Connecting the Legal Entity Identifier (LEI) Ecosystem to the SSL/TLS Certificate World

Traders Magazine Online News, September 13, 2018

John D'Antona Jr.

In our recent blog we talked about how we believe the SSL/TLS ecosystem is better served when identity and encryption are viewed as separate (but connected) concepts. Interestingly we’re seeing a similar principle echoed (in part) across some members of the browser community, specifically Google Chrome, with the downgrading of the EV UI to display only encryption indicators. Whereas we understand Google’s approach, after all they have only done good things to help drive the adoption of SSL to all time high rates, we can’t help but wonder if there is a better way to connect identity and encryption in Certs and return some perceived value to the identity assurance aspects.

We believe that identity has a firm place in the SSL/TLS world when implemented in a user friendly, secure and consistent way. We are excited to now be able to talk specifically about our approach to the ongoing identity and/or encryption debate and how we’re connecting SSL/TLS products to the traditionally physical corporate identity world.

Identity assurance across online use cases

Users relying on company identity data for any online use case need several things. They need it to be:

• Live and accurate – representative of the company at the time of relying it
• Regulated and consistent – there should be a credible standardized validation workflow of identity data
• Transparent – published to a publicly accessible and verifiable open database
• User friendly – Doing Business As should be supported where complicated group holding names would otherwise confuse users (KLM vs Koninklijke Luchtvaart Maatschappij N.V.)
• Detailed when needed – as well as providing the ‘who is who’ aspect of company identity, when needed give insight into ‘who owns whom’ for corporate structure understanding
• Challengeable – if inaccuracy is suspected, there should be a protocol to challenge

The Legal Entity Identifier (LEI) ecosystem, overseen by the GLEIF (Global Legal Entity Identifier Foundation), was designed to meet all these requirements. Whereas the most common use case for LEIs today remains within financial reporting, the LEI has the potential to be a central single corporate identifier for a multitude of use cases:

TrustCubes is initially focusing on the applicability of LEIs to SSL/TLS Certificates. Published LEI data is already known as a qualified data source to CAs, and some CAs already use LEI information when validating SSL applications. However that’s where the connection to LEIs ends rather than begins.

For more information on related topics, visit the following channels:

• Technology