True Nature of Identity
- May 3
- 10 min read
Updated: 3 days ago
Identity is one of those terms everyone uses, yet few define precisely. “The meaning of a word is its use in the language.” Ludwig Wittgenstein, Philosopher (1889–1951)
Pillar I – Identity Foundation – Part 1 of 3
By Stephan Wolf, Chair of the Board of Trustees at Verifiable.Trade Foundation
May 2026
Identity is one of those terms everyone uses, yet few define precisely. In business systems, this lack of clarity creates real friction. It leads to duplicated processes, inconsistent data, and ultimately a lack of trust between participants. It creates blind spots where no one can say with certainty who acted, on whose behalf, and with what authority.
To understand how digital trade, finance, and supply chains can evolve, we need to start with a simple but powerful idea. Identity is not a number. Identity is a structured description of something within a specific context.
Identity does not exist in isolation. It is always tied to a socio-economic system in which it serves a purpose. A company has an identity because it participates in commerce. A person has an identity because they act in legal, economic, or social roles. A product has an identity because it is manufactured, transported, financed, or regulated. Each of these identities is defined differently depending on the system in which it is used.
· In banking, identity supports risk assessment and compliance.
· In logistics, it supports tracking and coordination.
· In regulation, it supports accountability and oversight.
This is why identity is always contextual. The discussion in the OpenCorporates blog series[1], particularly the question of what actually constitutes a legal entity, reflects this reality. Entities are defined by their role within a system, not by a single global description.
These are not abstract issues. They happen every day:
· A bank processes a payment instruction from a person whose authorization expired yesterday.
· A supplier appears as three different entities across procurement, finance, and logistics systems.
· A shipment is released based on data that cannot be traced back to a verifiable source.
· A regulator receives documents that are consistent in format, but not in origin or integrity.
Each of these situations creates risk. Not theoretical risk, but operational, financial, and reputational exposure.
Identification in this context means to know whom you are interacting with, both past and present. This should not be confused with Identity Management solutions for managing logins and user accounts[2], as these use cases are much more specific and proprietary in the context of particular relationships between a user and an organization. However, future Identification Management solutions and platforms should be built to support Verifiable.Trade Foundation’s proposals.
Identity Is Always Contextual
Identity is contextual because the attributes we use depend on the purpose. A national ID card may include a home address, while a passport typically does not. When crossing a border, your home address is usually irrelevant. What matters instead is your nationality, your biometric identifiers such as a photograph or fingerprints, your origin of birth, and often your intended destination. Interestingly, some of these attributes are added at time of arrival. The identity attributes change because the question changes: What do we need to know in order to trust this interaction. The same principle applies across all business contexts. Identity is shaped by the requirements of the interaction, not by a fixed universal template.
At its core, identity is a structured set of attributes that together describe a subject or object in a meaningful way. A company is described through its legal name, jurisdiction, registration details, and ownership structure. A person is described through attributes such as name, date of birth, nationality. A shipment is described through origin, destination, contents, and ownership. Identity is therefore not a single data point but a structured representation that allows systems and participants to understand what they are dealing with in a specific context.
Why this matters now
This challenge is not new. What is new is the environment in which it unfolds.
Geopolitical fragmentation is increasing the need to verify counterparties across jurisdictions. Regulatory pressure is rising, with stricter requirements on accountability, traceability, and control.
At the same time, automation is accelerating. AI agents and machine-to-machine interactions are beginning to execute decisions and transactions without human intervention. When AI agents negotiate contracts, trigger payments, or confirm deliveries, the question of identity and authority shifts from human verification to machine-verifiable trust.
In such an environment, identity can no longer be implicit or assumed. It must be explicit, verifiable, and continuously valid. The question is no longer whether systems can process data. The question is whether they can trust it.
Identifiers Are Just Pointers
Identifiers are often mistaken for identity, but they are only labels that point to that structured data. The Business Identifier Code[3] (BIC, ISO 9362), the Legal Entity Identifier[4] (LEI, ISO 17442), the prefix of a Global Location Number[5] (GLN, SO/IEC 6523) can all refer to the same organization, yet they serve different purposes. One identifies a participant in payment networks, the other identifies a legal entity in regulatory and financial contexts. The third provides identification in a supply-chain scenario. They are not interchangeable because they point to different sets of attributes defined for different contexts. This explains why the same entity appears multiple times across systems. Each representation is valid within its own context, but none of them alone provides a complete picture. The OpenCorporates discussion on the identity crisis of business identifiers[6] highlights exactly this structural fragmentation.
