Authentication of a representative
In the physical operation of our economy, this question of authentication of a representative and verification of their mandate is much more widespread and not limited to employees or contractors. The same applies to sub-contractors that perform business functions on someone else’s premises.
Example: maintenance sub-contractor
Take the example of a maintenance sub-contractor that claims to perform preventive maintenance on a security video system on behalf of the OEM that delivered the security system. Has he indeed been sent by the OEM? And can he indeed be authenticated and verified as being mandated by the sub-contractor?
Even for simple transactions
Even for relatively simple transactions, such as signing for delivery of a package, it can be useful to mandate a temporary employee in a way that the transporter can authenticate and verify the mandate automatically.
Standardizing and publishing roles
In automated role-based authorizations, such as those supported by the BDI, it is useful to standardize roles and publish the roles an organization assumes. The automated role-based authorization (XACML) is much easier to maintain if the role represented can be verified automatically.
Representation Register
The BDI framework defines a Representation Register under the control of a Data Owner/Data Service Provider. This register is accessible via a published endpoint. Authenticated third parties can verify:
- the representation mandate of authenticated natural persons acting of behalf of the data owner;
- the representation mandate of organizations (sub-contractors) acting on behalf of the data owner;
- the standardized roles the data owner’s organization supports.