Cyberbanking and E-commerce: A Unique Business Identifier

The key to doing business by telephone is a worldwide structure for telephone numbers, supported by white and yellow page directories, together with specialist directories in particular sectors. Can Electronic business, which covers Electronic Data Interchange and Electronic Commerce develop comparable building blocks that will serve to make Electronic Business a global comprehensive business tool able to be the modern universal communication method for business transactions?

For Electronic business to become effective, there is an underlying fundamental requirement that trading partners can be successfully identified to enable commitments to be made. Partners must be identified by organization, or by a particular trading arm or business unit within that organization. An organization communicating with several partners belonging to various sectors will also need to be identified in several ways, requiring that a selection be made among these identifiers in order to define, in particular, which of them actually carries the legal representation of the enterprise. Access to directory and authentication is made difficult by the diversity of solutions existing in parallel. A fundamental building block of Electronic Business must therefore be to identify those business units and if we want to do that in a universal way then we have the equivalent to the telephone number. Edira offers a basic structure for such an identification.

The EDIRA Association goes back to a project, which was funded by the European Commission in the TEDIS program 1993/94. The result was a Memorandum of Understanding (MoU) between Registration Authorities that came together on a voluntary basis to promote consistent and unambiguous identification in global electronic commerce relationships. In this MoU the basic rules for a common identification structure were defined. Today, EDIRA is a not-for-profit membership organization, headed in Switzerland, for the management and promotion of the EDIRA Business Identification Code (EBIC) on the basis of the EDIRA MoU. Edira has been recognized by important sectors including Healthcare (e.g. NHS-UK), National Statistics (e.g. INSEE-FR), Telecommunications (e.g. Norwegian Telecoms), Banking services (e.g. SWIFT) and potentially all enterprises through Chambers of Commerce and Industry all over the world.

Edira has also been recognized by International Standardization organizations as UN/EDIFACT (which recommends the use of the Edira Identifier to be used for the <EDI origin/destination > structure in an EDIFACT environment as defined by [EDIFACT] and [EDIFACT Amd.1] and in an ANSC X12 environment as specified in [X12]), the International Telecommunication Union and the International Organization for Standardization, in which Edira has been granted an A-liaison status which allows Edira to be recognised as a sponsor for International Code Designators under ISO 6523 .EDIRA will soon become an ISO Rule for Registrations Authorities worldwide. Last but not least, a Strategic Co-operation agreement with ECCMA has been signed in order to disseminate and promote the Edira Business Identifier Code (EBIC).

III

In the development of the Edira project, it has been recognized that a single scheme for identifying all organizations on an international basis is neither feasible nor practicable. Instead, the major existing Registration Authorities recognize that they mutually exist and decided to provide through Edira a mechanism for systematically incorporating their schemes in a uniform structure for the purpose of information interchange. Today, a number of bodies provide a service for identifying organizations doing Electronic Business. List of recognized code structures and appropriate coding support exist both in ASC X12 (ISA segment) and in UN/EDIFACT (UNB segment). The above Edira Registration Authorities (Annex 1) decided to join Edira because they were convinced that in Electronic Business, the identification concept needs to be reinforced, providing:

- assurance that these separate identifications can be used as seamless international way of doing Electronic business irrespective of the communication syntax (EDI, XML) used;

- ability to construct worldwide unambiguous directories ;

- ability to add security services such as authentication to support exchange of electronic messages.

The main objectives of Edira are stated in its Statutes :

- "To provide a basis for the unambiguous identification (Unambiguous identification means that one object is identified by one or several identifiers but that to each single identifier corresponds one and only one object) of issuing organizations, i.e. organizations that issue identifiers in e-commerce and EDI";

- To promote good relations among its members and provide a platform for the discussion of issues related to Electronic Business;

- To make recommendations for new technologies and provide related services".

In order to better understand the basic concepts related to registration, it might be helpful to illustrate the subject with some real life examples. Analogue roles may be found in the Electronic business environment concerned by the identification of organizations.

- From birth, the parents choose the forename of their child. The parents are the Naming Authority for the forename of their children. In EDI/EC the definition of the role would be to assign name to objects.

- The child must be officially known and recognized by the external world. The parents must make their child registered by the Register of births, providing the complete name and other details like the date, time and location of the birth. The register of births is a Registration Authority. In EDI/EC the definition of the role would be to maintain name and object information.

