Introducing the Verifiable LEI (vLEI)
GLEIF has pioneered a new form of digitized organizational identity to meet the global need for automated authentication and verification of legal entities across a range of industries called the verifiable LEI (vLEI). By creating the vLEI, GLEIF is now answering to this urgent and unmet need of pioneering a multi-stakeholder effort to create a new global ecosystem for organizational digital identity.
The vLEI concept is simple: It is the secure digital counterpart of a conventional LEI. In other words, it is a digitally trustworthy version of the 20-digit LEI code which is automatically verified, without the need for human intervention.
Digital certificates, even though highly applicable, widely used and covered in many legislations, have not solved digital identity entirely. Certificates are not unique, the information contained within might be outdated, and revocation has always been an issue. Furthermore, there are so many schemes at the same time. A digital certificate issued in one country under a local scheme might not be usable by the owner in another country. Last but not least, digital certificates follow different schemes tailored for a certain context. They are not, per se, interoperable. Digital certificates do not provide the mission that has been envisioned by GLEIF: Each business worldwide should have only one global identity.
The industry has considered these issues and has devised with a new approach to digital identity management. Thanks to advances in distributed ledger/blockchain technology, digital identity management with the additional feature of decentralized identity verification now is possible. Based on a concept known as self-sovereign identity (SSI), this new approach to authentication and verification of digital identity began as a means by which a person, the identity holder, has control of his/her personal data over how, when, and to whom that data is revealed.
This approach is set to transform the nature of identity management and how person-to-entity, or entity-to-entity, interactions take place in the digital world. It can address the need for automation in verification while maintaining data privacy and confidentiality. The LEI plays a key role in this process.
Verifiable Credentials (VCs) and the emerging role of the LEI
Verifiable Credentials are digitally signed credentials that are not only tamper-resistant but capable of being verified in decentralized manner. vLEIs are based on the Trust over IP Authentic Chained Data Container (ACDC) specification (based on the Key Event Receipt Infrastructure (KERI) protocol (github.com/WebOfTrust/keri), both Internet Engineering Task Force (IETF) draft specifications).
GLEIF asserts that the LEI is the ideal foundation on which to establish a chain of trust for organizational identity.
The LEI as a Verifiable Credential – the vLEI Trust Chain
- GLEIF is the Root of Trust
- Root AID (Autonomic Identifier) to establish the Root of Trust
- Delegated AIDs to issue Credentials
- GLEIF will establish a trusted network of Qualified vLEI Issuers (QVIs)
- QVIs are qualified to issue Entity and Role Credentials:
- to Legal Entities
- to Persons who represent Legal Entities either in official or functional roles
By combining three concepts – the organization’s identity, represented by the LEI, a person’s identity represented by their legal name, and the role that the person plays for the legal entity, vLEI credentials can be issued and become part of organizational wallets.
vLEI Role Credentials issued by Legal Entities to Persons whose Official Organizational Roles (ISO 5009 standard) that can be verified both by the Legal Entity as well as against one or more public sources.
- Legal Entity – CEO
- Legal Entity – Board Chair
vLEI Role Credential issued by Legal Entities to Persons in the context of the engagement of those Persons with the Legal Entities which can be verified by the Legal Entity.
- Legal Entity – Other Employees
- Hospital/Physician’s practice – Patients
- Community/Ecosystem/Exchange/Registered Member
- Trusted Supplier/Provider/Registered Member
Chaining of the vLEI Credentials in the vLEI Trust Chain using ACDC credentials allows for the provenance of vLEIs to be traced back to GLEIF as both the Root of Trust for the vLEI Trust Chain as well as to the entity that ensures the operational integrity of the Global LEI System.
In December 2020, GLEIF announced its plans to create a fully digitized LEI service capable of enabling instant and automated identity verification between counterparties operating across all industry sectors, globally.
The vLEI infrastructure will be a network-of-networks of true universality and portability, developed using the KERI (Key Event Receipt Infrastructure) protocol. It will support the full range of blockchain, self-sovereign identity and other decentralized key management platforms. vLEIs will be hostable on both ledgers and cloud infrastructure supporting both the decentralization of ledgers plus the control and performance of cloud. Portability will enable GLEIF’s vLEI ecosystem to unify all ledger-based ecosystems that support the vLEI.
Agnostic to any network and interoperable
Development of the capabilities needed for issuance, verification and revocation of vLEIs do not need to operate on blockchain or distributed ledger technology.
This would allow GLEIF to connect to any blockchain or distributed ledger technology SSI network or cloud infrastructure without the need for custom implementation, cost and overhead of operation.