Governance is a critical component, often involving an independent regulator with statutory powers granted through legislation to ensure participants are legally obligated to follow the rules and to allow for enforcement against "bad actors". 

Beneath the national framework operate Schemes, managed by Scheme Operators through Governance Manuals and specific Procedures. Scheme procedures detail contractual agreements for participants and cover areas like the Commercial Model, Certification, Assurance Framework, Operational Procedures, Liability, Financial Management, Regulatory Compliance, Reporting, and managing Acceptance/Relying Parties. 

The overall model aims to build trust and ensure the reliability and integrity of the digital identity ecosystem through defined roles, rules, accreditation, monitoring, redress, and enforcement.

Our consultants use the Moresburg Model to guide our clients in the development of nation-scale digital trust infrastructure.

What is the Moresburg Model for Trust Framework and Schemes?

The Moresburg Model outlines a comprehensive structure for establishing and operating national digital identity trust frameworks and the individual schemes that operate within them. It defines the key components, policies, governance, and procedures required to ensure the security, reliability, and trustworthiness of digital identity systems. The model emphasizes principles like inclusion, user control, security, and privacy, and details how these are implemented through accreditation, monitoring, redress, and enforcement mechanisms.

How is governance structured within the Moresburg Model?

Governance is a critical element of the Moresburg Model. At the national Trust Framework level, it is typically overseen by an independent regulator with statutory powers granted through legislation. This ensures enforceability and aligns with principles of trust and privacy. The governance authority maintains the framework, updates it, and may act as an arbitrator. At the Scheme level, governance can be handled by various entities, including an operational entity appointed by the Trust Framework authority, a government entity, a commercial entity, or a consortium of participants. Scheme governance is primarily enforced through commercial contracts between participants.

What is the role of accreditation and certification in the Moresburg Model?

Accreditation and certification are fundamental to building trust in the Moresburg Model. The National Trust Framework sets the requirements for certifying participants and monitors their conformance. A National Accreditation Service, appointed by the government, assesses and accredits Certification Assessment Bodies (CABs). These CABs, accredited to ISO/IEC 17065, are responsible for certifying that providers' services meet the Trust Framework rules through audits. Certified Providers receive a written assurance of compliance, building trust in the reliability of their services. At the Scheme level, the Scheme Operator defines its own certification process, ensuring participants meet both Trust Framework and extended Scheme-specific rules.

How does the Moresburg Model address user rights and redress?

The Moresburg Model emphasizes user rights and provides mechanisms for redress. The Trust Framework outlines participant obligations and minimum standards users can expect. While not primarily focused on financial liability at the national level, it ensures mechanisms for identity repair, allowing users to correct inaccuracies and restore their identity following errors. Scheme rules further detail requirements for identity repair and define procedures for addressing inaccuracies or invalid use of identity, including potential suspension or removal of participants in cases of negligence or systemic failures.

What is the purpose of a trustmark in the Moresburg Model?

A trustmark is a visual signal, typically a logo, indicating that a Trust Framework is in operation and that the associated provider complies with its rules and associated Schemes. It signifies trust and compliance to users and other participants. The Trust Framework defines the rules for using the trustmark and the governance authority is responsible for policing its use to prevent misuse and fraud. It's important to note that a trustmark is not an acceptance-mark; displaying the trustmark shows participation in the framework, but acceptance of services at a Relying Party is governed by commercial relationships.

What are the key policies included in a National Trust Framework under the Moresburg Model?

A National Trust Framework in the Moresburg Model includes several key policy documents. These cover foundational principles (such as inclusion, user control, and security), the legislative basis for the framework, overarching rules defining participant roles and fundamental requirements, the governance and use of a trustmark, certification procedures, good practice guidance for specific areas like identity proofing and attribute assurance, and a user-facing code of conduct summarizing the framework's policies and user rights.

How does the Moresburg Model facilitate acceptance and adoption by Relying Parties?

A critical role for a Scheme Operator in the Moresburg Model is creating an acceptance network of Relying Parties. The Scheme may create an acceptance-mark to inform users where their digital identity can be used. The model suggests strategies for building acceptance, including a commercial model and go-to- market strategy, and potentially acting as a market-maker to incentivize participation. Building user advocacy through repeated positive experiences in various contexts over a sustained period is also highlighted as a way to encourage adoption and usage.

What are the responsibilities of a Scheme Operator regarding liability and financial management?

Scheme Operators have significant responsibilities regarding liability and financial management. They must establish a clearly defined liability model outlining when liability occurs, who is obligated, and the limits of liability. This model needs to be commercially viable and scalable. The Scheme Operator also manages financial aspects, including establishing billing frameworks, issuing invoices to Relying Parties, collecting payments, distributing fees to participants, and reconciling financial records. They may also be involved in dispute resolution processes for Scheme participants.