Companies can register on the trust network because of a request from a partner to start using the network or the management’s conviction that the trust network provides added value. In both cases, MYOBI authenticates the company’s identity and of the legal representative before MYOBI offers an information ecosystem.
The representative introduces employees to the Information ecosystem, links them to roles and authenticates the identity of the employees. MYOBI offers the representative the possibility to delegate the part of authenticating the identity of employees to a specific employee.
Often, authentication of the identity of employees, and thus the role of registration authority, is delegated to the reputation manager. The reputation manager introduces employees to the information ecosystem and blocks employees if necessary. Registrations cannot be removed from the administration so that the audit trail remains complete. The representative has access to this audit trail in which it can be deduced what mutations have been made by whom.
The trust services use the administration of employees’ registration on the trust network. The reputation manager links employees to the role of Business Process Coordinator, and they invite employees to the processes. In these business processes, the Business Process Coordinators repeatedly confirm the identity of employees. In addition, the coordinators are introduced to Business Process Coordinators of partners.
The company management sets quality requirements for authenticating the identity and the periodic internal audit in the security policy. For example, in the policy, the company management can include that only company e-mail accounts can be introduced in the information ecosystem, passwords and crypto keys must be changed periodically, and two-factor authentication is required for authenticating identity.