Governance Context

Position in vLEI Ecosystem Hierarchy

The ECR vLEI Credential Governance Framework occupies a specific position within the broader vLEI ecosystem governance architecture:

Hierarchical Structure:

1. vLEI Ecosystem Governance Framework (top-level)
2. Qualified vLEI Issuer (QVI) vLEI Credential Governance Framework (Document 11)
3. Legal Entity vLEI Credential Governance Framework
4. Legal Entity Official Organizational Role (OOR) vLEI Credential Governance Framework
5. Legal Entity Engagement Context Role (ECR) vLEI Credential Governance Framework (this framework)

GLEIF Authority and Oversight

GLEIF serves as both the Governing Authority and Administering Authority for the entire vLEI ecosystem, as established in Document 10. GLEIF operates with LEI 506700GE1G29325QX363 and maintains ultimate oversight over all credential types, including ECR credentials.

Relationship to Other Governance Entities

The ECR framework interacts with several key governance entities:

Qualified vLEI Issuers (QVIs): Organizations qualified by GLEIF to issue ECR vLEI Credentials as a value-added service to Legal Entities. According to Document 5, QVIs provide credential issuance operations under delegation from GLEIF.

Legal Entities: Organizations holding valid Legal Entity vLEI Credentials that contract with QVIs for ECR credential issuance services.

Authorized vLEI Representatives (AVRs): Representatives of Legal Entities authorized to request issuance and revocation of ECR vLEI Credentials on behalf of their organizations.

Distinction from Official Organizational Role Framework

A critical governance distinction exists between the ECR framework and the Legal Entity Official Organizational Role (OOR) vLEI Credential Governance Framework:

OOR Credentials: Address individuals in formal, official organizational positions within a Legal Entity's hierarchy (e.g., CEO, CFO, Board Members).

ECR Credentials: Target individuals serving in functional or engagement-specific contexts rather than official organizational roles (e.g., project managers, consultants, engagement-specific representatives).

This distinction enables Legal Entities to issue verifiable credentials for context-specific activities without requiring formal organizational appointments.

Roles & Responsibilities

Primary Purpose and Objectives

According to Document 5, the primary purpose of the ECR vLEI Credential is to enable "simple, safe, secure identification" of ECR vLEI Credential Holders to any Verifier that accepts this credential type.

Core Objectives:

1. Context-Specific Authorization: Enable Legal Entities to authorize representatives for specific functional or engagement contexts
2. Cryptographic Verifiability: Provide cryptographically verifiable proof of authorization using KERI infrastructure
3. Flexible Role Assignment: Support temporary, project-specific, or cross-functional roles without formal organizational appointments
4. Universal Applicability: Ensure credentials work across diverse interaction modalities (in-person, online, phone)

Stakeholder Responsibilities

Issuers (QVIs and Legal Entities)

Document 5 defines a dual issuer model with two distinct qualification paths:

Path 1: QVI-Mediated Issuance

• The issuer must be a Qualified vLEI Issuer (QVI) with which a Legal Entity holding a valid Legal Entity vLEI Credential has contracted
• QVIs provide credential issuance operations as a value-added service
• QVIs must maintain qualification under the Qualified vLEI Issuer vLEI Credential Governance Framework

Path 2: Direct Legal Entity Issuance

• Legal Entities may issue ECR credentials directly to their representatives
• Requires the Legal Entity to hold a valid Legal Entity vLEI Credential
• Must comply with all technical and governance requirements

Issuer Obligations:

• Verify AID control by credential holders
• Maintain accurate credential status in Transaction Event Logs (TELs)
• Implement proper revocation procedures
• Ensure compliance with chain-link confidentiality requirements

Holders (ECR Persons)

An Engagement Context Role (ECR) person is an individual who:

• Represents a Legal Entity in a functional or engagement-specific context
• Holds an ECR vLEI Credential issued under this framework
• Controls the Autonomic Identifier (AID) bound to the credential

Holder Responsibilities:

• Maintain secure control over private keys associated with their AID
• Present credentials only in authorized contexts
• Comply with contractual obligations to the issuing Legal Entity
• Protect credential confidentiality according to graduated disclosure policies

Verifiers

The framework explicitly limits its scope to three key stakeholder categories: Issuers, Holders, and Verifiers of ECR vLEI Credentials.

Verifier Responsibilities:

• Cryptographically verify credential signatures using KERI infrastructure
• Check credential status against TEL registries
• Validate the credential's applicability to the specific engagement context
• Respect chain-link confidentiality obligations

Authority and Permissions

Credential Issuance Authority

The framework establishes clear delegation of issuance authority:

GLEIF → QVIs: GLEIF delegates credential issuance authority to QVIs through the QVI vLEI Credential

QVIs → Legal Entities: QVIs provide issuance services to Legal Entities under contractual arrangements

Legal Entities → ECR Persons: Legal Entities authorize specific individuals for engagement contexts through ECR credential issuance

This delegation model enables horizontal and vertical scalability as described in Document 10, supporting unlimited levels of delegated identifiers.

