Moa technical requirements are defined in the FedTLS schema as well as the below technical profile
Change log
Date | Author | Change |
---|---|---|
2023-02-22 | Rasmus Larsson | Migrating profile from skolfederation.se to wiki Translating profile to English Adding Strengthened tags profile |
2024-02-01 | Johan Sandin | Added claim tags for clients Added tag 'gnapv1' |
2024-03-20 | Johan Sandin | Updated tag descriptions |
.
Moa Technical Profile
- when uploading metadata to the Moa production environment the member MUST NOT upload anything other than production metadata. Test environment metadata MUST NOT occur in the production environment,
- the member's metadata MUST be in accordance with actual version of Federated TLS Authentication (see respective environment under Moa environments for more information),
- for every
client's
claimtags
there MUST exist one value in accordance with Strengthened Tags Profile. - for every
server's
claimtags
there MUST exist at least one value in accordance with Strengthened Tags Profile. - for every
entity'
s claimorganization
there MUST exist a value for the member organization's legal name, - for every
entity'
s claimorganization_id
there MUST exist a value for the member organization's organization number in format LLYYMMDDXXXX where LL stands for the country code in accordance with ISO 3166-1 alpha 2
Strengthened Tags Profile
Strengthened tags are tags used in metadata which are vetted and used by a community for a specific purpose or context. A strengthened tag may be restricted to be used by certain parties, and the definition of the tags usage (such as API definition and information model) is handled within each tag community.
Tag name | Description | Learn more |
---|---|---|
egilv1 | Defines endpoints that support user provisioning in accordance with the EGIL profile | https://sambruk.github.io/EgilDoc/implementationsprofil.html |
bolv1 | Defines endpoints that support ordering and delivery of digital learning resources. | |
userlistv1 | Defines endpoints that support delegating the selection of users to provision to a service provider. | |
gnapv1 | Entities using GNAP (Grant Negotiation and Authorization Protocol). Among other services, the tag represents the authentication API of The Swedish National Agency for Education, verifying clients to enable them to acquire an authorization JWT. | Contact Skolverket's Technical Support (Swedish) for information about how to use GNAP: https://www.skolverket.se/om-oss/kontakta-oss |
Metadata signature
The aggregated metadata is signed with JWS and published with JWS JSON Serialization. The metadata signatures are created with the algorithm ECDSA using P-256 and
xxxx TBD
Följande krav ställs på medlemmars metadata i Moa:
- vid uppladdning till produktionsmiljön för Moa SKA INTE medlemmen ladda upp något annat än produktionsmetadata. Metadata för exempelvis testmiljöer SKA INTE förekomma i produktionsmiljön,
- att medlemmens metadata SKA vara i enlighet med rätt version av Federated TLS Authentication (se Tekniska miljöer för mer information),
- att det i var
servers
claimtags
SKA finnas ett värde för "egilv1", som beskriver attributöverföring och API-ändpunkter enligt EGIL-profilen (nedan), - att det i var
entity
s claimorganization
SKA finnas ett värde för organisationens namn, - att det i var
entity
s claimorganization_id
SKA finnas ett värde för organisationens organisationsnummer i format LLÅÅMMDDXXXX, där LL står för landskod i format enligt ISO 3166-1 alpha 2,
Tags
Tags är ett element i metadatat som beskriver serverns funktionalitet och förmågor. I Moa används för närvarande taggen "egilv1", vilket beskriver följande:
- serverns ändpunkter är av typen SCIMv2,
- servern tar emot data enligt EGIL-profilen
Metadata signatur
...
SHA-256 ("ES256")
...
, according to the definition in RFC7518.
Info | ||
---|---|---|
| ||
For metadata and validation examples, go to Moa metadata example |
Exempel på metadata och validering
...