Identity in Business: People, Organizations, and Roles
Business transactions add another layer of complexity. Transactions are not executed by abstract entities but by people acting on behalf of organizations. A payment is approved by a CFO. A delivery is confirmed by a warehouse clerk. A contract is signed by a director. This creates a fundamental link between natural persons, legal entities, and the roles that connect them. The identity of the organization alone is not sufficient. The identity of the individual alone is not sufficient. What matters is the relationship between both.
Identity is used to establish who or what an actor is. Based on that identity, permissions and roles are assigned, which enable authorization. When an action is performed, identity is used to attribute or claim that event. However, it is not the personal identity alone that creates legitimacy. A warehouse clerk would not use a nationally issued digital identity to sign a delivery note. The authority to confirm that delivery comes from the company. The clerk acts in a role assigned by the organization. This role defines what the person is allowed to do and on whose behalf they act. Legitimacy therefore emerges from three elements combined:
· The verified identity of the person
· The verified identity of the organization
· The verified relationship between both in the form of a role.
Without this, systems cannot reliably determine who is acting, on whose behalf, and with what authority.
Identity is therefore not just about entities. It is about relationships. A person may work for multiple companies, hold different roles, and act with different levels of authority. A company may have multiple representatives across jurisdictions and functions. These relationships evolve over time. Identity must therefore capture not only attributes but also the dynamic connections between actors. A name alone is meaningless. A statement such as a specific person acting as warehouse clerk for a specific company with the authority to confirm delivery creates a usable and verifiable identity in context.
Identity Is Dynamic
Identity is also not static. Companies change ownership and structure. People change roles and affiliations. Objects such as shipments change location, status, and ownership. Identity must therefore be continuously updated and validated. The idea of proof of life discussed in the OpenCorporates blog series reflects this well. Identity is not just about existence at a point in time. It is about ongoing validity in a changing environment.
The well-known thought experiment in the Ship of Theseus can explain this issue further. A ship belonging to the hero Theseus is preserved for years. As parts of the ship decay, they are gradually replaced with new wooden planks.
Over time, every single part of the ship is replaced. So the question arises: Is it still the same ship? Now imagine this. Someone collects all the original, discarded planks and rebuilds a ship from them. Now there are two ships, one made entirely of new parts (continuously repaired), the other one made entirely of original parts (reassembled). Which one is the real Ship of Theseus?
This matters because this paradox isn’t really about ships. It’s about identity:
• What makes something the same thing over time?
• Is identity based on material (the parts)?
• Or on continuity (the process, history, function)?
So instead of asking “Is this the same thing?”, the more relevant question is: “What continuity do we actually care about?”
• Legal context Continuity means determining whether a company remains the same legal entity, for example after an acquisition.
• Operational contextIt is about whether a process continues to function as intended, even after redesign or system changes.
• Data contextContinuity asks whether the evolution of an entity can be reliably traced over time, despite changes in name, legal form, or address.
• Role contextThe question becomes who is authorized to act, for example who is entitled to sign a contract following a restructuring.
Each of these perspectives leads to a different answer. Continuity is not absolute. It is defined by context.
Guiding Principle: Detach Identity from Systems
Most current systems embed identity within IT applications. Each platform creates and maintains its own version of identity, primarily focused on access management. This leads to duplication, repeated onboarding, inconsistent data, and complex integration efforts. Mapping identifiers is performed repeatedly across systems, incurring substantial costs across the entire industry.
A more robust approach follows a simple guiding principle. Identity should be detached from individual systems and made interoperable across borders and platforms. This means identity is not owned by a single application and does not need to be recreated for every interaction. It can be reused, verified independently, and applied across multiple contexts.
A simple mental model helps to bring this together. Identity is the combination of attributes, context, and relationships. Identifiers are merely pointers to that identity. When systems confuse identifiers with identity, fragmentation emerges. When identity is properly structured and detached from systems, interoperability becomes possible.
Identity is not a technical detail. It is foundational infrastructure for how modern economies function. Understanding its true nature allows organizations to reduce duplication, improve trust, and enable seamless collaboration across systems and borders. In a world of increasing digital interaction, getting identity right is not optional. It is the prerequisite for everything that follows.
Key takeways
Every interaction should follow a simple logic. First, we identify who or what we are dealing with. Second, we assess whether we can trust that identity. Third, we determine whether that actor is authorized to perform a specific action. As a result, trust becomes explicit, consistant, and easy to verify.
Identity is not a technical feature. It is economic infrastructure.
· Organizations that treat identity as a system attribute will continue to duplicate effort, absorb risk, and limit automation.
· Organizations that treat identity as an independent, verifiable layer will reduce friction, strengthen trust, and unlock new forms of collaboration across systems and borders.
In an increasingly digital and automated world, getting identity right is not an optimization. It is a prerequisite.
Glossary (Alphabetical)
Attribute
A characteristic that describes an identity, such as name, address, or jurisdiction.Source: ISO (conceptual definition used across identity standards)
Authentication
The process of verifying that an identity is genuine.