Revocation Authority

According to Document 5, revocation authority follows the issuance chain:

• Issuing QVI or Legal Entity may revoke ECR credentials
• Authorized vLEI Representatives (AVRs) may request revocation on behalf of Legal Entities
• Revocation must be recorded in the credential's TEL

Limitations and Constraints

Scope Limitations

The framework explicitly limits ECR credentials to non-official roles. ECR credentials:

• Cannot represent official organizational positions (use OOR credentials instead)
• Cannot confer legal authority beyond the specific engagement context
• Must be context-specific and time-bounded where appropriate

Technical Constraints

Binding to Holder Principle: Document 5 establishes that ECR vLEI Credentials must provide a "strong enough binding" to the ECR vLEI Credential Holder such that a Proof Request can be satisfied only by the Legal Entity vLEI Credential or the ECR Person. This ensures cryptographic non-transferability.

Context Independence Principle: The credential must fulfill Proof Requests "regardless of context, including in-person, online, or over the phone," ensuring universal applicability.

Credential Lifecycle

Issuance Process

The ECR credential issuance process follows the Issuance and Presentation Exchange (IPEX) protocol:

Step 1: Qualification and Authorization

For QVI-Mediated Issuance:

1. Legal Entity contracts with a QVI for ECR credential services
2. AVR submits issuance request to QVI
3. QVI verifies Legal Entity's valid Legal Entity vLEI Credential

For Direct Legal Entity Issuance:

1. Legal Entity verifies its own valid Legal Entity vLEI Credential
2. Legal Entity designates ECR person for specific engagement context

Step 2: AID Control Verification

According to Document 10, all vLEI issuers must verify AID control by holders:

1. ECR person generates or provides their AID
2. Issuer verifies cryptographic control through KERI challenge-response
3. Issuer confirms AID is not compromised or revoked

Step 3: Credential Creation

The issuer creates an ACDC credential containing:

Required Fields:

• Issuer AID: The AID of the issuing QVI or Legal Entity
• Issuee AID: The AID of the ECR person
• Schema Reference: Link to ECR credential schema
• Engagement Context: Description of the functional or engagement-specific role
• Legal Entity Reference: Link to the Legal Entity's vLEI credential
• Validity Period: Time bounds for the credential (if applicable)

Optional Fields:

• Specific Permissions: Detailed authorization scope
• Project or Engagement Identifiers: Context-specific metadata
• Additional Attributes: As required by the engagement context

Step 4: Cryptographic Signing

The issuer signs the credential using their AID's current signing keys, creating a non-repudiable cryptographic commitment.

Step 5: TEL Registration

The issuance event is anchored to the issuer's Key Event Log (KEL) and registered in a Transaction Event Log (TEL) for status tracking.

Step 6: Credential Delivery

The credential is delivered to the ECR person through secure channels, typically using OOBI for initial discovery and KERI protocols for secure transmission.

Verification Procedures

Verifiers validate ECR credentials through a multi-step process:

Step 1: Cryptographic Verification

1. Signature Verification: Verify the issuer's signature on the credential using KERI infrastructure
2. SAID Verification: Verify the credential's Self-Addressing Identifier (SAID) matches its content
3. Chain Verification: Verify the credential chains to a valid Legal Entity vLEI Credential

Step 2: Status Verification

1. TEL Query: Query the credential's TEL to verify current status
2. Revocation Check: Confirm the credential has not been revoked
3. Validity Period Check: Verify the credential is within its validity period (if time-bounded)

Step 3: Context Verification

1. Engagement Context Match: Verify the credential's engagement context matches the current interaction
2. Permission Scope: Verify the credential authorizes the specific action being requested
3. Legal Entity Verification: Verify the Legal Entity's credential is valid and not revoked

Step 4: AID Control Verification

1. Challenge-Response: Issue a cryptographic challenge to verify the presenter controls the credential's AID
2. Key State Verification: Verify the AID's current key state through its KEL
3. Witness Verification: Verify witness receipts for the AID's key events

Revocation Conditions

Document 5 establishes several conditions under which ECR credentials must or may be revoked:

Mandatory Revocation Conditions

1. Engagement Termination: When the engagement context ends or the ECR person's role terminates
2. Legal Entity Credential Revocation: When the issuing Legal Entity's vLEI credential is revoked
3. AID Compromise: When the ECR person's AID is compromised or its keys are rotated to empty (abandoned)
4. Contractual Breach: When the ECR person violates contractual obligations

Discretionary Revocation Conditions

1. Scope Change: When the engagement context changes significantly
2. Security Concerns: When security issues arise that don't constitute full compromise
3. Policy Updates: When governance policies change requiring credential reissuance

Revocation Process

1. Revocation Request: Authorized party (issuer or AVR) initiates revocation
2. TEL Update: Revocation event is recorded in the credential's TEL
3. KEL Anchoring: Revocation event is anchored to the issuer's KEL
4. Notification: ECR person is notified of revocation (where feasible)
5. Grace Period: A 90-day grace period may apply for certain revocation types (see ghost credential)

