c/ietf-draft-analyzer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add draft data, gap analysis report, and workspace config
Some checks failed
CI / test (3.11) (push) Failing after 1m37s
Details
CI / test (3.12) (push) Failing after 57s
Details

Browse Source
This commit is contained in:
Christian Nennemann
2026-04-06 18:47:15 +02:00
parent 4f310407b0
commit 2506b6325a
189 changed files with 62649 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

243
workspace/drafts/gap-analysis/arxiv/main.aux Normal file
View File

@@ -0,0 +1,243 @@
\relax
\providecommand\hyper@newdestlabel[2]{}
\providecommand\HyperFirstAtBeginDocument{\AtBeginDocument}
\HyperFirstAtBeginDocument{\ifx\hyper@anchor\@undefined
\global\let\oldnewlabel\newlabel
\gdef\newlabel#1#2{\newlabelxx{#1}#2}
\gdef\newlabelxx#1#2#3#4#5#6{\oldnewlabel{#1}{{#2}{#3}}}
\AtEndDocument{\ifx\hyper@anchor\@undefined
\let\newlabel\oldnewlabel
\fi}
\fi}
\global\let\hyper@last\relax
\gdef\HyperFirstAtBeginDocument#1{#1}
\providecommand\HyField@AuxAddToFields[1]{}
\providecommand\HyField@AuxAddToCoFields[2]{}
\citation{openai2023gpt4}
\citation{wang2024survey-llm-agents}
\citation{wooldridge2009multiagent}
\citation{jennings1998agent-applications}
\citation{autogen}
\citation{crewai}
\citation{a2a-protocol}
\citation{mcp-protocol}
\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{1}{section.1}\protected@file@percent }
\newlabel{sec:intro}{{1}{1}{Introduction}{section.1}{}}
\citation{id-wimse-ect}
\citation{rfc7519}
\citation{rfc9334}
\citation{a2a-protocol}
\@writefile{toc}{\contentsline {subsection}{\numberline {1.1}Contributions}{2}{subsection.1.1}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {1.2}Paper Organization}{2}{subsection.1.2}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {2}Background and Related Work}{2}{section.2}\protected@file@percent }
\newlabel{sec:background}{{2}{2}{Background and Related Work}{section.2}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}IETF Standards Landscape}{2}{subsection.2.1}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.1.1}WIMSE --- Workload Identity in Multi-System Environments}{2}{subsubsection.2.1.1}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.1.2}RATS --- Remote ATtestation procedureS}{2}{subsubsection.2.1.2}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.1.3}OAuth 2.0 and GNAP}{2}{subsubsection.2.1.3}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.1.4}SCITT --- Supply Chain Integrity, Transparency, and Trust}{2}{subsubsection.2.1.4}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.1.5}NMOP --- Network Management Operations}{2}{subsubsection.2.1.5}\protected@file@percent }
\citation{mcp-protocol}
\citation{autogen}
\citation{crewai}
\citation{wooldridge2009multiagent}
\citation{dorri2018mas-iot}
\citation{jennings1998agent-applications}
\citation{ongaro2014raft}
\citation{lamport1998paxos}
\citation{castro1999pbft}
\citation{mcmahan2017fedavg}
\citation{kairouz2021fedlearning-advances}
\citation{dwork2006diffprivacy}
\citation{nygard2018releaseit}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Industry Protocols}{3}{subsection.2.2}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.2.1}Google A2A Protocol}{3}{subsubsection.2.2.1}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.2.2}Anthropic MCP}{3}{subsubsection.2.2.2}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.2.3}Multi-Agent Frameworks}{3}{subsubsection.2.2.3}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {2.3}Academic Foundations}{3}{subsection.2.3}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.3.1}Multi-Agent Systems}{3}{subsubsection.2.3.1}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.3.2}Distributed Consensus}{3}{subsubsection.2.3.2}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.3.3}Federated Learning and Privacy}{3}{subsubsection.2.3.3}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {2.3.4}Circuit Breakers and Fault Tolerance}{3}{subsubsection.2.3.4}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {3}Reference Architecture}{3}{section.3}\protected@file@percent }
\newlabel{sec:architecture}{{3}{3}{Reference Architecture}{section.3}{}}
\citation{a2a-protocol}
\citation{mcp-protocol}
\citation{id-wimse-ect}
\citation{id-dag-hitl-safety}
\@writefile{lof}{\contentsline {figure}{\numberline {1}{\ignorespaces Agent Ecosystem Reference Architecture. Each layer identifies the gap areas addressed by this analysis.}}{4}{figure.1}\protected@file@percent }
\newlabel{fig:arch}{{1}{4}{Agent Ecosystem Reference Architecture. Each layer identifies the gap areas addressed by this analysis}{figure.1}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.1}Human Control Layer}{4}{subsection.3.1}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.2}Agent Interaction Layer}{4}{subsection.3.2}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.3}Execution Layer}{4}{subsection.3.3}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.4}Policy and Governance Layer}{4}{subsection.3.4}\protected@file@percent }
\citation{rfc9334}
\@writefile{toc}{\contentsline {subsection}{\numberline {3.5}Infrastructure Layer}{5}{subsection.3.5}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {4}Gap Analysis}{5}{section.4}\protected@file@percent }
\newlabel{sec:gaps}{{4}{5}{Gap Analysis}{section.4}{}}
\@writefile{lot}{\contentsline {table}{\numberline {1}{\ignorespaces Summary of Identified Gaps}}{5}{table.1}\protected@file@percent }
\newlabel{tab:gap-summary}{{1}{5}{Summary of Identified Gaps}{table.1}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}CRITICAL Gaps}{5}{subsection.4.1}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {4.1.1}Gap 1: Agent Behavioral Verification}{5}{subsubsection.4.1.1}\protected@file@percent }
\newlabel{sec:gap1}{{4.1.1}{5}{Gap 1: Agent Behavioral Verification}{subsubsection.4.1.1}{}}
\@writefile{toc}{\contentsline {paragraph}{Problem Statement}{5}{section*.2}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Evidence and Examples}{5}{section*.3}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Impact Assessment}{5}{section*.4}\protected@file@percent }
\citation{rfc9334}
\citation{id-dag-hitl-safety}
\citation{nygard2018releaseit}
\citation{nygard2018releaseit}
\citation{id-wimse-ect}
\citation{autogen}
\citation{ongaro2014raft}
\citation{lamport1998paxos}
\citation{castro1999pbft}
\citation{wooldridge2009multiagent}
\citation{rfc6241}
\@writefile{toc}{\contentsline {paragraph}{Existing Partial Solutions}{6}{section*.5}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {4.1.2}Gap 2: Agent Failure Cascade Prevention}{6}{subsubsection.4.1.2}\protected@file@percent }
\newlabel{sec:gap2}{{4.1.2}{6}{Gap 2: Agent Failure Cascade Prevention}{subsubsection.4.1.2}{}}
\@writefile{toc}{\contentsline {paragraph}{Problem Statement}{6}{section*.6}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Evidence and Examples}{6}{section*.7}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Impact Assessment}{6}{section*.8}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Existing Partial Solutions}{6}{section*.9}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.2}HIGH Gaps}{6}{subsection.4.2}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {4.2.1}Gap 3: Multi-Agent Consensus Protocols}{6}{subsubsection.4.2.1}\protected@file@percent }
\newlabel{sec:gap3}{{4.2.1}{6}{Gap 3: Multi-Agent Consensus Protocols}{subsubsection.4.2.1}{}}
\@writefile{toc}{\contentsline {paragraph}{Problem Statement}{6}{section*.10}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Evidence and Examples}{6}{section*.11}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Impact Assessment}{6}{section*.12}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Existing Partial Solutions}{6}{section*.13}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {4.2.2}Gap 4: Real-Time Agent Rollback Mechanisms}{6}{subsubsection.4.2.2}\protected@file@percent }
\newlabel{sec:gap4}{{4.2.2}{6}{Gap 4: Real-Time Agent Rollback Mechanisms}{subsubsection.4.2.2}{}}
\@writefile{toc}{\contentsline {paragraph}{Problem Statement}{6}{section*.14}\protected@file@percent }
\citation{rfc6241}
\citation{mcmahan2017fedavg}
\citation{dwork2006diffprivacy}
\citation{kairouz2021fedlearning-advances}
\citation{id-exec-audit}
\citation{id-exec-audit}
\@writefile{toc}{\contentsline {paragraph}{Evidence and Examples}{7}{section*.15}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Impact Assessment}{7}{section*.16}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Existing Partial Solutions}{7}{section*.17}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {4.2.3}Gap 5: Federated Agent Learning Privacy}{7}{subsubsection.4.2.3}\protected@file@percent }
\newlabel{sec:gap5}{{4.2.3}{7}{Gap 5: Federated Agent Learning Privacy}{subsubsection.4.2.3}{}}
\@writefile{toc}{\contentsline {paragraph}{Problem Statement}{7}{section*.18}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Evidence and Examples}{7}{section*.19}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Impact Assessment}{7}{section*.20}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Existing Partial Solutions}{7}{section*.21}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {4.2.4}Gap 6: Cross-Domain Agent Audit Trails}{7}{subsubsection.4.2.4}\protected@file@percent }
\newlabel{sec:gap6}{{4.2.4}{7}{Gap 6: Cross-Domain Agent Audit Trails}{subsubsection.4.2.4}{}}
\@writefile{toc}{\contentsline {paragraph}{Problem Statement}{7}{section*.22}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Evidence and Examples}{7}{section*.23}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Impact Assessment}{7}{section*.24}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Existing Partial Solutions}{7}{section*.25}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {4.2.5}Gap 7: Human Override Standardization}{7}{subsubsection.4.2.5}\protected@file@percent }
\newlabel{sec:gap7}{{4.2.5}{7}{Gap 7: Human Override Standardization}{subsubsection.4.2.5}{}}
\@writefile{toc}{\contentsline {paragraph}{Problem Statement}{7}{section*.26}\protected@file@percent }
\citation{id-dag-hitl-safety}
\citation{id-dag-hitl-safety}
\citation{a2a-protocol}
\citation{mcp-protocol}
\citation{id-wimse-ect}
\citation{rfc8615}
\citation{rfc9110}
\citation{a2a-protocol}
\citation{rfc9110}
\@writefile{toc}{\contentsline {paragraph}{Evidence and Examples}{8}{section*.27}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Impact Assessment}{8}{section*.28}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Existing Partial Solutions}{8}{section*.29}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.3}MEDIUM Gaps}{8}{subsection.4.3}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {4.3.1}Gap 8: Cross-Protocol Agent Migration}{8}{subsubsection.4.3.1}\protected@file@percent }
\newlabel{sec:gap8}{{4.3.1}{8}{Gap 8: Cross-Protocol Agent Migration}{subsubsection.4.3.1}{}}
\@writefile{toc}{\contentsline {paragraph}{Problem Statement}{8}{section*.30}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Impact Assessment}{8}{section*.31}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Existing Partial Solutions}{8}{section*.32}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {4.3.2}Gap 9: Agent Resource Accounting and Billing}{8}{subsubsection.4.3.2}\protected@file@percent }
\newlabel{sec:gap9}{{4.3.2}{8}{Gap 9: Agent Resource Accounting and Billing}{subsubsection.4.3.2}{}}
\@writefile{toc}{\contentsline {paragraph}{Problem Statement}{8}{section*.33}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Impact Assessment}{8}{section*.34}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Existing Partial Solutions}{8}{section*.35}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {4.3.3}Gap 10: Agent Capability Negotiation}{8}{subsubsection.4.3.3}\protected@file@percent }
\newlabel{sec:gap10}{{4.3.3}{8}{Gap 10: Agent Capability Negotiation}{subsubsection.4.3.3}{}}
\@writefile{toc}{\contentsline {paragraph}{Problem Statement}{8}{section*.36}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Impact Assessment}{8}{section*.37}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Existing Partial Solutions}{8}{section*.38}\protected@file@percent }
\citation{id-behavioral-verification}
\citation{id-cascade-prevention}
\citation{id-consensus}
\citation{id-cross-domain-audit}
\citation{id-override-protocol}
\citation{id-federation-privacy}
\citation{id-behavioral-verification}
\citation{id-cascade-prevention}
\citation{id-consensus}
\citation{ongaro2014raft}
\citation{lamport1998paxos}
\citation{id-cross-domain-audit}
\citation{id-exec-audit}
\citation{id-override-protocol}
\citation{id-federation-privacy}
\@writefile{toc}{\contentsline {subsubsection}{\numberline {4.3.4}Gap 11: Agent Performance Benchmarking}{9}{subsubsection.4.3.4}\protected@file@percent }
\newlabel{sec:gap11}{{4.3.4}{9}{Gap 11: Agent Performance Benchmarking}{subsubsection.4.3.4}{}}
\@writefile{toc}{\contentsline {paragraph}{Problem Statement}{9}{section*.39}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Impact Assessment}{9}{section*.40}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Existing Partial Solutions}{9}{section*.41}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {5}Proposed Solution Framework}{9}{section.5}\protected@file@percent }
\newlabel{sec:solutions}{{5}{9}{Proposed Solution Framework}{section.5}{}}
\@writefile{lot}{\contentsline {table}{\numberline {2}{\ignorespaces Companion Draft Roadmap}}{9}{table.2}\protected@file@percent }
\newlabel{tab:roadmap}{{2}{9}{Companion Draft Roadmap}{table.2}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {5.1}Companion A: Behavioral Verification}{9}{subsection.5.1}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {5.2}Companion B: Cascade Prevention}{9}{subsection.5.2}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {5.3}Companion C: Consensus Protocol}{9}{subsection.5.3}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {5.4}Companion D: Cross-Domain Audit}{9}{subsection.5.4}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {5.5}Companion E: Override Protocol}{9}{subsection.5.5}\protected@file@percent }
\citation{id-wimse-ect}
\citation{a2a-protocol}
\citation{mcp-protocol}
\@writefile{toc}{\contentsline {subsection}{\numberline {5.6}Companion F: Federation Privacy}{10}{subsection.5.6}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {5.7}Dependency Analysis}{10}{subsection.5.7}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {6}Discussion}{10}{section.6}\protected@file@percent }
\newlabel{sec:discussion}{{6}{10}{Discussion}{section.6}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {6.1}Cross-Cutting Themes}{10}{subsection.6.1}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Trust Propagation}{10}{section*.42}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Safety vs.\ Autonomy Trade-off}{10}{section*.43}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Cross-Domain Operations}{10}{section*.44}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {6.2}Prioritization Rationale}{10}{subsection.6.2}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {6.3}Relationship to Industry Protocols}{10}{subsection.6.3}\protected@file@percent }
\bibstyle{plain}
\bibdata{references}
\bibcite{mcp-protocol}{1}
\bibcite{rfc9334}{2}
\bibcite{castro1999pbft}{3}
\bibcite{crewai}{4}
\bibcite{dorri2018mas-iot}{5}
\@writefile{toc}{\contentsline {subsection}{\numberline {6.4}Limitations}{11}{subsection.6.4}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {7}Conclusion and Future Work}{11}{section.7}\protected@file@percent }
\newlabel{sec:conclusion}{{7}{11}{Conclusion and Future Work}{section.7}{}}
\bibcite{dwork2006diffprivacy}{6}
\bibcite{rfc6241}{7}
\bibcite{rfc9110}{8}
\bibcite{a2a-protocol}{9}
\bibcite{jennings1998agent-applications}{10}
\bibcite{rfc7519}{11}
\bibcite{kairouz2021fedlearning-advances}{12}
\bibcite{lamport1998paxos}{13}
\bibcite{mcmahan2017fedavg}{14}
\bibcite{id-behavioral-verification}{15}
\bibcite{id-dag-hitl-safety}{16}
\bibcite{id-cascade-prevention}{17}
\bibcite{id-cross-domain-audit}{18}
\bibcite{id-exec-audit}{19}
\bibcite{id-wimse-ect}{20}
\bibcite{id-federation-privacy}{21}
\bibcite{id-consensus}{22}
\bibcite{id-override-protocol}{23}
\bibcite{rfc8615}{24}
\bibcite{nygard2018releaseit}{25}
\bibcite{ongaro2014raft}{26}
\bibcite{openai2023gpt4}{27}
\bibcite{wang2024survey-llm-agents}{28}
\bibcite{wooldridge2009multiagent}{29}
\bibcite{autogen}{30}
\gdef \@abspage@last{13}

