Introducing the Verifiable LEI (vLEI)
Digital certificates , even though highly applicable, widely used and covered in many legislations, have not solved digital identity entirely. Certificates are not unique, the information contained within might be outdated, and revocation has always been an issue. Furthermore, there are so many schemes at the same time. A digital certificate issued in one country under a local scheme might not be usable by the owner in another country or context. Digital certificates do not provide the mission that has been envisioned by GLEIF: Each business worldwide should have only one global identity.
The industry has considered these issues and has devised with a new approach to digital identity management. Thanks to advances in distributed ledger/blockchain technology, digital identity management with the additional feature of decentralized identity verification now is possible. Based on a concept known as self-sovereign identity (SSI), this new approach to authentication and verification of digital identity began as a means by which a person, the identity holder, has control of his/her personal data over how, when, and to whom that data is revealed.
This approach is set to transform the nature of identity management and how person-to-entity, or entity-to-entity, interactions take place in the digital world. It can address the need for automation in verification while maintaining data privacy and confidentiality. The LEI will have a key role in this process.
Verifiable Credentials (VCs) and the emerging role of the LEI
Verifiable Credentials are defined by the Verifiable Claims Working Group of the W3C standards organization as the format for interoperable, cryptographically-verifiable digital credentials. A second W3C Working Group is creating the Decentralized Identifier (DID) specification for cryptographically-verifiable identifiers that leverage distributed ledger technology. Together, these two W3C Working Groups have developed two important standards:
Use of VCs began in the domain of self-sovereign identity through so-called ‘individual wallets,’ which contain digital versions of credentials issued to and carried by natural persons. Examples include driver's licenses, passports, store loyalty and membership cards. All of these exist as physical credentials today and will likely have both an analog and a digital version in the near future. Self-sovereign identity is based on the principle that natural persons should have control over the personal information contained in their credentials and can choose to prove their identity and certain facts about themselves in a controlled and safe manner.
GLEIF asserts that the LEI is the ideal foundation on which to establish a chain of trust for organizational identity.
- Every Verifiable Credential is created by an issuer
- The issuer cryptographically signs the credential with its private key
- An issuer is the organization or entity that asserts information about a subject to which a credential is issued
- In our example, the vLEI Issuer is an organization qualified by GLEIF
- GLEIF issues vLEIs to vLEI Issuers as attestation of trust
- GLEIF is the Root of Trust
By combining three concepts – the organization’s identity, represented by the LEI, a person’s identity represented by their legal name, and the role that the person plays for the legal entity, vLEI credentials can be issued and become part of organizational wallets.
vLEI Role Credentials issued by Legal Entities to Persons whose Official Organizational Roles (ISO 5009 standard in development) that can be verified both by the Legal Entity as well as against one or more public sources. Examples:
- Legal Entity – CEO
- Legal Entity – Board Chair
vLEI Role Credentials issued by Legal Entities to Persons in the context of the engagement of those Persons with the Legal Entities which can be verified by the Legal Entity. Examples:
- Legal Entity – Other Employees
- Hospital/Physician’s practice – Patients
- Community/Ecosystem/Exchange/Registered Member
- Trusted Supplier/Provider/Registered Member
In December 2020, GLEIF announced its plans to create a fully digitized LEI service capable of enabling instant and automated identity verification between counterparties operating across all industry sectors, globally.
GLEIF has invited stakeholders from across the digital economy to engage in a cross-industry development program to create an ecosystem and credential governance framework, together with a technical supporting infrastructure, for a verifiable LEI (vLEI), a digitally verifiable credential containing the LEI.
The vLEI will give government organizations, companies and other legal entities worldwide the capacity to use non-repudiable identification data pertaining to their legal status, ownership structure, authorized representatives and employees in a growing number of digital business activities. This includes approving business transactions and contracts, onboarding customers, transaction within import/export and supply chain business networks and submitting regulatory filings and reports. GLEIF already is engaged in research partnerships and technical trials with stakeholders across the pharmaceutical, healthcare, telecom, automotive and financial services sectors.
The vLEI infrastructure will be a network-of-networks of true universality and portability, developed using the KERI (Key Event Receipt Infrastructure) protocol. It will support the full range of blockchain, self-sovereign identity and other decentralized key management platforms. vLEIs will be hostable on both ledgers and cloud infrastructure supporting both the decentralization of ledgers plus the control and performance of cloud. Portability will enable GLEIF’s vLEI ecosystem to unify all ledger-based ecosystems that support the vLEI.
Agnostic to any network
Development of the capabilities needed for GLEIF to issue and verify vLEIs for vLEI Issuers does not need to operate on blockchain or distributed ledger technology.
GLEIF can implement KERI to support fully decentralized portable secure key management operations on self-certifying identifiers.
GLEIF is undertaking development of the capabilities based on KERI during 1Q to 3Q of 2021 and aim for initial live beta implementation with an SSI Network starting in 4Q.
This would allow GLEIF to connect to any blockchain or distributed ledger technology SSI network without the need for custom implementation, cost and overhead of operation.
KERI is Quantum Safe. It is resistant to attacks by both classical and quantum computers.
Relevant Files for Download
- Download as PDF: vLEI Q & A