“Authentication is the process of verifying the identity of a user or process.”Source: National Institute of Standards and Technology (NIST SP 800-63)
Authorization
The determination of whether an actor is allowed to perform a specific action.
“Authorization is the process of determining whether a user is permitted to perform a given operation.”Source: National Institute of Standards and Technology (NIST SP 800-63)
Context (of Identity)
The environment or purpose in which identity is used, determining which attributes are relevant.
“The meaning of a word is its use in the language.”Source: Ludwig Wittgenstein, Philosophical Investigations(Used here as a conceptual foundation for context-dependent identity)
Continuity (of Identity)
The ability to maintain or trace identity over time despite changes.
“Identity is not sameness.”Source: Paul Ricoeur, Oneself as Another
Data Continuity
The ability to track how data describing an entity evolves while preserving a consistent reference to that entity.Source: Derived from data governance and lifecycle management principles (no single canonical quote)
Decentralized Identifier (DID)
A globally unique identifier that does not require a centralized registration authority.
“A DID is a new type of identifier that enables verifiable, decentralized digital identity.”Source: World Wide Web Consortium, DID Core Specification
Entity
A person, organization, or object that can be identified and participate in interactions.Source: General usage across legal and information systems standards
Externalized Identity
An identity model where identity exists independently of individual systems and can be reused across contexts.Source: Conceptual term (aligned with decentralized identity and interoperability principles)
Identification
The act of establishing who or what an entity is.
“Identification is the process of recognizing an entity.”Source: National Institute of Standards and Technology (NIST, adapted definition)
Identifier
A unique reference used to distinguish an entity within a specific context.
“An identifier is a name that identifies (that is, labels the identity of) either a unique object or a unique class of objects.”Source: International Organization for Standardization (ISO/IEC terminology)
Identity
A structured representation of an entity within a given context.
“Identity is the set of attributes that uniquely describe a subject within a given context.”Source: National Institute of Standards and Technology (NIST Digital Identity Guidelines, paraphrased for clarity)
Interoperability
The ability of systems to exchange and use information consistently.
“Interoperability is the ability of two or more systems or components to exchange information and to use the information that has been exchanged.”Source: Institute of Electrical and Electronics Engineers
ISTTP (International Secure Trade Transfer Protocol)
An open protocol designed to enable secure and verifiable exchange of trade data across systems, ensuring that identity and trust travel with the data.Source: Verifiable.Trade Foundation
Legal Entity
An organization that has legal rights and obligations.
“A legal entity is any entity that can enter into contracts and be held responsible for its actions.”Source: General legal definition (consistent across jurisdictions)
Legal Entity Identifier (LEI)
A globally unique identifier for legal entities participating in financial transactions.
“The LEI is a 20-character, alpha-numeric code based on the ISO 17442 standard.”Source: Global Legal Entity Identifier Foundation
Proof of Life
Evidence that an entity or identity is still valid and active at a given point in time.Source: Concept used in identity validation and registry maintenance (e.g., corporate registries)
Revocation
The act of invalidating a credential, identity, or authorization.
“Revocation is the process of withdrawing the validity of a credential.”Source: World Wide Web Consortium (Verifiable Credentials Data Model)
Role
The function or capacity in which an entity acts within a relationship.
“A role represents a set of permissions associated with a particular function.”Source: National Institute of Standards and Technology (RBAC model)
System-Centric Identity
An approach where identity is created and managed within individual IT systems, leading to duplication and inconsistency.Source: Conceptual term (common in enterprise architecture discussions)
Verifiable Identity
An identity that can be independently validated without reliance on a central authority.
“Verifiable credentials are tamper-evident credentials that can be cryptographically verified.”Source: World Wide Web Consortium
[2] Popular proprietary IDs such as the Apple-ID, Amazon-ID, Google-ID, Facebook-ID, and many more allow authentication just in a closed network or for a single use case, e.g. shopping. They lack openness, do not provide interoperability and are usually at the discretion of a private firm. Attempts such as Open-ID (http://openid.net/what-is-openid/) are focused on easy access to web sites. Both lack regulatory oversight by rule makers to gain trust as authoritative source of identity.
[3] ISO 9362 defines a standard format of Business Identifier Codes (also known as SWIFT-BIC, BIC code, SWIFT ID or SWIFT code). https://en.wikipedia.org/wiki/ISO_9362
[4] A very good overview on the LEI system and its characteristics can be found at:Kennickell, Arthur B. (2016). “Identity, Identification and Identifiers: The Global Legal Entity Identifier System,” Finance and Economics Discussion Series 2016-103. Washington: Board of Governors of the Federal Reserve System,https://doi.org/10.17016/FEDS.2016.103