161
workspace/drafts/gap-analysis/arxiv/main.bbl Normal file
View File

@@ -0,0 +1,161 @@
\begin{thebibliography}{10}
\bibitem{mcp-protocol}
{Anthropic}.
\newblock Model context protocol ({MCP}) specification, 2024.
\newblock Open protocol for LLM tool and context integration.
\bibitem{rfc9334}
Henk Birkholz, Dave Thaler, Michael Richardson, Ned Smith, and Wei Pan.
\newblock Remote {ATtestation} procedures ({RATS}) architecture.
\newblock RFC 9334, January 2023.
\bibitem{castro1999pbft}
Miguel Castro and Barbara Liskov.
\newblock Practical {Byzantine} fault tolerance.
\newblock {\em Proceedings of the Third Symposium on Operating Systems Design
and Implementation (OSDI)}, pages 173--186, 1999.
\bibitem{crewai}
{crewAI Inc.}
\newblock {CrewAI}: Framework for orchestrating role-playing autonomous {AI}
agents, 2024.
\bibitem{dorri2018mas-iot}
Ali Dorri, Salil~S. Kanhere, and Raja Jurdak.
\newblock Multi-agent systems: A survey.
\newblock {\em IEEE Access}, 6:28573--28593, 2018.
\bibitem{dwork2006diffprivacy}
Cynthia Dwork.
\newblock Differential privacy.
\newblock {\em Proceedings of the 33rd International Colloquium on Automata,
Languages and Programming (ICALP)}, pages 1--12, 2006.
\bibitem{rfc6241}
Rob Enns, Martin Bjorklund, Juergen Schoenwaelder, and Andy Bierman.
\newblock Network configuration protocol ({NETCONF}).
\newblock RFC 6241, June 2011.
\bibitem{rfc9110}
Roy Fielding, Mark Nottingham, and Julian Reschke.
\newblock {HTTP} semantics.
\newblock RFC 9110, June 2022.
\bibitem{a2a-protocol}
{Google}.
\newblock Agent-to-agent ({A2A}) protocol specification, 2025.
\newblock Open specification for agent interoperability.
\bibitem{jennings1998agent-applications}
Nicholas~R. Jennings, Katia Sycara, and Michael Wooldridge.
\newblock A roadmap of agent research and development.
\newblock In {\em Autonomous Agents and Multi-Agent Systems}, volume~1, pages
7--38, 1998.
\bibitem{rfc7519}
Michael Jones, John Bradley, and Nat Sakimura.
\newblock {JSON} web token ({JWT}).
\newblock RFC 7519, May 2015.
\bibitem{kairouz2021fedlearning-advances}
Peter Kairouz, H.~Brendan McMahan, et~al.
\newblock Advances and open problems in federated learning.
\newblock {\em Foundations and Trends in Machine Learning}, 14(1--2):1--210,
2021.
\bibitem{lamport1998paxos}
Leslie Lamport.
\newblock The part-time parliament.
\newblock {\em ACM Transactions on Computer Systems}, 16(2):133--169, 1998.
\bibitem{mcmahan2017fedavg}
Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and
Blaise~Ag{\"u}era y~Arcas.
\newblock Communication-efficient learning of deep networks from decentralized
data.
\newblock {\em Proceedings of the 20th International Conference on Artificial
Intelligence and Statistics (AISTATS)}, pages 1273--1282, 2017.
\bibitem{id-behavioral-verification}
Christian Nennemann.
\newblock Agent behavioral verification and performance benchmarking.
\newblock Internet-Draft draft-nennemann-agent-behavioral-verification, 2025.
\bibitem{id-dag-hitl-safety}
Christian Nennemann.
\newblock Agent context policy token: {DAG} delegation with human override.
\newblock Internet-Draft draft-nennemann-agent-dag-hitl-safety, 2025.
\bibitem{id-cascade-prevention}
Christian Nennemann.
\newblock Agent failure cascade prevention and rollback.
\newblock Internet-Draft draft-nennemann-agent-cascade-prevention, 2025.
\bibitem{id-cross-domain-audit}
Christian Nennemann.
\newblock Cross-domain agent audit trails and resource accounting.
\newblock Internet-Draft draft-nennemann-agent-cross-domain-audit, 2025.
\bibitem{id-exec-audit}
Christian Nennemann.
\newblock Cross-domain execution audit tokens.
\newblock Internet-Draft draft-nennemann-exec-audit, 2025.
\bibitem{id-wimse-ect}
Christian Nennemann.
\newblock Execution context tokens for distributed agentic workflows.
\newblock Internet-Draft draft-nennemann-wimse-ect, 2025.
\bibitem{id-federation-privacy}
Christian Nennemann.
\newblock Federated agent learning privacy and cross-protocol migration.
\newblock Internet-Draft draft-nennemann-agent-federation-privacy, 2025.
\bibitem{id-consensus}
Christian Nennemann.
\newblock Multi-agent consensus and capability negotiation protocols.
\newblock Internet-Draft draft-nennemann-agent-consensus, 2025.
\bibitem{id-override-protocol}
Christian Nennemann.
\newblock Standardized human override protocol for autonomous agents.
\newblock Internet-Draft draft-nennemann-agent-override-protocol, 2025.
\bibitem{rfc8615}
Mark Nottingham.
\newblock Well-known uniform resource identifiers ({URIs}).
\newblock RFC 8615, May 2019.
\bibitem{nygard2018releaseit}
Michael~T. Nygard.
\newblock {\em Release It!: Design and Deploy Production-Ready Software}.
\newblock Pragmatic Bookshelf, 2nd edition, 2018.
\bibitem{ongaro2014raft}
Diego Ongaro and John Ousterhout.
\newblock In search of an understandable consensus algorithm.
\newblock {\em Proceedings of the 2014 USENIX Annual Technical Conference
(ATC)}, pages 305--319, 2014.
\bibitem{openai2023gpt4}
{OpenAI}.
\newblock {GPT-4} technical report, 2023.
\bibitem{wang2024survey-llm-agents}
Lei Wang, Chen Ma, Xueyang Feng, et~al.
\newblock A survey on large language model based autonomous agents.
\newblock In {\em Frontiers of Computer Science}, volume~18, 2024.
\bibitem{wooldridge2009multiagent}
Michael Wooldridge.
\newblock An introduction to {MultiAgent} systems.
\newblock 2009.
\bibitem{autogen}
Qingyun Wu, Gagan Bansal, Jieyu Zhang, Yiran Wu, Beibin Li, Erkang Zhu,
Li~Jiang, Xiaoyun Zhang, and Chi Wang.
\newblock {AutoGen}: Enabling next-gen {LLM} applications via multi-agent
conversation, 2023.
\end{thebibliography}

50
workspace/drafts/gap-analysis/arxiv/main.blg Normal file
View File

@@ -0,0 +1,50 @@
This is BibTeX, Version 0.99d (TeX Live 2023)
Capacity: max_strings=200000, hash_size=200000, hash_prime=170003
The top-level auxiliary file: main.aux
The style file: plain.bst
Database file #1: references.bib
Warning--can't use both volume and number fields in jennings1998agent-applications
Warning--can't use both volume and number fields in wang2024survey-llm-agents
Warning--empty journal in wooldridge2009multiagent
You've used 30 entries,
2118 wiz_defined-function locations,
635 strings with 7999 characters,
and the built_in function-call counts, 8532 in all, are:
= -- 816
> -- 392
< -- 7
+ -- 162
- -- 128
* -- 466
:= -- 1404
add.period$ -- 87
call.type$ -- 30
change.case$ -- 152
chr.to.int$ -- 0
cite$ -- 33
duplicate$ -- 299
empty$ -- 730
format.name$ -- 128
if$ -- 1821
int.to.chr$ -- 0
int.to.str$ -- 30
missing$ -- 12
newline$ -- 150
num.names$ -- 60
pop$ -- 235
preamble$ -- 1
purify$ -- 122
quote$ -- 0
skip$ -- 269
stack$ -- 0
substring$ -- 377
swap$ -- 74
text.length$ -- 7
text.prefix$ -- 0
top$ -- 0
type$ -- 118
warning$ -- 3
while$ -- 81
width$ -- 32
write$ -- 306
(There were 3 warnings)

