KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
I dunno if I should say good evening or good. It's, it's, it's quite late. But after the, the 1 billion question that we just hear from Jamie, I want to come down to also this notion of trust. We often talk about the citizen, right? The UDO wallet, that the citizen is gonna make his life easier to, to show his identity and verify his identity by, by different en entities.
But when we talk about the entities, we're talking about legal organization and at EWC one of the consortium you heard about today, we really took a lot of effort to think about, you know, how do we, how do we interpret EDAS too in term of the legal person? Because at the end of the day, they, they has the entity and what could be the potential wallet?
I mean, we're gonna have a wallet as a citizen, but as an employee, potentially a company could have also a notion of wallet, probably not the same as a mobile app. So this is, are the questions that we discuss in our consortium. One slide just about the company I represent and participating in the EWC pilot. Elle has been created by the names and the logo you see here, so mostly French, but some of them pan-European organization, trusted service providers serving millions businesses and citizen across Europe.
And they come together and say, we gotta build a trust infrastructure to support potentially decentralization of identity and how we can help organization to issue and verify credentials. I, we heard today a lot and yesterday I could see the evolution of this event. And I thanks the organizer to invite me to present on, on stage. This is more and more, you know, everybody talks about wallet and VCs and credentials. So we think things are moving and we feel that there is more momentum. And now we go to the piloting PA phase.
So the piloting phase on EWC, you saw some of the slide talking about a WC earlier, so I'm gonna go fast, but one thing I wanna mention is we are working on organiz digital identities. And because it does too, as the promises that we want to make sure it's interoperable, that whatever you come from, whatever companies, we can actually have interoperability within the wallets.
I was just discussing earlier that people are doubts that we're gonna have a zillion wallets and they're not gonna be working well and therefore, as an organization, I'm gonna have to handle so many integration that's just not scalable and that's the, the end of the game. We are not thinking that way. We think there is a, a, a, a, we are working on this interoperability and it only scale if we achieve it. So in order to achieve that, we are also thinking about the identity of the companies.
And I will come in a second on that, but in order to work on that, we thought what's the best case is probably to work with the one that issued this identity. So that's the business registries. You see some of them here from Switzerland, KK from Holland and and so on. These are the organizations that are participating in actually building the trust around organizational digital wallet. Now when we think about Europe, okay, it's a big continent and we have a, a large economy and society, but this is based also on enterprise. It's 20 million enterprise actually.
And these enterprise, they probably have a bigger play in the EDS two and, and implementation of it just on only accepting notification fuel wallet. We think there is a bigger game and that's relate maybe to what just Jamie mentioned about the opportunity, not just the compliance aspect. So in term of our work, we really concentrate on three question, which was first what, let's remind ourself why legal person is important as an identity in the ecosystem of trust. Second is what scheme of data we need to establish as the legal bid.
And finally, how do we issue and verify org credentials between companies? So if I, I'm sure most of you, if you're here, you're quite knowledgeable and, and about the EDAS to framework, but obviously we've got these different walls, you know, issuer order and verifier. This is this whole notion of the issuing will provide credential, verified credential that will be all by the order. We often talk about the citizen, but sometimes it could be a company. When you talk about, for example, the, the the legal bid.
What is issued by a business registry is not gonna be owned by an individual necessarily, not often actually. It would be by an organizational wallet that will then be able to share even another organization. So we can see there is business to business transactions to consider. And then on the verifier side, often it's a business that wants to check on the identity of either an organization, an individual. And when we look at the regulation, we obviously understand that this is very important.
That whenever is an individual, an organization, when you've been requested a verification, you wanna be sure that this organization is really the one they say they are. It's not just a citizen.
It can, it doesn't know. So we have to have a system where all the organization, the 20 million companies are actually registered and verifiable through that system. That's one of the, of the mandate that they have to be registered.
Second, they have the mandate as an organization, so all the, the companies to actually be able to verify that this attestation being delivered by a order is still valid. So we need trust registries that, because we don't want to have this direct connection between ve verify and issuer. That's the notion of decentralization of identity. So other part also is about, okay, this is all about the regulation that says that this needs to happen, that legal entity need to exist, they need to be verified and they have a, a mandate to control whatever attestation has been delivered by a, a citizen.
But there also things that are not mentioned in, in, in, in, in the, in the text that is also of interest is that all parties or companies will not necessarily issue only qualify attestations. There's also some regular e what we call attestation, the clinical attestations that will be issued by companies and they might want to use it for their own business case. So we think it's not about just serving the needs of government in term of checking the identity of a citizen, but also for companies about how they can implement the, the wallet concept into the own business.
And if I give you an example is that if you have employees, they have usually a responsibility to act on behalf of the company. It goes from the legal representative to potentially an employee going on the site and taking actions on behalf of the company. And you need attestation to give the rights to this person. It's called extended identity, right?
And we, I know the EIM ecosystem is really looking at this carefully and saying this is go beyond just the enterprise employee, but going beyond outside with the ecosystem they have to deal with. So in order to build the trust around these use cases of our enterprise, we have to start from the core, which is the identity and the legal p not the pit of the citizen but the legal pit of the enterprise. So we have to agree on the common way to identify it and making sure we can apply that across Europe as a standard.
Going back to this notion of whatever wallet you use, we get the same definition that way I can read it doesn't matter where this come from, from a, from a wallet perspective. So this is the UDI number which is being issued by a trusted source and the source is the business registry. That's why you see this example with burget for Switzerland then the number and every company has one and Europe and the business registries are even extended that to even trust fund or whatever form of legal form you can think about. Everybody is eligible to have a UDI number.
