 All right, good afternoon, welcome everybody. My name is Christoph Schneider, head of IT Development and Operations with the Global LEI Foundation. And today we're going to talk about an update on digital identity using the verifiable LEI, or short, VLEI. We will start with a quick overview of the global LEI system before we look at the verifiable LEI and what it can do. We will look at the progress that has recently been made in this area, and we will end with looking at the first implementation of VLEIs in a real application. In this case, life's annual report and what we have done there with partial signing. So the Global LEI Foundation is a Swiss non-for-profit foundation created by the Financial Stability Board, located at the Bank for International Settlements in Basel. It's overseen by a so-called regulatory oversight committee, which consists of public bodies, 71 regulators, and 19 observers in total from about 50 countries. So a very global set of organizations. And then the foundation itself has a board of directors with 18 independent people also globally. We're working with 39 partners currently, which actually perform the LEI issuance. And to date, 2.2 million LEIs have been issued. Here we have a graphical representation of the global LEI system with, again, the regulatory oversight committee at the top, the policymakers, with the glyph at the center of the system implementing these policies and managing the whole system, and the local operating units or LEI issuers who perform the actual tasks of LEI issuance and maintaining the reference data which is attached to these. The legal entity identifier, or LEI, is a 20-digit alphanumeric code. It's a unique identifier that is owned lifelong by the respective legal entity. That means LEIs are not reused. They're there forever. They are never issued again. And they also don't go away if a company sees this to exist. They stay in the database. And you can see that there was once a company and one that has ended to exist. So it's a truly unique identifier. It comes with associated reference data. And it's actually an ISO standard. So can I ask who in this room has actually ever seen a real LEI, a real LEI code? About half of you. OK, I'll show you one. Where are we going tonight? Guinness. All right, so we're visiting the Glyph website. We're using the search functionality here. And I think it's called the Guinness Storehouse or so. So here's a company, the Guinness Storehouse Limited. I'm going to make this a little bigger for you, with their unique LEI code. And the reference data includes the legal name. They're registered at the company's register of Ireland with this registration number here. The entity legal form is a private company limited by shares. And we also see the address, St. James's Gate in Dublin 8 Dublin. Remember that, this is where you need to go tonight. So and why do we need a legal entity identifier? Why don't we just say, well, it's Guinness Storehouse Limited. It's easy, or we're going to Guinness tonight. The reason is there are many companies on the global organizations. And some of them have pretty similar names. So identifying by name is not the best idea. I did a search just in the global LEI repository for organizations that have the word Guinness in their name that brings you 72 organizations. And even if you're limited to Ireland, it's still 27 organizations with Guinness in their name. So if you want to do business with one of them, good luck if you don't have a unique identification. That's what the LEI is for. The 2.2 million LEIs are distributed across the globe with a big focus in Europe that depends on regulation that has been issued there that mandates many organizations to have an LEI, then followed by North America, and very closely now followed by the Asia Pacific region. And this is actually very strong growing. So I think we will see many more LEIs also in the Asian region now, where we have generally biggest growth also in other areas. Why did we think about a verifiable LEI? The legal entity identifier is a fantastic tool to uniquely identify organizations. But when I stand in front of you and I show you this 20-digit alphanumeric code, what do you know? You don't even know whether it exists. I could have made that up. It's just a combination of letters and numbers. And you can now go, of course, to live and look it up and see, OK, it exists, and it represents this organization. How do you know that I'm working for this organization? You don't. If you know it, you still don't know if I'm authorized to act in a role for this organization. This brings us, as a result, to the problem that all these things have to be checked by you, even if I have a legal entity identifier. And that is a manual approach, and it's costly. So what we want to do is we want to solve the common problem of lack of trust and the costs involved for creating trust. The use case for the LEI, as it stands here, is decentralized identification and verification for organizations, but also for persons who represent their organization in either an official or a functional role. And I will come in more detail to this differentiation of roles. Either way, we always have a triple concept when we talk about persons acting for organizations. We have the organization, the legal entity. We have the person, and we have a specific role that they're acting in for this organization. It doesn't always have to be an employee. It can be other roles. And what we're doing is we're taking this real work approach into a digital representation by putting these three facts into a container, which is cryptographically bound to the older of the keys, so the holder of such a credential. And then we call that a VLEI. The VLEI ecosystem comes with a chain of trust. And this chain of trust is established by Glyph, issuing a verifiable credential to what we call qualified VLEI issuers. That is the ponder to the LEI issuer and the classical LEI world, organizations who will issue, revoke, maintain, verifiable LEIs for clients, and which in turn will issue credentials to legal entities. And also, this is not clearly visible here because it's a simplified diagram to certain persons. We're coming to that. But legal entities will also be able to issue certain role credentials to their own