.jpg)
The Global Legal Entity Identifier Foundation (GLEIF) has welcomed the first implementation of a Legal Entity Identifier (LEI) embedded within an S/MIME Certificate issued by TrustAsia, a Shanghai-based Certificate Authority (CA).
Secure/Multipurpose Internet Mail Extensions (S/MIME) is an established, widely used protocol for sending digitally signed and encrypted email messages. An S/MIME Certificate contains a public key bound to an email address and may also contain the identity of a natural person or legal entity that controls such email address. This can then be used to authenticate the individual or legal entity that sends an email and ensure it has not been tampered with by a third-party.
To foster increased standardization in the use of S/MIME Certificates, the Certification Authority/Browser Forum (CA/B Forum) - a voluntary association comprising CAs and web browser vendors - established a dedicated S/MIME Working Group to develop and publish Baseline Requirements (BRs). These describe an integrated set of technologies, protocols, identity‐proofing, lifecycle management, and auditing requirements that are necessary for the issuance and management of publicly trusted S/MIME Certificates.
In an important step that demonstrates growing momentum for the LEI as an enabler of digital transformation, the requirements include the LEI as an organizational identifier to validate the authenticity and integrity of an email account associated with a legal entity.
Embedding LEIs into S/MIME Certificates offers myriad benefits. It provides an additional layer of trust proof since the LEI is a global secure mechanism that provides reliable data on organizational identity. S/MIME Certificates with embedded LEIs also provide a direct link to the regularly updated LEI reference data via the Global LEI Index to enable more automated, consistent data checks, regardless of the organization’s location. The result is a robust and reliable validation of an organization’s data, together with the identity of those acting on behalf of the company.
Rollin Yu, Director of the CA Department at TrustAsia, comments: "This initiative reflects both our ongoing commitment to enabling trusted, secure, and cryptographic communications, as well as the tremendous value that the LEI delivers to the digital world. Our collaboration with GLEIF is of great significance in advancing the use of LEI in digital certificates. We look forward to our continued engagement with GLEIF as part of our joint efforts to promote technical innovation across the digital identity industry and enhance digital trust."
Stephan Wolf, CEO of GLEIF, comments: "Embedding the LEI into S/MIME Certificates marks yet another step forward towards the adoption of the LEI among businesses everywhere. Digital certificates are widely used across the world to digitally verify the authenticity of email communications and, together with the development of the verifiable LEI (vLEI) ecosystem, are central to GLEIF’s efforts to deliver trust and transparency across the rapidly evolving digital identity industry. Certificates linked to verified, regularly updated, and freely available entity reference data by a unique, universal identifier are far easier to manage, aggregate and maintain, and promise to help realize the enormous promise of digital transformation across economies."
GLEIF is committed to working with CAs and Trust Service Providers (TSPs) to drive the use of LEIs within digital certificates. Following the inclusion of the LEI within the Baseline Requirements for S/MIME Certificates, GLEIF has actively engaged industry stakeholders worldwide to facilitate live implementations. As part of this engagement, GLEIF collaborated with TrustAsia to support the first issuance of an S/MIME Certificate issued by TrustAsia with an embedded LEI.
GLEIF has established a CA Stakeholder Group to facilitate communication between GLEIF, CAs and TSPs from across the world. GLEIF welcomes CAs and TSPs to join and participate in the CA Stakeholder Group’s quarterly meetings. For more information or to join the group, please email info@gleif.org.
