This document is aimed at creating the necessary conditions for trust between federation members regarding the handling of digital assertions that form the basis for access for users and technical actors (such as APIs, systems, and machine entities) in a privacy-preserving manner. It specifies the requirements that must be fulfilled by the federation members and other trusted parties. The requirements cover information security, technical and organisational safeguards, internal governance and control, identity and attribute management, and incident management.
This Trust Framework applies to all federation parties that are subject to a federation policy implementing the requirements set out in this Trust Framework.
Content in Swedish.
Internetstiftelsens_tillitsramverk-Svenska_federationer-1.0.pdf