In my previous blog I talked about the classes of identity, the value of organisation identity, and how that leads towards Ubisecure’s vision of the simplification of automation of interactions:
“to simplify the automation of interactions through precise understanding of the three key identity domains – individuals, organisations and things – at varying strengths of authentication and levels of assurance”
Obviously, none of this can happen by default. Platforms and applications are needed to orchestrate the interactions and bring the vision to life.
In this blog, I will dive a little deeper into what this means and how we can make that vision a reality – especially when those ‘interactions’ translate into an individual’s rights associated with the organisation.
A brief history of Organisation ID
Ubisecure has a unique position with regard to organisation identity, it’s been part of our DNA since 2006 and continually evolving:
- 2006 – Ubisecure started working on changes to the core platform to enable delegations of authority between any combination of individual and organisation. By 2008 this was running live in various Finnish government departments.
- 2011 – the Katso project was recognised by Kuppinger Cole for the magnitude of savings it was generating: an incredible 99% (read full report)
- 2018 – Ubisecure gained LOU accreditation to issue Legal Entity Identifiers (LEIs), making us one of the few issuers of this G20-approved highly-assured identities for organisations.
Our history and the resulting capabilities make Ubisecure unique in our ability to execute on the potential of combined individual and organisation identity.
Automation of interactions
In our vision statement I talk about the simplification of (the automation of) interactions, but what does this actually mean?
Manual Delegation
Taking a UK example, the tax office allows you to delegate the submission of your tax matters to third parties. You have to log on to their site and enter the details, including postal address. The tax office then sends a printed letter in secured mail with a pin code to the nominated recipient, who can log on and use that pin code to activate access to your account. Manual delegation is costly, time consuming and prone to delay or error.
Electronic & Automated Delegation
The Finnish tax office uses an automated solution where you electronically invite the party to a subset of your tax affairs. They accept this invitation online and are granted rights to access areas of your account. Further, assuming the ability was given, the receiver of the rights can onwards delegate to others without the original party having to be aware and invite them.
It is this automation and the associated reduction in administration and process that generates the savings – in the Finnish case, 100x reduction in transaction costs. Electronic and automated delegation is inexpensive, fast and effective.
Why the Slow Adoption ?
Given the magnitude of potential savings from such automation, why is it not more prevalent? Finland has the advantage of existing high assurance identities in the form of national and bank IDs. It also has a platform that can represent organisations directly, as opposed to indirectly via individuals somehow connected to the organisation.
For such automated systems to work there needs to be a source of organisation identity, and a source of strongly authenticated (and, depending on the transaction, highly assured) individual identity. It is important to note that the assurance level of the individual is potentially less critical than the strength of authentication.
With the introduction of LEIs, it’s only recently that it has been possible to obtain a globally valid highly assured organisation identity.
Generic rights delegation
The presented tax office scenario is very specific, with a pre-defined set of rights. Looking generically at the relationship between individuals and organisations we see a standardised set of rights:
- Right to associate
- Right to request
- Right to represent
This core set of rights is the basis for all interactions between organisations. Automating the assertions of these rights provides the basis for simplification of business interactions and obtaining significant cost savings in the process. Delegating subsets of these rights with varying parameterisation enables the online automatic implementation of governance policies and makes the savings available to all levels within any organisation.
Bringing it all together
I made the statement earlier that Ubisecure is in a unique position, and that is due to the product sets we have.
The Ubisecure Identity platform has supported multi-tier delegation of defined sets of rights for both individuals and organisations for many years. The RapidLEI platform provides a direct source of highly assured organisation identities.
Our forthcoming RtX (Right to X) platform layers on top of these existing assets, providing the orchestration required to progress our vision and offer a simple solution for organisations to benefit from assertions that detail an individual’s right to associate, request or represent an organisation.
We will be releasing RtX information over the coming weeks as we prepare for the launch and early customers, but if you would like to find out more about how you can benefit from RtX, please talk to us.
About The Author: Simon Wood
More posts by Simon Wood