840
workspace/drafts/gap-analysis/arxiv/main.log Normal file
View File

@@ -0,0 +1,840 @@
This is pdfTeX, Version 3.141592653-2.6-1.40.25 (TeX Live 2023) (preloaded format=pdflatex 2026.3.6) 7 MAR 2026 07:39
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
**main.tex
(./main.tex
LaTeX2e <2022-11-01> patch level 1
L3 programming layer <2023-02-22>
(/usr/share/texlive/texmf-dist/tex/latex/base/article.cls
Document Class: article 2022/07/02 v1.4n Standard LaTeX document class
(/usr/share/texlive/texmf-dist/tex/latex/base/size11.clo
File: size11.clo 2022/07/02 v1.4n Standard LaTeX file (size option)
)
\c@part=\count185
\c@section=\count186
\c@subsection=\count187
\c@subsubsection=\count188
\c@paragraph=\count189
\c@subparagraph=\count190
\c@figure=\count191
\c@table=\count192
\abovecaptionskip=\skip48
\belowcaptionskip=\skip49
\bibindent=\dimen140
)
(/usr/share/texlive/texmf-dist/tex/latex/geometry/geometry.sty
Package: geometry 2020/01/02 v5.9 Page Geometry
(/usr/share/texlive/texmf-dist/tex/latex/graphics/keyval.sty
Package: keyval 2022/05/29 v1.15 key=value parser (DPC)
\KV@toks@=\toks16
)
(/usr/share/texlive/texmf-dist/tex/generic/iftex/ifvtex.sty
Package: ifvtex 2019/10/25 v1.7 ifvtex legacy package. Use iftex instead.
(/usr/share/texlive/texmf-dist/tex/generic/iftex/iftex.sty
Package: iftex 2022/02/03 v1.0f TeX engine tests
))
\Gm@cnth=\count193
\Gm@cntv=\count194
\c@Gm@tempcnt=\count195
\Gm@bindingoffset=\dimen141
\Gm@wd@mp=\dimen142
\Gm@odd@mp=\dimen143
\Gm@even@mp=\dimen144
\Gm@layoutwidth=\dimen145
\Gm@layoutheight=\dimen146
\Gm@layouthoffset=\dimen147
\Gm@layoutvoffset=\dimen148
\Gm@dimlist=\toks17
)
(/usr/share/texlive/texmf-dist/tex/latex/base/inputenc.sty
Package: inputenc 2021/02/14 v1.3d Input encoding file
\inpenc@prehook=\toks18
\inpenc@posthook=\toks19
)
(/usr/share/texlive/texmf-dist/tex/latex/base/fontenc.sty
Package: fontenc 2021/04/29 v2.0v Standard LaTeX package
)
(/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsmath.sty
Package: amsmath 2022/04/08 v2.17n AMS math features
\@mathmargin=\skip50
For additional information on amsmath, use the `?' option.
(/usr/share/texlive/texmf-dist/tex/latex/amsmath/amstext.sty
Package: amstext 2021/08/26 v2.01 AMS text
(/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsgen.sty
File: amsgen.sty 1999/11/30 v2.0 generic functions
\@emptytoks=\toks20
\ex@=\dimen149
))
(/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsbsy.sty
Package: amsbsy 1999/11/29 v1.2d Bold Symbols
\pmbraise@=\dimen150
)
(/usr/share/texlive/texmf-dist/tex/latex/amsmath/amsopn.sty
Package: amsopn 2022/04/08 v2.04 operator names
)
\inf@bad=\count196
LaTeX Info: Redefining \frac on input line 234.
\uproot@=\count197
\leftroot@=\count198
LaTeX Info: Redefining \overline on input line 399.
LaTeX Info: Redefining \colon on input line 410.
\classnum@=\count199
\DOTSCASE@=\count266
LaTeX Info: Redefining \ldots on input line 496.
LaTeX Info: Redefining \dots on input line 499.
LaTeX Info: Redefining \cdots on input line 620.
\Mathstrutbox@=\box51
\strutbox@=\box52
LaTeX Info: Redefining \big on input line 722.
LaTeX Info: Redefining \Big on input line 723.
LaTeX Info: Redefining \bigg on input line 724.
LaTeX Info: Redefining \Bigg on input line 725.
\big@size=\dimen151
LaTeX Font Info: Redeclaring font encoding OML on input line 743.
LaTeX Font Info: Redeclaring font encoding OMS on input line 744.
\macc@depth=\count267
LaTeX Info: Redefining \bmod on input line 905.
LaTeX Info: Redefining \pmod on input line 910.
LaTeX Info: Redefining \smash on input line 940.
LaTeX Info: Redefining \relbar on input line 970.
LaTeX Info: Redefining \Relbar on input line 971.
\c@MaxMatrixCols=\count268
\dotsspace@=\muskip16
\c@parentequation=\count269
\dspbrk@lvl=\count270
\tag@help=\toks21
\row@=\count271
\column@=\count272
\maxfields@=\count273
\andhelp@=\toks22
\eqnshift@=\dimen152
\alignsep@=\dimen153
\tagshift@=\dimen154
\tagwidth@=\dimen155
\totwidth@=\dimen156
\lineht@=\dimen157
\@envbody=\toks23
\multlinegap=\skip51
\multlinetaggap=\skip52
\mathdisplay@stack=\toks24
LaTeX Info: Redefining \[ on input line 2953.
LaTeX Info: Redefining \] on input line 2954.
)
(/usr/share/texlive/texmf-dist/tex/latex/amsfonts/amssymb.sty
Package: amssymb 2013/01/14 v3.01 AMS font symbols
(/usr/share/texlive/texmf-dist/tex/latex/amsfonts/amsfonts.sty
Package: amsfonts 2013/01/14 v3.01 Basic AMSFonts support
\symAMSa=\mathgroup4
\symAMSb=\mathgroup5
LaTeX Font Info: Redeclaring math symbol \hbar on input line 98.
LaTeX Font Info: Overwriting math alphabet `\mathfrak' in version `bold'
(Font) U/euf/m/n --> U/euf/b/n on input line 106.
))
(/usr/share/texlive/texmf-dist/tex/latex/graphics/graphicx.sty
Package: graphicx 2021/09/16 v1.2d Enhanced LaTeX Graphics (DPC,SPQR)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/graphics.sty
Package: graphics 2022/03/10 v1.4e Standard LaTeX Graphics (DPC,SPQR)
(/usr/share/texlive/texmf-dist/tex/latex/graphics/trig.sty
Package: trig 2021/08/11 v1.11 sin cos tan (DPC)
)
(/usr/share/texlive/texmf-dist/tex/latex/graphics-cfg/graphics.cfg
File: graphics.cfg 2016/06/04 v1.11 sample graphics configuration
)
Package graphics Info: Driver file: pdftex.def on input line 107.
(/usr/share/texlive/texmf-dist/tex/latex/graphics-def/pdftex.def
File: pdftex.def 2022/09/22 v1.2b Graphics/color driver for pdftex
))
\Gin@req@height=\dimen158
\Gin@req@width=\dimen159
)
(/usr/share/texlive/texmf-dist/tex/latex/url/url.sty
\Urlmuskip=\muskip17
Package: url 2013/09/16 ver 3.4 Verb mode for urls, etc.
)
(/usr/share/texlive/texmf-dist/tex/latex/hyperref/hyperref.sty
Package: hyperref 2023-02-07 v7.00v Hypertext links for LaTeX
(/usr/share/texlive/texmf-dist/tex/generic/ltxcmds/ltxcmds.sty
Package: ltxcmds 2020-05-10 v1.25 LaTeX kernel commands for general use (HO)
)
(/usr/share/texlive/texmf-dist/tex/generic/pdftexcmds/pdftexcmds.sty
Package: pdftexcmds 2020-06-27 v0.33 Utility functions of pdfTeX for LuaTeX (HO
)
(/usr/share/texlive/texmf-dist/tex/generic/infwarerr/infwarerr.sty
Package: infwarerr 2019/12/03 v1.5 Providing info/warning/error messages (HO)
)
Package pdftexcmds Info: \pdf@primitive is available.
Package pdftexcmds Info: \pdf@ifprimitive is available.
Package pdftexcmds Info: \pdfdraftmode found.
)
(/usr/share/texlive/texmf-dist/tex/latex/kvsetkeys/kvsetkeys.sty
Package: kvsetkeys 2022-10-05 v1.19 Key value parser (HO)
)
(/usr/share/texlive/texmf-dist/tex/generic/kvdefinekeys/kvdefinekeys.sty
Package: kvdefinekeys 2019-12-19 v1.6 Define keys (HO)
)
(/usr/share/texlive/texmf-dist/tex/generic/pdfescape/pdfescape.sty
Package: pdfescape 2019/12/09 v1.15 Implements pdfTeX's escape features (HO)
)
(/usr/share/texlive/texmf-dist/tex/latex/hycolor/hycolor.sty
Package: hycolor 2020-01-27 v1.10 Color options for hyperref/bookmark (HO)
)
(/usr/share/texlive/texmf-dist/tex/latex/letltxmacro/letltxmacro.sty
Package: letltxmacro 2019/12/03 v1.6 Let assignment for LaTeX macros (HO)
)
(/usr/share/texlive/texmf-dist/tex/latex/auxhook/auxhook.sty
Package: auxhook 2019-12-17 v1.6 Hooks for auxiliary files (HO)
)
(/usr/share/texlive/texmf-dist/tex/latex/hyperref/nameref.sty
Package: nameref 2022-05-17 v2.50 Cross-referencing by name of section
(/usr/share/texlive/texmf-dist/tex/latex/refcount/refcount.sty
Package: refcount 2019/12/15 v3.6 Data extraction from label references (HO)
)
(/usr/share/texlive/texmf-dist/tex/generic/gettitlestring/gettitlestring.sty
Package: gettitlestring 2019/12/15 v1.6 Cleanup title references (HO)
(/usr/share/texlive/texmf-dist/tex/latex/kvoptions/kvoptions.sty
Package: kvoptions 2022-06-15 v3.15 Key value format for package options (HO)
))
\c@section@level=\count274
)
\@linkdim=\dimen160
\Hy@linkcounter=\count275
\Hy@pagecounter=\count276
(/usr/share/texlive/texmf-dist/tex/latex/hyperref/pd1enc.def
File: pd1enc.def 2023-02-07 v7.00v Hyperref: PDFDocEncoding definition (HO)
Now handling font encoding PD1 ...
... no UTF-8 mapping file for font encoding PD1
)
(/usr/share/texlive/texmf-dist/tex/generic/intcalc/intcalc.sty
Package: intcalc 2019/12/15 v1.3 Expandable calculations with integers (HO)
)
(/usr/share/texlive/texmf-dist/tex/generic/etexcmds/etexcmds.sty
Package: etexcmds 2019/12/15 v1.7 Avoid name clashes with e-TeX commands (HO)
)
\Hy@SavedSpaceFactor=\count277
(/usr/share/texlive/texmf-dist/tex/latex/hyperref/puenc.def
File: puenc.def 2023-02-07 v7.00v Hyperref: PDF Unicode definition (HO)
Now handling font encoding PU ...
... no UTF-8 mapping file for font encoding PU
)
Package hyperref Info: Hyper figures OFF on input line 4177.
Package hyperref Info: Link nesting OFF on input line 4182.
Package hyperref Info: Hyper index ON on input line 4185.
Package hyperref Info: Plain pages OFF on input line 4192.
Package hyperref Info: Backreferencing OFF on input line 4197.
Package hyperref Info: Implicit mode ON; LaTeX internals redefined.
Package hyperref Info: Bookmarks ON on input line 4425.