employees, suppliers, whoever may act in their role, depending on the type of credential. Looking at a bit more detail of the credentials that are issued along the trust chain, Glyph issues, a qualified VLEI issuer VLEI to all qualified VLEI issuers. And the elements contained in such a credential are really limited. It's just the qualified VLEI issuers LEI. Why? It's sufficient. The type of credential, together with the LEI that uniquely identifies the qualified VLEI issuer or short QVI, is enough information for you to know that this is an authorized organization who can work in the system. The same is true for the credentials that are issued by the qualified VLEI issuers to the legal entities, the legal entity VLEI. It just contains the legal entities LEI because, again, the type of credential plus the LEI is enough to somebody to prove that they just represent this organization on a legal entity level. It's a bit different for the official organizational role VLEIs that are issued by qualified VLEI issuers. Two persons acting in roles for legal entities, they contain these three elements that I have presented before, the triple concept. And the same is true for what we call engagement context role VLEIs. They are technically the same, but they have a different verification background. And I'll come to that. So focusing on the official organizational role credentials. Official organizational role credentials can be verified not only towards the legal entity, but also against an official source. And that makes them different because there's, so to speak, a third party verification. And that is performed by VLEI issuers to have the third party verification and not just the legal entity claiming that that's an official organizational role that gives an additional layer of trust. An example for VLEI official organizational role credential would be a CEO or CFO or a director. And example use cases for such credentials can include carrying out official duties and powers conferred legally or required by regulation. So for example, annual reports or Saban-Oxley reports or carrying out internal policies, duties, or tasks, for example, approving strategic plans or signing employee service awards. In contrast to that, the engagement context role credentials are just verified by the legal entity. So there is no third party verification against a public source, and that's why legal entities can issue them themselves to people acting in their capacity, which makes the whole thing very flexible for use cases where this is sufficient, where you do not need official organizational roles. An example again would be role credentials issued by legal entity to authorized suppliers. And then with that tool at hand, they could require authorized suppliers to submit invoices digitally signed with the VLEI role credentials they previously issued to them, and by this preventing fraudulent invoices because they would just accept correctly signed invoices. So a lot of these day-to-day problems would walk away with such a solution. That's an example for ECR credentials. Yes, the VLEI ecosystem is in full accordance with trust over IP standards. I think you have seen a lot of people from trust over IP walking around here. They have also a booth right over there. So just quickly, trust over IP foundation has been launched in May 2020 in the middle of the beginning of the pandemic, and its first six months, it has grown from 27 to 125 members in less than six months. And I just talked to Judith, who told me it's now more than 400, which is really crazy. And their founding members, very, very well-known names, including Mastercard, IBM, Accenture, the government of British Columbia, for those who have heard, John Jordan this morning, LG, GS1, Mitra, SIGPA, R3, Kiva, and also a bunch of university. And the Global VLEI Foundation also joined trust over IP as a contributing member, so they're different types of membership. And I think I don't have to explain what the Linux Foundation is at this conference. Coincidentally, trust over IP foundation is holding its first summit ever in person tomorrow, here in this building. But if you're not registered yet, then I heard, don't even try, they're completely overbooked already. And yes, but I think this is really important. Trust over IP has defined two stacks, a governance stack and a technology stack. And verifiable LEIs will be issued by two types of VLEI issuers. On the one hand, we expect, and by now we know also that some classical LEI issuers will take the additional role of VLEI issuers, but there can also be organizations that have not been LEI issuers yet who can become VLEI issuers, and then they just use some services that life provides in order to use what LEI issuers have already at hand. But it's not a prerequisite to be an LEI issuer, to become VLEI issuer. But independent of the type of VLEI issuer, all of these organizations will go through a qualification process under the Glyph VLEI ecosystem governance framework. And that is a trust over IP compliant layer for governance framework. As you can see here, the upper arrow. And the VLEI credentials that I have presented a moment ago are defined by the Glyph VLEI credential governance framework, which is a trust over IP compliant layer three governance framework. So the lower arrow here. And I think we can say with a certain pride that these two governance frameworks are the most comprehensive frameworks ever created within trust over IP by far. A bit on the implementation of the VLEI. We have selected carry the key event receipt infrastructure and some related technical capabilities like ACDC credentials and CISA proof signatures to implement the VLEI. And the background is we've been dealing with this topic for quite some years already. And we have done quite some proof of concepts also with ledger applications and different systems. And it's not that these proof of concept were not successful, it worked out. So what we wanted to do worked, but whatever we tried, it worked exactly on that platform. And if anybody who wanted to use a verifiable LLEI did use another platform or another technique, then it wouldn't work because it was not compatible. And that's something that wouldn't work out for the global LLEI foundation because we need to be