What solutions exist for the transfer of identity information

Business processes between two and more companies, so-called Business-To-Business (B2B) relationships, are mostly handled electronically today. But if you look closely, you will still find many manual steps that often generate high indirect costs. The cause is usually a lack of information about employees of one company, which is needed to efficiently manage the business processes of the other. But how can this exchange be handled efficiently and without media discontinuity?

Today, every company, whether a large corporation or a one-man business, maintains business relationships with other companies. The most common are procurement processes in which employees of one company buy products or services from another. A typical example is ticket purchases in public transport, which are considered below in various stages of development:

Starting point:

Bruno Frey of company X owns a Half-Fare Card. He travels a lot for his professional activities as a salesman.

Zero solution:

In the zero solution, Bruno buys his tickets himself (from the point of view of public transport, this is a B2C customer) and settles them via expenses. In doing so, the company incurs an average of about CHF 25 in process costs for recording and billing expenses. This corresponds to the average price of a ticket.

With this zero solution, the employees of company X are treated as normal customers and not as business customers. This means that company X cannot be granted any special conditions.

Minimal B2B solution:

Company X concludes a contract with the public transport provider and regularly sends the data of its employees, like Bruno, to the public transport provider.

  1. In the simplest case, this can be done by post or fax to the public transport provider, who then maintains the data manually in the in-house IT system.
  2. Alternatively, the data can be provided in a file, e.g. CSV, and imported directly.
  3. An already quite developed solution would be a portal with which administrators of company X can enter and maintain the employees’ data.

By recording the employees in the public transport system, the time-consuming expense recording and accounting at company X is no longer necessary. Company X receives a monthly electronic statement of the tickets purchased by its employees or can collect these from the portal if required. Company X can now pay for the tickets in total and benefit from company discounts. But the employee data provided for public transport must be kept up to date on an ongoing basis. The process costs now shift to the new (additional) maintenance process for the employees on the portal, but are not too high depending on the number of employees.

For such a minimal B2B solution, however, there are not inconsiderable costs on the public transport side for the maintenance of B2B customers and all their employees or for the provision of the corresponding infrastructure for electronic data exchange and/or a portal for the maintenance of company data and employees. The data quality is not too high due to the time delays in updating and the lack of plausibility checks.

Individual B2B solution:

Company X is a large company that can afford an individual IT solution for the automatic exchange of information with the public transport system. The exchange is initiated and confirmed by the employee Bruno Frey. Each time the B2B process with the supplier is accessed, the relationship data is automatically checked and updated (e.g. cost centre, role and authorisations, limits, permitted product groups, delivery address). This means that even more complex processes can be designed.

Since the employee information comes directly and automatically from personnel systems, the quality is correspondingly high. The billing of the purchased service can also be highly automated. However, since the interface was designed individually, it is very costly for both sides to create and operate and is therefore really only worthwhile for large companies that have the necessary developer resources.

The following table shows an overview of the different solutions.

Zero solution Minimal B2B solutionIndividual B2B solutionIdentityBrIDge
B2B contract availableNoYesYesYes
Employee managementNot possibleManually by B2B clientAutomated, per B2B relationshipAutomated,

Standardised (one-off)

Charging for servicesIndividual onlyAutomatedAutomatedAutomated

Lack of scaling

For a seamless electronic B2B process, identity information maintained by one ecosystem must be used to drive the process in another ecosystem. Existing solutions are often manual and error-prone or quite costly. In any case, they do not scale, i.e. when another company joins, you often start again at the beginning. For smaller companies, the effort for an individual B2B solution is usually much too high and therefore they stick to the “minimal B2B solution”.

What is missing is a generic solution, based on contracts (business relationships), with which identity information can be transferred easily, automatically and without media discontinuity from one company to a second. With the information, which can include identification details, details on communication options (such as e-mail, telephone), billing information and authorisations, the business processes are parameterised and thus individually adapted. Ideally, these individual parameters only need to be temporarily stored – during the execution of the process – and can be destroyed afterwards (data economy).

IdentityBrIDge project

In project IdentityBrIDge researchers from the IDAS Institute at BFH Technik & Informatik are working on a solution to the problem of exchanging identity information. The basis is the user-centred linking of electronic verifications (VCs), which is known from Self-Sovereign Identities (SSI). IdentityBrIDge is intended to guarantee information security as well as traceability, non-repudiation and auditability in the regulation-compliant handling of business processes. Through the creation of standards, interoperability between companies is to be increased, making connectivity economically feasible even for small and medium-sized enterprises. Thus, IdentityBrIDge has the potential to have a long-term social impact by enabling new digital business processes and business models.

Creative Commons Licence

AUTHOR: Annett Laube

Annett Laube is a lecturer in computer science at BFH Technik & Informatik and heads the Institute for Data Applications and Security (IDAS). She has technical responsibility for the science magazine SocietyByte, in particular for the focus on Digital Identity, Privacy & Cybersecurity.

AUTHOR: Michael Gerber

Michael Gerber is a senior system architect at SBB. As a technical specialist, he is a member of the Identity and Access Management expert group of the standardisation organisation eCH. E-ID and thus also SSI technologies are of particular interest to SBB. The company is already involved in initial pilot projects with SSI.

Create PDF

Related Posts

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *