This hierarchical structure implements a tree of trust where:

• The GLEIF Root AID provides the ultimate cryptographic root of trust
• GEDA extends this trust to external ecosystem participants
• QVI AIDs are delegated from GEDA, inheriting its trust authority
• Legal Entity credentials are issued by QVIs under GEDA's delegated authority

GLEIF's Dual AID Architecture

GLEIF maintains a separation of concerns through its dual delegated AID structure:

GEDA (External):

• Manages relationships with QVIs
• Issues QVI vLEI Credentials
• Approves QVI delegated AID inception events
• Oversees QVI qualification and termination
• Handles ecosystem-facing governance operations

GIDA (Internal):

• Manages GLEIF's internal operations
• Issues credentials for GLEIF staff and systems
• Handles internal administrative functions
• Maintains separation from external ecosystem operations

This architectural separation ensures that compromise of internal systems does not directly affect external ecosystem trust, and vice versa. It also enables different security policies and operational procedures for internal versus external operations.

Relationship to GLEIF Root AID

GEDA is cryptographically bound to the GLEIF Root AID through KERI's delegation mechanism. According to the governance framework:

1. Delegation Event: GEDA's inception is recorded as a delegated establishment event in the GLEIF Root AID's KEL
2. Cryptographic Seal: The GLEIF Root AID creates a cryptographic seal of GEDA's inception event
3. Cooperative Delegation: Both the delegator (GLEIF Root) and delegate (GEDA) must contribute to the delegation
4. Verifiable Chain: Any verifier can cryptographically trace GEDA's authority back to the GLEIF Root AID

This delegation structure provides end-to-end verifiability of GEDA's authority without requiring centralized registries or certificate authorities.

Roles & Responsibilities

Primary Responsibilities

GEDA serves as GLEIF's operational identity for QVI management, with the following core responsibilities:

1. QVI Credential Issuance

GEDA is the issuer of QVI vLEI Credentials, which authorize organizations to act as Qualified vLEI Issuers. According to the Qualified vLEI Issuer vLEI Credential Governance Framework, GEDA:

• Issues QVI credentials to organizations that have completed the vLEI Issuer Qualification Program
• Embeds the QVI's LEI (Legal Entity Identifier) in the credential
• Specifies a 90-day grace period to manage QVI transitions
• Maintains the credential's lifecycle through issuance, verification, and revocation

2. QVI Delegated AID Approval

GEDA must approve the inception of QVI delegated AIDs through a formal delegation ceremony. The technical documentation "Approving QVI Inception Events" specifies that:

• QVIs create multisig group AIDs with GEDA as the delegator
• GEDA's prefix is specified in the delpre field of the QVI's inception configuration
• External GARs (GLEIF Authorized Representatives) controlling GEDA must approve the delegation
• Approval is expressed through interaction events containing cryptographic seals of the QVI inception event

3. QVI Oversight and Termination

GEDA manages the operational status of QVIs throughout their lifecycle:

• Annual Qualification: Oversees the Annual vLEI Issuer Qualification process
• Extraordinary Qualification: Manages extraordinary qualification procedures when issues arise
• Credential Revocation: Revokes QVI credentials when:
  • QVI fails to complete Annual vLEI Issuer Qualification
  • QVI fails to remediate qualification issues
  • QVI's LEI lapses or is retired
  • QVI violates governance framework requirements

4. Ecosystem Governance Enforcement

GEDA serves as the enforcement mechanism for vLEI ecosystem governance:

• Ensures QVIs comply with the vLEI Issuer Qualification Agreement
• Monitors QVI credential issuance practices
• Manages the transition of Legal Entities to new QVIs when necessary
• Maintains the integrity of the vLEI chain of trust

Authority and Permissions

GEDA possesses specific authorities within the vLEI ecosystem:

Credential Issuance Authority:

• MUST issue QVI vLEI Credentials only to organizations that have successfully completed qualification
• MUST ensure QVI credentials contain accurate LEI information
• MUST implement the 90-day grace period for QVI transitions

Delegation Authority:

• MUST approve QVI delegated AID inception events through cryptographic seals
• MUST verify QVI multisig configurations meet governance requirements
• MUST ensure QVI witness pools provide adequate duplicity protection

Revocation Authority:

• MUST revoke QVI credentials when qualification requirements are not met
• MUST prevent terminated QVIs from further credential issuance
• MUST manage Legal Entity transitions during QVI termination

Registry Management:

• MUST maintain a credential registry (TEL) for tracking QVI credential status
• MUST anchor registry events to GEDA's KEL for verifiability
• MUST publish registry state through OOBI mechanisms

Limitations

GEDA's authority is explicitly bounded by governance framework policies:

Scope Limitations:

• GEDA MUST NOT issue credentials other than QVI vLEI Credentials
• GEDA MUST NOT directly issue Legal Entity credentials (this is QVI responsibility)
• GEDA MUST NOT manage GLEIF internal operations (this is GIDA's role)