That way we can associate any company to potentially a wallet that will be issued. So why Europe has decided to, to make that mandatory that the UDI would be the base of the trust is also because they think it's free for for first. Most of the time sometimes the business make it, they charge for it, but as a company I usually get it for free.
It's, it's permissive of over the life of the company. It's, it's managed by the business registries and therefore it's been obvious that we need to leverage this infrastructure that is already in place and working forever on, on on before we come up with EAS two and the wallet of identity. Obviously we get often the question that e wc but what about the other identifier that we, we can find in the market? One of them that is quite popular is the LEI from Glyph Swiss and maybe some of them, some of you knows LEI from Glyph. Okay obviously been quite successful.
It it could, it's okay if company wants to add this to their wallet as the identifier. Some of the use cases is often because for international company, often we say that international company that have offices in Europe can have a UDI, there's no problem. But again it's choice. What Europe says is at least they want the UDI at the initiation of the wallet, then you can make more attestation be part of it. That's your decision.
When we look at the format of, sorry, it's, I'm not gonna go into the details of that slide, but I just wanna say some words about it is that beyond the number, and by the way on the number I just come back to this slide, you see the legal name, it's technically not necessary, but we had debate among us that we say, well wait, if this is a human that wants to check the validity of the request, A UDI number doesn't tell me anything, I want to know the name of the company. So that's why we associate the two to make it usable, whatever it's individual and, and and and in any country.
So this is the scheme that we have all agree among the business registry and the wallet providers to make sure whenever we issue a wallet for an organization, and by the way, when I say a wallet for an organization, it doesn't necessarily means there is a ui like a mobile web for example. You know, it can be machine to machine and there's not even a an interface. So it's just a, a, a word to to describe this, to name the wallet of an organization. But basically what you see here is the scheme that we all agree, you see some to be determined still we are still in the process.
Our goal is to make sure that we can make recommendation to the EU because when you look at the RF, nothing is mentioned really clearly about the legal person identity. So we have to make up this collective work making sure we come in with a standard and then it will be applied and come down to the implementation to make it more robust and, and and used by everyone. So another thing we try to do at EWC is to work on piloting some true experience with true users, companies and and employees leveraging the wallet.
And we can come up with some use cases around KYS, know your suppliers where you know, it becomes a burden for companies to manage just the onboarding process of asking the identity of the company plus the representative plus, plus plus. And each time it's has to be renewed reg regularly to for the law. So that process is is burning a lot of resources. Then you have other one, the only one I wanna mention is public procurement. So what is interesting is we believe that whatever we use on B2B can be applicable to B two G.
And that's something we are working with with member state because it's often used that the mentality is government do its own thing and private sector do its own thing. But when we think about the wallet, an original wallet, we probably can say it could be a common framework, common technology we use for both. Now when we do these use cases, we're going to issue new credentials in it.
What you see is the U company certificate because I don't know about your country, but when in France for example, you ask for the cabi, which is usually the the that give define the company, what the, the purpose of the company, the number the the owners and so on. It's in French. So yeah you have to take legal services to translate it and that's everywhere in in in Europe. So the EU company certificate is something that DG Justice has decided to make it multilingual that way.
We have one certificate we can use in different countries and it doesn't need to have issuing every certification on every country. We're gonna talk about the corporate eban as well. We're gonna integrate that into in the attestation to make it fluid to, to transact with third party ultimate beneficiary owner. That's a big topic for banks but also other sectors to understand who are the owners behind and and also this notion of who has the right to sign on behalf of the company. And that's just the beginning.
The next phase is gonna be who I delegate some rights to people to access to whatever system, to whatever client or partners I want to do. So we can see there is multiple potential use cases we can do with this org wallet that will deliver the rights to the individual on his wallet that he has from a professional standpoint where I see my hand coming up. So this is just one two more slide I think I have. This is the process we are going through right now on the piloting of one cases, which is know your suppliers.
So you have obviously the validation of is Xavier is really, Xavier is his representative of his company, is the legal entity is still operating. Then we get into the association of this legal p to the wallet instance that has been created. We associate the two together and that's build the trust and then we enrich the wallet with other attestation. So that's the journey we are going through right now and if you have more questions, don't hesitate to come to me. I will be glad to answer. One final point when we talk about EDAS two, I mean yes potential has been discussing about those use cases.
There are on some technology protocols that not necessarily we feel are relevant or enough to address the B2B. So what we think at EWC is we need to try on multi-protocol, multi-format to allow the interoperability. I'm not saying that we're gonna do everything, I'm just saying we are really looking at different use cases and understanding which technology stack would be relevant even talking about trust registry. But I don't have time to talk about it now and I think I'm done. Well thank you for all. Thank you. That's difficult because this topic is pretty heavy and in 15 minutes.
Yeah really it's excellent. I think 15 minutes in general would be re really a bit short for a large scale pilot explanation as we've seen previously today. So one question, are you using the legal entity identity from GL as well? So I did mention it, yeah, it's not mandatory but you can use it. Okay. It could be a good use or a good starting point.
Yeah, again, I think the, we should look at this as a toolbox and then you enrich it depending on your own use cases, not as a restrictive things that you use it as it is and you don't touch it really. We are looking at, you know, and that's why these pilots are very interesting because they help us to push the envelope and looking for other use cases and what needs to be improved and, and, and, and that's the, the, the goal. Thank you very much for your excellent presentations. Thank you. Thank you.
