Versions Compared

Old Version 10

changes.mady.by.user Johan Sandin

Saved on

compared with

New Version Current

changes.mady.by.user Rasmus Larsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

DateAuthorChange
2023-02-22Rasmus Larsson

Migrating profile from skolfederation.se to wiki

Translating profile to English

Adding Strengthened tags profile 

2024-02-01Johan Sandin

Added claim tags for clients

Added tag 'gnapv1'

2024-03-20Johan Sandin

Updated tag descriptions

2024-10-22Rasmus Larsson

Added requirement for unique X509 Subject values for new issuer certificates to prevent TLS conflicts.

.

Moa Technical Profile

  • when uploading metadata to the Moa production environment the member MUST NOT upload anything other than production metadata. Test environment metadata MUST NOT occur in the production environment,
  • the member's metadata MUST be in accordance with actual version of Federated TLS Authentication (see respective environment under Moa environments for more information),
  • for every client's claim tags there MUST exist one value in accordance with Strengthened Tags Profile.
  • for every server's claim tags there MUST exist at least one value in accordance with Strengthened Tags Profile.
  • for every  entity's claim organization there MUST exist a value for the member organization's legal name,
  • for every entity's claim organization_id there MUST exist a value for the member organization's organization number in format LLYYMMDDXXXX where LL stands for the country code in accordance with ISO 3166-1 alpha 2
  • an issuer certificate can be included in multiple entities. However, If a new entity adds an issuer certificate that is not already present in the federation metadata, the X509 Subject of that issuer certificate MUST be unique to prevent potential conflicts with TLS implementations that may encounter issues when handling certificates with identical subjects.

Strengthened Tags Profile

...