Delegation Limitations:

• GEDA MUST NOT delegate authority beyond QVI AIDs
• GEDA MUST NOT approve QVI delegations that violate governance requirements
• GEDA MUST NOT bypass the cooperative delegation ceremony

Operational Limitations:

• GEDA operations MUST be controlled by authorized External GARs
• GEDA MUST follow the highest duty of care in key management
• GEDA MUST maintain cryptographic strength of at least 128 bits

Technical Architecture

Multisig Control Structure

GEDA is controlled by a multisig group of External GARs, as documented in the "GLEIF Authorized Representative (GAR)" repository:

Multisig Configuration:

• Minimum 2 External GARs form the multisig group
• Threshold signing requires multiple GAR signatures for operations
• Weight-based thresholds enable flexible governance structures
• Ordered participant sets define current and next key configurations

Key Management:

• Each GAR maintains a private key store with cryptographically secure keys
• Keys must provide approximately 128 bits of cryptographic strength
• Pre-rotation mechanism protects against key compromise
• Highest level protection for next/pre-rotated keys

Witness Pool Configuration

GEDA's KEL is witnessed by a distributed witness pool providing duplicity detection:

Witness Requirements (from Technical Requirements Part 1):

• Minimum 5 witnesses using KAACE sufficient majority threshold
• Geographic distribution across multiple regions (EU, NA, AS, OC)
• Access control independence from controller keys
• Multi-channel discovery through well-known URIs, OOBIs, DHT, and DID resolvers

Example Witness Configuration:

{
  "wits": [
    "BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha",
    "BLskRTInXnMxWaGqcpSyMgo0nYbalW99cGZESrz3zapM",
    "BIKKuvBwpmDVA4Ds-EpL5bt9OqPzWPja2LigFYZN2YfX"
  ],
  "toad": 2
}

Delegation Ceremony

The QVI delegation ceremony involves coordinated operations between GEDA and QVI participants:

Step 1: QVI Multisig Inception

• QVI participants create a multisig group AID
• Configuration specifies GEDA's prefix in delpre field
• QVI participants coordinate through challenge-response authentication
• Inception event is signed by all QVI multisig participants

Step 2: GEDA Approval

• External GARs controlling GEDA receive the QVI inception event
• GARs verify the inception event meets governance requirements
• GARs create an interaction event containing a seal of the QVI inception
• Multiple GARs sign the interaction event to meet threshold

Step 3: Delegation Completion

• QVI's delegated AID becomes operational
• QVI can now request QVI vLEI Credential issuance
• Delegation is verifiable through the KEL chain

Credential Registry Management

GEDA maintains a Transaction Event Log (TEL) for QVI credential status:

Registry Architecture:

• Management TEL: Tracks the registry itself and its backers
• VC TEL: Tracks individual QVI credential issuance/revocation state
• Anchoring: All TEL events are anchored to GEDA's KEL through seals
• Verifiability: Registry state is cryptographically verifiable to GEDA's root of trust

Registry Operations:

• Issuance: Creates a new VC TEL entry for each QVI credential
• Verification: Provides current status for credential validation
• Revocation: Updates VC TEL to mark credentials as revoked
• Discovery: Publishes registry OOBIs for verifier access

Credential Lifecycle

QVI vLEI Credential Issuance

The issuance process follows a multi-step qualification and verification workflow:

Phase 1: QVI Qualification

1. Organization completes the vLEI Issuer Qualification Program
2. Organization signs the vLEI Issuer Qualification Agreement
3. GLEIF verifies qualification requirements are met
4. Organization's LEI is validated as active and current

Phase 2: QVI AID Establishment

1. QVI creates a multisig group AID with GEDA as delegator
2. QVI configures witness pool and threshold requirements
3. External GARs approve the QVI delegated AID inception
4. QVI AID becomes operational and verifiable

Phase 3: Credential Issuance

1. GEDA creates a QVI vLEI Credential ACDC
2. Credential includes QVI's LEI and 90-day grace period
3. Credential is signed by GEDA's multisig group
4. Issuance event is anchored to GEDA's KEL
5. Registry TEL is updated with credential status

Phase 4: Credential Publication

1. Credential OOBI is published for discovery
2. Schema OOBI enables credential validation
3. Registry OOBI provides status verification
4. QVI can begin issuing Legal Entity credentials

Verification Procedures

Verifiers validate QVI credentials through cryptographic verification chains:

Step 1: Credential Verification

• Verify ACDC signature against GEDA's public keys
• Validate credential schema matches expected QVI schema SAID
• Check credential fields (LEI, grace period, etc.) are well-formed

Step 2: Issuer Verification

• Resolve GEDA's KEL through OOBI
• Verify GEDA's delegation from GLEIF Root AID
• Validate GEDA's key state at credential issuance time
• Confirm GEDA's witness pool provides adequate security

