...
...denna behöver delas upp i två, en för MFA under AL2 och en för High Assurance MFA...
Guidance
Processes for issuing and assigning of multi-factor credentials (second factor or full multi-factor) should be documented together with the use of password in the IMPS, section 5.2.
5.2.1 Identity proofing based SWAMID Identity Assurance Level 2 Profile (SWAMID AL2MFA)
Credential Issuing of second factor or full multi-factor at SWAMID AL2 MUST be done using one of the following methods
- On-line multi-factor authenticating authenticating the Subject with SWAMID AL2 Profile or higher level using Person-Proofed Multi-Factor Profile, or a comparable multi-factor authentication, using an external Identity Provider compliant with SWAMID AL2 Profile or higher Assurance Level 2 or higher,
- In-person visit at a service desk in combination with identity proofing as defined by the Swedish Tax Agency for issuance of the Swedish Tax Agency identity card,
- In-person visit at a service desk in combination with identity proofing with an international passport fulfilling International Civil Aviation Organization (ICAO) Doc 9303 Machine Readable Travel Documents [4]ICAO Doc 9303, an EU/EES national identity card fulfilling the Regulation (EU) 2016/399 of the European Parliament and of the Council [5] or an EUEuropean Commission Regulation No 562/2006 or an EU/EES driving license fulfilling the Directive 2006/126/EC of the European Parliament and of the Council of 20 December 2006 on driving licences [6].European Union Directive 2006/126/EC,
- Off-line using a registered address (sv. folkbokföringsadress) in combination combination with a time-limited one time password/pin code,
- Off-line using a copy of the same identification token as describedin b) or c) described in 2 or 3 above and a copy of a utility bill in combination with a time-limited one time time password/pin code sent to the postal address on the utility bill, or
- Other equivalent identity proofing method
5.2.2 Identity proofing based on identity verification with a defined set of identity cards and passports (SWAMID IDMFA)
Credential Issuing of second factor or full multi-factor for SWAMID High Assurance MUST be done using one of the following methods
- On-line multi-factor authenticating
- authenticating the Subject with SWAMID MFA Profile or higher level using
- Person-Proofed Multi-Factor Profile with identity verification, or a comparable multi-factor authentication, using an external Identity Provider compliant with SWAMID MFA Profile or higher
- Assurance Level 2 or higher,
- In-person visit at a service desk in combination with identity proofing as defined by the Swedish Tax Agency for issuance of the Swedish Tax Agency identity card,
- In-person visit at a service desk in combination with identity proofing with an international passport fulfilling
- International Civil Aviation Organization (ICAO) Doc 9303 Machine
- Doc 9303 Machine Readable Travel Documents [4], an EU/EES national identity card fulfilling the Regulation (EU) 2016/399 of the European Parliament and of the Council [5] or an
- an EU/EES driving license fulfilling the Directive
- the Directive 2006/126/EC of the European Parliament and of the Council of 20 December 2006 on driving licences [6] .
- ,
- Off- line
- line using a certified mail to a postal address (sv. rekommenderat brev med personlig utlämning) in combination with a time-limited one time password/pin code .
- , or
- Off- line using
- line using a certified mail to a postal address (sv. rekommenderat brev med personlig utlämning) with a preregistered device, unique for the Subject, that will be considered as a vetted token on first use .
...
- .
Guidance: The second factor or full multi-factor must be issued separately to the Subjects single factor credential, i.e. password, in accordance with the REFEDS MFA Profile criteria.
...