...

...denna behöver delas upp i två, en för MFA under AL2 och en för High Assurance MFA...

Guidance

Processes for issuing and assigning of multi-factor credentials (second factor or full multi-factor) should be documented together with the use of password in the IMPS, section 5.2.

5.2.1 Identity proofing based SWAMID Identity Assurance Level 2 Profile (SWAMID AL2MFA)

Credential Issuing of second factor or full multi-factor at SWAMID AL2 MUST be done using one of the following methods

1. On-line multi-factor authenticating authenticating the Subject with SWAMID AL2 Profile or higher level using Person-Proofed Multi-Factor Profile, or a comparable multi-factor authentication, using an external Identity Provider compliant with SWAMID AL2 Profile or higher Assurance Level 2 or higher,
2. In-person visit at a service desk in combination with identity proofing as defined by the Swedish Tax Agency for issuance of the Swedish Tax Agency identity card,
3. In-person visit at a service desk in combination with identity proofing with an international passport fulfilling  International Civil Aviation Organization (ICAO) Doc 9303 Machine Readable Travel Documents [4]ICAO Doc 9303, an EU/EES national identity card fulfilling the Regulation (EU) 2016/399 of the European Parliament and of the Council [5] or an EUEuropean Commission Regulation No 562/2006 or an EU/EES driving license fulfilling the Directive 2006/126/EC of the European Parliament and of the Council of 20 December 2006 on driving licences [6].European Union Directive 2006/126/EC,
4. Off-line using a registered address (sv. folkbokföringsadress) in combination combination with a time-limited one time password/pin code,
5. Off-line using a copy of the same identification token as describedin b) or c) described in 2 or 3 above and a copy of a utility bill in combination with a time-limited one time time password/pin code sent to the postal address on the utility bill, or
6. Other equivalent identity proofing method

5.2.2 Identity proofing based on identity verification with a defined set of identity cards and passports (SWAMID IDMFA)

Credential Issuing of second factor or full multi-factor for SWAMID High Assurance MUST be done using one of the following methods

1. On-line
multi-factor authenticating
2. authenticating the Subject with SWAMID
MFA Profile or higher level using
3. Person-Proofed Multi-Factor Profile with identity verification, or a comparable multi-factor authentication, using an external Identity Provider compliant with SWAMID
MFA Profile or higher 
4. Assurance Level 2 or higher,
5. In-person visit at a service desk in combination with identity proofing as defined by the Swedish Tax Agency for issuance of the Swedish Tax Agency identity card,
6. In-person visit at a service desk in combination with identity proofing with an international passport fulfilling
 
7. International Civil Aviation Organization (ICAO)
 Doc 9303 Machine
8. Doc 9303 Machine Readable Travel Documents [4], an EU/EES national identity card fulfilling the Regulation (EU) 2016/399 of the European Parliament and of the Council [5] or
an 
9. an EU/EES driving license fulfilling
the Directive
10. the Directive 2006/126/EC of the European Parliament and of the Council of 20 December 2006 on driving licences [6]
.
11. ,
12. Off-
line 
13. line using a certified mail to a postal address (sv. rekommenderat brev med personlig utlämning) in combination with a time-limited one time password/pin code
.
14. , or
15. Off-
line using
16. line using a certified mail to a postal address (sv. rekommenderat brev med personlig utlämning) with a preregistered device, unique for the Subject, that will be considered as a vetted token on first use
.

...

1. .

Guidance: The second factor or full multi-factor must be issued separately to the Subjects single factor credential, i.e. password, in accordance with the REFEDS MFA Profile criteria.

...