...
Processes for issuing and assigning of multi-factor credentials (second factor or full multi-factor) should be documented together with the inital credential issuing in the IMPS, section 5.2.
5.2.1 Issuing a Person-Proofed Multi-
...
Factor (SWAMID
...
P2MFA)
Credential Issuing of second factor or full multi-factor fulfilling the SWAMID Identity Assurance Level 2 Profile MUST be done using one of the following methods
- On-line authenticating the Subject using a multi-factor issued according to SWAMID Person-Person-Proofed Multi-Factor Profile using Factor using an external Identity Provider compliant with the SWAMID Person-Proofed Multi-Factor Profile,
- On-line authenticating the Subject using a multi-factor issued according to the Swedish E-identification system using an external Identity Provider compliant with the the Swedish E-identification Level of Assurance 2 or higher,
- In-person visit at a service desk in combination with identity proofing as defined by the Swedish Tax Agency for issuance of the Swedish Tax Agency identity card,
- In-person visit at a service desk in combination with identity proofing with an international passport fulfilling ICAO Doc 9303, an EU/EES national identity card fulfilling the European Commission Regulation No 562/2006 or an EU/EES driving license fulfilling the European Parliament and the Council of European Union Directive 2006/126/EC,
- Off-line using a registered address (sv. folkbokföringsadress) in combination with a time-limited one time password/pin code,
- Off-line using a copy of the same identification token as described in 3 or 4 above and a copy of a utility bill in combination with a time-limited one time password/pin code sent to the postal address on the utility bill,
- Off-line using a registered address (sv. folkbokföringsadress) with a preregistered device, unique for the Subject, that will be considered as a Person-Proofed Multi-Factor on first use,
- Off-line using a copy of the same identification token as described in 3 or 4 above and a copy of a utility bill with a preregistered device, unique for the Subject, sent to the postal address on the utility bill that will be considered as a Person-Proofed Multi-Factor on first use, or
- Other identity proofing method deemed equivalent by SWAMID Board of Trustees.
...
Observe that not all Identity Providers within the Swedish E-identfication system can be used for online identity vetting proofing due to Identity Provider policies.
...
Time-limited one time passwords/pins used in 5 & 6 should be valid only as long as needed for postal delivery. By copy in 6 means either a scanned, photo of or hardcopy of the identity card/passport.
5.2.2 Issuing a Person-Proofed Multi-
...
Factor with high identity assurance (SWAMID
...
P2MFA-HIA)
Credential Issuing of second factor or full multi-factor for fulfilling the SWAMID Identity Assurance Level 2 Profile and with high identity assurance MUST be done using one of the following methods
- On-line authenticating the Subject using a multi-factor issued according to SWAMID PersonPerson-Proofed Multi-Factor Profile with Factor with high identity assurance using an external Identity Provider compliant with the SWAMID Person-Proofed Multi-Factor Profile,
- On-line authenticating the Subject using a multi-factor issued according to the Swedish E-identification system using an external Identity Provider compliant with the the Swedish E-identification Level of Assurance 3 or higher,
- In-person visit at a service desk in combination with identity proofing as defined by the Swedish Tax Agency for issuance of the Swedish Tax Agency identity card,
- In-person visit at a service desk in combination with identity proofing with an international passport fulfilling International Civil Aviation Organization (ICAO) Doc 9303 Machine Readable Travel Documents [4], an EU/EES national identity card fulfilling the Regulation (EU) 2016/399 of the European Parliament and of the Council [5] or an EU/EES driving license fulfilling the Directive 2006/126/EC of the European Parliament and of the Council of 20 December 2006 on driving licences [6],
- Off-line using a certified mail to a postal address (sv. rekommenderat brev med personlig utlämning) in combination with a time-limited one time password/pin code, or
- Off-line using a certified mail to a postal address (sv. rekommenderat brev med personlig utlämning) with a preregistered device, unique for the Subject, that will be considered as a vetted token Person-Proofed Multi-Factor with high identity assurance on first use.
Guidance
Observe that not all Identity Providers within the Swedish E-identfication system can be used for online identity vetting proofing due to Identity Provider policies.
...