Add support for Two Person Integrity / Two Factor Authentication

[stroomdev10]

[burnalting]

For MFA, would the addition of a Token or AuthenticationToken and a TokenType or AuthenicationTokenType pair of child elements to the EventDetail/Authentication element be sufficient?

It could be as simple as a pair of string types or one can go to the extent of creating a AuthenticationTokenType which could contain an

• Id
• Type
• Description ...
• MFAHostName
• MFAIPAddress

[burnalting]

For Multi Person Integrity activity, I'd suggest the addition of an EventSource/MUser element of a type that allows one to record the participating users and their participation function. For example (using the current schema) one could use

EventSource/Muser/User/Id = 'jack' EventSource/Muser/User/State = 'Initiator' EventSource/Muser/User/Id = 'jill' EventSource/Muser/User/State = 'PrimaryConcent' EventSource/Muser/User/Id = 'roberta' EventSource/Muser/User/State = 'SecondaryConsent'

or

EventSource/Muser/User/Id = 'jack' EventSource/Muser/User/Groups/Group/Name = 'Initiator' EventSource/Muser/User/Id = 'jill' EventSource/Muser/User/Groups/Group/Name = 'PrimaryConcent' EventSource/Muser/User/Id = 'roberta' EventSource/Muser/User/Groups/Group/Name = 'SecondaryConsent'

or better still, extend the UserComplexType to include a CurrentRole element that allows one to record the current role or function that the user is assuming at the time of the event and hence we would now have

EventSource/Muser/User/Id = 'jack' EventSource/Muser/User/CurrentRole = 'Initiator' EventSource/Muser/User/Id = 'jill' EventSource/Muser/User/CurrentRole = 'PrimaryConcent' EventSource/Muser/User/Id = 'roberta' EventSource/Muser/User/CurrentRole = 'SecondaryConsent'