SWAMID Operations invites everyone to read and comment on a proposal for a new version of the SAML WebSSO Technology Profile.
The current version of the technology profile was decided over ten years ago and refers to the previous version of the standard saml2int. This standard has been updated since then and we as an identity federation have received additional requirements via the eduGAIN SAML Profile. SWAMID Operations has therefore produced a proposal for a more complete technology profile that contains current requirements within SWAMID and eduGAIN and from saml2int.
Most changes are non-technical information in metadata that can be updated without any settings in the IdP or SP software having to be adjusted. There are a few things that may need to change technically, especially around the key lengths and encryption methods of signing and encryption certificates. This also applies to requirements for the web server's certificate, but these follow the requirements that are also set in other cases regarding the use of web server certificates and encryption protocols.
An important change introduced in the technology profile concerns the identity federation operator for SWAMID, ie. Sunet. The proposal adds rules on how SWAMID Operations will manage the SAML WebSSO identity federation.
To see who the change affects your IdP or SP, go to https://metadata.swamid.se and look up your entityID. Please note that you should not update based on the result until the SWAMID Board of Trustees has decided on the updated technology profile, ie. when SWAMID Operations informs that it is time to do it.
Policy documents included in Community Consensus Process 4
Powerpoint slides in Swedish from the Zoom meeting November 9th
Community Consensus Process Time Period
During the period October 25 to November 19, it is possible to discuss and comment on the proposed changes. Subsequently, SWAMID Operations will go through comments and discussions that have emerged. The arenas for discussions and comments are the mailing list saml-admins and direct mail to SWAMID Operations.