Selecteer een stuk tekst om voor te lezen   Click to listen highlighted text! Selecteer een stuk tekst om voor te lezen

Identification, Authentication, Trust and Authorization

In the international business environment, the adage is ‘we do business with anybody but trust them only as far as we can see’ This highlights the reality that trust is dynamic and contextual, driven largely by reputation. As a result, trust autonomy is essential: the data owner retains ultimate control, deciding the level of trust required for each interaction based on the perceived risk.

The pillars of trust

 Trust between individuals, even when acting in legal entities, is built on four pillars:

  • strong social control
    • Reputation plays a critical role in maintaining trust. If an entity breaks its word, the consequences are widely known, leading to potential exclusion from future business opportunities.
  • and/or legal enforcement
    • Trust is reinforced by civil law and supported by technological measures such as cryptography, ensuring that agreements are honored.
  • and/or neutral parties
    • Intermediaries or neutral third parties can mediate and enforce agreements, adding a layer of trust.
  • and/or government authorities
    • Regulatory oversight by government authorities can enforce compliance and provide legal backing, ensuring that entities adhere to agreed standards.

  

Digital identification and authentication

Digital identification and authentication mechanisms are well known and well developed in IT systems. Certificates issued by Certificate Authorities CA’s are a common practice: other options are available. Additionally, service providers or BDI Associations maintain internal registers (Association Registers) of recognized legal entities, mapping their digital identities and trust scores.

In practice there is yet no global unified identifier for legal entities: there are multiple scheme’s like EORI, LEI and DUNS. The most common solution is to have internal unique identifiers and a translation matrix to multiple identifier scheme’s.

 

Trust and Authorization

The BDI framework adds support for trust[1] based on:

  • Reputation: Trust is influenced by the reputation of entities and the BDI Associations to which they belong.
  • Legal Backing: Trust is supported by legally enforceable terms and conditions, edge agreements, and data licenses.
  • Selective Authorization: Access to data and resources is controlled by policy-based, selective authorization mechanisms.
  • Delegation: Authorization can be delegated to subcontractors, extending trust within the supply chain.
  • Representation Verification: The framework verifies the legitimacy of entities and their representatives to ensure authenticity in interactions.

 

BDI Association as effective cooperation mechanism

 The local BDI Association can be the foundation of effective and efficient trust management in a perimeterless, zero-trust environment. Zero-trust principles mean that BDI Associations do not trust anyone outside their own members and use all four pillars of trust to assess interactions with others outside of their community.

The strong social control pillar is supported by a reputation scheme:

  • Members of the same association are considered trusted insiders.
  • Members of other associations are considered untrusted outsiders at the outset, but that position can change when:
    • a shared reputation scheme builds experience with outsiders;

outsiders that commit themselves to specific legally enforceable rules set by the association become preferred partners

  • other Associations have a trust score, plus verification of public key ownership to start with

 

[1] The components have an overlap with components in the iSHARE Framework. The BDI perimeterless approach without an Authority is a different framework.

Prev
Next
Click to listen highlighted text!