Legal Identities1 that are created and approved can be used by third parties connected to the broker for Multi-Factor Authentication. This interface is made available over HTTPS. If the Legal Identity Reference database in the broker is distributed using the Neuro-Ledger, this Multi-Factor authentication feature is extended to any identity created by users on any broker in the federated network, provided brokers have approved the conditions for sharing blocks using the Neuro-Ledger, and operators have approved sharing the LegalIdentityReferences collection with each other.
To access the MFA feature of the broker, you send a POST to the https://waher.se/MFA web resource. The contents of the request must be XML, JSON or a Web Form, as outlined in the following sub-sections. The response will be encoded in accordance with the Accept HTTP header in the request.
The request must contain the following fields:
| Field | Use | Type | Description |
|---|---|---|---|
| PNR | Required | String | Personal Number, in accordance with national conventions where the user is citizen. This personal number MUST be encoded into the referenced identity, using the PNR meta-data property. |
| COUNTRY | Required | String | Country, where the user is citizen. This country MUST be encoded into the referenced identity, using the COUNTRY meta-data property. |
| Timeout | Required | Positive Integer | Number of seconds to wait for the user to authenticate the request. |
| Reason | Required | String | A markdown field explaining the reasons for the user to authenticate the request. This string will be displayed to the used. |
| LegalId | Optional | String | A legal ID to use to sign the request. If this field is not provided, the user has to identify the request solely on the Reason field, context, and identity of the broker, as well as the Remote IP of the caller of the MFA service. |
| Signature | Optional | Base64-encoded string | A signature of the request, using the Legal Identity referenced to by the LegalId field. The Signature field is required, if the LegalId field is provided. |
If XML is posted to the MFA web resource, it must be valid in accordance to the http://waher.se/Schema/MFA.xsd schema, as follows. The Content-Type HTTP Header in the request must be text/xml.
<MFA xmlns="http://waher.se/Schema/MFA.xsd">
<PNR>...</PNR>
<COUNTRY>...</COUNTRY>
<Timeout>...</Timeout>
<Reason>...</Reason>
<LegalId>...</LegalId>
<Signature>...</Signature>
</MFA>
If JSON is posted to the MFA web resource, it must be encoded as follows. The Content-Type HTTP Header in the request must be application/json.
{
"PNR": ...,
"COUNTRY": ...,
"Timeout": ...,
"Reason": ...,
"LegalId": ...,
"Signature": ...,
}
The request can also be posted as a Web Form request. The Content-Type HTTP Header field must be application/x-www-form-urlencoded, to avoid confusion with JSON and Recaptcha. . Form fields must be represented as strings.
Note: To faciliate testing, a GET request can be made to the resource, to retrieve a test form that can be used to send MFA requests to the broker, using form encoding.