Steward Business Policies

This is a Controlled Document of the Bedrock Governance Framework was approved by the Bedrock Consortium Board of Directors.

Document Name Steward Business Policies
Version v0.9
Approval Date
Status Pre-Launch Phase: Governance Framework Development
Governs Steward Qualification, Application, Activation, Operation, Notification, Suspension, Termination, and Transition
Governed By Bedrock Governance Framework Work Group

1. Member Qualification

See Issue 21 for review.

General

Prospective members MUST apply to the Governing Board and receive approval to be a Member of the Bedrock Consortium. See Application process herein.

Stewards

Prospective members seeking qualification under a membership type that is assigned the responsibility of running a utility infrastructure node MUST be:

  1. A corporate member of The Linux Foundation.
  2. A business entity that is identifiable with at least one of the following business verification services:

    1. DUNS Number Lookup
    2. Legal Entity Identifier Lookup

Subscribers

Prospective members seeking qualification as a Subscriber MUST be:

  1. A corporate or affiliate member of The Linux Foundation.
  2. An entity that meets one of the following criteria:

    1. A business entity that is identifiable with at least one of the following business verification services:

      1. DUNS Number Lookup
      2. Legal Entity Identifier Lookup
    2. A governmental body or agency, or an entity predominantly owned and controlled by the state, in a Jurisdiction as defined in the Glossary.

    3. A governmentally regulated institution with at least five (5) years operating history.
    4. A law firm, accounting firm, or other legally-regulated institution with at least five (5) years operating history.
    5. A non-governmental organization (NGO) or Social Purpose Organization with at least five (5) years operating history.
    6. An accredited university or other institution of higher education with at least five (5) years operating history.
    7. A certificate authority (CA) with at least five (5) years operating history.

2. Application Process

See Issue 22.

Prospective Member

To apply, an entity MUST submit a written application to the Membership Committee as directed on the Bedrock Consortium website.

Membership Committee

The committee MUST:

  1. Ensurer that all specific Practices and Procedures involved in the Member application process are publicly documented on the Bedrock Consortium website.
  2. Ensure that Member application process follows the guidelines for Self-Certification, Certification, or Accreditation as specified by the Bedrock Consortium Trust Assurance Framework.
  3. Ensure that the application form available upon request and minimally publicly documented on the Consortium's BBU-GF source control repo and/or website.
  4. Notify the Linux Foundation of approved applications.
  5. Notify applicants of application approval/rejection status.

Governing Body

The Governing Board MUST:

  1. Take action on applications within 30 days of receipt.

3. Activation

Stewards

A Steward SHOULD submit a utility infrastructure node to the Identity Utility Administrator using the procedures outlined by the Technical Steering Committee after the following dependencies have been resolved:

  1. Have their application approved by the responsible Bedrock Consortium Governing Body.
  2. Complete the onboarding process with the Linux Foundation including the signature of all pertinent contractual instruments.

Before a Member may qualify to have an active Validator Node on the Utility, the Member MUST:

  1. Pass any required tests on the Bedrock Consortium Test Network as specified by the Technical Steering Committee and documented in the Bedrock Consortium Code Repository.

After a Member has qualified to have an active Validator Node, the Member MUST designate the Utility environment(s) (e.g., prod, test, dev) which their Node may be activated.

  1. The Member MUST make this designation following the procedures specified by the Technical Steering Committee.
  2. The Member MUST designate activation in at least one Utility environment.
  3. The Member MAY designate activation in more than one Utility environment.
  4. The Member MUST have at least one node designated for production.

4. Operation

  1. A Member MUST operate its Node in compliance with the Member Technical and Organizational Policies.
  2. A Member MUST requalify at least annually via the requalification process in effect at that point in time as specified by the responsible Bedrock Consortium Governing Body and documented on the Bedrock Consortium website.

5. Notification

  1. A Member MUST maintain current contact information for its business and technical points of contacts sufficient to ensure its staff are reachable in a timely manner.
  2. A Member MUST notify the responsible Bedrock Consortium Governing Body if:

    1. There is a change to the beneficial ownership of its Organization.
    2. There is a change to the Member's legal name, trademark, or logo.
    3. The Member changes the values of any of the Member's attributes submitted in the Member's original application, including legal jurisdiction, legal status, Node location, Node hosting type, or Node technical specifications, that are material to the Node Selection Algorithm.
    4. There is any other substantial change to its Organization that impacts the qualification criteria in the Member Qualification section.
    5. It suffers a data breach or other public event which may reasonably call into question its ability to comply with the Governance Framework.
  3. In the case of any of the changes listed in #2 above, the responsible Bedrock Consortium Governing Body MAY require the Member to requalify.

  4. The Bedrock Consortium MUST provide Members with at least 30 days notification of any material changes to the business policies implemented in Bedrock Consortium Network environments. Notification about technical changes is covered under Bedrock Consortium Member Technical and Organizational Policies .

6. Suspension

  1. A Member MUST be suspended by the responsible Bedrock Consortium Governing Body under any of the following conditions:

  2. The Member no longer complies with the Member Business Policies, Member Technical and Organizational Policies, or any other requirements of the Bedrock Consortium Governance Framework.

    1. The Member's Node has failed to achieve 98% availability over a period of 30 days.
    2. A security intrusion or violation has been reported and the Technical Steering Committee is not satisfied that the Member has performed adequate remediation.
    3. The Member fails to requalify under its annual requalification process specified in section 4.
    4. The Member has, in the sole judgment of the Bedrock Consortium Board of Directors, violated some or all of the Governance Framework principles, taken action against the purpose of the Bedrock Consortium, or has shown behavior contrary to the collective interest of the Bedrock Consortium or performed action that brought the Bedrock Consortium or the Consortium into disrepute.
  3. A Member who is suspended MUST not have an active Node on any Bedrock Consortium Ledger network until such time as Member is able to provide reasonable assurance to the responsible Bedrock Consortium Governing Body that:

    1. The Member is back in compliance with all requirements of the Bedrock Consortium Governance Framework, and
    2. The Member has the ability to maintain compliance for the foreseeable future.
  4. At the request of a suspended Member, the responsible Bedrock Consortium Governing Body MUST examine the Member's remediation efforts and make one of the following decisions:

    1. Reactivate the Member.
    2. Request further remediation by the Member.
    3. Terminate the Member.

7. Termination

  1. A Member who has breached the terms of the Participant Agreement and/or associated Utility Agreements MAY be terminated by a majority vote of the responsible Bedrock Consortium Governing Body with ratification by the Board of Directors.
  2. A Member who has been suspended and not been reactivated within 180 days following suspension MUST be notified of automatic termination.
  3. An Organization who has been previously terminated as a Member and who applies to be reinstated MUST disclose the previous termination in their application and explain the remediation steps that the Member has taken to requalify.