NEW
Report & API Now Live! Data insights report and open data API endpoints live as of September 23, 2025

CX-0149 Verified Company Identity

type
Standard
Documentation

Description

Description
Source

The Verified Company Identity standard (CX-0149) defines requirements and protocols for managing digital identities of organizations within a dataspace environment using Self-Sovereign Identity (SSI) principles. This standard enables companies to maintain control over their digital identity attributes while ensuring secure and verifiable information exchange.

The standard combines previous identity verification protocols and introduces the Identity and Trust Protocol (IATP) for identity presentation flows. It establishes specifications for creating and managing participant wallets, handling verifiable credentials, and implementing secure authentication processes.

Key features include:

  • Decentralized Identity Management using W3C DID standards
  • Verifiable Credentials (VCs) for company attributes
  • Wallet Creation API specifications
  • Credential Lifecycle Management (issuance, presentation, verification, revocation)
  • Integration with OAuth 2.0 and OIDC protocols

Purpose and Scope:

  • Enables controlled and verifiable data exchange between dataspace participants
  • Defines requirements for participant identification and authentication
  • Covers wallet creation, credential schemas, and lifecycle management
  • Focuses on company-level identities (not individual users)

Technical Specifications:

  • Uses JWT ES256K/secp256k1 for credential encoding
  • Implements W3C Verifiable Credentials Data Model
  • Requires specific credential schemas for:
    • Membership credentials
    • Business Partner Number (BPN) credentials
    • Optional specialized credentials (e.g., Dismantler credentials)

Implementation Requirements:

  • Core Service Providers must:
    • Ensure participants have identity wallets implementing IATP
    • Support wallet creation interfaces
    • Manage credential issuance and verification
  • Wallet providers must:
    • Follow W3C SSI standards
    • Implement secure access management
    • Support credential operations (issuance, verification, presentation)

Security Considerations:

  • All endpoints must use HTTPS
  • Authentication via OAuth 2.0 OIDC
  • Credential revocation mechanisms
  • Digital signatures for credential integrity
  • Secure token service integration

Interoperability Features:

  • Standardized credential schemas
  • Common API specifications
  • Compatible with multiple wallet providers
  • Integration with existing IAM systems

Current Adoption:

  • Implemented within the Catena-X network
  • Required for Core Service Providers (A/B)
  • Optional for Enablement Service Providers
  • Validated by Conformity Assessment Bodies

Statistics

Projects Following
Source
0

Under Management at

Project
Website
Source

Projects Following or working on this Standard

If you are featured in the Web of Trust Map and wish to exercise your GDPR rights, including the right to be forgotten, visit the privacy policy page