Skip to main content

2025-08-22 0943 AEST

Aug 22, 2025

UN CEFACT GTR - AEST / PST

Invited Jo Spencer Steve Capell John Phillips Alina Nica Gales Anthony De Souza

Attachments UN CEFACT GTR - AEST / PST

Meeting records Transcript Recording

Summary

John Phillips outlined the meeting's objective to revisit discussions from 17 hours prior with new participants, including Steve Capell and Bree-Ana Blazicevic, emphasizing that all project work adheres to open-source, royalty-free, and intellectual property rules. Key discussions revolved around the digital identity anchor (DIA) as a verifiable credential for trustworthy identity interchange in supply chains, with John Phillips detailing its three information levels, and Steve Capell defining it as the "glue" between a Decentralized Identifier (DID) and an authoritative registered identity. Participants also discussed the Global Trust Registry (GTR) project's aim to promote a directory of authoritative nation-state registrars, the legal standing of DIAs aligning with UNCITRAL MLETR rules, and the governance framework for registrar eligibility. Project deliverables include the DIA specification, eligibility requirements for registries, directory content, governance framework, and implementation pilots in British Columbia and Spain. Steve Capell and John Phillips also discussed the lifecycle management of DIDs and the potential for a business benefit analysis of the proposed system to quantify the economic impact of improved identity verification.

Details

  • Meeting Objectives and Structure John Phillips outlined the meeting's purpose, which was to revisit discussions from 17 hours prior, incorporating new participants like Steve. He clarified that all work under UN/CEFACT projects adheres to open-source, royalty-free contributions, and intellectual property rules. The agenda included a recap of decisions made two weeks prior and a look at ongoing work, especially concerning the digital identity anchor (00:00:00).

  • Participant Introductions John Phillips invited new participants to introduce themselves to the group. Bree-Ana Blazicevic introduced herself, noting it was her first time on the call, and mentioned her work with DC gov on digital trust, expressing familiarity with most attendees but not all (00:01:13).

  • Handling Existing Work and UNTP Integration John Phillips discussed with Steve Capell how to manage existing work related to the digital identity anchor concept, which originated from the United Nations Transparency Protocol (UNTP). They agreed that elements of the existing work would be visible in the current discussions, and the project's work would likely inform updates to the UNTP specification, potentially integrating back into the UNTP body for easier implementation and curation (00:02:06). Steve Capell confirmed this approach aligned with their thinking (00:03:01).

  • Global Trust Registry Project and Coexistence with Other Efforts John Phillips summarized the Global Trust Registry (GTR) project's core idea: to promote a directory of authoritative registrars, while recognizing and respecting existing efforts by entities like GLE, GS1, and IRA Foundation (00:03:52). He emphasized that the GTR project is distinct, focusing on nation-state registrars as the unit of currency for the United Nations, and aims for cooperation and mutual value gain with other organizations (00:04:55).

  • Registry Content and Collaboration with Existing Authorities John Phillips explained that the GTR's directory would list authoritative registrars of nation states, describing their functions, legal basis, and terms and conditions. The directory would also recognize, with agreement, the types of entities these registrars publish, such as LEIs or VIs, allowing GLE, GS1, and IRA to be represented as attributes or descriptions within the directory, rather than as primary rows (00:06:05). Darrell O'Donnell clarified that IRA would not perform organizational registration but would point to various registries, including nation-state, GS1, and GLE sources of truth (00:07:18).

  • Digital Identity Anchor (DIA) Definition and Purpose John Phillips introduced the digital identity anchor (DIA) as a key focus, based on work primarily by Alina, who was not present. He described the DIA as a verifiable credential, structured on W3C VC, specifically intended to facilitate trustworthy identity interchange between organizations in a supply chain, enabling one participant to assert its organizational identity to another (00:08:17). Steve Capell further defined the DIA as the "glue" between a Decentralized Identifier (DID) and an authoritative registered identity, issued by a registrar to a member who proves control of their DID (00:10:03).

  • DIA Information Levels John Phillips detailed three potential levels of information within a DIA (00:11:12). The first level involves information controlled, managed, and issued by the registered authority, carrying their legal responsibility. The second level includes data received from the subject that the authority has checked or quality-controlled, such as verifying DID control. The third level consists of information provided by the applicant that the authority does not verify, which might be marked as untested or unverified (00:12:12).

  • DIA Specification Management and Vocabulary John Phillips and Steve Capell discussed the management of the DIA specification (00:13:03). Steve Capell identified two "golden records": the technical specification rendered as a website on GitLab, and the link data vocabulary that extends the W3C Verifiable Credentials Data Model (VCDM) for conformance (00:14:00). He emphasized the importance of a URI that resolves to an authoritative vocabulary for data elements not part of VCDM, noting that UN/CEFACT itself can be considered an authoritative standards body for such vocabularies (00:14:57).

  • Current Document Status and Legal Perspective John Phillips presented Alina's working draft, describing it as a "scrapbook of ideas" (00:17:08). He highlighted Alina's legal perspective on the implications of an authoritative registrar issuing a DIA for the holder and relying party, noting her focus on the legal meaning and inferable aspects of such a document (00:17:54).

