In October 2022, Simon Wood, CEO of Ubisecure, presented our vision for the future of digital identity at the Houlihan Lokey Tech Leadership Summit in New York. The vision, in short:
“The future of digital identity: the ability to combine strongly authenticated individual identities with highly assured organisational identities to show who you are, who you represent, and the rights you have to represent them.”
Simon talked about a world where individuals have complete control over personal data and can easily prove their identity to access services and products and critically, be able to digitally represent their organisations.
This post covers the key points covered in the presentation, and explains how Ubisecure’s recent years of experience as the leader in LEI (Legal Entity Identifier) issuance has set the stage for our future vision.
The vision is broken down into three key points.
1. We must ensure that individuals are authenticated in a secure manner and that their identities are protected from identity fraud.
2. We also need highly assured organisation identity. It is essential to know that the claims made regarding the organisation are valid.
3. We can then join both identity types, to enable users to express who they are, who they represent, and the rights they have when representing their respective organisations. Conversely, organisations can challenge and verify these claims.
For any vision to have a valuable future there has to be a strong return associated with it. The value of this vision has already been proven, albeit at a local, not global level.
Ubisecure previously deployed an identity management platform with multi-tier delegation capabilities to the Finnish government. The platform linked individual and organisation identities, allowing individuals to represent their organisations, or delegate that representation to other individuals or other organisations. Public stats show that just over 400,000 organisations were using the platform across 104 different online government services. One of those services was the tax office in Finland, and that tax office was able to show a 99% cost reduction through moving to online service versus having physical points of presence.
Simon explained at the event: “The move to online for the tax office was enabled through the ability for individuals to express who they were, who they represent, and the rights that they had when representing them. Coupled with that, the ability to delegate those rights through a chain, that’s where that value came from. That’s why we see this future vision of digital identity in combining that individual and organisation capability as a highly valuable place to be, to create massive efficiencies and reduce fraud.”
Now, the Finnish example is something that’s already happened. So how does this represent the vision? The limitation with the Finnish solution is that it’s delivered in a closed ecosystem. The strongly authenticated individuals are derived from the Finnish national ID, be that through bank ID or mobile ID. The organisation identity is coming directly from the business registry in Finland, essentially creating the trust anchor. To scale this concept beyond Finland, we need to establish an open system that utilises global identities.
Fortunately, we’re now at a point in Ubisecure’s evolution where we can take our unique combination of capabilities and enable this solution to scale globally. How do we do that? Let’s map back to that vision:
The vision requires globally available, strongly authenticated identities. Fortunately, we’re now at a point in time where reusable identities are prevalent. There are dozens of digital identity schemes throughout Europe, ranging from Government identities to mobile IDs. Where such frameworks do not exist, there are mature real-time identity proofing solutions that bring inclusivity to the growing digital identity ecosystem. We also seeing the rise of “networks of networks” like the European eIDAS 2.0 and on a global scale, schemes like GAIN.
The Ubisecure CIAM platform supports all identity protocols. Our broad capabilities allow us to support “the old, the new, and the strange” both in terms of protocols and applications. Over many years focusing on Europe we have been enabling organisations to connect reusable identities to applications, especially in the Nordics, arguably the most advanced digital identity ecosystem in the world.
Next, the vision requires globally available, highly assured organisation identities. Again, we’re at a point in time where such identities now exist, thanks to the G20 and the Global LEI Foundation launching the Legal Entity Identifier (LEI). The LEI is the only global, standardised and open-access organisation identifier available.
Because organisation identity is so important to our vision, Ubisecure undertook the accreditation to become an approved LEI Issuer back in 2018. We launched RapidLEI as an LEI issuance service, built from the ground-up on a technology platform focused around automation, ease of use, and data accuracy. We also built a global partner network of Registration Agents and Validation Agents, including several of the world’s largest banks, to make registering LEIs more accessible for legal entities of all sizes and in all regions. As a result we are now the world’s number one issuer of LEIs.
Our leadership position gives us ready access to globally available, highly assured organisation identities.
The broad support for both individual and organisation identity now enables the Ubisecure unique value proposition with a combination of CIAM and LEI that’s delivered without border limits, globally.
This brings us full circle and we come back to the opening part of our vision. We take the front-end identity provisioning from our LEI services, where we can ensure the availability of highly assured open access organisation identities. And the back-end identity management capabilities of the CIAM platform to allow us to understand, connect and mediate strongly authenticated individuals.
As those components come together, we deliver a high value Identity & Access Management service, delivering the ability to express who you are, who you represent, and the rights you have in representing them.
If you are planning to utilise IAM to deliver real business value to your organisation, do get in touch. We’ll be happy to discuss whether Ubisecure is a good solution for your current and future projects.