\c@Hy@tempcnt=\count278
LaTeX Info: Redefining \url on input line 4763.
\XeTeXLinkMargin=\dimen161
(/usr/share/texlive/texmf-dist/tex/generic/bitset/bitset.sty
Package: bitset 2019/12/09 v1.3 Handle bit-vector datatype (HO)
(/usr/share/texlive/texmf-dist/tex/generic/bigintcalc/bigintcalc.sty
Package: bigintcalc 2019/12/15 v1.5 Expandable calculations on big integers (HO
)
))
\Fld@menulength=\count279
\Field@Width=\dimen162
\Fld@charsize=\dimen163
Package hyperref Info: Hyper figures OFF on input line 6042.
Package hyperref Info: Link nesting OFF on input line 6047.
Package hyperref Info: Hyper index ON on input line 6050.
Package hyperref Info: backreferencing OFF on input line 6057.
Package hyperref Info: Link coloring OFF on input line 6062.
Package hyperref Info: Link coloring with OCG OFF on input line 6067.
Package hyperref Info: PDF/A mode OFF on input line 6072.
(/usr/share/texlive/texmf-dist/tex/latex/base/atbegshi-ltx.sty
Package: atbegshi-ltx 2021/01/10 v1.0c Emulation of the original atbegshi
package with kernel methods
)
\Hy@abspage=\count280
\c@Item=\count281
\c@Hfootnote=\count282
)
Package hyperref Info: Driver (autodetected): hpdftex.
(/usr/share/texlive/texmf-dist/tex/latex/hyperref/hpdftex.def
File: hpdftex.def 2023-02-07 v7.00v Hyperref driver for pdfTeX
(/usr/share/texlive/texmf-dist/tex/latex/base/atveryend-ltx.sty
Package: atveryend-ltx 2020/08/19 v1.0a Emulation of the original atveryend pac
kage
with kernel methods
)
\Fld@listcount=\count283
\c@bookmark@seq@number=\count284
(/usr/share/texlive/texmf-dist/tex/latex/rerunfilecheck/rerunfilecheck.sty
Package: rerunfilecheck 2022-07-10 v1.10 Rerun checks for auxiliary files (HO)
(/usr/share/texlive/texmf-dist/tex/generic/uniquecounter/uniquecounter.sty
Package: uniquecounter 2019/12/15 v1.4 Provide unlimited unique counter (HO)
)
Package uniquecounter Info: New unique counter `rerunfilecheck' on input line 2
85.
)
\Hy@SectionHShift=\skip53
)
(/usr/share/texlive/texmf-dist/tex/latex/booktabs/booktabs.sty
Package: booktabs 2020/01/12 v1.61803398 Publication quality tables
\heavyrulewidth=\dimen164
\lightrulewidth=\dimen165
\cmidrulewidth=\dimen166
\belowrulesep=\dimen167
\belowbottomsep=\dimen168
\aboverulesep=\dimen169
\abovetopsep=\dimen170
\cmidrulesep=\dimen171
\cmidrulekern=\dimen172
\defaultaddspace=\dimen173
\@cmidla=\count285
\@cmidlb=\count286
\@aboverulesep=\dimen174
\@belowrulesep=\dimen175
\@thisruleclass=\count287
\@lastruleclass=\count288
\@thisrulewidth=\dimen176
)
(/usr/share/texlive/texmf-dist/tex/latex/xcolor/xcolor.sty
Package: xcolor 2022/06/12 v2.14 LaTeX color extensions (UK)
(/usr/share/texlive/texmf-dist/tex/latex/graphics-cfg/color.cfg
File: color.cfg 2016/01/02 v1.6 sample color configuration
)
Package xcolor Info: Driver file: pdftex.def on input line 227.
(/usr/share/texlive/texmf-dist/tex/latex/graphics/mathcolor.ltx)
Package xcolor Info: Model `cmy' substituted by `cmy0' on input line 1353.
Package xcolor Info: Model `hsb' substituted by `rgb' on input line 1357.
Package xcolor Info: Model `RGB' extended on input line 1369.
Package xcolor Info: Model `HTML' substituted by `rgb' on input line 1371.
Package xcolor Info: Model `Hsb' substituted by `hsb' on input line 1372.
Package xcolor Info: Model `tHsb' substituted by `hsb' on input line 1373.
Package xcolor Info: Model `HSB' substituted by `hsb' on input line 1374.
Package xcolor Info: Model `Gray' substituted by `gray' on input line 1375.
Package xcolor Info: Model `wave' substituted by `hsb' on input line 1376.
)
(/usr/share/texlive/texmf-dist/tex/latex/tools/array.sty
Package: array 2022/09/04 v2.5g Tabular extension package (FMi)
\col@sep=\dimen177
\ar@mcellbox=\box53
\extrarowheight=\dimen178
\NC@list=\toks25
\extratabsurround=\skip54
\backup@length=\skip55
\ar@cellbox=\box54
)
Package hyperref Info: Option `colorlinks' set `true' on input line 23.
(/usr/share/texlive/texmf-dist/tex/latex/l3backend/l3backend-pdftex.def
File: l3backend-pdftex.def 2023-01-16 L3 backend support: PDF output (pdfTeX)
\l__color_backend_stack_int=\count289
\l__pdf_internal_box=\box55
)
(./main.aux)
\openout1 = `main.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 25.
LaTeX Font Info: ... okay on input line 25.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 25.
LaTeX Font Info: ... okay on input line 25.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 25.
LaTeX Font Info: ... okay on input line 25.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 25.
LaTeX Font Info: ... okay on input line 25.
LaTeX Font Info: Checking defaults for TS1/cmr/m/n on input line 25.
LaTeX Font Info: ... okay on input line 25.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 25.
LaTeX Font Info: ... okay on input line 25.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 25.
LaTeX Font Info: ... okay on input line 25.
LaTeX Font Info: Checking defaults for PD1/pdf/m/n on input line 25.
LaTeX Font Info: ... okay on input line 25.
LaTeX Font Info: Checking defaults for PU/pdf/m/n on input line 25.
LaTeX Font Info: ... okay on input line 25.
*geometry* driver: auto-detecting
*geometry* detected driver: pdftex
*geometry* verbose mode - [ preamble ] result:
* driver: pdftex
* paper: <default>
* layout: <same size as paper>
* layoutoffset:(h,v)=(0.0pt,0.0pt)
* modes:
* h-part:(L,W,R)=(54.2025pt, 505.89pt, 54.2025pt)
* v-part:(T,H,B)=(54.2025pt, 686.56499pt, 54.2025pt)
* \paperwidth=614.295pt
* \paperheight=794.96999pt
* \textwidth=505.89pt
* \textheight=686.56499pt
* \oddsidemargin=-18.06749pt
* \evensidemargin=-18.06749pt
* \topmargin=-55.06749pt
* \headheight=12.0pt
* \headsep=25.0pt
* \topskip=11.0pt
* \footskip=30.0pt
* \marginparwidth=4.0pt
* \marginparsep=10.0pt
* \columnsep=10.0pt
* \skip\footins=10.0pt plus 4.0pt minus 2.0pt
* \hoffset=0.0pt
* \voffset=0.0pt
* \mag=1000
* \@twocolumntrue
* \@twosidefalse
* \@mparswitchfalse
* \@reversemarginfalse
* (1in=72.27pt=25.4mm, 1cm=28.453pt)
(/usr/share/texlive/texmf-dist/tex/context/base/mkii/supp-pdf.mkii
[Loading MPS to PDF converter (version 2006.09.02).]
\scratchcounter=\count290
\scratchdimen=\dimen179
\scratchbox=\box56
\nofMPsegments=\count291
\nofMParguments=\count292
\everyMPshowfont=\toks26
\MPscratchCnt=\count293
\MPscratchDim=\dimen180
\MPnumerator=\count294
\makeMPintoPDFobject=\count295
\everyMPtoPDFconversion=\toks27
) (/usr/share/texlive/texmf-dist/tex/latex/epstopdf-pkg/epstopdf-base.sty
Package: epstopdf-base 2020-01-24 v2.11 Base part for package epstopdf
Package epstopdf-base Info: Redefining graphics rule for `.eps' on input line 4
85.
(/usr/share/texlive/texmf-dist/tex/latex/latexconfig/epstopdf-sys.cfg
File: epstopdf-sys.cfg 2010/07/13 v1.3 Configuration of (r)epstopdf for TeX Liv
e
))
Package hyperref Info: Link coloring ON on input line 25.
(./main.out) (./main.out)
\@outlinefile=\write3
\openout3 = `main.out'.
LaTeX Font Info: Trying to load font information for U+msa on input line 36.
(/usr/share/texlive/texmf-dist/tex/latex/amsfonts/umsa.fd
File: umsa.fd 2013/01/14 v3.01 AMS symbols A
)
LaTeX Font Info: Trying to load font information for U+msb on input line 36.
(/usr/share/texlive/texmf-dist/tex/latex/amsfonts/umsb.fd
File: umsb.fd 2013/01/14 v3.01 AMS symbols B
)
LaTeX Font Info: Trying to load font information for T1+cmtt on input line 3
6.
(/usr/share/texlive/texmf-dist/tex/latex/base/t1cmtt.fd
File: t1cmtt.fd 2022/07/10 v2.5l Standard LaTeX font definitions
)
Underfull \vbox (badness 10000) has occurred while \output is active []
Underfull \hbox (badness 1292) in paragraph at lines 77--78
\T1/cmr/m/n/10.95 in-clud-ing WIMSE (Work-load Iden-tity in Multi-
[]
Underfull \vbox (badness 10000) has occurred while \output is active []
[1{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{/usr/share/texlive/texmf
-dist/fonts/enc/dvips/cm-super/cm-super-t1.enc}
]
Underfull \hbox (badness 4416) in paragraph at lines 101--101
[]\T1/cmr/bx/n/10.95 WIMSE --- Work-load Iden-tity in
[]
Underfull \hbox (badness 4454) in paragraph at lines 111--112
\T1/cmr/m/n/10.95 Grant Ne-go-ti-a-tion and Au-tho-riza-tion Pro-to-col
[]
Underfull \hbox (badness 1796) in paragraph at lines 113--113
[]\T1/cmr/bx/n/10.95 SCITT --- Sup-ply Chain In-tegrity,
[]
Underfull \hbox (badness 3058) in paragraph at lines 115--116
\T1/cmr/m/n/10.95 SCITT de-fines trans-parency ser-vices based on
[]
[2]
Overfull \hbox (72.22682pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 +-----------------------------------------------------------+
[]
[]
Overfull \hbox (77.47554pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | HUMAN OPERATORS
|[]
[]
Overfull \hbox (77.47554pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | [Override & HITL Layer -- GAP 7]
|[]
[]
Overfull \hbox (72.22682pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 +-----------------------------------------------------------+
[]
[]
Overfull \hbox (77.47554pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | AGENT INTERACTION LAYER
