...
- Choice of multi-factor technology MUST be documented in section 5.1 Credential Operating Environment.
The selected second factor or full multi-factor solution MUST be based on the Single-Factor and Multi-Factor Authenticator Types within NIST 800-63B.
Guidance: SWAMID has published a set of valid choices for second factor and full multi-factor solutions in the SWAMID wiki.
- Processes for issuing and assigning of credentials (second factor or full multi-factor) MUST be documented in 5.2 Credential Issuing (more precisely in 5.2.5).
Issuing of second factor or full multi-factor MUST be done using one of the following methodsOn-line multi-factor authenticating the Subject with SWAMID MFA Profile or higher level using an external Identity Provider compliant with SWAMID MFA Profile or higher
In-person visit at a service desk in combination with identity proofing as defined by the Swedish Tax Agency for issuance of the Swedish Tax Agency identity card
In-person visit at a service desk in combination with identity proofing with an international passport fulfilling ICAO Doc 9303, an EU/EES national identity card fulfilling the European Commission Regulation No 562/2006 or an EU/EES driving license fulfilling the European Parliament and the Council of European Union Directive 2006/126/EC
Guidance: The second factor or full multi-factor must be issued separately to to the user credentials in accordance with the REFEDS MFA Profile criteria.
Guidance a: Multi-Factor solutions provided within the Swedish E-identification system fulfils the requirements for on-line multi-factor authentication and can be used for online identity vetting if allowed by the E-identification issuer.
- Processes for replacement of additional factors or full multi-factor MUST be documented in 5.3 Credential Renewal and Re-issuing.
Replacement of second factor or full multi-factor MUST be done using the same methods as listed above for Credential Issuing. - Processes for revocation of second factor or full multi-factor MUST be documented in 5.4 Credential Revokation
...