This document contains information about the binding processes that -associate a Swedish identity number to an eIDAS notified eID.
+This document contains information about the processes that bind a Swedish identification number to an eIDAS notified eID.
-Copyright © The Swedish Agency for Digital Government (DIGG), 2023. All Rights Reserved. +Copyright © The Swedish Agency for Digital Government (DIGG), +2023-2024. All Rights Reserved.
2.1. Making a Binding
2.2. eIDAS-node Queries
-3.1. Basic Binding
-3.2. Enhanced Binding
-3.3. Verified Binding
-4.1. Essential Matching of Record in the Population Register
-4.2. Elevated Matching of Record in the Poulation Register
-4.3. Nordic Identification Number Found in the Population Register
-4.4. Use of Swedish eID
-4.5. A Relative to End-user has Confirmed the Binding
-4.6. Passport or ID-card Scanning
+3.1. Unique Record in the Population Register
+3.2. Nordic Identification Number Corresponding to Population Register Record
+3.3. Use of Swedish eID
+Public relying parties in Sweden commonly use the Swedish personal -identity number (a.k.a. personnummer) or the Swedish coordination -number (a.k.a. samordningsnummer) as the primary identifier to carry -out the authorization of an authenticated user. These attributes are -not part of an eIDAS assertion received from an another country even -if the authenticated user holds a Swedish identity number.
-Using an Identity Binding Service, end users can associate -their eIDAS eID with their record in the Swedish population -register. And, in such manner, end users can gain access to more -Swedish digital services.
+In Sweden, public relying parties commonly utilize the Swedish personal identity number (a.k.a. personnummer) or the Swedish coordination number (a.k.a. samordningsnummer) as the primary identifier for authorizing authenticated users. However, these identifiers are not part of an eIDAS assertion and can't be received from another country, even if the user holds such as Swedish identity number.
+By utilizing the Sweden Connect Identity Binding Service, end-users can associate their eIDAS eID with their record in the Swedish population register. This process enables end-users to access a broader range of Swedish digital services.
The Identity Binding Service is a part of the Swedish eIDAS infrastructure. -For users that hold an eIDAS notified eID, it provides support in binding processes, -which give end users the ability to associate their eID to a record in the Swedish -population register.
-When records have been matched, this identity binding can be utilized -by the Swedish eIDAS-node when the end user attempts to log in to a Swedish digital -service using his or hers foreign eID. The assertion that is provided to relying party -includes attributes from eIDAS as well as attributes from the Identity Binding Service.
-The Identity Binding Service can be used by end users, who are authenticated through -eIDAS, in the cases when:
+The Identity Binding Service is a part of the Swedish eIDAS infrastructure. It supports users with eIDAS-notified eIDs by facilitating binding processes, allowing them to link their eID to a record in the Swedish population register.
+Once records are successfully associated to the user's eID, this identity binding can be leveraged by the Swedish eIDAS node when an end-user attempts to log in to a Swedish digital service using their foreign eID. The resulting assertion provided to the relying party includes attributes from eIDAS, as well as attributes +from the Identity Binding Service.
+The Identity Binding Service can be used by end-users, who are authenticated through eIDAS under specific conditions:
When ab end user's Swedish record are linked to his or her eID, the Swedish eIDAS-node can -provide this information in the assertion to relying party.
+Once an end-user's Swedish record is linked to hir or her foreing eID, the Swedish eIDAS node can include this information in the assertion provided to the relying party.
Identity binding can be made through a number of different -Identity Binding Processes. These processes are run separately -or in combination and can result in an identity binding based on three different levels -of confidence. See also section 3, "Identity Binding Levels"
+A user can make an identity binding through various Identity Binding Processes. These processes are run independently or in combination, aimed at achieving a clear and unambiguous identity binding.
The identity bindings of the Identity Binding service will be accessible for the -Swedish eIDAS-node via a query-API. During an eIDAS authentication, the Swedish eIDAS-node -will query this API for a binding between the attributes presented in the assertion -received from the foreign node and a Swedish personal identity number. If such a -binding exists two attributes will be added to the resulting assertion delivered to -the Swedish relying party (service provider). These attributes are:
+The identity bindings that are created and stored by the end-user in a private area of the Identity Binding service can be accessible from the Swedish eIDAS node through a query API.
+During a process of eIDAS authentication, the Swedish eIDAS node will use this API to check for a binding between the attributes presented in the assertion received from the eIDAS node outside Sweden. If such a binding exists, two attributes will be included in the resulting assertion provided to the Swedish relying +party (service provider). These attributes are:
urn:oid:1.2.752.201.3.16 (mappedPersonalIdentityNumber) - Contains the Swedish
-personal identity number that was bound to the eIDAS identity.
urn:oid:1.2.752.201.3.6 (personalIdentityNumberBinding) - Contains an URI that
-represents the Identity Binding Level.
urn:oid:1.2.752.201.3.6 (personalIdentityNumberBinding) - Contains URI:s that represents the Identity Binding Processes.
See also sections 2.5, "eIDAS Natural Person Attribute Set", and 3.3.2, "The mappedPersonalIdentityNumber and personalIdentityNumberBinding Attributes", of Attribute Specification for the Swedish eID Framework for more information -about attribute release during an eIDAS authentication.
- -Identity Bindings are provided in three different levels of confidence. -These levels can be used in the authorization process by the relying party.
- -URI: http://id.swedenconnect.se/id-binding/level/basic
Description: Basic level of confidence in binding as a result from an automated decision process when the eIDAS attributes from the foreign eID are matched to an individual's record in the Swedish population register.