|[]
[]
Overfull \hbox (72.22682pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | +--------+ +--------+ +--------+ +--------+ |
[]
[]
Overfull \hbox (77.47554pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | |Agent A |<>|Agent B |<>|Agent C |<>|Agent D |
|[]
[]
Overfull \hbox (72.22682pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | +---+----+ +---+----+ +---+----+ +---+----+ |
[]
[]
Overfull \hbox (72.22682pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | | GAP 3: | GAP 10: | GAP 1: | |
[]
[]
Overfull \hbox (77.47554pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | | Consens. | Cap.Neg. | Behav.V. |
|[]
[]
Overfull \hbox (72.22682pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 +------+----------+----------+----------+-------------------+
[]
[]
Overfull \hbox (77.47554pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | EXECUTION LAYER (ECT)
|[]
[]
Overfull \hbox (77.47554pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | DAG Execution | Checkpoints | Rollback | Circuit Breakers
|[]
[]
Overfull \hbox (72.22682pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | [GAP 2: Cascade Prevention] [GAP 4: Rollback] |
[]
[]
Overfull \hbox (72.22682pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 +-----------------------------------------------------------+
[]
[]
Overfull \hbox (77.47554pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | POLICY & GOVERNANCE LAYER
|[]
[]
Overfull \hbox (72.22682pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | ACP-DAG-HITL | Trust Scoring | Assurance Profiles |
[]
[]
Overfull \hbox (72.22682pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | [GAP 5: Federated Privacy] [GAP 6: Cross-Domain Audit] |
[]
[]
Overfull \hbox (72.22682pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 +-----------------------------------------------------------+
[]
[]
Overfull \hbox (77.47554pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | INFRASTRUCTURE LAYER
|[]
[]
Overfull \hbox (72.22682pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | Identity | Discovery | Registration | Protocol Bridges |
[]
[]
Overfull \hbox (72.22682pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | [GAP 8: Cross-Protocol] [GAP 9: Resource Accounting] |
[]
[]
Overfull \hbox (77.47554pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 | [GAP 11: Performance Benchmarking]
|[]
[]
Overfull \hbox (72.22682pt too wide) in paragraph at lines 187--187
[]\T1/cmtt/m/n/10 +-----------------------------------------------------------+
[]
[]
Underfull \hbox (badness 4660) in paragraph at lines 194--195
\T1/cmr/m/n/10.95 The top-most layer pro-vides human-in-the-loop
[]
[3]
Underfull \hbox (badness 3138) in paragraph at lines 210--211
\T1/cmr/m/n/10.95 The Ex-e-cu-tion Layer man-ages DAG-structured
[]
Underfull \hbox (badness 4378) in paragraph at lines 210--211
\T1/cmr/m/n/10.95 agent work-flows. Ex-e-cu-tion Con-text To-kens
[]
[4{/usr/share/texlive/texmf-dist/fonts/enc/dvips/cm-super/cm-super-ts1.enc}]
Underfull \hbox (badness 1552) in paragraph at lines 232--233
[]\T1/cmr/bx/n/10.95 Gap 9 (Re-source Ac-count-ing): \T1/cmr/m/n/10.95 Track-
[]
Underfull \hbox (badness 2134) in paragraph at lines 233--234
[]\T1/cmr/bx/n/10.95 Gap 11 (Per-for-mance Bench-mark-ing):
[]
Overfull \hbox (54.56638pt too wide) in paragraph at lines 255--274
[][]
[]
[5] [6]
Underfull \hbox (badness 10000) in paragraph at lines 348--349
[]\T1/cmr/bx/n/10.95 Existing Par-tial So-lu-tions[] \T1/cmr/m/n/10.95 NET-CON
F
[]
Underfull \hbox (badness 4686) in paragraph at lines 348--349
\T1/cmr/m/n/10.95 confirmed-commit pro-vides roll-back for con-fig-
[]
Underfull \hbox (badness 2189) in paragraph at lines 348--349
\T1/cmr/m/n/10.95 well-known in dis-tributed sys-tems but lacks a
[]
Underfull \hbox (badness 4608) in paragraph at lines 365--366
[]\T1/cmr/bx/n/10.95 Existing Par-tial So-lu-tions[] \T1/cmr/m/n/10.95 Gen-era
l pri-vacy
[]
Underfull \hbox (badness 1221) in paragraph at lines 376--377
\T1/cmr/m/n/10.95 kens [[]] pro-vide per-action au-dit records, and
[]
Underfull \hbox (badness 10000) in paragraph at lines 381--382
[]\T1/cmr/bx/n/10.95 Impact As-sess-ment[] \T1/cmr/m/n/10.95 Or-ga-ni-za-tions
can-not
[]
Underfull \hbox (badness 2608) in paragraph at lines 381--382
\T1/cmr/m/n/10.95 demon-strate com-pli-ance for cross-domain agent
[]
Underfull \hbox (badness 3713) in paragraph at lines 384--385
[]\T1/cmr/bx/n/10.95 Existing Par-tial So-lu-tions[] \T1/cmr/m/n/10.95 SCITT p
ro-vides
[]
[7]
Underfull \hbox (badness 10000) in paragraph at lines 403--404
[]\T1/cmr/bx/n/10.95 Existing Par-tial So-lu-tions[] \T1/cmr/m/n/10.95 ACP-DAG
-
[]
Underfull \hbox (badness 1132) in paragraph at lines 426--427
[]\T1/cmr/bx/n/10.95 Problem State-ment[] \T1/cmr/m/n/10.95 Au-tonomous agents
con-
[]
[8]
Underfull \hbox (badness 2285) in paragraph at lines 459--460
[]\T1/cmr/bx/n/10.95 Impact As-sess-ment[] \T1/cmr/m/n/10.95 Op-er-a-tors can-
not ob-jec-
[]
Underfull \hbox (badness 1264) in paragraph at lines 462--463
\T1/cmr/m/n/10.95 ML model eval-u-a-tion bench-marks ex-ist but do
[]
[9] [10]
Underfull \hbox (badness 1377) in paragraph at lines 577--578
\T1/cmr/m/n/10.95 behavioral ver-i-fi-ca-tion and cas-cade prevention---
[]
Underfull \hbox (badness 1596) in paragraph at lines 579--580
\T1/cmr/m/n/10.95 oped to ad-dress the most press-ing gaps, with
[]
Underfull \hbox (badness 3482) in paragraph at lines 579--580
\T1/cmr/m/n/10.95 a dependency-ordered im-ple-men-ta-tion roadmap.
[]
Underfull \hbox (badness 1418) in paragraph at lines 587--588
[]\T1/cmr/bx/n/10.95 Performance Eval-u-a-tion: \T1/cmr/m/n/10.95 Mea-sur-ing t
he
[]
Underfull \hbox (badness 2961) in paragraph at lines 588--589
\T1/cmr/m/n/10.95 anal-y-sis to rel-e-vant IETF work-ing groups
[]
(./main.bbl [11]
Underfull \hbox (badness 2080) in paragraph at lines 30--34
\T1/cmr/m/it/10.95 on Au-tomata, Lan-guages and Pro-gram-ming
[]
Underfull \hbox (badness 3635) in paragraph at lines 51--55
[]\T1/cmr/m/n/10.95 Nicholas R. Jen-nings, Ka-tia Sycara, and
[]
Underfull \hbox (badness 10000) in paragraph at lines 57--60
[]\T1/cmr/m/n/10.95 Michael Jones, John Bradley, and Nat
[]
Underfull \hbox (badness 5147) in paragraph at lines 68--71
\T1/cmr/m/it/10.95 ACM Trans-ac-tions on Com-puter Sys-tems\T1/cmr/m/n/10.95 ,
[]
Underfull \hbox (badness 4403) in paragraph at lines 81--84
[]\T1/cmr/m/n/10.95 Christian Nen-ne-mann. Agent be-hav-ioral
[]
Underfull \hbox (badness 10000) in paragraph at lines 81--84
\T1/cmr/m/n/10.95 ver-i-fi-ca-tion and per-for-mance bench-mark-
[]
Underfull \hbox (badness 1521) in paragraph at lines 81--84
\T1/cmr/m/n/10.95 ing. Internet-Draft draft-nennemann-agent-
[]
Underfull \hbox (badness 10000) in paragraph at lines 96--99
\T1/cmr/m/n/10.95 Draft draft-nennemann-agent-cross-domain-
[]
Underfull \hbox (badness 6978) in paragraph at lines 111--114
[]\T1/cmr/m/n/10.95 Christian Nen-ne-mann. Fed-er-ated agent
[]
Underfull \hbox (badness 3735) in paragraph at lines 111--114
\T1/cmr/m/n/10.95 learn-ing pri-vacy and cross-protocol mi-gra-
[]
Underfull \hbox (badness 4403) in paragraph at lines 121--124
[]\T1/cmr/m/n/10.95 Christian Nen-ne-mann. Stan-dard-ized hu-
[]
[12]) [13
] (./main.aux)
Package rerunfilecheck Info: File `main.out' has not changed.
(rerunfilecheck) Checksum: 0DC0B998212202D24540FE5609D8F21A;10916.
)
Here is how much of TeX's memory you used:
11000 strings out of 477985
167933 string characters out of 5839381
1873388 words of memory out of 6000000
30890 multiletter control sequences out of 15000+600000
528777 words of font info for 77 fonts, out of 8000000 for 9000
14 hyphenation exceptions out of 8191
75i,11n,76p,816b,551s stack positions out of 10000i,1000n,20000p,200000b,200000s
</usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmsy10.pfb></us
r/share/texlive/texmf-dist/fonts/type1/public/cm-super/sfbx1000.pfb></usr/share
/texlive/texmf-dist/fonts/type1/public/cm-super/sfbx1095.pfb></usr/share/texliv
e/texmf-dist/fonts/type1/public/cm-super/sfbx1200.pfb></usr/share/texlive/texmf
-dist/fonts/type1/public/cm-super/sfbx1440.pfb></usr/share/texlive/texmf-dist/f
onts/type1/public/cm-super/sfrm1000.pfb></usr/share/texlive/texmf-dist/fonts/ty
pe1/public/cm-super/sfrm1095.pfb></usr/share/texlive/texmf-dist/fonts/type1/pub
lic/cm-super/sfrm1200.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/cm-
super/sfrm1728.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/cm-super/s
fti1095.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/cm-super/sftt1000
.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/cm-super/sftt1200.pfb>
Output written on main.pdf (13 pages, 325182 bytes).
PDF statistics:
556 PDF objects out of 1000 (max. 8388607)
510 compressed objects within 6 object streams
156 named destinations out of 1000 (max. 500000)
433 words of extra memory for PDF output out of 10000 (max. 10000000)

