The Global Legal Entity Identifier Foundation (GLEIF) and Evernym have piloted a solution which allows organisations to create and manage ‘organisation wallets’, containing digital portable credentials that confirm an organisation’s identity and verify the authority of employees and other representatives to act on behalf of the organisation. These credentials can be used to securely identify authorised representatives when they execute an increasing number of digital business activities, such as approving business transactions and contracts, including client onboarding, transacting within import/export and supply chain business networks and submitting regulatory filings and reports.
Critically, a blockchain-based chain of trust secures these organization wallets and the verifiable credentials they contain, which connect a person’s name and job role to the organisation’s legal entity identifier (LEI). This decentralised identity management model ensures the integrity and authenticity of the credentials, providing secure, trusted verifiable identity in a digital context. It also gives organisations a unique ability to secure both the content of the information exchanged and the interaction between the actors in a transparent trust chain. This provides a valuable point of differentiation from centralised identity management schemes based on information in databases. In addition, leveraging the LEI allows clear identification of the legal entity, using a global, consistent and open identifier.
The recent proof-of-concept completed by GLEIF and Evernym simulated a regulatory filing. It was secured by a verifiable credential rooted on the Sovrin Network, an open source project for a global public utility for self-sovereign identity. ‘Self-sovereign’ means the individual identity holder controls their credentials, using them whenever and however they please, without being forced to request permission from an intermediary. The workflow, and subsequent chain of trust, in the pilot was defined as follows:
- GLEIF registers its own public Decentralised Identifier (DID) on the Sovrin public ledger;
- GLEIF accredits each of its authorized LEI Issuers* with the capability to issue verifiable credentials to legal entities;
- The legal entity is validated by the LEI Issuer and receives an LEI;
- The legal entity requests a verifiable credential, alongside its LEI, to establish its digital identity;
- The LEI Issuer issues the verifiable credential to the legal entity;
- The legal entity uses this credential to issue verifiable credentials to its employees, which identify the official roles they play in the legal entity. These credentials are stored in the ‘organisation wallet’ of the legal entity.
Thanks to this chain of trust, the regulators in this demonstration were able to verify the authenticity of the filings based on the credentials of the official entity representative, the entity itself, the LEI issuer and GLEIF.
The concept of leveraging the LEI in organization wallets could also deliver an unprecedented level of transparency on key organisational roles. The verifiable credentials issued by legal entities could be incorporated into the Global LEI Index, without the inclusion of personally identifiable information. Open access to the list of digital role credentials registered by legal entities in the Global LEI System could be of significant value for LEI data users worldwide, who could look up the published list of official roles that have been issued by a legal entity.
Stephan Wolf, GLEIF’s CEO, comments: “There is no precedent for the concept of
organisation wallets. This pilot was driven by the increasing digitalisation of business activities and the need for enhanced transparency and trust to verify someone acting on an organisation’s behalf. By partnering with Evernym, we have extended the idea of self-sovereign identity beyond individuals to legal entities for the first time. The process of cryptographically recording credentials, linked to an organisation’s LEI in a chain of trust rooted on distributed ledger technology, gives organisations full control over the issuance and management of their own employee’s digital credentials. These credentials are not only strongly verifiable and transparent, but they can be updated or revoked at any time. Trust is delivered by the decentralised identity management process that eliminates a single point of failure while at the same time ensuring data privacy.”
“While we often focus on individuals when we think of identity, trusted organisational identity is also important to reduce the friction of interactions between businesses around the world,” adds Evernym’s CEO, Steve Havas. “Our pilot with GLEIF is an important step for enabling more trusted commerce and we look forward to seeing how companies adopt this technology to securely identify who is at the other end of each transaction.”
GLEIF is blockchain agnostic and has conducted decentralized digital identity proofs-of-concept for LEIs on both Ethereum and Hyperledger blockchains, to ensure that the verifiable credentials are interoperable with different distributed ledger technologies.