-The following processes must have been applied:
-http://id.swedenconnect.se/id-binding/process/registered (4.1)http://id.swedenconnect.se/id-binding/process/populationregister (4.2)URI: http://id.swedenconnect.se/id-binding/level/enhanced
Description: In addition to meeting all the requirements for the basic level,
-the binding can be endorsed with a higher confidence when the process
-http://id.swedenconnect.se/id-binding/process/nordicid (4.3)
-can match attribute in the assertion from eIDAS to a registered Nordic identification number in the Swedish population register.
In summary, following processes must have been applied:
-http://id.swedenconnect.se/id-binding/process/registered (4.1)http://id.swedenconnect.se/id-binding/process/populationregister (4.2)http://id.swedenconnect.se/id-binding/process/nordicid (4.3)URI: http://id.swedenconnect.se/id-binding/level/verified
Description: A mix of processes must be applied in order to achieve the highest level of
-confidence in record matching. It requires the process http://id.swedenconnect.se/id-binding/process/registered (4.1) combined with one of the following processes:
See also sections 2.5, "eIDAS Natural Person Attribute Set", and 3.3.2, "The mappedPersonalIdentityNumber and personalIdentityNumberBinding Attributes", of Attribute Specification for the Swedish eID Framework for more information about attribute release during an eIDAS authentication.
+ +This section contains a detailed description of the matching processes that are used by the Identity Binding Service. Each process is identified with an URI.
+The prerequisites for all bindings described below are the following: The end-user has been authenticated using a foreign eID. Attributes provided via eIDAS, along with the end-user's statement of her/his Swedish identity number, meet the prerequisites for user registration. This verification includes:
http://id.swedenconnect.se/id-binding/process/swedish-eid (4.4)http://id.swedenconnect.se/id-binding/process/relative (4.5)http://id.swedenconnect.se/id-binding/process/iddoc-scanning (4.6)This section contains a detailed description of the matching processes that -are used by the Identity Binding Service. Each process is identified with an URI.
--- -Note: The process URI:s are not part of a resulting SAML assertion. However, they will -be stored in matching records and log entries.
-
URI: http://id.swedenconnect.se/id-binding/process/registered
Description: A binding process based on the fact that a Swedish identity number that has -been provided by the end user is found in the Swedish population register. This record must -belong to a living natural person, and its value for birth date must match the birth date -attribute from the eIDAS assertion.
- -Moreover, the end-user has accepted the terms of use and created a private storage in the Identity Binding Service.
+Note: If the above steps uniquely corresponds to exactly one record in the Swedish population register, the binding http://id.swedenconnect.se/id-binding/process/populationregister (3.1) will be created, but, if the birth date and name information from the eIDAS assertion matches more than one record from the population register, other processes (as described below) need to be applied for a binding to be completed.
URI: http://id.swedenconnect.se/id-binding/process/populationregister
Description: Name attributes from an eIDAS assertion are matched against a record in -the population register. A wide search in the population register shows that there are no -other records found with the same birth date and name, thus, a decision for record matching -can be made unambiguously.
- -Description: The provided date of birth and name information from the eIDAS assertion uniquely matches only one record in the population register.
+A detailed search in the population register confirms that there is a low risk of confusion, with no other records found that could potentially lead to ambiguity. The end-user holds a +machine-readable copy of the record retrieved from the Swedish population register. It is stored in the user's private storage and can be securely bound to end-user's eID in an unambiguous manner.
+ +URI: http://id.swedenconnect.se/id-binding/process/nordicid
Description: A record in the population register contains an identity number from -an Nordic country and this number can be found in the eIDAS assertion.
- -Description: The end-user holds a machine-readable copy of the record retrieved from the Swedish population register. This record includes an identification number from a Nordic country, which corresponds to the number found in the eIDAS assertion.
+ +URI: http://id.swedenconnect.se/id-binding/process/swedish-eid
Description: The end user, who has been authenticated with a foreign eID, can -prove a binding to the Swedish identity number by signing a confirmation with -his or her Swedish eID.
-Additional requirements: Assurance for the Swedish eID must be minimum at -level 3 in accordance of the +
Description: The end-user has digitally signed an attestation connecting an eIDAS identity number to a record retrieved from the Swedish population register using a Swedish eID. Using this process the user proves the he or she holds both the eIDAS identity (received from the eIDAS authentication) and the Swedish identity number (received from the digital signature).
+Additional requirements: Assurance level for the eID must be minimum at level 3 in accordance of the Swedish Trust Framework -(a.k.a. Tillitsramverk för -Svensk e-legitimation). +(a.k.a. Tillitsramverk för Svensk e-legitimation). Using the eID for this purpose must also be approved by the eID provider.
-URI: http://id.swedenconnect.se/id-binding/process/relative
Description: A relative of the end user, logs in with his or her Swedish eID -and verifies the binding by signing a confirmation. The relationship must be official and -stored in the Swedish population register. Examples of valid relationships are spouses, parents -and children.
-Additional requirements: The relative must be at least 18 years old and use a -Swedish eID that meets the same requirements as in section 4.2 above.
- -URI: http://id.swedenconnect.se/id-binding/process/iddoc-scanning
Description: The end user, who has been authenticated with a foreign eID, can -prove binding to the Swedish identity number by reading a chip from a Swedish -identity document, such as passport or ID-card.
+Description: A relative of the end-user logs in to the Identity Binding Service and vouches for the end-user to retrieve a machine-readable copy of the record from the Swedish population register. The relative digitally signs this attestation.
+The relationship must be officially registered in the Swedish population register, and valid examples of such relationships include spouses, parents, and children.
+Additional requirements: The relative must be at least 18 years old and use an eID that meets the same requirements as in section 3.3 above.
-2024-05-08: Updated according to the latest legal agreements. The binding level is no longer used. Instead a set of identity binding process URL:s represent the binding.
+2023-06-09: First version.
+