ACDC Use Case: GLEIF vLEI Delegations

v1.00

Introduction

The Global Legal Entity Identifier Foundation (GLEIF) is responsible for issuing Legal Entity Identifiers (LEIs) [1]. Recently GLEIF announced an initiative to implement a digital version of the LEI called the vLEI (verifiable LEI) [2]. The proposed approach is to use a W3C Verifiable Credential (VC) as the container for the vLEI [12]. Each LEI is a structured code string that uniquely identifys a legal entity. The main (level 1) attributes associated with an LEI are the official name of a legal entity and its registered address [3][4]. The LEI is an ISO standard 17442 [5][6]. GLEIF and its affiliates verify the veracity of the data associated with an LEI. A vLEI would then act to provide a mechanism for cryptographically verifying the authenticity of a presentation of that LEI and associated data attributes.

GLEIF and its affiliates will be responsible for issuing vLEIs to legal entities. The architecture of that issuance depends on a delegation semantic sd of vLEI issuers starting with GLEIF as the root, who then delegates issuance to Local Operating Units (LOUs) or other designated issuers. This delegation may make further delegations as deemed appropriate. Consequently a chaining semantic is an essential part of the vLEI and appears to be a seminal use case for Authentic Chained Data Containers. The proposed architecture for the identifiers used in vLEIs (issuer, issuee etc) will be based on KERI autonomic identifiers (AIDs) [7][8][9][10]. These are expressed concretely as W3C DIDs (Decentralized Identifiers) [11].

The following diagram shows a notional view of the delegated vLEI issuance.

In more details the delegation of issuance will not be limited to organizations but will also include the individual employees within organizations. This increases transparancy and auditibility which will significantly reduce fraud. Indeed one of the main motivations for GLEIF's origination was to minimize fraud in the financial sector by providing verified legal entity information.

The following diagram shows a notional view of the delegated vLEI issuance including employees.

vLEIs

GLEIF vLEI





















{
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "id": "did:keri:Eewfge7gf78sgfivsf/vLEIGLEIFCredential", // DID of the verifiable credential itself
  "type": ["VerifiableCredential", "vLEIGLEIFCredential"], // type of the verifiable credential
  "issuer": "did:keri:Eewfge7gf78sgfivsf/DelegatedGLEIFRootID", // issuer of the verifiable credential
  "issuanceDate": "2021-02-10T17:50:24Z", // date of issuance
  "credentialSubject": {
    "id": "did:keri:Eewfge7gf78sgfivsf/GLEIFRootID", // DID of the issuee / holder
    "lei": "506700GE1G29325QX363" // LEI
  },
  "proof": {
    "type": "Ed25519Signature2018", // signature type (Sam to confirm year, i.e. 2018 or different)
    "created": "2021-02-18T21:19:10Z", // date of creation of signature (Sam to provide anchor to KEL part)
    "proofPurpose": "assertionMethod", // purpose of this proof
    "verificationMethod": "https://example.edu/issuers/keys/1", // identifier of the public key that can verify the signature
    "jws": "eyJhbGciOiJSUzI1NiIsImI2NCI6ZmFsc2UsImNyaXQ" // signature
  }
}

vLEI Issuer





















{
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "id": "did:keri:Esd8ghskgih84ihgs/vLEIIssuerCredential", // DID of the verifiable credential itself
  "type": ["VerifiableCredential", "vLEIIssuerCredential"], // type of the verifiable credential
  "issuer": "did:keri:Eewfge7gf78sgfivsf/DelegatedGLEIFRootID", // issuer of the verifiable credential
  "issuanceDate": "2021-02-10T17:50:24Z", // date of issuance
  "credentialSubject": {
    "id": "did:keri:Ejnfkjsngsdg7his7dg/LEIIssuerRootID", // DID of the issuee / holder
    "lei": "254900YH3ZCDPE1E5306" // LEI
  },
  "proof": {
    "type": "Ed25519Signature2018", // signature type (Sam to confirm year, i.e. 2018 or different)
    "created": "2021-02-18T21:19:10Z", // date of creation of signature (Sam to provide anchor to KEL part)
    "proofPurpose": "assertionMethod", // purpose of this proof
    "verificationMethod": "https://example.edu/issuers/keys/1", // identifier of the public key that can verify the signature
    "jws": "7igixi7hgfidgh8fidhig7hfdighfdhgihdg" // signature
  }
}

Legal Entity vLEI

























{
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "id": "did:keri:Esd8ghskgih84ihgs/vLEILegalEntityCredential", // DID of the verifiable credential itself
  "type": ["VerifiableCredential", "vLEILegalEntityCredential"], // type of the verifiable credential
  "issuer": "did:keri:Ejnfkjsngsdg7his7dg/LEIIssuerRootID", // issuer of the verifiable credential
  "issuanceDate": "2021-02-10T17:50:24Z", // date of issuance
  "credentialSubject": {
    "id": "did:keri:Ejksbdfugdsidsigsdg/LegalEntityRootID", // DID of the issuee / holder
    "lei": "254900OPPU84GM83MG36" // LEI
  },
  "proof": {
    "type": "Ed25519Signature2018", // signature type (Sam to confirm year, i.e. 2018 or different)
    "created": "2021-02-18T21:19:10Z", // date of creation of signature (Sam to provide anchor to KEL part)
    "proofPurpose": "assertionMethod", // purpose of this proof
    "verificationMethod": "https://example.edu/issuers/keys/1", // identifier of the public key that can verify the signature
    "jws": "ksdgfi7sdfbidsifiafbkadbkfbdakbff" // signature
  }
}

