Zero-Trust Architecture for Legal Entities
E. Nieuwlaar (TU Delft - Electrical Engineering, Mathematics and Computer Science)
J.A. Pouwelse – Mentor (TU Delft - Data-Intensive Systems)
Christoph Lofi – Graduation committee member (TU Delft - Web Information Systems)
J Ubacht – Graduation committee member (TU Delft - Information and Communication Technology)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
The European Commission is developing a European Digital Identity (EDI), which will enable a trustworthy digital proof of identity for its citizens. We present a proof of identity in combination with cryptographic evidence of the natural person being authorized to act on behalf of a legal entity. Our study achieves this by connecting users of our system with trusted issuers, the European Blockchain Services Infrastructure (EBSI), and verifiers. Accordingly, we provide a zero-trust architecture for legal entity representation, making trust portable by providing irrefutable proof of a natural person acting as a legal representative of an organization. Our zerotrust architecture aims to change how we represent legal entities and delegate authorizations with powers of attorney (PoA) as a legal primitive, making trust portable and secure. With government assistance, we conducted a pilot deployment of our prototype with live connectivity to the legal source of truth, the Kamer van Koophandel (KVK). In our pilot, a commercial business-only retailer acted as the verifier of the PoA. We shorten legally binding delegation that is cross-border, decentralized, verifiable, and revokable from a week-long process to mere seconds.