inclusive. We want to make the VLEI, which is not an application, which is a piece of infrastructure. We want that to be working for anybody who wants to use this. And this is what we want to achieve with Cary because here we have a portability and an interoperability. I have here the GitHub link for those who want to read more details about Cary and also there's a list of these related technologies that I mentioned, so ACDC credentials and many more. And yes, Cary is quantum safe, which means that Cary identifiers should there ever be a quantum computer that really can do something would be resistant against such attacks. And this allows us to create what we call a network of networks. I have heard this term many times today. The idea is the following. So we have created capabilities for issuance, verification and revocation of VLEIs. And we do not need a blockchain or distributed ledger for this, but we can connect to any ledger-based application by creating so-called Cary tunnels. Now, we wanted to actually start with a Hyperledger Indy Cary tunnel because most of the projects that we have talked with that have expressed interest so far for a VLEI are actually based on that technology. But as a matter of fact, we didn't make it to find a partner who would be willing to do this with us. So I also want to use this opportunity here if any of you is working in a Hyperledger Indy environment and needs organizational identity, please talk to me after the meeting. I would be happy to show this with somebody. It shouldn't be too much effort involved, but without a practical use case, it's a bit boring. So a lot has happened this year and also recently. I already mentioned the ecosystem governance framework, which has been created based on trust over IP foundation standards. Ours consists of one primary document and now 20 additional so-called controlled documents. So 21 documents in total. And we published an initial draft of these documents on our website already in February this year. We'll update it at launch later this year, but here's a link if you wanna check it out already. And like everything else that Glyph is doing, this is open source, so it's not something that we hide. You can not only look at it, you can use it, you can copy and paste for your own use cases. So if you want to do a governance framework on trust over IP, feel free to steal. Regarding software development and infrastructure, in order to achieve what we have done so far, we have supported the open source development of the Cary protocol and these related technical specifications as far as we needed. And you will find on GitHub, first of all, in the web of trust Cary folder, a lot of these stuff, but also there's a VLEI folder where we have the VLEI specifics. On top of that, which is kind of the back end of the VLEI, we have created a front end user interface called keep, which supports live tasks and also basic VLEI issuer tasks. So we have a end to end method to play this through. And this is a workflow based system because to be honest, creating identifiers, managing identifiers with private and public keys, issuing and receiving credentials is not exactly what most people are used to. And this is a way where we guide users step by step through what they need to do, depending on the use case they will fulfill and make it a bit more accessible to also the not so technical people who will certainly have to operate this if we want this to be at large. And yes, we're also about to send up the production infrastructure. So we have already set up some Cary witnesses. Witnesses are one of the Cary components that you can use for verification, for the Glyph root AID. Yeah, and this is ongoing. So actually what we want to achieve is by the end of this year, we want the first production VLEI issued. In this case, we want it by a real qualified VLEI issuer to Glyph, so keep fingers crossed. Yeah, talking about VLEI issuers, there's a qualification program that I mentioned before. It's quite strict and it is mandatory for any qualified VLEI issuer to go through that. Again, it's also quite comprehensive. It's one agreement with seven appendices and they're available again on the Glyph website. And the process is fully up and running. So whoever wants to become a qualified VLEI issuer can apply now and start the qualification process with Glyph. Yeah, and we're coming to a first implementation for a real application. So for the Glyph annual report, we wanted to show how digital signatures based on VLEIs can be used and especially in this case, what partial signatures can bring for benefits. So all of you have seen PDF documents signed with digital certificates where then it's like a stamp on the screen where you see, okay, there's the signature and it affects basically the whole document. But in reality, you do not always want to sign a whole document but sometimes it's important that you are able to just sign a certain fraction. And that was actually the case for Glyph's annual report for many years now because we did do signatures with digital certificates in the past. And the problem was that our auditors, the external auditors, Ernst and Young actually didn't feel very well with signing the whole report when they have only checked the financial aspect which is two or three pages of the report. So what has happened, we had a QVI, not a real one because there is none qualified yet but one who played that role, who actually issued credentials to Glyph and several persons acting for Glyph including the auditors. So this is a great example for a non-official organizational role credential because obviously our auditors have no official role for Glyph. Then these people signed the submission, some signed the whole report, for example, the CEO to confirm that this is the Glyph report and others like the external auditors or our CFO only signed the financial parts. And this is now available on our website and these digital signatures are based on verifiable credentials, VLEIs and can be verified. So, and we wanna look at that now. So we're going again to our website. It's well hidden in Glyph governance. Is this annual report? Here we go. So, since the creation of the foundation we've been publishing these reports like other organizations do and we started doing this just in