This document aims to create the necessary conditions for trust between federation members in the handling and transmission of electronic assertions that form the basis for access by users and technical actors (such as APIs, systems, and machine entities) in a privacy-preserving manner. It specifies the requirements that must be fulfilled by federation members and other trusted parties. These requirements cover information security, technical and organisational safeguards, internal governance and control, identity and attribute management, and incident management.
This Trust Framework applies to all federation parties that are subject to a federation policy that implements the requirements set out herein.
Content in Swedish.
Internetstiftelsens_tillitsramverk-Svenska_federationer-1.0.pdf