Ubisecure Identity Platform
Identity and access management, optimized for securing, managing and enabling deeper engagement with customer identities (CIAM) and b2b / partner digital identities. Choose the deployment model that best suits your needs. Choose where your data resides – in a specific cloud geography, or in your own datacenter.
FREE KUPPINGERCOLE WHITEPAPER
Customers and Partners are vulnerable entry points into your network.
Protect their identities, and you protect your network. Start by learning about B2B & Supply Chain Identity Management.
The Industry’s most powerful IAM-based Digital Delegation solutions
Embed Delegated Authority into your application to enable individuals and organisations to delegate management of their digital identities (or family’s digital identities) to others to act on their behalf when using online services.
Right to Represent is a fast and easy way to verify an individual’s mandated rights to electronically represent their company. Governance service based on open identity standards and incorporating Legal Entity Identifiers (LEI).
What Industry experts say about Ubisecure
The Ubisecure Identity Platform is delivered as a single integrated IAM suite that provides both Web Access Management and Identity Federation capabilities with a fully integrated database and application server.
The Ubisecure Identity Platform is a critical component of the eHealth service as its functionality provides Swedish citizens with very easy to use process for accessing their health records.
The Ubisecure Identity Platform has helped us realise a unified IAM solution for both consumers and corporate customers, creating an environment where you only need one identity.
Identity Management is evolving. Keep up with the latest…
- Top reasons TLS/SSL Certs can benefit from Legal Entity IdentifiersFebruary 26, 2020From removal of the EV indicators in the browser UI to the shortened lifetime of Certificates, the product makeup of TLS/SSL Certs has changed considerably in the last six months. Now that the Certificate lifetime process aligns closely with the Legal Entity Identifier, we started thinking about even more reasons why TLS/SSL Certs can benefit from closer ties to LEIs. The LEI is designed to be the global identifier: The LEI is standardised across all jurisdictions. It is endorsed by the G20 and the Financial Stability Board and regulated by the Global LEI Foundation (GLEIF). The LEI is already widely supported with a significant install base. Over 1.5m LEIs have been issued. The LEI is already a source of Know Your Customer (KYC) for b2b onboarding in an extensive vendor network and is the primary connector between all the regional, or private sector identifiers. By connecting multiple sources and formats of identity, it is possible to conclude a more trustworthy identity assertion. Both humans and machines can verify the LEI. The GLEIF database of issued LEIs is open and searchable via its web interface, full dataset download, or API. The LEI code is a live reference to an identity record. An LEI record does not have name length restrictions and can be updated to represent an accurate organisation identity when corporate details change without the need to issue a new code. The LEI must be renewed annually to remain active, and renewal requires revalidation of corporate details. This aligns with Apple’s view (and likely the view of other browser vendors) that the validity of TLS/SSL Certs must not exceed one year. The LEI is the only identifier to connect parent and children organisations publicly. Known as Level 2 data, LEIs provide transparency into the “who owns whom” aspect of organisation identity. The LEI is formed using a standardised, consistent identity data reference schema that includes Entity Legal Forms (ELF) codes (Ltd, GmbH, etc). The unambiguous ELF data provides an improved user experience by categorizing legal entities providing clear insight into the global market place. The LEI payload (the twenty-digit LEI number itself) is smaller than most Subject Distinguished Names (DN), and certainly smaller than the DN within OV and EV Certificates. Smaller certificates are better. LEIs can list multiple “Doing Business As” names and previously incorporated names, giving a historical audit trail to counterparties. LEIs support multiple languages for names and addresses. Local language support provides a better localised understanding of, and reliance upon, identity data. The data quality of the LEI system is open and transparent. LEI reference data can be challenged. A defined, publicly accessible process exists within the ecosystem to openly challenge identity data if a counterparty believes it to be inaccurate. LEIs are already supported by XBRL (the open international standard for digital business reporting). Both human-readable and machine-readable LEIs can be embedded in XBRL documents as the standardized organisation identifier. The use of LEIs is well researched as a tool for cost saving in KYC/Onboarding. See the GLEIF ebook for an example of how the banking sector is using LEIs. LEIs will soon be included in the new ISO payment standards as the organisation identifier in SWIFT transactions. The implementation of LEIs into Digital Certificates will soon be standardised through the draft ISO 17442-2 and ETSI TS 119 412-1 So there we have it. So many strong reasons why and how LEIs and Digital Certificates should become more closely allied. ...
