Versions Compared

Old Version 7

changes.mady.by.user Eskil Swahn

Saved on

compared with

New Version 8

changes.mady.by.user Eskil Swahn

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This multi factor profile is based on an extension to REFEDS MFA Profile (https://refeds.org/profile/mfa) but expanded in order to be completely , applicable for Swedish Higher Education. This profile also imposes additional criteria in order to clarify uncertainties in the REFEDS MFA Profile.



3. Syntax

The member organisation's Identity Provider is tagged in the SWAMID federation meta data stream metadata with the assurance marker: <Insert marker>

In accordance with REFEDS MFA Profile: 

In a SAML assertion, compliance is communicated by asserting the AuthnContextClassRef:

httpscertification attribute: http://refeds.org/profile/www.swamid.se/policy/authentication/refeds-mfa


In accordance with this profile, SWAMID REFEDS MFA Profile

In a SAML assertion, compliance is communicated by asserting the AuthnContextClassRef: https://swamidrefeds.seorg/profile/mfa




4. Compliance and Audit

The Member organisation MUST be certified for SWAMID Identity Assurance Level 2 Profile.

Only subjects currently at SWAMID Identity Assurance Level 2 are allowed to authenticate themselves according to this Profile.Guidance: The Identity Provider is not allowed to signal the above listed AuthnContextClassRefs for subjects not at SWAMID Identity Assurance Level 2.

The Member organisation SHOULD document valid parts regarding the credential operating environment Credential Operating Environment for the multi factor in the Identity Management Practice Statement and get submit the Identity Management Practice Statement approved for approval by SWAMID Board of Trustees.

  •  Implementation of multi factor technique technology SHOULD be documented in 5.1 Credential Operating Environment
    Valid choices for multi factor technique technology in SWAMID is listed in the document ...
  • Processes for issuing and assigning of credentials (all valid factors) SHLULD be documented in 5.2 Credential Issuing (more precisely in 5.2.5)
    Issuing of Credentials MUST still fulfil the criteria listed in SWAMID Assurance Level 2 Profile. 
  • Processes for renewal of additional factors SHOULD be documented in 5.3 Credential Renewal and Re-issuing
    Renewal and Re-issuing of Credentials MUST still fulfil the criteria listed in SWAMID Assurance Level 2 Profile.
  • Processes for revocation of additional factors SHOULD be documented in 5.4 Credential Revokation
    Revocation of Credentials MUST still fulfil the criteria listed in SWAMID Assurance Level 2 Profile.

...