- As a result of this registration operation, the municipality will issue a birth certificate which might be requested later on. The municipality plays the role of the Certification Authority creating and delivering birth certificate, credentials everybody will trust.

- The Registration Authority has to inform the Healthcare national organization about the recent births. The list completed with other information like the address of the parents is issued by the Directory Service Provider. It provides for the maintenance, distribution and security of a repository of information about the births. As in these examples where the municipality may play several roles, so is it also for Electronic Business where a given player may be at one and the same time Naming and Registration Authority.

Edira focuses on the unambiguous identification of Electronic trading partners, basing itself on some definitions that are fundamental to this area:

- Identification: The identification of a particular person or thing is the ability to name them because one knows them or recognize them i.e. establishing the claimed identity of a user (ITSEC - Information Technology Security Evaluation Criteria).

- Authentication (ITSEC): verifies the claimed identity of a user.

- Registration (ISO IEC 9834-1): the assignment of unambiguous name in a way that makes the assignment available to interested parties.

- Registration Authority (ISO 9834-1): an entity such as an organization, a standard or an automated facility that performs registration of one or more types of object.

- Certification Authority (X509): an authority trusted by one or more users to create and assign certificates. Optionally the CA may create user's keys.

- Organization: unique framework of authority within which a person or persons act, or are assigned to act, toward some purpose. (derived from ISO 6523:1984).

- Scheme type: a specified set of well identified procedures for registration which include: allocation of organization identifiers and recording of relevant information in a register.

- EDI/ECRA: an infrastructure for the allocation and management of <EDI/EC identifiers >, through a set of <registration authorities >, each of which is a member of Edira.

When a message is exchanged, several levels of identification have to be taken into account. Sending a message assume the availability of a network infrastructure. The sender has to identify the network address of the recipient this is the network id level.

The second level is completely independent from the network infrastructure as from the message contents. The purpose of this level is to identify the partners in the business transaction whatever the transaction may be - this is the interchange identification level.

The third level is really message dependent. In a given message, one may need to identify specific parties : i.e. any kind of actor depending on the message purpose - this is the transaction level.

Edira is essentially focusing on the second identification level. Its goal is to set up an infrastructure for the id of EC partners, which is :

- globally unambiguous,

- centrally managed,

- takes into account existing well established Registration Authorities able to incorporate future ones.

Today, existing registration schemes are of different scope, type and functions. Registration procedures differ substantially between them, as well as the services offered.

These are:

- Sectorial schemes like the BIC code managed by SWIFT for financial organizations or the Location code managed by EAN for distribution in Commerce;

- Network based schemes like INS;

- National schemes like SIRENE managed by INSEE in France;

- International schemes like the Duns number managed by Dun & Bradstreet for firms all over the world;

- a lot of proprietary schemes without a real recognition outside a particular community where they have been defined.

The EDIRA infrastructure has been set up for the allocation and management of EDI/EC identifiers, through a set of registration authorities, each of which is a member of the Edira Organization. The Registration authorities allocates EDI/EC identifiers to organizations as companies engaged in Electronic Business. An EDI/EC identifier is a registered identification of an organisation, used to identify EDI/EC partners. It shall be possible to derive the identity of the Legal Person from this identifier only. Each EDIRA registration scheme will be identified by the allocation of a unique registration scheme identifier. The allocation of such identifiers for coding system that identifies organizations is currently regulated by ISO 6523. In EDIRA, the ISO 6523 code value (ICD, International Code Designator) designates at one and the same time the registration scheme and the registration authority operating the scheme. Each registration authority registers organization identifiers to its members .

The legal recognition of sender/recipient identity cannot take place without registration of sender and recipient identity. Edira offers a basic structure for the identification of organizations. Thanks to the use of the free part of the identifier, each organization is able to reflect any underlying sub component like Department, server and/or individuals, belonging to the organization. The identifier may be used in other applications like certificate delivery, allowing the issue of a certificate for an individual able to sign on behalf of his company, but identified as an individual within that company.

To enlarge the scope of the EBIC, Edira entered into a strategic alliance with ECCMA, developed other identification schemes, participates actively within ISO and plans partnerships with other standardization organizations. In the same way, Edira opened a first local representation in Luxembourg , in order to promote its activities in the banking and e-commerce sector. Even if standardization sometimes seems a pure technical incomprehensible matter, it is nonetheless the real key of an ever developing, secure and efficient electronic business.