The Verified Company Identity standard (CX-0149) defines requirements and protocols for managing digital identities of organizations within a dataspace environment using Self-Sovereign Identity (SSI) principles. This standard enables companies to maintain control over their digital identity attributes while ensuring secure and verifiable information exchange.
The standard combines previous identity verification protocols and introduces the Identity and Trust Protocol (IATP) for identity presentation flows. It establishes specifications for creating and managing participant wallets, handling verifiable credentials, and implementing secure authentication processes.
Key features include:
- Decentralized Identity Management using
W3C DID standards
- Verifiable Credentials (VCs) for company attributes
- Wallet Creation API specifications
- Credential Lifecycle Management (issuance, presentation, verification, revocation)
- Integration with OAuth 2.0 and OIDC protocols
Purpose and Scope:
- Enables controlled and verifiable data exchange between dataspace participants
- Defines requirements for participant identification and authentication
- Covers wallet creation, credential schemas, and lifecycle management
- Focuses on company-level identities (not individual users)
Technical Specifications:
- Uses
JWT ES256K/secp256k1 for credential encoding
- Implements
W3C Verifiable Credentials Data Model
- Requires specific credential schemas for:
- Membership credentials
- Business Partner Number (BPN) credentials
- Optional specialized credentials (e.g., Dismantler credentials)
Implementation Requirements:
- Core Service Providers must:
- Ensure participants have identity wallets implementing IATP
- Support wallet creation interfaces
- Manage credential issuance and verification
- Wallet providers must:
- Follow
W3C SSI standards
- Implement secure access management
- Support credential operations (issuance, verification, presentation)
Security Considerations:
- All endpoints must use HTTPS
- Authentication via OAuth 2.0 OIDC
- Credential revocation mechanisms
- Digital signatures for credential integrity
- Secure token service integration
Interoperability Features:
- Standardized credential schemas
- Common API specifications
- Compatible with multiple wallet providers
- Integration with existing IAM systems
Current Adoption:
- Implemented within the Catena-X network
- Required for Core Service Providers (A/B)
- Optional for Enablement Service Providers
- Validated by Conformity Assessment Bodies