- Apple policy change highlights the value for Legal Entity Identifiers support in Org Validated SSL/TLS CertsFebruary 25, 2020After September 1, 2020, Apple’s Safari browser will no longer accept SSL/TLS Certificates with validity periods longer than 398 days (effectively one year plus a short grace period). This is after many months of debate and deliberation within the Certification Authority Browser Forum (CA/B Forum) that saw the vote to reduce validity periods defeated. Apple’s announcement effectively means they are going ahead anyway, and the unilateral change in policy renders the previous vote irrelevant – if you want Apple to trust your SSL/TLS Cert, you need to comply. As long-time stakeholders in the CA space, we support the shortened Certificate lifetime policy. Interestingly for Ubisecure (and RapidLEI), this change creates close alignment with how the Legal Entity Identifier (LEI) system already operates. There are security advantages to shorter-term Certificates. The shorter the validity period, the narrower the window of exposure that exists to use a compromised or mis-issued Certificate. Likewise, Organisation Validated Certs contain fixed organisation identity data, frozen in time at the point of the Certificate issuance. Organisation identity data (legal name, incorporation type, address, jurisdiction, etc.) can and does legitimately change over the lifetime of the organisation. Therefore, the shorter the validity period, the narrower the window where organisation data may change and render the identity within the Certificate inaccurate or misleading. Renewing or revalidating Certificates or Legal Entity data every year can be challenging. That’s why automating the renewal process is essential for both Certificates and LEIs, it’s the only way to achieve scale. Most CAs have long recognised the importance of automation to ensure Certificates are replaced before expiration. The same logic applies to LEIs – to keep LEIs live and up to date in large volume (an estimated 300m organisations exist worldwide), automating the renewal period is essential. LEIs already have a maximum validity period of 365 days – at least once every year LEIs must be revalidated. Via our RapidLEI platform, we already automate both the initial registration and the renewal of LEIs. Most LEIs are issued in a minute or two. We have built a rights governance service for entities to associate an authorised user’s rights to represent their organisation in workflows such as Certificate application. Our Right to Represent service is based around the control of the LEI that’s not dissimilar to how Admins today authorise use of domains via DNS based challenges or users authenticate themselves to third party applications using existing social, enterprise or verified identities. The net result is that CAs that utilise LEIs as an automated source of organisation validation will be able to better deal with the increased vetting overhead that will come with shorter organisation validated Certificate periods. We believe LEIs will deliver even higher value if the refresh period is further reduced. We are trialing automated monthly renewals, converting the LEI annual model into one of monthly subscription. It’s our view that due to critical adoption for both Certificate installation automation and LEI renewal automation that OV/EV Certificates could one day be even shorter in duration and offered via subscription. When that happens, we have built the only LEI platform to support that transformation. One last point, unlike the hard-coded identity data within a Certificate, the LEI is a live reference and can be updated at any time to provide an accurate organisation identity to the relying party. By embedding the LEI number into Certificates, the relying party is given a reference point to a live organisation identity in a publicly accessible and challengeable organisation database. With the push within the CA/B Forum to offer users better security and user experience with Certificates, we hope that the browser vendors can embrace the value the LEI system can deliver. In the physical world, one of the LEI’s primary uses is to be the ‘connector’ between different localised identifiers to help build an accurate and trustworthy KYC picture. Just like the physical world when it comes to online trust, there are no single silver bullet solutions. Trust is established from utilising a multitude of sources and factors. We see the use of LEIs in Certificates being no different. Further reading: DigiCert’s position on one-year Certificates DigiCert and Ubisecure partner for next-generation Legal Entity Identifier organization identity solutions...
- Announcing RapidLEI’s partnership with Portuguese digital solutions provider, MarketWareFebruary 20, 2020Ubisecure’s Legal Entity Identifier (LEI) issuance service, RapidLEI, today announced a new strategic partnership with Portuguese digital solutions provider, MarketWare. The partnership enables MarketWare to issue LEIs to its clients across Portugal and Spain, as an integral offering in its Certificados.EU service. Read the full press release at www.ubisecure.com/news-events/marketware-rapidlei/. The announcement follows this week’s news that RapidLEI has firmly established its consistent position in the top 3 LEI issuers worldwide, and is the number one issuer of LEIs outside of the US. Chris Hudson, Director of Channel Sales at RapidLEI, said, “RapidLEI’s growth has been incredible over the past year and a half since its launch, largely owing to its wide global partner-base each with local expertise in the LEI market. MarketWare will be a key ally in Portugal, sharing and promoting our belief in the potential of LEIs to radically reform trust in financial transactions.” Find out more about RapidLEI’s partnership programmes here – rapidlei.com/partners/. Sílvia Domingues, Commercial Director at MarketWare, said, “there is a clear opportunity for us to provide LEIs to our customer base and the large number of companies trading in Portugal, and RapidLEI were the obvious choice of partner when considering its competitive pricing and same-day issuance.” Get your LEI from MarketWare with up to 5 years’ validity at codigolei.certificados.eu....