PDF versions. And the first time in 2019, for 2018 we created our annual report not only in PDF but also in XBRL which is Extensible Business Reporting Language and that's a structured format. It's a machine readable format so all the facts can be machine processed but it still is nicely consumable also by human beings because it comes with a style sheet which makes it basically look like a PDF. And we did sign these with digital certificates and this year for the first time, for last year we did the same but we signed it with a VLEI and this can be nicely rendered in the browser you don't need a plugin or something. So what you see here is the annual report. It looks like a PDF but it is XHTML with style sheets and I'm just scrolling to the financial part. Here we go. And you can see the power of this structure so XBRL allows you to has this as structured information which means you can, for example, click on any value. You can look up the IFRS definition. What does it mean? The actual value. You can see the change towards previous year and very importantly you see which entity is this about and that's again, Glyph's legal entity identifier. So if we click here, you come to our reference data page and now to the signatures. So here is a digital signatures tab where you can see all the VLEI person credentials that have signed this report either signed in full like for example, our CEO or partially signed for example, our head of communications did not sign the financial part. Now it's great to see that they signed something but what did they sign? And that's now the power of the Caesar proof signatures. Basically in this XML there are some explicit areas, facts as we call them and you can put a signature to such a fact. So that when I now select my colleague Ines, nothing happens here visually but by selecting Annette who is our chief financial officer, you can now see that all the financial figures have been signed by her all these facts and not only by her. So again, by clicking on such a number on this pane, you also see the list of signatures down here. So very nicely you can see CFO has signed it. These are the two auditors from in why CEO signed it. Board share signed it. General counsel signed it. And again, always these triple here, the legal name of the person, the role in the context of the organization and the LEI. This is what I showed earlier and all of this very viable. So anyway, this is now on our website with an extended validation certificate. So you could anyway trust that it comes from live but imagine this is downloaded, stored in some cloud or on a local disk. Then of course this connection is lost but the signatures stay. So wherever you take this, you can still verify that this is actually originating from live and this brings of course this independence and you secure the content instead of the system. And I think that is the future of how such things should be managed. Coming to the end, why are we doing all this? I think it's not news that digital transformation is happening, things, how we interact and ways how we interact are changing. More and more things happen online and for these things it's really important to have a digital identity with a strong authentication and the LEI is supposed to address exactly these needs and in any industry that you can imagine. So representatives from all of these industries listed here have approached us and are very interested in this topic. It's really a thing and why is it important for life? Well, each LEI requires an LEI. We have talked about coverage earlier so we want the LEI system to grow and have a greater coverage of organizations worldwide because it's like with the telephone. The more people that have an LEI the more useful it's for the consumers and that's life's mission. Thank you so much and I believe we have a few minutes for questions if there are any. And I think Andrea was first. Yeah, so Andrea asked about the legal validity of such technical signatures with the LEIs especially in the context for example in Europe I think you're also looking at EIDAS frameworks and stuff like that. So at the moment there's a lot of movement in this area and EIDAS 2 is in preparation and we're looking into this because of course that's important that that works. There are some ideas how this can be done. We're currently exchanging with several organizations there to make this work. One idea could be actually a co-signing so if a legal entity credential would be signed with a classical digital certificate which is EIDAS compliance. You could derive from this in the delegation way that also the role credentials are compliant with that because that's also possible today. I mean in organizations without any digital approach you can task others to do things and basically delegate powers. That's one aspect but this is really in the making as the delegation is not done yet. We don't know how this will look at the end game. Yes, please. Yes. So I'm aware of the GLN code by GS1 which also can identify. Yes. Okay so I'm hearing the term for the first time but I know that the prefix of the GLN is supposed to identify the legal entity so we're collaborating with GS1. GS1 is also an LEI issuer by the way which would be completely okay. So I think the LEI number and then with the VLEI would have its benefits especially on a global scale and let's say the precision is a bit different I would say to GS1 codes because sometimes you don't even have reference data with GS1 codes. There is no global database where you can look up GLN for example again I don't know how the blue number works. Okay, cool. Perhaps we can catch up after the session and you tell me a bit about it. I think the lady was first. So we're talking to governments about this here. So there are, I cannot say which one but there are governments who think about implementing this on a whole. I have to say it's more small governments at the moment for small countries but it is interesting to them because governments anyway look into SSI as we have heard this morning and especially those who anyway plan to implement LEIs on a national scale so there are governments who think about that because it has some advantages over a local identifier especially for those organizations who do a lot of cross-border applications. So