Identity. We all have some idea what it means – ‘my identity’, ‘your identity’ – and understand some of the attributes that compose our identity (age, name, email address etc.). We also have a strong desire to protect our identity as we know implicitly that it has a value – not least because we are always being asked to provide it! But that value, in isolation, is pretty much zero. The ability to transact with, or to relate to, the identity is significantly more important: the value is in the interaction.
Identity allows the interaction to be targeted, framed, managed, governed, and whilst it is the interaction that generates the value it is the identity that makes it possible. The interactions themselves can have a positive or negative value. Think about the basic actions of account management – change of address, phone number etc. These transactions cost the provider but are required for business operation. Reducing the costs, through the introduction of online self-care for example, is a well understood saving. Similarly, online sales bring a direct ‘top line’ contribution, whilst having a strong identity backed by a KYC (Know Your Customer) process lowers risk in these sales or makes high value transactions possible.
This is well-known, well-understood, and delivered by all IAM providers. However, if you look at the majority of interactions today you will see that they are individual-centric, and that misses two important classes of identity: things and organisations.
There is a lot of work underway right now regarding the ‘identity of things’ (IDoT), from simple sensors to complex devices – your car for example – to instantiations of artificial intelligences. Hopefully this work will consolidate in the near future, but so far there are a lot of possible answers and even more open questions.
Organisation identity on the other hand is, currently, remarkably underserved and certainly undervalued. As an individual, think about the recent transactions you have been involved in – maybe renewal of social club membership, or an Amazon purchase, or a redemption of loyalty points. These are all interactions with organisations, not other individuals. Consider the other side of this interaction – how do those organisations interact with their partner, customer and supplier organisations?
Organisation identity is as key as individual identity and at least as valuable and, in this context, the definition of organisation is very wide, for example: family, social, business, corporate. Consider a common example, corporate taxation:
all businesses must pay taxes – be that social, corporate, sales tax – and this typically involves registering with several government departments and providing details of all the authorised contacts/representatives within the business that will be involved. You might also need to register third parties, external accountants etc. who can act on your behalf.
But what is the model that allows you to delegate your responsibilities to a business, or that allows a business to delegate to an individual or another business? Implementing organisation identity as a primary identity class underpins such a model and enables the realisation of organisation centric use cases, most notably organisational delegation.
Organisation identity has many parallels to individual identity, not least in terms of identity assurance. Informal organisations can only have a low level of identity assurance, but formal, legal entities can undergo significant verification to achieve a highly assured identity – such as provided by Legal Entity Identifiers. Coupling such a highly-assured organisation identity with a strongly identified (and potentially highly-assured) individual identity provides the basis for full, automatic, online right to represent assertions being made. The transactions that can then take place deliver on the promise of ‘the value of organisation identity’.
My vision for Ubisecure, as CEO, is to simplify the automation of interactions through precise understanding of the three key identity domains – individuals, organisations and things – at varying strengths of authentication and levels of assurance. With our proven delivery in individual identity, organisational delegation and our growing dominance in the LEI business, we have the foundations required to take the next step in the evolution of digital business.
Want to share this vision with us as a Ubisecure customer or partner? Contact us.