LEI Use Cases

Certificate Authorities, SSL Resellers, PKI Stakeholders, and Electronic Signature Providers

LEI Platform

Authorities in local jurisdictions drive financial regulation where LEIs are required (or proposed as a requirement). However there are growing numbers of non-regulatory (or yet to be regulated) use cases where the LEI can add significant value as the central, verifiable and pervasive live corporate identifier in online transactions.

As a persistent unique key to verifiable level 1 “who is who” business data and level 2 “who owns who” parental structures organizations like Certificate Authorities and other technology providers can get significant value from the LEI. Updated at least annually, LEIs will always offer an improved alternative over any static multi-year Certificates or other formats of static data.

RapidLEI is driving the adoption of LEIs in the Certificate Authority ecosystem:

  • Through our partner network it is now possible to buy SSL Certificates incorporating LEIs. Read more
  • Global SSL resellers including Adweb Tech, GoGetSSL, Trustify, TurSign, and more now also sell LEIs alongside SSL.
  • Along with the GLEIF we are working with the CA/B Forum to standardize how LEIs can be i) included in SSL Certificates, and ii) how Certificate Authorities can utilize LEI reference data during validation processes

LEI in SSL Certificate

gogetssl-logo

Trustify logo

ADVANTAGES OF LIVE COMPANY IDENTITY DATA

Users relying on company identity data for any online use case need several things. Relying Parties need it to be:

Live and Accurate

Representative of the company at the time of relying on it

Regulated and Consistent

There should be a credible standardized validation workflow of identity data

Verifiable

Published to a publicly accessible and verifiable open database

User friendly

Doing Business As should be supported where complicated group holding names would otherwise confuse users (KLM vs Koninklijke Luchtvaart Maatschappij N.V.)

Detailed when needed

As well as providing the ‘who is who’ aspect of company identity, when needed give insight into ‘who owns whom’ for corporate structure understanding

Transparent Quality

Relying parties should be able to check the data accuracy quality from the issuer and if inaccuracy is suspected, there should be a protocol to challenge

Browsers and Certificate Authorities are ideally placed to use and display live LEI data to their stakeholders of businesses and consumers alike, extracting them from the underlying X509 SSL/TLS certificate underpinning the encrypted communications channel.

CURRENT BEST PRACTICE DEFINITIONS

As we work closer with Certificate Authorities (CAs) on building LEI information into Digital Certificates a standard implementation schema is necessary. As of February 2019 the following definitions are considered best practice:


LEI
DEFINITIONS IMPLICIT TAGS ::= BEGIN

ub-leiRole-length INTEGER ::= 100

Lei     ::= SEQUENCE {
        leiCode         PrintableString(SIZE(20)),
        leiRole [0]     EXPLICIT PrintableString(SIZE(1..ub-leiRole-length))
                        OPTIONAL
         }

EXTENSION       ::= CLASS {
         &id     OBJECT IDENTIFIER UNIQUE,
         &ExtnType }
WITH SYNTAX {
         SYNTAX  &ExtnType,
         IDENTIFIED BY &id
         }

lei     OBJECT IDENTIFIER ::= {1 3 6 1 4 1 5222266 1}

leiExtension    EXTENSION ::= {
         SYNTAX  Lei,
         IDENTIFIED BY lei
         }

Extension ::= SEQUENCE {
         extnId  EXTENSION.&id({ExtensionSet}),
         critical        BOOLEAN DEFAULT FALSE,
         extnValue       OCTET STRING
         (CONTAINING EXTENSION.&ExtnType({ExtensionSet}{@extnId})
                 ENCODED BY der),
         ...
         }

der     OBJECT IDENTIFIER ::=
    {joint-iso-itu-t asn1(1) ber-derived(2) distinguished-encoding(1)}

ExtensionSet    EXTENSION ::= {leiExtension,...}

END

OTHER EMERGING USE CASES

ELECTRONIC & DIGITAL SIGNING

Digital and Electronic Signatures solutions allow organisations to streamline workflows and build legally permissible signatures into documents and transactions. Incorporating LEIs into document signing workflow allows verifiable linkage between the signer and the signer’s corporate entity.

LEI Developers