Related Governance Documents

Primary Governance Framework

vLEI Ecosystem Governance Framework v3.0 (Document 10)

• Establishes GLEIF as Governing and Administering Authority
• Defines Layer Four Ecosystem Governance Framework within ToIP architecture
• Establishes trust chain architecture and stakeholder ecosystem
• Published: August 30, 2023, Version 1.1

Related Credential Governance Frameworks

Qualified vLEI Issuer vLEI Credential Governance Framework (Document 11)

• Defines requirements for QVI credentials issued by GLEIF
• Establishes QVI authority to issue ECR credentials
• Specifies verification and revocation capabilities

Legal Entity vLEI Credential Governance Framework

• Defines requirements for Legal Entity credentials
• Establishes prerequisite for ECR credential issuance
• Specifies Legal Entity verification procedures

Legal Entity Official Organizational Role (OOR) vLEI Credential Governance Framework

• Defines requirements for official organizational role credentials
• Establishes distinction from ECR credentials
• Specifies official role verification procedures

Technical Specifications

KERI (Key Event Receipt Infrastructure) Specification

• Defines AID infrastructure
• Specifies KEL and KERL structures
• Establishes witness and watcher protocols

ACDC (Authentic Chained Data Container) Specification

• Defines credential data structure
• Specifies SAID computation
• Establishes chaining and disclosure mechanisms

CESR (Composable Event Streaming Representation) Specification

• Defines encoding for cryptographic primitives
• Specifies self-framing and composability
• Establishes streaming protocols

IPEX (Issuance and Presentation Exchange) Specification

• Defines credential issuance protocols
• Specifies presentation exchange mechanisms
• Establishes graduated disclosure procedures

Policy Documents

vLEI Ecosystem Information Trust Policies

• Defines information security requirements
• Establishes privacy and confidentiality policies
• Specifies data processing integrity requirements

GLEIF Accreditation Policies

• Defines QVI qualification requirements
• Establishes ongoing compliance monitoring
• Specifies audit and reporting procedures

Technical Implementation Context

While this is a governance document rather than a technical specification, understanding the underlying technical infrastructure is essential for implementing ECR credential systems:

KERI Infrastructure Requirements

ECR credentials rely on KERI infrastructure for:

Autonomic Identifiers (AIDs): Self-certifying, self-sovereign identifiers that provide cryptographic root-of-trust

Key Event Logs (KELs): Append-only, verifiable logs of key events that establish identifier control authority

Witnesses: Designated entities that verify, sign, and maintain key events, providing distributed consensus

Watchers: Entities that monitor KELs for duplicity in promiscuous mode, enabling ambient duplicity detection

ACDC Credential Structure

ECR credentials are implemented as ACDCs, which provide:

Self-Addressing Identifiers (SAIDs): Content-addressable identifiers that bind credential content cryptographically

Chaining: Cryptographic links to parent credentials (Legal Entity vLEI Credentials)

Graduated Disclosure: Progressive revelation of credential attributes based on verifier requirements

Selective Disclosure: Ability to disclose specific attributes while keeping others private

Transaction Event Log (TEL) Integration

ECR credential status is tracked through TELs:

Management TEL: Tracks the registry of credential issuers and their authorization

Virtual Credential TEL: Tracks individual credential issuance and revocation events

Backers: Entities that maintain TEL state, potentially using distributed ledger technology

Discovery and Resolution

ECR credential discovery uses OOBI (Out-Of-Band Introduction):

OOBI Protocol: Enables discovery and validation of IP resources for KERI AIDs

Percolated Discovery: Bootstrap mechanism enabling scalable, zero-trust discovery

Witness Pools: Collections of witnesses available for AID services

Governance Evolution and Future Directions

The ECR vLEI Credential Governance Framework represents an evolving governance model that adapts to emerging use cases and technical capabilities:

Current State (v0.12)

Document 5 represents version 0.12 dated November 23, 2022, indicating ongoing refinement before v1.0 publication.

Integration with Global Identity Systems

The framework positions ECR credentials within the broader context of:

Trust over IP (ToIP) Foundation: Layer Four Ecosystem Governance Framework

Self-Sovereign Identity (SSI): Decentralized identity architecture principles

Decentralized Identifiers (DIDs): Potential integration with DID methods like did:keri and did:webs

Scalability and Adoption

The framework supports unlimited scalability through:

Delegation: Hierarchical delegation enabling organizational complexity

Multi-tenancy: Multiple delegates from single delegators

Nested Delegation: Arbitrary depth delegation trees

This governance framework establishes the foundation for a globally scalable, cryptographically verifiable system for engagement context role authorization, enabling Legal Entities to operate with flexibility while maintaining strong security and auditability.

Consent Management: Obtain and document ECR person consent for credential issuance and disclosure