A “data bridge” for business relationships
Business processes between two and more companies, so-called business-to-business (B2B) relationships, are mostly handled electronically today. Portals are used for many of these B2B business processes. The service provider (supplier) offers its services and products on the portal. In order to use the services offered in a B2B context, the partner companies often have to register their employees in self-service. This approach does not only have advantages, but BFH researchers are developing a solution for it
Many B2B business processes are based on a portal of the service provider (supplier), in which all partner companies register their employees in self-service so that they can use the services offered. Each company appoints a super or power user who maintains the employees and their roles. (compare article, paragraph: Minimal B2B solution)
This is a practical matter for the supplier. Each company must maintain the necessary employees and roles in the portal on its own responsibility. The partner companies are relatively free in assigning their employees, but they are also responsible for ensuring that only the right people have access and that the data is up-to-date
A big advantage of a portal solution is that it is also accessible to micro-enterprises, which may not yet be digitised. But the power user concept also has disadvantages
- Great effort on the part of the supplier: In addition to the actual portal function, the supplier must provide and support the infrastructure for managing the company employees, including their authentication information. Super-users must be registered in a separate onboarding process for the partner companies in order to be able to maintain the employees of their company.
- Multiple efforts at partner firms: As the partner companies have the sole responsibility for the manual maintenance of their employees and have to bear the costs for this themselves, there is a multiple effort per supplier.
- Scalability: Manual maintenance of employee information is limited to a few employees and therefore hardly suitable for larger companies. Large companies therefore often have to build individual solutions with all their suppliers, which can be very cost-intensive for both sides.
- Up-to-dateness: Since the data is maintained manually, and therefore a change of an employee is not automatically updated, it is often not up to date and can lead to unauthorised benefits or orphaned accounts.
- Security: Company employees have a large number of portal logins with different login data and formats.
IdentityBrIDge aims to provide a standardised, automatic exchange of employee data to remedy the disadvantages listed above. A sparing exchange of employee data is assumed (need-to-know). This exchange should enable the regulation-compliant handling of business processes on the basis of a previously concluded B2B contract
Two cases of B2B processes
B2B business processes can be divided into two groups
- Type 1: The employees of the partner companies act on behalf of the company:
Selected employees manage assets of the firm, such as contracts or accounts, or order services. In most cases, due to the legal framework, it is necessary to ensure traceability, non-repudiation and auditability. In such cases, the identity of the acting employees and their activities must be disclosed, therefore anonymity of the employees at the supplier and the associated protection of privacy can only be realised to a limited extent
- Type 2: The employees of the partner companies receive personal services:
Employees of the partner companies can obtain personalised services from the supplier, such as training offers, public transport tickets, discounts, etc. The billing should ideally be automated. Billing should ideally be automated via the company
With the help of a standardised IdentityBrIDge protocol, employee data is transferred from the partner companies to the supplier. Optionally, information on purchased services and products can also flow back, e.g. for billing purposes or warranty services
With the use of IdentityBrIDge, the portal solution of the supplier already has all the necessary information and roles of an authorised employee, so that all manual registration and mutation processes on the portal of the supplier and the associated support services are eliminated
Employee information includes the following categories
- Identification details, e.g. name, employee number
- Communication information, e.g. telephone, e-mail
- Accounting information, e.g. cost centre
- Authentication information
- Authorisations, such as restrictions on certain portal areas or processes Portal areas or processes, but also time restrictions
To ensure that the data is up-to-date, employee information is not only transferred once, but also in the event of mutations, e.g. change of role, and departures. Ideally, information from the partner company’s systems, such as the personnel system or financial accounting, is used for this purpose, as this ensures that the information is as up-to-date as possible. In the case of type 2 processes, care must be taken that no “provisioning in advance” takes place, but that the employees can agree to the data exchange or activate/deactivate it
The protocol, which covers the typical life cycle of employees, i.e. onboarding, updating/revoking, deletion, can run through different communication channels. However, as this is potentially sensitive data, this channel must be secured and authenticated
IdentityBridge makes it possible to automate manual onboarding and mutation processes for B2B portals. This reduces costs on both sides. Digital B2B processes thus also become more attractive for small and medium-sized enterprises. By standardising the processes, new business areas can be developed in the long term or existing B2B processes can be further automated. In addition to the reduction of manual steps, the advantages are higher data quality and up-to-dateness for controlling business processes and individual customer offers (KYC). At the same time, sustainable solutions can be created through principles such as data economy and security/privacy by design
To the BFH project
In the IdentityBrIDge project, researchers at BFH Technik & Informatik are developing a prototype for a simple, automatic and media-interruption-free exchange of identity information from one company to another. This will parameterise and customise business processes. The IdentityBrIDge solution should guarantee information security as well as traceability, non-repudiation and auditability in the regulation-compliant handling of business processes. At the same time, the protection of the data and privacy of the persons involved will be ensured in a sector- and process-specific manner. The planned prototype will be made available as an open source project.