SWAMID's policy framework is undergoing the third major review since SWAMID's first policy was written in 2006. The goal of this review is primarily to clarify, simplify and last but not least to open up more login methods than passwords. The basic premise of the policy review is that no one who is currently approved according to the current assurance framework incl. assurance profiles need to go through a new approval process except for the new assurance profile SWAMID AL3.
The review is being carried out by SWAMID Operations, but all member organisations and affiliated services will be able to comment on and propose changes in several Community Consensus Processes. This process means that SWAMID Operations sends out one or more of the policy documents for review and comment. Subsequently, SWAMID Operations will invite you to presentation and discussion meetings. You can also send comments to the mailing list saml-admins or directly to SWAMID Operations.
Current status
| Policy Document | Date | Current status | Comment |
|---|---|---|---|
| SWAMID Federation Policy | 2020-06-15 | Final | |
| SWAMID Identity Assurance Level 1 Profile | 2020-06-15 | Final | |
| SWAMID Identity Assurance Level 2 Profile | 2020-06-15 | Final | |
| SWAMID Identity Assurance Level 3 Profile | 2020-06-15 | Final | Replaces Person-Proofed Multi-Factor with high identity assurance. |
| SWAMID Incident Management Process | 2021-02-19 | Consultation finished | |
| SWAMID SAML WebSSO Technology Profile | Not started | ||
| SWAMID eduroam Technology Profile | Not started | ||
| SWAMID Nyttjanderegler av SWAMIDs Metadata | Not started | ||
| SWAMID Metadata Registration Practice Statement | Not started |
Community Review 2 - 2021-02-19 – 2021-03-31
SWAMID Operations and SUNET CERT now invite everyone to read and comment on proposals for new and updated security incident procedures in SWAMID.
As part of SWAMID's ongoing policy review, a new version of SWAMID's security incident procedures is being developed. The new version basically follows the eduGAIN Security Incident Response Handbook, which was developed at the end of last year to harmonize the incident procedures between the academic identity federations. SWAMID Operations has adapted the handbook into a proposal for new security incident procedures based on the SWAMID setup.
Policy document included in Community Consensus Process 2
Community Consensus Process Time Period 2
During the period February 19 to March 31, it is possible to discuss and comment on the proposed changes. Subsequently, SWAMID Operations will go through comments and discussions that have emerged. The arenas for discussions and comments are the zoom meetings, the mailing list saml-admins and direct mail to SWAMID Operations.