Representation

When employees or contractors act on behalf of an organization, the organization mandates them up to a set limit. The organization is accountable for their actions and is liable if they act outside the set limits.

Authentication of a representative

In the physical operation of our economy, this question of authentication of a representative and verification of their mandate is much more widespread and not limited to employees or contractors. The same applies to sub-contractors that perform business functions on someone else’s premises.

Example: maintenance sub-contractor

Take the example of a maintenance sub-contractor that claims to perform preventive maintenance on a security video system on behalf of the OEM that delivered the security system. Has he indeed been sent by the OEM? And can he indeed be authenticated and verified as being mandated by the sub-contractor?

Even for simple transactions

Even for relatively simple transactions, such as signing for delivery of a package, it can be useful to mandate a temporary employee in a way that the transporter can authenticate and verify the mandate automatically.

Standardizing and publishing roles

In automated role-based authorizations, such as those supported by the BDI, it is useful to standardize roles and publish the roles an organization assumes. The automated role-based authorization (XACML) is much easier to maintain if the role represented can be verified automatically.

Representation Register

The BDI framework defines a Representation Register under the control of a Data Owner/Data Service Provider. This register is accessible via a published endpoint. Authenticated third parties can verify:

the representation mandate of authenticated natural persons acting of behalf of the data owner;
the representation mandate of organizations (sub-contractors) acting on behalf of the data owner;
the standardized roles the data owner’s organization supports.