Versions Compared

Old Version 69

changes.mady.by.user Pål Axelsson

Saved on

compared with

New Version 70

changes.mady.by.user Pål Axelsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Processes for issuing and assigning of multi-factor credentials (second factor or full multi-factor) should be documented together with the inital credential issuing in the IMPS, section 5.2.

5.2.1 Issuing a Person-Proofed Multi-

...

Factor (SWAMID

...

P2MFA)

Credential Issuing of second factor or full multi-factor fulfilling the SWAMID Identity Assurance Level 2 Profile MUST be done using one of the following methods

  1. On-line authenticating the Subject using a multi-factor issued according to SWAMID Person-Person-Proofed Multi-Factor Profile using Factor using an external Identity Provider compliant with the SWAMID Person-Proofed Multi-Factor Profile,
  2. On-line authenticating the Subject using a multi-factor issued according to the Swedish E-identification system using an external Identity Provider compliant with the the Swedish E-identification Level of Assurance 2 or higher,
  3. In-person visit at a service desk in combination with identity proofing as defined by the Swedish Tax Agency for issuance of the Swedish Tax Agency identity card,
  4. In-person visit at a service desk in combination with identity proofing with an international passport fulfilling ICAO Doc 9303, an EU/EES national identity card fulfilling the European Commission Regulation No 562/2006 or an EU/EES driving license fulfilling the European Parliament and the Council of European Union Directive 2006/126/EC,
  5. Off-line using a registered address (sv. folkbokföringsadress) in combination with a time-limited one time password/pin code,
  6. Off-line using a copy of the same identification token as described in 3 or 4 above and a copy of a utility bill in combination with a time-limited one time password/pin code sent to the postal address on the utility bill,
  7. Off-line using a registered address (sv. folkbokföringsadress) with a preregistered device, unique for the Subject, that will be considered as a Person-Proofed Multi-Factor on first use,
  8. Off-line using a copy of the same identification token as described in 3 or 4 above and a copy of a utility bill with a preregistered device, unique for the Subject, sent to the postal address on the utility bill that will be considered as a Person-Proofed Multi-Factor on first use, or
  9. Other identity proofing method deemed equivalent by SWAMID Board of Trustees.

...

Observe that not all Identity Providers within the Swedish E-identfication system can be used for online identity vetting proofing due to Identity Provider policies.

...

Time-limited one time passwords/pins used in 5 & 6 should be valid only as long as needed for postal delivery. By copy in 6 means either a scanned, photo of or hardcopy of the identity card/passport.


5.2.2 Issuing a Person-Proofed Multi-

...

Factor with high identity assurance (SWAMID

...

P2MFA-HIA)

Credential Issuing of second factor or full multi-factor for fulfilling the SWAMID Identity Assurance Level 2 Profile and with high identity assurance MUST be done using one of the following methods

  1. On-line authenticating the Subject using a multi-factor issued according to SWAMID PersonPerson-Proofed Multi-Factor Profile with Factor with high identity assurance using an external Identity Provider compliant with the SWAMID Person-Proofed Multi-Factor Profile,
  2. On-line authenticating the Subject using a multi-factor issued according to the Swedish E-identification system using an external Identity Provider compliant with the the Swedish E-identification Level of Assurance 3 or higher,
  3. In-person visit at a service desk in combination with identity proofing as defined by the Swedish Tax Agency for issuance of the Swedish Tax Agency identity card,
  4. In-person visit at a service desk in combination with identity proofing with an international passport fulfilling International Civil Aviation Organization (ICAO) Doc 9303 Machine Readable Travel Documents [4], an EU/EES national identity card fulfilling the Regulation (EU) 2016/399 of the European Parliament and of the Council [5] or an EU/EES driving license fulfilling the Directive 2006/126/EC of the European Parliament and of the Council of 20 December 2006 on driving licences [6],
  5. Off-line using a certified mail to a postal address (sv. rekommenderat brev med personlig utlämning) in combination with a time-limited one time password/pin code, or
  6. Off-line using a certified mail to a postal address (sv. rekommenderat brev med personlig utlämning) with a preregistered device, unique for the Subject, that will be considered as a vetted token Person-Proofed Multi-Factor with high identity assurance on first use.


Guidance

Observe that not all Identity Providers within the Swedish E-identfication system can be used for online identity vetting proofing due to Identity Provider policies.

...