Standards Development

Scope

This document specifies the use of the Legal Entity Identifier (LEI) code, represented in ISO 17442-1: 2020 Financial services - Legal entity identifier (LEI) – Part 1 Assignment, in Authentic Chained Data Container credentials (ACDC credentials), represented by [reference to ACDC specification at the time of submission of this form 4, at a minimum to the IETF draft specification]. Leveraging standard cryptography combined with the chaining feature and strong authentication protocol, the Global Legal Entity Identifier Foundation (GLEIF) has designed and developed specific ACDC credentials containing LEIs and refers to these credentials as verifiable LEIs, or vLEIs.

The goal of integrating LEIs in vLEI ACDC credentials is to combine the advantages of both. LEIs can provide unique identification of businesses (legal entities) and the cryptographic verification of identification associated with digital credentials. vLEIs provide automated remote verification of legal entities owning LEIs, i.e., cryptographically prove that an LEI is owned by the organization signing with or presenting the credential. vLEIs have been created both for the LEI legal entity level as well as for Role Credentials, vLEI credentials which in addition to containing the LEI, identify persons acting on behalf of a legal entity and the official or functional roles in which these persons represent the legal entity. 

Users can view the lists of entity level vLEIs as well as vLEI Role Credentials issued for legal entities to persons acting in official roles for the legal entity, which are called Legal Entity Official Organizational Role vLEI Credentials (OOR Credentials). Look up of this information is accessible in addition to the look up of each LEI code and its entity and relationship reference data provided in the Global LEI System for which GLEIF provides a GLEIF Application Programming Interface (API).

OOR Credentials further leverage the ISO/TC 68 Subcommittee 8 ISO 5009:2022 Financial services – Official Organizational Roles – Scheme for Official Organizational Roles standard. This standard specifies an unambiguous scheme to list official organizational roles by jurisdiction in a standard way, providing codes and their associated data records.

Purpose

Digital certificates, even though highly applicable, widely used and covered in many legislations, have not solved digital identity entirely. Certificates are not unique, the information contained within might be outdated, and revocation has always been an issue. Furthermore, there are so many schemes at the same time. A digital certificate issued in one country under a local scheme might not be usable by the owner in another country. Last but not least, digital certificates follow different schemes tailored for a certain context. Digital certificates therefore are not operationally or semantically interoperable especially within the context of chains of trust.

The industry has considered these issues and has devised a new approach to digital identity management. Thanks to advances in distributed ledger/blockchain technology, digital identity management with the additional feature of decentralized identity verification now is possible. Based on a concept known as self-sovereign identity (SSI), this new approach to authentication and verification of digital identity began as a means by which a person, the identity holder, has control of his/her personal data over how, when, and to whom that data is revealed. This approach is set to transform the nature of identity management and how person-to-entity, or entity-to-entity, interactions take place in the digital world. It can address the need for automation in verification while maintaining data privacy and confidentiality.

The LEI plays a key role in this process leading GLEIF to continue its work that each business worldwide should have only one global identity and this should include a digital identity by proposing to expand the ISO 17442 standard to have a Part 3 dedicated to leveraging the LEI in digitally signed credentials that are not only tamper-resistant but capable of being verified in decentralized manner. Chaining of the vLEI Credentials in the vLEI Trust Chain using ACDC credentials allows for the provenance of vLEIs to be traced back to GLEIF as both the Root of Trust for the vLEI Trust Chain as well as to the entity, under regulatory oversight, that ensures the operational integrity of the Global LEI System.

The vLEI infrastructure will be a network-of-networks of true universality and portability, developed based on the Key Event Receipt Infrastructure (KERI) protocol as the backbone of the vLEI infrastructure [reference to KERI specification at the time of submission of this form 4, at a minimum to the IETF draft specification]. The infrastructure can support the full range of blockchain, self-sovereign identity and other decentralized key management platforms as vLEIs are not reliant upon nor are distributed ledgers/block chain technology required to implement the proposed standard.. vLEIs will be hostable on both ledgers and cloud infrastructure supporting both the decentralization of ledgers plus the control and performance of cloud. Portability will enable GLEIF’s vLEI ecosystem to unify all ledgerbased ecosystems that support the vLEI. 

Finally, a related capability called Composable Event Streaming Representation (CESR) [references to CESR specification and Proof Format at the time of submission of this form 4, at a minimum to the IETF draft specification] allows vLEIs to be used to sign individual facts, documents, taxonomies, transactions, financial messages, etc. These artifacts can be signed in their entirety as well as by specific sections/parts by one or more holders of vLEI credentials. These capabilities not only provide cryptographic verification in a decentralized manner but create a chain of provenance of data in the preparation, review, approval and submission of reports, as an example.

Zero trust networks are being mandated for use in public and private sectors. The use of the LEI standard, based upon existing industry standards, can be important, fundamental infrastructure for the realization of globally scalable zero trust networks.