54
workspace/drafts/gap-analysis/arxiv/main.out Normal file
View File

@@ -0,0 +1,54 @@
\BOOKMARK [1][-]{section.1}{\376\377\000I\000n\000t\000r\000o\000d\000u\000c\000t\000i\000o\000n}{}% 1
\BOOKMARK [2][-]{subsection.1.1}{\376\377\000C\000o\000n\000t\000r\000i\000b\000u\000t\000i\000o\000n\000s}{section.1}% 2
\BOOKMARK [2][-]{subsection.1.2}{\376\377\000P\000a\000p\000e\000r\000\040\000O\000r\000g\000a\000n\000i\000z\000a\000t\000i\000o\000n}{section.1}% 3
\BOOKMARK [1][-]{section.2}{\376\377\000B\000a\000c\000k\000g\000r\000o\000u\000n\000d\000\040\000a\000n\000d\000\040\000R\000e\000l\000a\000t\000e\000d\000\040\000W\000o\000r\000k}{}% 4
\BOOKMARK [2][-]{subsection.2.1}{\376\377\000I\000E\000T\000F\000\040\000S\000t\000a\000n\000d\000a\000r\000d\000s\000\040\000L\000a\000n\000d\000s\000c\000a\000p\000e}{section.2}% 5
\BOOKMARK [3][-]{subsubsection.2.1.1}{\376\377\000W\000I\000M\000S\000E\000\040\040\024\000\040\000W\000o\000r\000k\000l\000o\000a\000d\000\040\000I\000d\000e\000n\000t\000i\000t\000y\000\040\000i\000n\000\040\000M\000u\000l\000t\000i\000-\000S\000y\000s\000t\000e\000m\000\040\000E\000n\000v\000i\000r\000o\000n\000m\000e\000n\000t\000s}{subsection.2.1}% 6
\BOOKMARK [3][-]{subsubsection.2.1.2}{\376\377\000R\000A\000T\000S\000\040\040\024\000\040\000R\000e\000m\000o\000t\000e\000\040\000A\000T\000t\000e\000s\000t\000a\000t\000i\000o\000n\000\040\000p\000r\000o\000c\000e\000d\000u\000r\000e\000S}{subsection.2.1}% 7
\BOOKMARK [3][-]{subsubsection.2.1.3}{\376\377\000O\000A\000u\000t\000h\000\040\0002\000.\0000\000\040\000a\000n\000d\000\040\000G\000N\000A\000P}{subsection.2.1}% 8
\BOOKMARK [3][-]{subsubsection.2.1.4}{\376\377\000S\000C\000I\000T\000T\000\040\040\024\000\040\000S\000u\000p\000p\000l\000y\000\040\000C\000h\000a\000i\000n\000\040\000I\000n\000t\000e\000g\000r\000i\000t\000y\000,\000\040\000T\000r\000a\000n\000s\000p\000a\000r\000e\000n\000c\000y\000,\000\040\000a\000n\000d\000\040\000T\000r\000u\000s\000t}{subsection.2.1}% 9
\BOOKMARK [3][-]{subsubsection.2.1.5}{\376\377\000N\000M\000O\000P\000\040\040\024\000\040\000N\000e\000t\000w\000o\000r\000k\000\040\000M\000a\000n\000a\000g\000e\000m\000e\000n\000t\000\040\000O\000p\000e\000r\000a\000t\000i\000o\000n\000s}{subsection.2.1}% 10
\BOOKMARK [2][-]{subsection.2.2}{\376\377\000I\000n\000d\000u\000s\000t\000r\000y\000\040\000P\000r\000o\000t\000o\000c\000o\000l\000s}{section.2}% 11
\BOOKMARK [3][-]{subsubsection.2.2.1}{\376\377\000G\000o\000o\000g\000l\000e\000\040\000A\0002\000A\000\040\000P\000r\000o\000t\000o\000c\000o\000l}{subsection.2.2}% 12
\BOOKMARK [3][-]{subsubsection.2.2.2}{\376\377\000A\000n\000t\000h\000r\000o\000p\000i\000c\000\040\000M\000C\000P}{subsection.2.2}% 13
\BOOKMARK [3][-]{subsubsection.2.2.3}{\376\377\000M\000u\000l\000t\000i\000-\000A\000g\000e\000n\000t\000\040\000F\000r\000a\000m\000e\000w\000o\000r\000k\000s}{subsection.2.2}% 14
\BOOKMARK [2][-]{subsection.2.3}{\376\377\000A\000c\000a\000d\000e\000m\000i\000c\000\040\000F\000o\000u\000n\000d\000a\000t\000i\000o\000n\000s}{section.2}% 15
\BOOKMARK [3][-]{subsubsection.2.3.1}{\376\377\000M\000u\000l\000t\000i\000-\000A\000g\000e\000n\000t\000\040\000S\000y\000s\000t\000e\000m\000s}{subsection.2.3}% 16
\BOOKMARK [3][-]{subsubsection.2.3.2}{\376\377\000D\000i\000s\000t\000r\000i\000b\000u\000t\000e\000d\000\040\000C\000o\000n\000s\000e\000n\000s\000u\000s}{subsection.2.3}% 17
\BOOKMARK [3][-]{subsubsection.2.3.3}{\376\377\000F\000e\000d\000e\000r\000a\000t\000e\000d\000\040\000L\000e\000a\000r\000n\000i\000n\000g\000\040\000a\000n\000d\000\040\000P\000r\000i\000v\000a\000c\000y}{subsection.2.3}% 18
\BOOKMARK [3][-]{subsubsection.2.3.4}{\376\377\000C\000i\000r\000c\000u\000i\000t\000\040\000B\000r\000e\000a\000k\000e\000r\000s\000\040\000a\000n\000d\000\040\000F\000a\000u\000l\000t\000\040\000T\000o\000l\000e\000r\000a\000n\000c\000e}{subsection.2.3}% 19
\BOOKMARK [1][-]{section.3}{\376\377\000R\000e\000f\000e\000r\000e\000n\000c\000e\000\040\000A\000r\000c\000h\000i\000t\000e\000c\000t\000u\000r\000e}{}% 20
\BOOKMARK [2][-]{subsection.3.1}{\376\377\000H\000u\000m\000a\000n\000\040\000C\000o\000n\000t\000r\000o\000l\000\040\000L\000a\000y\000e\000r}{section.3}% 21
\BOOKMARK [2][-]{subsection.3.2}{\376\377\000A\000g\000e\000n\000t\000\040\000I\000n\000t\000e\000r\000a\000c\000t\000i\000o\000n\000\040\000L\000a\000y\000e\000r}{section.3}% 22
\BOOKMARK [2][-]{subsection.3.3}{\376\377\000E\000x\000e\000c\000u\000t\000i\000o\000n\000\040\000L\000a\000y\000e\000r}{section.3}% 23
\BOOKMARK [2][-]{subsection.3.4}{\376\377\000P\000o\000l\000i\000c\000y\000\040\000a\000n\000d\000\040\000G\000o\000v\000e\000r\000n\000a\000n\000c\000e\000\040\000L\000a\000y\000e\000r}{section.3}% 24
\BOOKMARK [2][-]{subsection.3.5}{\376\377\000I\000n\000f\000r\000a\000s\000t\000r\000u\000c\000t\000u\000r\000e\000\040\000L\000a\000y\000e\000r}{section.3}% 25
\BOOKMARK [1][-]{section.4}{\376\377\000G\000a\000p\000\040\000A\000n\000a\000l\000y\000s\000i\000s}{}% 26
\BOOKMARK [2][-]{subsection.4.1}{\376\377\000C\000R\000I\000T\000I\000C\000A\000L\000\040\000G\000a\000p\000s}{section.4}% 27
\BOOKMARK [3][-]{subsubsection.4.1.1}{\376\377\000G\000a\000p\000\040\0001\000:\000\040\000A\000g\000e\000n\000t\000\040\000B\000e\000h\000a\000v\000i\000o\000r\000a\000l\000\040\000V\000e\000r\000i\000f\000i\000c\000a\000t\000i\000o\000n}{subsection.4.1}% 28
\BOOKMARK [3][-]{subsubsection.4.1.2}{\376\377\000G\000a\000p\000\040\0002\000:\000\040\000A\000g\000e\000n\000t\000\040\000F\000a\000i\000l\000u\000r\000e\000\040\000C\000a\000s\000c\000a\000d\000e\000\040\000P\000r\000e\000v\000e\000n\000t\000i\000o\000n}{subsection.4.1}% 29
\BOOKMARK [2][-]{subsection.4.2}{\376\377\000H\000I\000G\000H\000\040\000G\000a\000p\000s}{section.4}% 30
\BOOKMARK [3][-]{subsubsection.4.2.1}{\376\377\000G\000a\000p\000\040\0003\000:\000\040\000M\000u\000l\000t\000i\000-\000A\000g\000e\000n\000t\000\040\000C\000o\000n\000s\000e\000n\000s\000u\000s\000\040\000P\000r\000o\000t\000o\000c\000o\000l\000s}{subsection.4.2}% 31
\BOOKMARK [3][-]{subsubsection.4.2.2}{\376\377\000G\000a\000p\000\040\0004\000:\000\040\000R\000e\000a\000l\000-\000T\000i\000m\000e\000\040\000A\000g\000e\000n\000t\000\040\000R\000o\000l\000l\000b\000a\000c\000k\000\040\000M\000e\000c\000h\000a\000n\000i\000s\000m\000s}{subsection.4.2}% 32
\BOOKMARK [3][-]{subsubsection.4.2.3}{\376\377\000G\000a\000p\000\040\0005\000:\000\040\000F\000e\000d\000e\000r\000a\000t\000e\000d\000\040\000A\000g\000e\000n\000t\000\040\000L\000e\000a\000r\000n\000i\000n\000g\000\040\000P\000r\000i\000v\000a\000c\000y}{subsection.4.2}% 33
\BOOKMARK [3][-]{subsubsection.4.2.4}{\376\377\000G\000a\000p\000\040\0006\000:\000\040\000C\000r\000o\000s\000s\000-\000D\000o\000m\000a\000i\000n\000\040\000A\000g\000e\000n\000t\000\040\000A\000u\000d\000i\000t\000\040\000T\000r\000a\000i\000l\000s}{subsection.4.2}% 34
\BOOKMARK [3][-]{subsubsection.4.2.5}{\376\377\000G\000a\000p\000\040\0007\000:\000\040\000H\000u\000m\000a\000n\000\040\000O\000v\000e\000r\000r\000i\000d\000e\000\040\000S\000t\000a\000n\000d\000a\000r\000d\000i\000z\000a\000t\000i\000o\000n}{subsection.4.2}% 35
\BOOKMARK [2][-]{subsection.4.3}{\376\377\000M\000E\000D\000I\000U\000M\000\040\000G\000a\000p\000s}{section.4}% 36
\BOOKMARK [3][-]{subsubsection.4.3.1}{\376\377\000G\000a\000p\000\040\0008\000:\000\040\000C\000r\000o\000s\000s\000-\000P\000r\000o\000t\000o\000c\000o\000l\000\040\000A\000g\000e\000n\000t\000\040\000M\000i\000g\000r\000a\000t\000i\000o\000n}{subsection.4.3}% 37
\BOOKMARK [3][-]{subsubsection.4.3.2}{\376\377\000G\000a\000p\000\040\0009\000:\000\040\000A\000g\000e\000n\000t\000\040\000R\000e\000s\000o\000u\000r\000c\000e\000\040\000A\000c\000c\000o\000u\000n\000t\000i\000n\000g\000\040\000a\000n\000d\000\040\000B\000i\000l\000l\000i\000n\000g}{subsection.4.3}% 38
\BOOKMARK [3][-]{subsubsection.4.3.3}{\376\377\000G\000a\000p\000\040\0001\0000\000:\000\040\000A\000g\000e\000n\000t\000\040\000C\000a\000p\000a\000b\000i\000l\000i\000t\000y\000\040\000N\000e\000g\000o\000t\000i\000a\000t\000i\000o\000n}{subsection.4.3}% 39
\BOOKMARK [3][-]{subsubsection.4.3.4}{\376\377\000G\000a\000p\000\040\0001\0001\000:\000\040\000A\000g\000e\000n\000t\000\040\000P\000e\000r\000f\000o\000r\000m\000a\000n\000c\000e\000\040\000B\000e\000n\000c\000h\000m\000a\000r\000k\000i\000n\000g}{subsection.4.3}% 40
\BOOKMARK [1][-]{section.5}{\376\377\000P\000r\000o\000p\000o\000s\000e\000d\000\040\000S\000o\000l\000u\000t\000i\000o\000n\000\040\000F\000r\000a\000m\000e\000w\000o\000r\000k}{}% 41
\BOOKMARK [2][-]{subsection.5.1}{\376\377\000C\000o\000m\000p\000a\000n\000i\000o\000n\000\040\000A\000:\000\040\000B\000e\000h\000a\000v\000i\000o\000r\000a\000l\000\040\000V\000e\000r\000i\000f\000i\000c\000a\000t\000i\000o\000n}{section.5}% 42
\BOOKMARK [2][-]{subsection.5.2}{\376\377\000C\000o\000m\000p\000a\000n\000i\000o\000n\000\040\000B\000:\000\040\000C\000a\000s\000c\000a\000d\000e\000\040\000P\000r\000e\000v\000e\000n\000t\000i\000o\000n}{section.5}% 43
\BOOKMARK [2][-]{subsection.5.3}{\376\377\000C\000o\000m\000p\000a\000n\000i\000o\000n\000\040\000C\000:\000\040\000C\000o\000n\000s\000e\000n\000s\000u\000s\000\040\000P\000r\000o\000t\000o\000c\000o\000l}{section.5}% 44
\BOOKMARK [2][-]{subsection.5.4}{\376\377\000C\000o\000m\000p\000a\000n\000i\000o\000n\000\040\000D\000:\000\040\000C\000r\000o\000s\000s\000-\000D\000o\000m\000a\000i\000n\000\040\000A\000u\000d\000i\000t}{section.5}% 45
\BOOKMARK [2][-]{subsection.5.5}{\376\377\000C\000o\000m\000p\000a\000n\000i\000o\000n\000\040\000E\000:\000\040\000O\000v\000e\000r\000r\000i\000d\000e\000\040\000P\000r\000o\000t\000o\000c\000o\000l}{section.5}% 46
\BOOKMARK [2][-]{subsection.5.6}{\376\377\000C\000o\000m\000p\000a\000n\000i\000o\000n\000\040\000F\000:\000\040\000F\000e\000d\000e\000r\000a\000t\000i\000o\000n\000\040\000P\000r\000i\000v\000a\000c\000y}{section.5}% 47
\BOOKMARK [2][-]{subsection.5.7}{\376\377\000D\000e\000p\000e\000n\000d\000e\000n\000c\000y\000\040\000A\000n\000a\000l\000y\000s\000i\000s}{section.5}% 48
\BOOKMARK [1][-]{section.6}{\376\377\000D\000i\000s\000c\000u\000s\000s\000i\000o\000n}{}% 49
\BOOKMARK [2][-]{subsection.6.1}{\376\377\000C\000r\000o\000s\000s\000-\000C\000u\000t\000t\000i\000n\000g\000\040\000T\000h\000e\000m\000e\000s}{section.6}% 50
\BOOKMARK [2][-]{subsection.6.2}{\376\377\000P\000r\000i\000o\000r\000i\000t\000i\000z\000a\000t\000i\000o\000n\000\040\000R\000a\000t\000i\000o\000n\000a\000l\000e}{section.6}% 51
\BOOKMARK [2][-]{subsection.6.3}{\376\377\000R\000e\000l\000a\000t\000i\000o\000n\000s\000h\000i\000p\000\040\000t\000o\000\040\000I\000n\000d\000u\000s\000t\000r\000y\000\040\000P\000r\000o\000t\000o\000c\000o\000l\000s}{section.6}% 52
\BOOKMARK [2][-]{subsection.6.4}{\376\377\000L\000i\000m\000i\000t\000a\000t\000i\000o\000n\000s}{section.6}% 53
\BOOKMARK [1][-]{section.7}{\376\377\000C\000o\000n\000c\000l\000u\000s\000i\000o\000n\000\040\000a\000n\000d\000\040\000F\000u\000t\000u\000r\000e\000\040\000W\000o\000r\000k}{}% 54

BIN
workspace/drafts/gap-analysis/arxiv/main.pdf Normal file
View File

Binary file not shown.

