The review window has passed and this repo is now archived. Thanks to everyone who reviewed.
Structure and background purpose of documents of the verifiable LEI (vLEI) Ecosystem Governance Framework For Trust over IP Member Review
The Global Legal Entity Identifier Foundation (GLEIF) is pleased to invite members of the Trust over IP Foundation to review the draft v1.0 of the verifiable LEI (vLEI) Governance Framework. The review will run until January 15, 2022.
The documents of an Ecosystem Governance Framework (EGF) are comprised of a Primary Document, one or more Controlled Documents (separate supporting documents focusing on dedicated topics for the EGF) and the Credential Governance Frameworks.
To open an issue or comment click here
A recording of the vLEI EGF presentation given at the Trust Over IP all memeber meeting can be seen here
Primary Document
verifiable LEI (vLEI) Ecosystem Governance Framework Primary Document The primary document is the master document for the EGF. GLEIF suggests that you begin your review of the vLEI EGF with this document.
Controlled Documents
Documents for the vLEI Issuer Qualification Program
There are several Controlled Documents that are dedicated to the roles and responsibilities of Qualified vLEI Issuers. These documents are part of the Legal Agreement section of the vLEI EGF. The main legal document is the vLEI Issuer Qualification Agreement to which there are seven appendices.
vLEI Issuer Qualification Agreement An agreement between GLEIF and an organization that has been qualified by GLEIF to operate as a Qualified vLEI Issuer.
Appendices to vLEI Issuer Qualification Agreement
Appendix 1: Non-Disclosure Agreement (NDA) An agreement that outlines requirements for handling confidential information. The GLEIF’s standard NDA is provided for completeness in the list of documents for the vLEI Issuer Qualification Program and no feedback is necessary for this document.
Appendix 2: vLEI Issuer Qualification Program Manual The document that describes the Qualification Program.
Appendix 3: vLEI Issuer Qualification Program Checklist The document that details the control and process requirements for Qualification.
Appendix 4: vLEI Issuer Contact Details A list of contact details of GLEIF and the Candidate vLEI Issuer during Qualification and of GLEIF and the Qualified vLEI Issuer during ongoing operations. This list also will include the contact details that GLEIF would need in order to manage the termination of a Qualified vLEI Issuer. For this purpose, the names, titles and email addresses of the Legal Entities’ Authorized vLEI Representatives (AVRs) must be provided and updated on a regular basis as a section to this appendix.
Appendix 5: Qualified vLEI Issuer Service Level Agreement (SLA) A document that details the services to be provided by GLEIF and the Qualified vLEI Issuers and the service level requirements for these services. The formal SLA will be prepared prior to the implementation of the vLEI Issuer Qualification Program in 2022 as Appendix 5 to the vLEI Issuer Qualification Agreement.
In the meantime, a vLEI Services Catalog has been prepared to provide background of the services that will be developed for GLEIF and for the network of Qualified vLEI Issuers.
Although the vLEI Issuer Qualification Agreement and its appendices will be listed as Controlled Documents within the EGF and distributed as part of the complete vLEI EGF, revisions to the vLEI Issuer Qualification Agreement, including all of its appendices, will be reviewed and approved by GLEIF only.
Appendix 6: Qualified vLEI Issuer TrustMark Terms of Use A document that details the terms of use of the TrustMark by the Qualified vLEI Issuer.
Appendix 7: Qualified vLEI Issuer-Legal Entity Required Contract Terms A document that specifies the contract terms that must be included in the agreement between a Qualified vLEI Issuer and a Legal Entity for vLEI services.
Identifier and Credential Governance Frameworks
The Identifier Governance Framework focuses on the GLEIF’s Autonomic Identifiers (AIDs). Each vLEI Credential has its own Credential Governance Framework, one for each of the four types of vLEI Credentials. These Frameworks include policies and requirements for the issuance, verification and revocation each vLEI Credential, as well as the fields contained in each Credential, with a link to the technical schema.
GLEIF Identifier Governance Framework A document that details the purpose, principles, policies, and specifications that apply to the use of the GLEIF Root Autonomic Identifier (AID) and its GLEIF Delegated AIDs in the vLEI Ecosystem.
Qualified vLEI Issuer vLEI Credential Governance Framework A document that details the requirements to enable this vLEI Credential to be issued by GLEIF to Qualified vLEI Issuers which allows the Qualified vLEI Issuers to issue, verify and
revoke Legal Entity vLEI Credentials, Legal Entity Official Organizational Role vLEI Credentials and Legal Entity Engagement Context Role vLEI Credentials.
Legal Entity vLEI Credential Governance Framework A document that details the requirements for a vLEI Credential, the entity level vLEI Credential issued by a Qualified vLEI Issuer to a Legal Entity.
Legal Entity Official Organizational Role vLEI Credential Governance Framework A document that details the requirements for vLEI Role Credentials issued to official representatives of a Legal Entity. These vLEI Credentials are issued by Qualified vLEI Issuers who are responsible for validation of persons in official roles against one or more public sources.
Legal Entity Engagement Context Role vLEI Credential Governance Framework A document that details the requirements for vLEI Role Credentials issued to representatives of a Legal Entity in other than official roles but in functional or other context of engagement. These vLEI Role Credentials can be issued and revoked by a Legal Entity itself or a Qualified vLEI Issuer can provide these value-added services to a Legal Entity.
Remaining Controlled Documents
Glossary
verifiable LEI (vLEI) Ecosystem Governance Framework Glossary A document that lists all defined terms have been referenced in the vLEI EGF documents.
Risk Assessment
verifiable LEI (vLEI) Ecosystem Governance Framework Risk Assessment A document that assesses certain risk categories regarding the operation of the vLEI Ecosystem and Infrastructure. Although for purposes of the vLEI EGF, the Risk Assessment is a separate document, responsible managers within GLEIF will manage these risks as part of the GLEIF risk register.
Trust Assurance and Certification
verifiable LEI (vLEI) Ecosystem Governance Framework Trust Assurance Framework This document focuses on the ‘MUST’ statements within the other vLEI EGF documents and specifies the services/processes that will be used to evaluate compliance with these statements.
Technical Requirements
There are two separate Controlled documents for the EGF Technical Requirements, with self-explanatory titles.
verifiable LEI (vLEI) Ecosystem Governance Framework Technical Requirements Part 1 KERI Infrastructure
verifiable LEI (vLEI) Ecosystem Governance Framework Technical Requirements Part 2 vLEI Credentials
Information Trust Requirements
verifiable LEI (vLEI) Ecosystem Governance Framework Information Trust Policies This document defines the information security, privacy, availability, confidentiality and processing integrity policies for the vLEI EGF.