Step 3: Status Verification

• Resolve GEDA's credential registry TEL
• Check current status of the QVI credential
• Verify registry anchoring to GEDA's KEL
• Confirm credential is not revoked

Step 4: Chain of Trust Validation

• Trace delegation chain from QVI to GEDA to GLEIF Root
• Verify all delegation events are properly sealed
• Confirm no duplicity in any KEL in the chain
• Validate witness consensus at each level

Revocation Conditions

GEDA MUST revoke QVI credentials under specific conditions defined in the governance framework:

Qualification Failure:

• QVI fails to complete Annual vLEI Issuer Qualification
• QVI fails to remediate issues identified during qualification
• QVI violates terms of the vLEI Issuer Qualification Agreement

LEI Status Changes:

• QVI's LEI lapses (not renewed)
• QVI's LEI is retired (organization dissolved)
• QVI's LEI becomes invalid for any reason

Governance Violations:

• QVI issues credentials outside authorized scope
• QVI fails to maintain required security standards
• QVI violates privacy or data protection requirements
• QVI engages in fraudulent or malicious activity

Revocation Process:

1. GEDA creates a revocation event in the VC TEL
2. Revocation event is anchored to GEDA's KEL
3. Registry state is updated to reflect revocation
4. Revoked QVI is prevented from further credential issuance
5. Legal Entities with credentials from revoked QVI are notified
6. 90-day grace period enables transition to new QVI

Related Governance Documents

Primary Governance Frameworks

GLEIF Identifier Governance Framework v1.0 (2022-12-16)

• Establishes GEDA's creation and management requirements
• Defines relationship between GLEIF Root AID, GEDA, and GIDA
• Specifies highest duty of care obligations
• Mandates cryptographic strength and key management standards

Qualified vLEI Issuer vLEI Credential Governance Framework v1.5 (2025-04-16)

• Defines QVI credential structure and lifecycle
• Establishes QVI qualification requirements
• Specifies GEDA's role as QVI credential issuer
• Details revocation conditions and grace period management

vLEI Ecosystem Governance Framework v3.0 Trust Assurance Framework v1.5 (2025-04-16)

• Maps GEDA requirements across governance pillars
• Establishes compliance obligations for GEDA operations
• Defines information trust policies applicable to GEDA
• Specifies security and privacy requirements

Technical Specifications

Technical Requirements Part 1: KERI Infrastructure v1.3 (2025-04-16)

• Specifies KERI protocol requirements for GEDA
• Defines witness pool configuration standards
• Establishes key management infrastructure requirements
• Details delegation ceremony procedures

vLEI Ecosystem Governance Framework Glossary v1.3 (2023-12-15)

• Provides authoritative definitions for GEDA and related terms
• Establishes terminology standards for governance documents
• Defines relationships between ecosystem entities

Operational Procedures

GLEIF Authorized Representative (GAR) Documentation

• Provides operational procedures for External GARs
• Details multisig group management for GEDA
• Specifies QVI delegation approval workflows
• Includes technical implementation guidance

Approving QVI Inception Events

• Documents the QVI delegation ceremony
• Specifies configuration requirements for QVI delegated AIDs
• Details GAR approval process and interaction event creation

Implementation Considerations

Security Requirements

GEDA implementations MUST adhere to stringent security standards:

Key Management:

• Use cryptographically secure random number generators
• Maintain at least 128 bits of cryptographic strength
• Protect pre-rotated keys at highest security level
• Implement multi-factor authentication for GAR access

Infrastructure Protection:

• Deploy witness pools with geographic distribution
• Use access control independent of controller keys
• Implement TEE (Trusted Execution Environment) where possible
• Maintain audit logs of all GEDA operations

Operational Security:

• Conduct regular security assessments
• Implement incident response procedures
• Maintain business continuity plans
• Ensure GAR training and qualification

Interoperability

GEDA must maintain interoperability across the vLEI ecosystem:

Protocol Compliance:

• Implement KERI specification version requirements
• Support 18-month backward compatibility windows
• Adopt new versions within 12-month implementation periods
• Maintain breaking change restrictions during transitions

Discovery Mechanisms:

• Publish OOBIs through well-known URIs
• Support DHT-based discovery
• Enable DID resolver integration
• Provide ledger-based discovery where applicable

Credential Formats:

• Use ACDC format for all credentials
• Implement CESR encoding for event streams
• Support IPEX for credential exchange
• Maintain schema compatibility

Governance Compliance

GEDA operations must demonstrate continuous compliance with governance requirements:

Qualification Oversight:

• Maintain records of QVI qualification processes
• Document annual qualification reviews
• Track remediation of qualification issues
• Audit QVI credential issuance practices

Reporting Requirements:

• Provide transparency reports on QVI status
• Document revocation events and rationale
• Maintain audit trails for all GEDA operations
• Support ecosystem monitoring and analytics

Policy Updates:

• Monitor governance framework updates
• Implement policy changes within required timelines
• Communicate changes to QVIs and ecosystem participants
• Maintain version control of governance documents