Versions Compared

Old Version 67

changes.mady.by.user Pål Axelsson

Saved on

compared with

New Version 68

changes.mady.by.user Pål Axelsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Processes for issuing and assigning of multi-factor credentials (second factor or full multi-factor) should be documented together with the use of password inital credential issuing in the IMPS, section 5.2.

...

Credential Issuing of second factor or full multi-factor at SWAMID AL2 fulfilling the SWAMID Identity Assurance Level 2 Profile MUST be done using one of the following methods

...

If you are using Identity Providers within the Swedish E-identification system you must also accept authentication via eIDAS with assurance level low, substantial or high if you can bind the identity of the Subject.

Time-limited one time passwords/pins used in 5 & 6 should be valid only as long as needed for postal delivery. By copy in 6 means either a scanned, photo of or hardcopy of the identity card/passport.


5.2.2 Multi-Factor Issuing based on SWAMID Identity Assurance Level 2 Profile and with high identity assurance (SWAMID MFA-HIA)

Credential Issuing of second factor or full multi-factor for SWAMID High Assurance MUST fulfilling the SWAMID Identity Assurance Level 2 Profile and with high identity assurance MUST be done using one of the following methods

...

If you are using Identity Providers within the Swedish E-identification system you must also accept authentication via eIDAS with assurance level substantial or high if you can bind the identity of the Subject.

Time-limited one time passwords/pins used in 5 should be valid only as long as needed for postal delivery of certified mail.


5.3 Credential Renewal and Re-issuing

...

Replacement of second factor or full multi-factor MUST be done using the same methods as listed above for Credential Issuing.


Guidance

Processes for replacement of additional second factors or full multi-factor factors should be documented in the IMPS, section 5.3 Credential Renewal and Re-issuing.


5.4 Credential Revocation

...

...här behöver något in...


Guidance

: Processes for revocation for revocation of second factor factors or full multi-factor MUST factors should be documented in the IMPS, section 5.4 Credential Revokation.


6. Syntax

The member organisation's Identity Provider is tagged in the SWAMID federation metadata with the assurance certification attribute: http://www.swamid.se/policy/authentication/refeds-mfa if <proofing without ID>

...