Introducing the vLEI Ecosystem Governance Framework
The Global Legal Entity Identifier Foundation (GLEIF) has published the verifiable LEI (vLEI) Ecosystem Governance Framework based on the Trust over IP Governance Metamodel. The vLEI Ecosystem Governance Framework, which has been designed from the ground up to complement GLEIF’s existing LEI governance, defines the vLEI operational model and describes how the new digital trust ecosystem’s range of vLEI issuing stakeholders will qualify for and perform their roles in the Global LEI System.
A year in the making, the Framework has been created in full accordance with standards and recommendations of the Trust over IP Foundation, hosted by the Linux Foundation. It is the most comprehensive Governance Framework developed based on the ToIP Governance Model.
The Framework provides essential detail on the governance structures and processes that will shape the development of the vLEI ecosystem together with the services that GLEIF will provide, including the vLEI Qualification Program, essential key and credential management services, and a communications platform for information sharing between GLEIF and its network of vLEI issuers.
The documents of an Ecosystem Governance Framework are comprised of a Primary Document, one or more Controlled Documents (separate supporting documents focusing on dedicated topics for the Framework), and the Identifier and Credential Governance Frameworks.
The primary document is the master document for the Framework. GLEIF suggests that the Primary Document is an excellent place to start when reading the Framework.
Documents for the vLEI Issuer Qualification Program
There are several Controlled Documents that are dedicated to the roles and responsibilities of Qualified vLEI Issuers. These documents are part of the Legal Agreement section of the Framework. The main legal document is the vLEI Issuer Qualification Agreement, to which there are seven appendices.
The complete set of documents for vLEI Issuer Qualification can be accessed through the following link.
Identifier and Credential Governance Frameworks
The Identifier Governance Framework focuses on GLEIF’s Autonomic Identifiers (AIDs). Each vLEI Credential has its own Credential Governance Framework, one for each of the four types of vLEI Credentials. These Frameworks include policies and requirements for the issuance, verification, and revocation of each vLEI Credential, as well as the fields contained in each Credential, with a link to the technical schema.
A document that details the purpose, principles, policies, and specifications that apply to the use of the GLEIF Root Autonomic Identifier (AID) and its GLEIF Delegated AIDs in the vLEI Ecosystem.
A document that details the requirements to enable this vLEI Credential to be issued by GLEIF to Qualified vLEI Issuers, which allows the Qualified vLEI Issuers to issue, verify and revoke Legal Entity vLEI Credentials, Legal Entity Official Organizational Role vLEI Credentials and Legal Entity Engagement Context Role vLEI Credentials.
A document that details the requirements for a vLEI Credential, the entity level vLEI Credential issued by a Qualified vLEI Issuer to a Legal Entity.
A document that details the requirements for vLEI Role Credentials issued to official representatives of a Legal Entity. These vLEI Credentials are issued by Qualified vLEI Issuers who are responsible for the validation of persons in official roles against one or more public sources.
A document that details the requirements for vLEI Role Credentials issued to representatives of a Legal Entity in other than official roles but in functional or other context of engagement. These vLEI Role Credentials can be issued and revoked by a Legal Entity itself, or a Qualified vLEI Issuer can provide these value-added services to a Legal Entity.
Remaining Controlled Documents
A document that lists all defined terms have been referenced in the Framework documents.
A document that assesses certain risk categories regarding the operation of the vLEI Ecosystem and Infrastructure. Although for purposes of the Framework, the Risk Assessment is a separate document, responsible managers within GLEIF will manage these risks as part of the GLEIF risk register.
Trust Assurance and Certification
This document focuses on the ‘MUST’ statements within the other Framework documents and specifies the services/processes that will be used to evaluate compliance with these statements.
There are two separate Controlled Documents for the Framework’s Technical Requirements, with self-explanatory titles.
Information Trust Requirements
This document defines the information security, privacy, availability, confidentiality, and processing integrity policies for the Framework.
The Framework will be maintained by GLEIF and reviewed for revision at least once a year.
Relevant Files for Download
Download as PDF: vLEI Q & A