SWAMID Operations invites everyone to read and comment on the first proposals for updates on the SWAMID's policy framework. In the first round SWAMID's main policy and the two existing assurance profiles and the brand new assurance profile SWAMID AL3 are included.
The main policy contains most modernisation's but with a major change. It is now even clearer that all member organisations with identity providers must be approved for at least one assurance profile. Those organisations that are currently not approved for any assurance profile will have a transitional period until when they must be approved. The SWAMID Board of Trustees decides how long this transition period will be.
The two existing assurance profiles have been modernised and the biggest changes are in section 5.1.1 on login methods and section 5.2.5 around user identification. Sections 5.3 and 5.4 have also been updated to follow the changes in Section 5.2.5. There is only one breaking change and it is that the password requirements in SWAMID AL1 are increased to the existing ones in SWAMID AL2. SWAMID Operations has not found any organisation that is already approved for SWAMID AL1 that does not already meet the changed requirement.
The new assurance profile SWAMID AL3 replaces the login profile for Person-Proofed Multi-Factor with high identity assurance that was developed for Nais a year ago. The three identity providers that are currently approved for MFA login that works with Nais will need to undergo a new approval process.
Policy documents included in Community Consensus Process 1
- SWAMID Federation Policy v3.0
- SWAMID Identity Assurance Level 1 Profile v3.0
- SWAMID Identity Assurance Level 2 Profile v2.0
- SWAMID Identity Assurance Level 3 Profile v1.0
Zoom meetings for presentation and discussion
SWAMID Operations will conduct two two-hour meetings with presentation and discussion around the change in Swedish. You are welcome to participate in one or both but they will have the same content.
- Wednesday, April 15, 13-15
- Tuesday, April 21, 10-12
Community Consensus Process Time Period 1
During the period 7 April to 15 May 2020, it is possible to discuss and comment on the proposed changes. Subsequently, SWAMID Operations will go through comments and discussions that have emerged. The arenas for discussions and comments are the zoom meetings, the mailing list saml-admins and direct mail to SWAMID Operations.