Traditional implementations relied heavily on centralized identity providers, certificate authorities, and government agencies. These systems created trust through institutional reputation but introduced single points of failure, privacy concerns, and interoperability challenges.

In the organizational identity space, systems like the Legal Entity Identifier (LEI) established global standards for identifying legal entities. GLEIF (Global Legal Entity Identifier Foundation) emerged as the authoritative body managing the LEI system, providing identity assurance for organizations worldwide.

KERI's Approach

KERI fundamentally distinguishes between two complementary trust models:

Attributional Trust vs. Reputational Trust

Attributional trust is what KERI provides through cryptographic mechanisms:

• Self-certifying identifiers (AIDs) that prove control through digital signatures
• Key Event Logs (KELs) that create verifiable histories of identifier control
• Out-of-Band Introductions (OOBIs) that enable low-friction establishment of cryptographic trust
• End-to-end verifiable proof of who made a statement or claim

Reputational trust is what identity assurance provides:

• Verification that an entity's claimed attributes match reality
• Institutional backing from trusted organizations
• Compliance with regulatory and governance requirements
• Human-understandable trust based on organizational reputation

KERI's documentation explicitly states: "You can't have reputation without attributional trust" and "In the real world you need both." This acknowledges that while KERI solves the cryptographic attribution problem, identity assurance remains necessary for establishing the real-world identity behind the cryptographic identifiers.

Integration in the vLEI Ecosystem

The verifiable LEI (vLEI) ecosystem demonstrates how KERI and identity assurance work together:

GLEIF's Role: GLEIF performs identity assurance for legal entities, verifying:

• Legal existence and registration status
• Organizational attributes (name, jurisdiction, registration number)
• Authorized representatives and their roles
• Compliance with legal entity identification standards

KERI's Role: KERI provides the cryptographic infrastructure:

• Autonomic Identifiers (AIDs) for legal entities and their representatives
• Authentic Chained Data Containers (ACDCs) for verifiable credentials
• Cryptographic proof that credentials were issued by authorized parties
• Verifiable delegation chains from GLEIF through Qualified vLEI Issuers (QVIs)

Identity Assurance Procedures in vLEI

The vLEI governance frameworks mandate specific identity assurance procedures:

For Legal Entities:

1. LEI Verification: QVI Authorized Representatives verify the entity's LEI status in the Global LEI System
2. Entity Status Validation: Confirm Active entity status and appropriate registration status
3. Representative Authorization: Verify that Designated Authorized Representatives (DARs) have legal authority

For Individual Representatives:

1. Identity Assurance Level 2 (IAL2): Minimum standard per NIST 800-63-3
2. Alternative Digital Credentials: Acceptance of high-assurance digital identity credentials from approved schemes:
   • European eIDAS (High/Substantial Level of Assurance)
   • Asian schemes (Singapore SingPass, India Aadhaar, Australia myGov)
   • Latin American schemes (Brazil e-CPF)
3. Real-time OOBI Sessions: Supervised remote sessions combining:
   • Visual verification of identity documents
   • Cryptographic challenge-response authentication
   • Continuous audio/video presence

Out-of-Band Procedures vs. OOBIs

The KERI documentation carefully distinguishes:

Out-of-band procedures for identity assurance:

• Traditional verification methods outside the digital system
• Manual document inspection
• In-person or supervised remote verification
• Institutional validation processes

Out-of-Band Introductions (OOBIs):

• KERI protocol mechanism for bootstrapping cryptographic trust
• Exchange of AIDs and witness information
• Establishment of attributional trust without identity assurance
• Low-friction cryptographic verification

These are complementary but distinct mechanisms serving different trust requirements.

Practical Implications

Use Cases Requiring Identity Assurance

Identity assurance is essential in scenarios where:

Regulatory Compliance: Financial services, healthcare, and government systems require verified identities to comply with KYC (Know Your Customer), AML (Anti-Money Laundering), and data protection regulations.

High-Stakes Transactions: Real estate transfers, corporate mergers, and large financial transactions require confidence in counterparty identities beyond cryptographic proof of control.

Legal Accountability: Contracts and legal agreements require verified identities that can be held accountable in legal systems.

Organizational Representation: Verifying that individuals are authorized to act on behalf of organizations requires identity assurance of both the organization and the individual's role.

Benefits of Identity Assurance

Trust Establishment: Provides human-understandable trust based on institutional reputation rather than requiring technical understanding of cryptographic proofs.

Regulatory Acceptance: Meets legal and regulatory requirements that mandate identity verification by trusted parties.

Fraud Prevention: Reduces identity fraud through rigorous verification procedures and institutional accountability.

Interoperability: Standardized assurance levels (IAL1/2/3) enable consistent trust decisions across different systems and jurisdictions.

Liability Framework: Trusted parties assume liability for verification quality, providing recourse in case of errors.

Trade-offs and Limitations

Centralization Risk: Reliance on trusted third parties creates potential single points of failure and control.

Privacy Concerns: Identity assurance often requires disclosure of sensitive personal information to verifying organizations.

Cost and Friction: Rigorous identity verification procedures are expensive and time-consuming compared to self-sovereign approaches.

Scalability Challenges: Manual verification processes don't scale efficiently to global digital systems.

Temporal Validity: Identity assurance is point-in-time; attributes may change, requiring re-verification.

Complementary Architecture

The optimal approach combines both trust models:

1. Identity Assurance establishes real-world identity and attributes
2. KERI binds those verified attributes to cryptographic identifiers
3. ACDCs create verifiable credentials that combine both trust types
4. Ongoing Verification uses KERI's cryptographic mechanisms for continuous validation

This architecture enables:

• Initial high-assurance identity verification
• Low-friction ongoing cryptographic verification
• Selective disclosure of verified attributes
• End-to-end verifiable credential presentations
• Reduced reliance on continuous third-party involvement

Implementation Considerations

Assurance Level Selection: Organizations must determine appropriate IAL levels based on risk assessment and regulatory requirements.

Verification Procedures: Standardized procedures ensure consistent quality across different verifiers and jurisdictions.

Credential Lifecycle: Identity assurance must be maintained through credential issuance, renewal, and revocation processes.

Multi-Signature Requirements: For organizational credentials, identity assurance must extend to all authorized signers in multi-sig configurations.

Grace Periods: vLEI governance frameworks include grace periods (e.g., 90 days) to manage transitions when identity assurance status changes.

Identity assurance remains a critical component of comprehensive digital identity systems, providing the reputational trust foundation upon which KERI's cryptographic attributional trust can build verifiable, scalable, and privacy-preserving identity solutions.