Official Role























{
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "id": "did:keri:Evdshjvf7sdvfisdfkks/vLEILegalEntityOfficialPersonRoleCredential", // DID of the verifiable credential itself
  "type": ["VerifiableCredential", "vLEILegalEntityOfficialPersonRoleCredential"], // type of the verifiable credential
  "issuer": "did:keri:Ejksbdfugdsidsigsdg/LegalEntityRootID", // issuer of the verifiable credential
  "issuanceDate": "2021-02-10T17:50:24Z", // date of issuance
  "credentialSubject": {
    "id": "did:keri:Ehjvsahfvhavshjfvka/LegalEntityOfficialPersonRoleID", // DID of the issuee / holder
    "lei": "254900OPPU84GM83MG36", // LEI
    "person_legal_name": "Samuel Smith", // person legal name
    "official_role": "CEO" // official role
  },
  "proof": {
    "type": "Ed25519Signature2018", // signature type (Sam to confirm year, i.e. 2018 or different)
    "created": "2021-02-18T21:19:10Z", // date of creation of signature (Sam to provide anchor to KEL part)
    "proofPurpose": "assertionMethod", // purpose of this proof
    "verificationMethod": "https://example.edu/issuers/keys/1", // identifier of the public key that can verify the signature
    "jws": "6gds7fgdigfidisfksdkbdbskgj" // signature
  }
}

Engagement Context Role























{
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "id": "did:keri:Evdshjvf7sdvfisdfkks/vLEILegalEntityEngagementContextPersonRoleCredential", // DID of the verifiable credential itself
  "type": ["VerifiableCredential", "vLEILegalEntityEngagementContextPersonRoleCredential"], // type of the verifiable credential
  "issuer": "did:keri:Ejksbdfugdsidsigsdg/LegalEntityRootID", // issuer of the verifiable credential
  "issuanceDate": "2021-02-10T17:50:24Z", // date of issuance
  "credentialSubject": {
    "id": "did:keri:Edsjf7disgfibdsfbsfsd/LegalEntityEngagementContextPersonRoleID", // DID of the issuee / holder
    "lei": "254900OPPU84GM83MG36", // LEI
    "person_legal_name": "John Smith", // person legal name
    "engagement_context_role": "Project Manager" // engagement context role
  },
  "proof": {
    "type": "Ed25519Signature2018", // signature type (Sam to confirm year, i.e. 2018 or different)
    "created": "2021-02-18T21:19:10Z", // date of creation of signature (Sam to provide anchor to KEL part)
    "proofPurpose": "assertionMethod", // purpose of this proof
    "verificationMethod": "https://example.edu/issuers/keys/1", // identifier of the public key that can verify the signature
    "jws": "gd7sgf7igdsfudsfhh" // signature
  }
}

Chaining

Provenance Chains (Credence or Authorization)

{

  sources: 

  \[ 

  {id: val, rules: { …}, weight: value, …}, # source issuer

  {id: val, rules: { …}, weight: value, …}, # source issuer

  …

  \],

  destination: id, #issuer

  rules: { … },

  weight: value,

  sink: id,  #issuee

  …

}

References

1. Global Legal Entity Identifier Foundation (GLEIF).

2. GLEIF Advances Digital Trust and Identity for Legal Entities Globally.

3. Introducing the Legal Entity Identifier (LEI), GLEIF.

4. LEI common data format.

5. “ISO 17442-1:2020 Financial services — Legal entity identifier (LEI) — Part 1: Assignment,” ISO, 2020/08/01.

6: “ISO 17442-2:2020 Financial services — Legal entity identifier (LEI) — Part 2: Application in digital certificates,” ISO, 2020/08/01.

7. Smith, S. M., "Key Event Receipt Infrastructure (KERI) Design"

8. Decentralized Identity Foundation KERI Project.

9. Decentralized Identity Foundation KERI Python Implementation Repository.

10. GLEIF with KERI Architecture.

11. “Decentralized Identifiers (DIDs),” W3C Draft Community Group Report 23 August 2018.

12. W3C Verifiable Credentials Data Model.

Syntax	Example	Reference
# Header	Header	基本排版
- Unordered List	Unordered List
1. Ordered List	Ordered List
- [ ] Todo List	Todo List
> Blockquote	Blockquote
Bold font	Bold font
Italics font	Italics font
~~Strikethrough~~	~~Strikethrough~~
19^th^	19^th
H~2~O	H₂O
++Inserted text++	Inserted text
==Marked text==	Marked text
[link text](https:// "title")	Link
![image alt](https:// "title")	Image
`Code`	`Code`	在筆記中貼入程式碼
```javascript var i = 0; ```	`var i = 0;`	在筆記中貼入程式碼
:smile:		Emoji list
{%youtube youtube_id %}	Externals
$L^aT_eX$	L^aT_eX
:::info This is a alert area. :::	This is a alert area.