...
The intended use of this SWAMID profile is when authentication must be done with a high assurance that it is the correct Subject that is accessing a specific service.
Please note that it is possible , and even preferred, to use Subject self-asserted multi-factor authentication without this level of identity assurance in both a local environment and a federated environment but that use does not fulfil this person-proofed multi-factor in order for the Home Organisation to raise IT security but it does not raise the identity assurance, i.e. the user is only protecting the usage of his or her own account with a multi-factor authentication. Hence this use case is not covered by this profile.
3. Compliance and Audit
...
If you are using Identity Providers within the Swedish E-identification system you must also accept authentication via eIDAS with assurance level low, substantial or high if you can bind the identity of the Subject.
Allowing the user Subject to add multiple multi-factors (3 above) by proving proof of possession increase the flexibility for the usersSubjects, i.e. allow multiple devices or software cryptographic keys tied to the same userSubject.
Time-limited one time passwords/pins used in 6 & 7 should be valid only as long as needed for postal delivery. By copy in 7 means either a scanned, photo of or hardcopy of the identity card/passport.
...
If you are using Identity Providers within the Swedish E-identification system you must also accept authentication via eIDAS with assurance level substantial or high if you can bind the identity of the Subject.
Allowing the user Subject to add multiple multi-factors (3 above) by proving proof of possession increase the flexibility for the usersSubjects, i.e. allow multiple devices or software cryptographic keys tied to the same userSubject.
Time-limited one time passwords/pins used in 6 should be valid only as long as needed for postal delivery of certified mail.
5.2.3 Multiple Multi-Factor Identity Proofing levels within one Identity Provider
...