Release Notes / Customer Information

>>> Traminer 9. October 2022 <<<

Status: Final


The Release Notes (RN) report on the enhancements, as well as new functionalities and changes to the eIAM Services as per the Roadmap DTI.

Please note that dates for the completion of documentation and concepts usually refer to the end of a release period and have nothing to do with the individual release dates (Release Dates) for functionalities.


Introduction dates / innovations


REF: 6. sept. 2022  <Tests!> ABN: 21. sept. 2022  <Tests!>  PROD: 9. october 2022

  • Consistency Checker (CC)
    • The eIAM Consistency Checker must be activated for every eIAM Access Account in the medium term for governance reasons. Therefore, eIAM is planning a proactive rollout of this default setting with the release of "Traminer" for all customers.

  • FIDO security key Credencial
    • With the Traminer release, the FIDO2 standard is introduced as a further second factor for the CH-LOGIN. This standard allows the use of a variety of devices as a second factor, e.g. FIDO security key, smartphones or PC/MAC.

  • BYOI - additional IdP (Canton Zug)

  • IDM SOAP WebService interface new version (V1.45)

Process and expectations for SR introductions

In order to be able to guarantee the stable and secure productive eIAM service, we require meaningful regression tests of the applications in the REF and ABN instances until the SR rollout to PRODUCTION. You have at least 14 days per stage to do this. Please plan your test activities early in these periods so that any bug fix releases are possible in good time.

These release notes will help you to plan the regression tests in relation to the eIAM functionalities you use and will also serve as a source of information for your end customer communication. Please note that the final version of the release notes with all necessary details will be delivered shortly before the productive installation.

Important
If you encounter problems during your regression tests, please inform our testing team immediately at: Testing-eiam@bit.admin.ch. Our colleagues will take your input, check it and consolidate it. We would like to thank you for your important assistance and support in order to maintain and further improve the high quality standard of the service releases!

eIAM contact person

If you have any questions or concerns about eIAM, ePortal or PAMS you can contact the following offices or persons;

eIAM contact points
×

Release Notes

Consistency Checker (CC)

The Consistency Checker (CC) supports the consistency of data in eIAM by enforcing the synchronisation of user master attributes from the root account to the access accounts. The CC was introduced with the Freiburger release and optionally enabled for all identity references via the whitelisting control in the Diolinoir release. It has now been decided that the Consistency Checker will be enabled for every eIAM Access Account for governance reasons. The eIAM team is now planning the proactive rollout.

[Important: You don't have to do anything, the eIAM team will contact you before the Consistency Checker is activated for your application respectively access accounts of your users.

For more detailed information, please see

Consistency-Checker (Enforcer)

FIDO security key Credential

The Traminer release introduces FIDO2 as the second factor for CH-LOGIN. FIDO2 is an open standard developed by the non-commercial FIDO Alliance. The standard allows the use of a variety of devices as a second factor, e.g. FIDO security key, smartphones or PC/MAC. FIDO2 promises users password-free and secure authentication for online services.
Example FIDO security key
Example FIDO security key
Type: YubiKey 5C NFC
Type: Yubico YubiKey 5C

FIDO security keys are data carriers, e.g. in the form of a USB stick, which contain cryptographic material. The FIDO security keys must be procured by the end users themselves. The target system that requests a credential and accepts FIDO security keys for it verifies the cryptographic material of the token.

In MyAccount, the FIDO security key credential can be registered under the Passkeys (FIDO) tile. The registration is a guided process in three steps and can be completed in a few minutes. It is important to know that the use of FIDO security keys as a credential does not automatically lead to a verified electronic identity, for this the additional Video Identity Verification (VIPS) is needed. In contrast to the QoA information at the following link, FIDO security keys currently only supports the QoA30 level.

FIDO security key Activation in MyAccount
FIDO security key Activation in MyAccount

Important: The FIDO security keys is intended for use in the eGOV context (CH-Login). FIDO security keys are not intended to be used in the federal context and, depending on the regulations, may not be connected to a federal client as this is private hardware.

For more information, see on our website:

Quality of Authentication (QoA)

BYOI - additional IdP

With the Traminer release, an additional IdP is added to the BYOI bundle. This is the IdP "ZG eID" which is provided by the canton of Zug itself. All users who have an eID from the canton of Zug will be able to log in via this IdP in future.


Figure BYOI - additional IdP from the Canton of Zug
BYOI ZG eID

IDM SOAP WebService Interface

According to the SLA, the service recipient of a SOAP-based web services interface is obligated to check at least once a year whether its interface corresponds to the current version (V1.45).
Further information can be found on our website:
Interface eIAM-AMW