I mean of course in every country there are already organizations so the letter needs to be included but I could also imagine that if they include this into their company registration process then you can do it from the get go. There's no reason to not do that. You were next I think. Yes, so question one was how are official organizational representatives actually or who checks that the legal entity puts the right information in there, right? The answer is the qualified VLI issuer because official organizational role credentials cannot be issued by the legal entity itself. They have to be issued by the QVI to have this independent third party authentication. Second question was how the actual onboarding is done. There are several mechanisms around and we have this already for the LEI issuer and so if you for your organization want to apply for an LEI then there's also a check that you are actually an official representative of the organization and are entitled to do that. That includes video identification and things like that. I think here was another question. Yes. Yes. Yes, so this is an LEI question. There are organizations who are quite complex and have a lot of subsidiaries and do we track that in the LEI system? Yes, that's the case. So the global LEI system does not only collect what we call level one data which is the reference data like the business card information but also certain types of ownership information we call this relationships or level two data. And let me show you one example where you can see this quite nicely which is the food manufacturer. Perhaps you have heard about it. So here you see the reference data I shown before and you can also see directly owned organizations. This is based on accounting consolidation I have to say and it's quite a lot and ultimately owned subsidiaries. So this can include subsidiaries owned by subsidiaries and stuff like this. So here's also this structure. So you can step down and say okay and then this and this. Quite interesting, yeah. But again, this covers only those organizations who have an LEI. That's the limitation. Yes, I should have said that earlier all LEI data is available for free. You don't even need any registration. You can download this as various file types, XML, JSON, CSV. You can use the search engine. We also have an API that you can use for free. All of this is available for free. I'll have that checked for you. Might be annoying, but I'll see what you do. Here's somebody who didn't ask a question yet. I'll take him first, yeah. What the question is if we think that the LEIs will be used for legal documents like contracts and stuff, absolutely. Yes, this is something that we haven't seen in other contexts and we're working for example with supply chain people who do shipping of goods and you have their bills of lading and stuff like that and these are documents which are extended also through their life cycle. And then basically the one has in the hand doesn't want to sign what somebody else did two years ago. They just want to sign what they added. And these are use cases that we can imagine. Well, now you again. So this is all based on rock policy. We at life, we don't say let's collect this or this information. So this is the regulatory oversight commit to basically who tasks us to do this. At the moment we have in scope accounting consolidation. This is what I showed here. We have funds relationships and we have international branches. What you mentioned, we do not have and I wonder also if this is publicly available information because everything that we collect needs to be publicly publishable. Okay, cool. So this should be answered in many ways. So you're asking there are other types of relationships. For example, partial ownership up to 10% of ownership which are not covered with accounting consolidation and whether it was thought about also collecting these. Technically we could completely because the model is very flexible. We have just a relationship type which can have many meanings and that can be done. Again, what it means is that all 39 LEI issuers would have to collect this information and this needs to be mandated by the rock. This is the reason. So it could be done. It has been decided against it because it was seen as not very feasible on a global scale because these things also have to work always in every country on the planet. But these are certainly things that could be considered. Jeff, did you wanna comment on that? Yes, as someone who stood as a consideration and it was thought at the time that it would be easier to validate accounting consolidation because there are in fact relationships with simply a graph bottom where you really tremendous advance in identity for certificates to identify parties, decentralized IDs and so forth. That the concept of a... The good thing with the LEIs we're not intending to replace any other identity system but we're actually embracing them. So we already have several mapping programs in place as you can see here. We carry also the big codes and Isens. We're also working with GS1 on the GLN as we speak. And now that I learned about a new one we'll certainly also look into this one because there's no point in replacing them. The LEI should be what we call the linchpin for any identity system so that you can map and match but without string matching, which just is not efficient. Okay, one last. So the question is how is the information and the offer of LEIs and VLEIs brought to those who should get one? That's not a short answer, unfortunately. I try to keep it as short as possible. So the global LEI system is a federated system. I talked about LEI issuers and VLEI issuers. So GLIFE itself does not interact with the end users, the holders of LEIs and VLEIs. There's much more. There are registration agents, there are validation agents which work again for LEI and VLEI issuers to even make this broader. And of course, GLIFE is doing advertising, press releases, social media actions, we're going to conferences, speaking in front of people to make this known, but there's really a big network of people doing this who also are incentivized to get it done and some do this really successful. All right, then thank you very much again and have a fantastic afternoon. See you all tonight. Thank you.