Loading vLEI.wiki
Fetching knowledge base...
Fetching knowledge base...
This comprehensive explanation has been generated from 24 GitHub source documents. All source documents are searchable here.
Last updated: October 7, 2025
This content is meant to be consumed by AI agents via MCP. Click here to get the MCP configuration.
Note: In rare cases it may contain LLM hallucinations.
For authoritative documentation, please consult the official GLEIF vLEI trainings and the ToIP Glossary.
DND (Do Not Delegate) is a boolean flag/attribute associated with an AID (Autonomic Identifier) in KERI that controls whether the identifier has the capability to perform delegation operations. The default setting is permissive (delegation allowed).
The Do Not Delegate (DND) flag is a configuration attribute that can be set on an AID (Autonomic Identifier) within the KERI protocol. This flag serves as a control mechanism that determines whether a specific identifier possesses the capability to participate in delegation operations, which are fundamental to KERI's hierarchical identifier management architecture.
By default, the DND flag is set to a permissive state - meaning "you can delegate." This default configuration reflects KERI's design philosophy of enabling flexible identifier hierarchies and delegated authority structures unless explicitly restricted. When an AID is created through an inception event, it inherently possesses delegation capabilities unless the DND flag is explicitly configured to restrict this functionality.
The permissive default enables AIDs to serve as delegators in KERI's cooperative delegation model, where both delegator and delegate must contribute cryptographically to establish a delegation relationship. This capability is essential for organizational use cases requiring hierarchical identity structures, such as the vLEI ecosystem where GLEIF's root AID delegates authority to Qualified vLEI Issuers (QVIs).
The DND flag operates within KERI's broader delegation framework, which supports:
The DND flag is currently marked TBW (To Be Written) in the canonical glossary, indicating incomplete technical documentation. Available information establishes:
Implementers should be aware that the following details are not yet fully documented:
In the vLEI ecosystem, DND configuration may be subject to governance requirements specified in the vLEI Ecosystem Governance Framework. Organizations implementing KERI for enterprise use cases should consider:
When DND is set to restrict delegation, the AID becomes a terminal node in any delegation hierarchy - it can be delegated to, but cannot itself delegate authority to other identifiers. This restriction is useful for:
The DND flag's state is established in the AID's inception event and can potentially be modified through rotation events, though the current documentation does not specify the exact mechanism for changing this flag post-inception. The flag's configuration becomes part of the AID's key state, making it verifiable through the KEL (Key Event Log) and subject to KERI's duplicity detection mechanisms.
While the canonical glossary establishes the DND flag's existence and default behavior, detailed implementation specifications regarding:
are not fully documented in the available source materials. Implementers should consult the authoritative KERI specification and reference implementations for complete technical details.