  • Ownership of Companies and AML Concerns John Phillips noted that the document touches on company ownership, particularly concerning "level two information" maintained by organizations like GLEIF, which focus on ownership and ultimate beneficiary concepts to mitigate risks like money laundering (00:18:54). He explained that while the project's primary focus is registering authoritative registrars and allowing them to publish what they choose, registrars might choose to recognize and include LEIs if checked and verified, leveraging the work of GLEIF (00:20:05).

  • Legal Stance and Issuance of DIAs John Phillips mentioned Alina's intent to align with UNCITRAL MLETR rules, ensuring that electronic records, like DIAs, hold the same legal standing and utility as physical records (00:20:05). He also emphasized that the project cannot mandate actions for issuing registrars but will define specific qualities for a DIA to be recognized under UN/CEFACT GTR rules, distinguishing it from other identity anchors (00:21:25).

  • Registrar Eligibility and Governance Steve Capell raised the question of which registrars would be recognized at the UN level as authoritative (00:22:24). John Phillips responded that Alina had already drafted eligibility requirements for registrars to be recognized under the project, including criteria such as being a nation-state representative, having a legal framework for registration, and registering supply chain-related artifacts (00:23:33). Steve Capell noted that a significant part of the project involves governance and leveraging existing UN mechanisms for authoritative information from member states (00:24:26).

  • Governance Framework and Pilot Examples John Phillips drew parallels between the GTR project's governance and the ICAO Public Key Directory (PKD) system, which provides a template for how such a framework might work, including participation costs (00:25:22). He highlighted that the ICAO PKD's annual fee for countries is $15,900 USD, which he considered remarkably good value (00:26:16).

  • Data Protection and Privacy Considerations John Phillips discussed the document's approach to data protection and privacy, emphasizing that as a global initiative, it must consider various national laws beyond GDPR (00:28:18). He suggested that the detailed elaborations on privacy could be compressed, stating that data privacy should reflect national laws (00:29:16).

  • Technical Specification and Trust Building Bree-Ana Blazicevic expressed surprise at the large number of requirements (29, later revealed as 43) and sought clarification on how the technical specification addresses anchoring decentralized identity and confirming control over digital representations (00:30:09). John Phillips explained that the project builds on the UNTP spec, focusing on organizational identity within supply chains to establish a trustworthy anchor point for verifying company claims, enabling automated, machine-readable checks (00:32:50).

  • Project Deliverables and Future Work Steve Capell noted that the main difference between the DIA in UNTP and this project is the process by which issuers are registered on the UN global registry of trusted issuers, suggesting requirements be separated for the DIA credential versus listing on the global register (00:33:45). John Phillips outlined the project's five deliverables: the DIA specification, eligibility requirements for registries, directory content, governance framework, and implementation pilots (00:34:48). He mentioned ongoing efforts to consolidate Alina's and Marcos's contributions, aiming for a cleaner copy for review, eventually moving it to a GitLab environment for better change management and trust (00:37:31).

  • Pilot Program for Digital Trust Bree-Ana Blazicevic inquired about the pilot program, noting that BCG had discussions with federal agencies about quick, low-hanging fruit pilots for digital trust (00:43:43). John Phillips confirmed that pilots are scheduled to begin soon, aiming for two: one with British Columbia, Canada, and another with the registrars of Spain (00:44:46). He highlighted Canada as a valuable use case due to its federal system, contrasting it with more centralized governments like Spain and India (00:47:46).

  • DID Management and Lifecycle Steve Capell and John Phillips discussed the process of managing Decentralized Identifiers (DIDs) in relation to Australian Business Numbers (ABNs), highlighting that a single DID should not be permanently locked to one ABN. They emphasized the need for a lifecycle approach to DIDs, including processes for issuing new DIDs, associating multiple DIDs with an ABN, and handling the cancellation or obsolescence of DIDs (00:58:38).

  • Economic Impact of Identity Verification Steve Capell suggested performing a business benefit analysis of the proposed system, noting the significant costs and risks associated with identity and business-to-business transactions in the current economy (00:59:26). John Phillips supported this by mentioning an RMIT study that estimated approximately one-third of employees in organizations are dedicated to verifying information, leading to substantial costs in the US economy related to checking and trusting identities (01:00:23).

Suggested next steps

  • John Phillips will work through Marcos' comments to simplify wording and address other feedback from a reader's perspective.

  • John Phillips will move the documents into the GitLab environment once they are mature enough.

  • Bree-Ana Blazicevic will contribute to the pilot project for the digital identity anchor.

  • The group will consolidate the work over the next two weeks to produce a clean copy for review, with potential movement into the GitLab space.

  • John Phillips and Sankarshan Mukhopadhyay will combine the comments in the documents before resolving them, allowing readers to see a more complete overview.

  • John Phillips will share the link to the paper about the cost of verification and trust in the US economy.