Verifying identities
Woleet.ID Server was designed to store reliable identity information about individuals or seals.
For this, identity verification shall be performed before entering new data in the database.
Identity verification contributes to minimize the risks linked to impersonation and to the use of fake identities. It is critical to guarantee the validity of electronic signatures and seals done with these identities.
Persons in charge of identity verification
Identity verification shall be conducted by authorized persons. They shall be responsible persons, who may not be susceptible to have any conflict of interest with their function.
These authorized persons can have an access to Woleet.ID Server to create identities. The dedicated “manager” profile should be affected to them.
Please refer to this article for the description of the manager role.
Verifying user identities
The manager shall evaluate if the individual is authorized to sign, depending on his/her business needs. An authorization form signed by a legal representative may be required, depending on the issues at stake when electronically signing (for example financial or legal issues).
The manager shall perform identity verification by checking following criteria:
- Does the person exist?
Verification example: meet the person, or make a video call with him/her. - Is the identity information accurate?
Verification example: ask for the presentation of an ID card, a passport or any other official document displaying a photo. - Does the person belong to the organization (if organizational information is provided)?
Verification example: professional card, or authorization form signed by a legal representative. - Can we distinguish the identity from other existing identities in Woleet.ID Server?
Verification example: does the user email already exist in database?
After this check, the manager can create the user identity in Woleet.ID Server. See this article to know how to create an identity in Woleet.ID Server.
Verifying seal identities
The manager shall evaluate if the seal identity creation is legitimate. For this the manager shall understand the business objective of the seal creation service.
The manager shall perform following verifications:
- Does the organizational entity exist?
Verification example: ask for an attestation of the organization existence (in France: extrait Kbis). - Is the organization identity information accurate?
Verification example: ask for an attestation of the organization existence (in France: extrait Kbis). - Is there a risk that the seal identity be used by unauthorized persons or organizations?
Verification example: verify that the person applying for the seal identity creation is authorized by a legal representative of the organization (via an authorization form). - Can we distinguish the identity from other existing identities in Woleet.ID Server?
Verification example: does the user email already exist in database?
The manager shall validate the seal name. It is recommended that the seal name reflects the objective of the seal creation service (e.g. "Woleet invoice signature service").
After this check, the manager can create the seal identity in Woleet.ID Server. See this article to know how to create an identity in Woleet.ID Server.
Keeping evidence of identity verification
We recommend to keep evidence of identity verification made for each signatory.
In particular, if an ID document is required for user identity check, a copy of the ID document should be kept as evidence.
Evidence shall be kept as long as electronic signatures and seals can be validated (meaning potentially several decades).
Updated almost 3 years ago