604
workspace/drafts/gap-analysis/arxiv/main.tex Normal file
View File

@@ -0,0 +1,604 @@
% Switch to IEEEtran for final arXiv submission:
% \documentclass[conference]{IEEEtran}
\documentclass[11pt,twocolumn]{article}
\usepackage[margin=0.75in]{geometry}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
% \usepackage{cite} % uncomment for IEEEtran
\usepackage{amsmath,amssymb}
\usepackage{graphicx}
\usepackage{url}
\usepackage{hyperref}
\usepackage{booktabs}
% \usepackage{multirow} % uncomment if available
\usepackage{xcolor}
\usepackage{array}
\hypersetup{
colorlinks=true,
linkcolor=blue,
citecolor=blue,
urlcolor=blue,
}
\begin{document}
\title{Gap Analysis of IETF Standards for\\Autonomous AI Agent Protocols}
\author{
Christian Nennemann\\
Independent Researcher\\
\texttt{ietf@nennemann.de}
}
\maketitle
% ==================================================================
\begin{abstract}
Autonomous software agents---powered by large language models and
traditional AI planning systems---are rapidly being deployed for
network management, cloud orchestration, supply-chain logistics, and
multi-step AI-driven workflows. A survey of the IETF document
corpus reveals over 260 Internet-Drafts and RFCs that touch on
aspects of agent communication, identity, safety, and operations.
Despite this breadth, these efforts remain fragmented: no single
reference architecture ties them together, and several critical
capabilities---including behavioral verification, failure cascade
prevention, multi-agent consensus, and standardized human
override---lack any standardization whatsoever.
This paper presents a systematic gap analysis of IETF standards
with respect to autonomous agent protocol requirements. We propose
a four-layer reference architecture for agent ecosystems, identify
eleven specific gaps organized by severity (Critical, High, Medium),
and map these gaps to six companion Internet-Drafts that address the
most pressing deficiencies. We further contextualize these gaps
against industry protocols such as Google's Agent-to-Agent (A2A)
protocol and Anthropic's Model Context Protocol (MCP), as well as
academic literature on multi-agent systems, federated learning, and
fault-tolerant distributed systems. Our analysis provides a
structured roadmap for the standards work needed to enable safe,
interoperable, and auditable autonomous agent ecosystems.
\end{abstract}
\medskip
\noindent\textbf{Keywords:} autonomous agents, multi-agent systems, IETF standards, gap analysis,
agent safety, protocol standardization, AI governance
% ==================================================================
\section{Introduction}
\label{sec:intro}
The emergence of large language model (LLM)-based agents~\cite{openai2023gpt4,wang2024survey-llm-agents} has transformed autonomous software agents from a long-studied academic concept~\cite{wooldridge2009multiagent,jennings1998agent-applications} into a practical engineering reality. Modern agent frameworks such as AutoGen~\cite{autogen} and CrewAI~\cite{crewai} orchestrate multiple agents that collaborate on complex tasks, delegate sub-tasks to one another, invoke external tools, and make decisions with limited or no human supervision. Industry protocols including Google's Agent-to-Agent (A2A) protocol~\cite{a2a-protocol} and Anthropic's Model Context Protocol (MCP)~\cite{mcp-protocol} have emerged to standardize agent communication at the application layer.
Simultaneously, agents are being deployed for critical infrastructure operations---network management under the IETF's Network Management Operations (NMOP) working group, cloud orchestration across trust domains, and supply-chain workflows that span organizational boundaries. These deployments demand protocol-level guarantees for identity, authorization, safety, auditability, and fault tolerance that go far beyond what any single existing standard provides.
A survey of the IETF document corpus reveals over 260 Internet-Drafts and RFCs touching on agent-relevant topics across multiple working groups including WIMSE (Workload Identity in Multi-System Environments), RATS (Remote ATtestation procedureS), OAuth/GNAP, SCITT (Supply Chain Integrity, Transparency, and Trust), and NMOP. Yet these efforts remain fragmented, addressing individual facets of the problem without a unifying architecture.
\subsection{Contributions}
This paper makes three contributions:
\begin{enumerate}
\item \textbf{Reference Architecture.} We propose a four-layer reference architecture (Section~\ref{sec:architecture}) that organizes agent capabilities into Human Control, Agent Interaction, Execution, Policy \& Governance, and Infrastructure layers.
\item \textbf{Gap Analysis.} We identify eleven specific gaps in the current IETF standards landscape (Section~\ref{sec:gaps}), classified by severity (Critical, High, Medium), with formal problem statements, impact assessments, and analysis of existing partial coverage.
\item \textbf{Solution Roadmap.} We present six companion Internet-Drafts (Section~\ref{sec:solutions}) that address the most critical gaps, together with a dependency analysis and prioritization rationale.
\end{enumerate}
\subsection{Paper Organization}
Section~\ref{sec:background} surveys existing IETF work and industry protocols relevant to autonomous agents. Section~\ref{sec:architecture} presents the reference architecture. Section~\ref{sec:gaps} details the eleven identified gaps. Section~\ref{sec:solutions} describes the companion draft roadmap. Section~\ref{sec:discussion} discusses cross-cutting themes and limitations. Section~\ref{sec:conclusion} concludes.
% ==================================================================
\section{Background and Related Work}
\label{sec:background}
\subsection{IETF Standards Landscape}
\subsubsection{WIMSE --- Workload Identity in Multi-System Environments}
The WIMSE working group addresses workload identity for services that span multiple systems and trust domains. Of particular relevance is the Execution Context Token (ECT) framework~\cite{id-wimse-ect}, which provides cryptographically signed tokens carrying task identity, delegated authority, and constraints across agent boundaries. ECTs build on the JSON Web Token (JWT)~\cite{rfc7519} format and are designed to propagate execution context through chains of delegated actions---a fundamental requirement for multi-agent workflows. However, ECTs address identity and context propagation without defining failure semantics, behavioral verification, or consensus mechanisms.
\subsubsection{RATS --- Remote ATtestation procedureS}
The RATS architecture~\cite{rfc9334} defines procedures for remote attestation, enabling a relying party to appraise the trustworthiness of a remote peer based on attestation evidence. RATS provides the conceptual foundation for verifiable claims about system state, but its scope is limited to platform and firmware integrity. It does not address the higher-level question of whether an agent's \emph{behavior}---as opposed to its platform---conforms to a declared policy. Extending RATS-style attestation to behavioral claims is one of the critical gaps identified in this analysis.
\subsubsection{OAuth 2.0 and GNAP}
The OAuth 2.0 authorization framework and the Grant Negotiation and Authorization Protocol (GNAP) provide mechanisms for delegated authorization. Transaction tokens and token exchange mechanisms are relevant to agent-to-agent delegation chains, where Agent~A delegates a subset of its authority to Agent~B. However, OAuth and GNAP are designed for human-initiated authorization flows and do not natively support the fully autonomous, multi-hop delegation patterns characteristic of agent ecosystems.
\subsubsection{SCITT --- Supply Chain Integrity, Transparency, and Trust}
SCITT defines transparency services based on append-only cryptographic logs. Its model is directly relevant to agent audit trails: each agent action could be recorded as a signed statement in a transparency log, enabling tamper-evident provenance tracking. However, SCITT does not define agent-specific audit semantics, causal ordering across agent actions, or cross-domain audit correlation.
\subsubsection{NMOP --- Network Management Operations}
The NMOP working group focuses on intent-based network management and autonomous network functions. Agent-driven network management is a primary use case for the gaps identified in this analysis: network agents that autonomously configure devices, respond to incidents, and optimize traffic must operate within strict safety boundaries with reliable override and rollback capabilities.
\subsection{Industry Protocols}
\subsubsection{Google A2A Protocol}
The Agent-to-Agent (A2A) protocol~\cite{a2a-protocol} defines a JSON-RPC-based mechanism for agents to discover each other's capabilities via ``Agent Cards'' and exchange tasks through structured messages. A2A provides useful abstractions for agent discovery and task delegation but does not address behavioral verification, cascade prevention, or cross-domain audit trails. Its capability advertisement mechanism is a partial solution to Gap~10 (Capability Negotiation) but lacks the policy-constrained semantics required for autonomous operations.
\subsubsection{Anthropic MCP}
The Model Context Protocol (MCP)~\cite{mcp-protocol} standardizes how LLM-based applications access external tools and data sources. MCP defines a client-server architecture where the LLM agent acts as a client requesting tool invocations, file access, and prompt templates from MCP servers. While MCP addresses the tool integration layer effectively, it operates within a single trust domain and does not define mechanisms for multi-agent coordination, cross-domain operations, or safety controls.
\subsubsection{Multi-Agent Frameworks}
AutoGen~\cite{autogen} and CrewAI~\cite{crewai} are representative of the emerging class of multi-agent orchestration frameworks. AutoGen provides a conversation-based programming model where multiple LLM agents collaborate through structured dialogues. CrewAI organizes agents into ``crews'' with defined roles, goals, and task assignments. Both frameworks demonstrate the practical need for the capabilities identified in our gap analysis but implement them through framework-specific mechanisms that are not interoperable.
\subsection{Academic Foundations}
\subsubsection{Multi-Agent Systems}
The multi-agent systems (MAS) literature~\cite{wooldridge2009multiagent,dorri2018mas-iot,jennings1998agent-applications} provides foundational models for agent communication, coordination, and negotiation. Classical work on contract nets, auction-based allocation, and belief-desire-intention (BDI) architectures informs the design of agent consensus protocols. However, translating these theoretical models into interoperable protocol standards for heterogeneous, cross-domain agent deployments remains an open problem.
\subsubsection{Distributed Consensus}
Consensus protocols such as Raft~\cite{ongaro2014raft}, Paxos~\cite{lamport1998paxos}, and PBFT~\cite{castro1999pbft} solve the problem of agreement in distributed systems. These protocols are designed for replicated state machines with homogeneous participants and well-defined failure models. Agent consensus differs fundamentally: participants are heterogeneous (different capabilities, trust levels, policies), the decision space is richer than choosing a single value, and the failure model includes semantic errors (an agent ``agrees'' but acts differently) in addition to crash and Byzantine failures.
\subsubsection{Federated Learning and Privacy}
Federated learning~\cite{mcmahan2017fedavg,kairouz2021fedlearning-advances} enables distributed model training without centralizing data. Differential privacy~\cite{dwork2006diffprivacy} provides formal privacy guarantees for statistical queries. Both are directly relevant to agents that share operational telemetry or learned models across organizational boundaries. However, no existing standard defines how these privacy-preserving techniques should be applied to agent-specific data types such as execution traces, behavioral profiles, and performance metrics.
\subsubsection{Circuit Breakers and Fault Tolerance}
The circuit breaker pattern, popularized by Nygard~\cite{nygard2018releaseit}, provides a mechanism for preventing cascade failures in distributed systems by detecting repeated failures and temporarily halting requests to a failing service. While widely adopted in microservice architectures, no protocol standard exists for circuit breaker semantics in agent-to-agent interactions, where the failure modes are richer (partial results, semantic errors, policy violations) and the containment boundaries span trust domains.
% ==================================================================
\section{Reference Architecture}
\label{sec:architecture}
We propose a layered reference architecture for autonomous agent ecosystems. The architecture comprises four principal layers plus an overarching human control layer, as depicted in Fig.~\ref{fig:arch}.
\begin{figure}[htbp]
\centering
\small
\begin{verbatim}
+-----------------------------------------------------------+
| HUMAN OPERATORS |
| [Override & HITL Layer -- GAP 7] |
+-----------------------------------------------------------+
| AGENT INTERACTION LAYER |
| +--------+ +--------+ +--------+ +--------+ |
| |Agent A |<>|Agent B |<>|Agent C |<>|Agent D | |
| +---+----+ +---+----+ +---+----+ +---+----+ |
| | GAP 3: | GAP 10: | GAP 1: | |
| | Consens. | Cap.Neg. | Behav.V. | |
+------+----------+----------+----------+-------------------+
| EXECUTION LAYER (ECT) |
| DAG Execution | Checkpoints | Rollback | Circuit Breakers |
| [GAP 2: Cascade Prevention] [GAP 4: Rollback] |
+-----------------------------------------------------------+
| POLICY & GOVERNANCE LAYER |
| ACP-DAG-HITL | Trust Scoring | Assurance Profiles |
| [GAP 5: Federated Privacy] [GAP 6: Cross-Domain Audit] |
+-----------------------------------------------------------+
| INFRASTRUCTURE LAYER |
| Identity | Discovery | Registration | Protocol Bridges |
| [GAP 8: Cross-Protocol] [GAP 9: Resource Accounting] |
| [GAP 11: Performance Benchmarking] |
+-----------------------------------------------------------+
\end{verbatim}
\caption{Agent Ecosystem Reference Architecture. Each layer identifies the gap areas addressed by this analysis.}
