitimationsnämndens Tekniska Forum" - https://forum.eidasweb.se.
Changes since last version
Below follows a listing of all significant changes since the March 2017 release of the Swedish eID Framework.
- A new specification, ELN-0613 - Signature Activation Protocol, has been added. This document specifies a Signature Activation Protocol (SAP) and its data elements for implementation of Sole Control Assurance Level 2 (SCAL2) according the European standards prEN 419241 - Trustworthy Systems Supporting Server Signing - Part 1 and 2 (prEN 419 241-1 and prEN 419 241-2).
-
The
dateOfBirth
-attribute is now a recommended attribute for the attribute set "Natural Personal Identity with Civic Registration Number". The reason for this is that this information is required for the eIDAS minimum data set. Also, the service entity categoryhttp://id.elegnamnden.se/ec/1.0/eidas-pnr-delivery
was updated to require this attribute. This service entity category is declared by Identity Providers delivering assertions for a foreign eIDAS-node (via the Swedish eIDAS Proxy Service). -
The Deployment profile now recommends usage
of the
<saml2p:RequesterID>
element when requests are sent from signature services, or other actors that act as proxies. - The Deployment profile has been extended with information about how to request Signature Activation Data (according to ELN-0613 - Signature Activation Protocol).
-
A new service property entity category
http://id.elegnamnden.se/sprop/1.0/scal2
was added. Identity Providers that support of SAD-generation should declare this category. -
The Authentication Context URI:s
http://id.elegnamnden.se/loa/1.0/eidas-nf-low
andhttp://id.elegnamnden.se/loa/1.0/eidas-nf-low-sigm
were added. They represent authentication with a notified eID scheme for eIDAS "low". - The Implementation Profile for using OASIS DSS in Central Signing Services specification was updated with a requirement to adapt authentication request procedures when the requested signature is a qualified electronic signature.
-
The Certificate profile for certificates issued by Central Signing services
specification was updated as follows:
- Removed the requirement to store "personnummer" or "samordningsnummer".
- Updated standards references to remove old deprecated standards and replace them with the currently published documents.
-
Specified optional support for using semantics identifiers in accordance with ETSI EN 319 412-1 to specify that the
serialNumber
attribute contains a Swedish "personnummer" or "samordningsnummer", Provisional ID or eIDAS person identifier. - Added requirement to specify ETSI policy identifiers.
- Incorrect versions and references were corrected in the DSS Extension for Federated Central Signing Services specification.
- Section 5.3 of the Deployment profile was updated with specifications of how an Service Provider may request authenticating IdP when communicating with a Proxy IdP. This is also useful when sending requests to the eIDAS connector, where a required country may be given directly in the request.
Each document also contains a "Changes between versions" section where you can see what has been updated for that particular specification.
Check out the GitHub project for this release: https://github.com/elegnamnden/technical-framework/projects/2.
For a really detailed list of changes you can view all changes in GitHub using this link: https://github.com/elegnamnden/technical-framework/compare.
Introduction
An overview document (in Swedish) that describes the different parts of the Swedish eID Framework.
Tekniskt ramverk - Introduktion | pdf download
This document will be translated into English.
Specifications
- ELN-0602 - Deployment Profile for the Swedish eID Framework - version 1.5 | pdf download
- ELN-0603 - Registry for Identifiers - version 1.5 | pdf download
- ELN-0604 - Attribute Specification for the Swedish eID Framework - version 1.5 | pdf download
- ELN-0606 - Entity Categories for the Swedish eID Framework - version 1.6 | pdf download
- ELN-0607 - Implementation Profile for using DSS in Central Signing Services - version 1.3 | pdf download
- ELN-0608 - Certificate Profile for Central Signing Services - version 1.1 | pdf download
- ELN-0609 - DSS Extension for Federated Signing Services - version 1.2 | pdf download
- ELN-0611 - eIDAS Constructed Attributes Specification for the Swedish eID Framework - version 1.0 | pdf download
- ELN-0612 - BankID Profile for the Swedish eID Framework - version 1.1 | pdf download
- ELN-0613 - Signature Activation Protocol - version 1.0 | pdf download
Download a ZIP-file of all specifications in PDF-format.
All specifications are also available in Markdown format on GitHub - https://github.com/elegnamnden/technical-framework. Here you can follow the further development of the Swedish eID Framework.