\label{fig:arch}
\end{figure}
\subsection{Human Control Layer}
The topmost layer provides human-in-the-loop (HITL) controls and override capabilities. This layer ensures that autonomous agents remain subject to human authority at all times. Gap~7 (Human Override Standardization) resides here. The layer interfaces with all lower layers: an override signal may halt execution (Execution Layer), revoke delegation (Policy Layer), or disconnect an agent from infrastructure services (Infrastructure Layer).
\subsection{Agent Interaction Layer}
This layer is where agents communicate, negotiate capabilities, reach consensus, and undergo behavioral verification. Three gaps reside here:
\begin{itemize}
\item \textbf{Gap~1 (Behavioral Verification):} Runtime verification that an agent's observed behavior conforms to its declared policy.
\item \textbf{Gap~3 (Consensus):} Multi-agent agreement on shared decisions.
\item \textbf{Gap~10 (Capability Negotiation):} Dynamic discovery and negotiation of agent capabilities.
\end{itemize}
Industry protocols A2A~\cite{a2a-protocol} and MCP~\cite{mcp-protocol} partially address this layer but lack the safety and governance semantics required for autonomous operation.
\subsection{Execution Layer}
The Execution Layer manages DAG-structured agent workflows. Execution Context Tokens (ECTs)~\cite{id-wimse-ect} carry delegated authority and task context through the execution graph. Two gaps are critical at this layer:
\begin{itemize}
\item \textbf{Gap~2 (Cascade Prevention):} Circuit breakers, failure isolation, and cascade containment for multi-agent workflows.
\item \textbf{Gap~4 (Rollback):} Standardized checkpointing and undo semantics that work across agent and domain boundaries.
\end{itemize}
\subsection{Policy and Governance Layer}
This layer enforces organizational policies, privacy requirements, and compliance constraints. The Agent Context Policy (ACP) framework~\cite{id-dag-hitl-safety} defines per-agent policy documents specifying permitted behaviors, resource limits, and escalation rules. Gaps at this layer include:
\begin{itemize}
\item \textbf{Gap~5 (Federated Privacy):} Privacy guarantees for agents that share operational data or participate in federated learning across domains.
\item \textbf{Gap~6 (Cross-Domain Audit):} End-to-end tamper-evident audit trails across organizational boundaries.
\end{itemize}
\subsection{Infrastructure Layer}
The bottom layer provides foundational services: identity, discovery, registration, and protocol bridging. Remaining gaps reside here:
\begin{itemize}
\item \textbf{Gap~8 (Cross-Protocol Migration):} Preserving agent context across heterogeneous protocol environments.
\item \textbf{Gap~9 (Resource Accounting):} Tracking and reconciling agent resource consumption across domains.
\item \textbf{Gap~11 (Performance Benchmarking):} Standardized metrics for evaluating agent performance.
\end{itemize}
% ==================================================================
\section{Gap Analysis}
\label{sec:gaps}
We identify eleven gaps in the current standards landscape, classified into three severity levels:
\begin{itemize}
\item \textbf{CRITICAL:} No existing standard addresses the problem; failure to standardize poses immediate safety or interoperability risks.
\item \textbf{HIGH:} Partial coverage exists but is insufficient for production autonomous agent deployments.
\item \textbf{MEDIUM:} The gap affects efficiency or completeness but does not pose immediate safety risks.
\end{itemize}
Table~\ref{tab:gap-summary} provides an overview.
\begin{table}[htbp]
\centering
\caption{Summary of Identified Gaps}
\label{tab:gap-summary}
\small
\begin{tabular}{@{}clll@{}}
\toprule
\textbf{Gap} & \textbf{Name} & \textbf{Severity} & \textbf{Category} \\
\midrule
1 & Behavioral Verification & CRITICAL & AI Safety \\
2 & Cascade Prevention & CRITICAL & Safety/Resilience \\
\midrule
3 & Multi-Agent Consensus & HIGH & A2A Protocols \\
4 & Real-Time Rollback & HIGH & Resilience \\
5 & Federated Privacy & HIGH & Privacy \\
6 & Cross-Domain Audit & HIGH & Compliance \\
7 & Human Override & HIGH & AI Safety \\
\midrule
8 & Cross-Protocol Migration & MEDIUM & Interoperability \\
9 & Resource Accounting & MEDIUM & Operations \\
10 & Capability Negotiation & MEDIUM & A2A Protocols \\
11 & Performance Benchmarking & MEDIUM & Metrics \\
\bottomrule
\end{tabular}
\end{table}
% ------------------------------------------------------------------
\subsection{CRITICAL Gaps}
\subsubsection{Gap 1: Agent Behavioral Verification}
\label{sec:gap1}
\paragraph{Problem Statement}
Autonomous agents operating in production environments lack any standardized mechanism for runtime verification of policy compliance. While RATS~\cite{rfc9334} provides attestation for platform integrity---verifying that firmware and software have not been tampered with---no equivalent exists for verifying that an agent's \emph{observed behavior} conforms to its declared behavioral profile or policy constraints.
\paragraph{Evidence and Examples}
Consider a network management agent authorized to modify BGP route policies within defined parameters. Without behavioral verification, there is no protocol-level mechanism to detect that the agent has begun modifying routes outside its authorized scope, whether due to prompt injection, model drift, or adversarial manipulation. The operator learns of the violation only through its downstream effects---potentially after significant damage.
In multi-agent workflows, the problem compounds: Agent~B trusts the output of Agent~A because Agent~A holds valid credentials, but those credentials attest only to Agent~A's identity, not to the correctness of its behavior. A misbehaving Agent~A can corrupt the entire downstream workflow while remaining ``authenticated.''
\paragraph{Impact Assessment}
Undetected policy violations could cause safety incidents, data breaches, or cascading failures in critical infrastructure. In regulated industries, the inability to verify agent compliance creates an insurmountable barrier to deployment.
\paragraph{Existing Partial Solutions}
RATS~\cite{rfc9334} provides the conceptual model (Attester, Verifier, Relying Party) but scopes it to platform integrity. The ACP-DAG-HITL framework~\cite{id-dag-hitl-safety} defines policies but not verification mechanisms. Runtime monitoring tools exist in practice but use proprietary, non-interoperable formats.
% ------------------------------------------------------------------
\subsubsection{Gap 2: Agent Failure Cascade Prevention}
\label{sec:gap2}
\paragraph{Problem Statement}
Multi-agent workflows create dependency chains where a failure in one agent propagates to downstream agents, causing cascade failures. No standardized mechanism exists for circuit breakers~\cite{nygard2018releaseit}, failure isolation, or cascade containment in agent-to-agent interactions.
\paragraph{Evidence and Examples}
Current practice relies on ad-hoc timeout and retry logic that is neither interoperable nor sufficient for complex DAG-structured workflows. In a network management scenario, an agent responsible for collecting telemetry data may fail due to a device timeout. Without cascade containment, the configuration agent waiting for this telemetry proceeds with stale data, the validation agent rubber-stamps the stale configuration, and the deployment agent pushes an incorrect configuration to production routers.
The microservices community has adopted circuit breaker patterns~\cite{nygard2018releaseit}, but these operate at the HTTP request level and do not capture the richer failure semantics of agent interactions: partial results (an agent completed 3 of 5 sub-tasks), semantic errors (an agent returned syntactically valid but logically incorrect output), and policy violations that should trigger containment.
\paragraph{Impact Assessment}
A single agent failure could cascade through an entire multi-agent deployment, causing widespread service disruption with no automated containment. This risk is especially acute in network management, where agent failures can propagate to affect live network operations.
\paragraph{Existing Partial Solutions}
ECTs~\cite{id-wimse-ect} provide execution context but no failure containment semantics. Framework-specific implementations (e.g., AutoGen's~\cite{autogen} error handling) are not interoperable across vendors.
% ------------------------------------------------------------------
\subsection{HIGH Gaps}
\subsubsection{Gap 3: Multi-Agent Consensus Protocols}
\label{sec:gap3}
\paragraph{Problem Statement}
When multiple agents must agree on a shared decision---a network configuration change, a resource allocation plan, or a coordinated incident response---no standardized consensus protocol exists for agent-to-agent agreement.
\paragraph{Evidence and Examples}
Distributed systems consensus protocols (Raft~\cite{ongaro2014raft}, Paxos~\cite{lamport1998paxos}, PBFT~\cite{castro1999pbft}) are designed for replicated state machines with homogeneous participants. Agent consensus differs fundamentally: participants are heterogeneous with different capabilities, trust levels, and policy constraints. Agent consensus requires additional semantics such as weighted voting based on expertise or trust scores, capability-based participation where only qualified agents vote on domain-specific decisions, and policy-constrained proposals where proposed decisions must satisfy all participants' policy constraints.
\paragraph{Impact Assessment}
Without standard consensus protocols, multi-vendor agent deployments cannot coordinate decisions, limiting autonomous agents to single-vendor silos or requiring expensive custom integration.
\paragraph{Existing Partial Solutions}
No existing IETF work directly addresses multi-agent consensus. The MAS literature~\cite{wooldridge2009multiagent} provides theoretical models but not interoperable protocol specifications.
% ------------------------------------------------------------------
\subsubsection{Gap 4: Real-Time Agent Rollback Mechanisms}
\label{sec:gap4}
\paragraph{Problem Statement}
When an autonomous agent takes an action with unintended consequences, no standardized mechanism exists for rolling back the action and restoring the previous state. Rollback requires standardized checkpointing, state snapshots, and undo semantics that work across agent boundaries and administrative domains.
\paragraph{Evidence and Examples}
NETCONF~\cite{rfc6241} provides confirmed-commit with automatic rollback for configuration changes, but this is specific to the NETCONF protocol and device configurations. An agent that has invoked an API, sent a notification, allocated cloud resources, and modified a database cannot undo these heterogeneous actions using NETCONF's rollback. In multi-agent workflows, coordinated rollback is even harder: multiple agents may have taken dependent actions that must be reversed as a unit (a distributed saga pattern) without a standard protocol for coordinating the undo sequence.
\paragraph{Impact Assessment}
Operators cannot safely deploy autonomous agents for critical operations without maintaining manual intervention capability for every action, negating much of the value of autonomy.
\paragraph{Existing Partial Solutions}
NETCONF confirmed-commit provides rollback for configuration changes only~\cite{rfc6241}. The saga pattern is well-known in distributed systems but lacks a standard protocol binding for agent interactions.
% ------------------------------------------------------------------
\subsubsection{Gap 5: Federated Agent Learning Privacy}
\label{sec:gap5}
\paragraph{Problem Statement}
Agents participating in federated learning~\cite{mcmahan2017fedavg} or sharing operational data across administrative domains require privacy guarantees beyond transport encryption. No IETF specification addresses differential privacy parameters~\cite{dwork2006diffprivacy} for shared agent telemetry, data minimization for cross-domain agent data, or consent management for federated agent learning.
\paragraph{Evidence and Examples}
Network management agents across ISPs could benefit from federated learning of anomaly detection models without sharing raw traffic data. However, even model updates can leak information about network topology and traffic patterns~\cite{kairouz2021fedlearning-advances}. Without standardized privacy controls, organizations must choose between participating in federated ecosystems (accepting privacy risks) or operating in isolation (forgoing collaborative benefits).
\paragraph{Impact Assessment}
Organizations will be unable to participate in federated agent ecosystems without unacceptable privacy risks, limiting the value of multi-domain agent deployments.
\paragraph{Existing Partial Solutions}
General privacy frameworks exist but none address the specific data types and threat models of agent-to-agent federated learning.
% ------------------------------------------------------------------
\subsubsection{Gap 6: Cross-Domain Agent Audit Trails}
\label{sec:gap6}
\paragraph{Problem Statement}
When agents operate across multiple administrative domains, their actions must be auditable end-to-end. No standardized format exists for cross-domain agent audit trails that preserves causal ordering, links related actions across domain boundaries, and provides tamper-evident logging.
\paragraph{Evidence and Examples}
Execution Audit Tokens~\cite{id-exec-audit} provide per-action audit records, and SCITT provides transparency log primitives, but no standard defines how these records are aggregated, correlated, and queried across domains. A compliance auditor investigating an incident involving agents from three organizations currently has no standard way to reconstruct the end-to-end sequence of agent actions, verify that no records are missing, or confirm the causal relationships between actions in different domains.
Regulatory and compliance requirements (e.g., the EU AI Act) increasingly demand end-to-end audit trails for automated decision-making, making this gap urgent for enterprise deployments.
\paragraph{Impact Assessment}
Organizations cannot demonstrate compliance for cross-domain agent operations, blocking adoption in regulated industries including financial services, healthcare, and telecommunications.
\paragraph{Existing Partial Solutions}
SCITT provides transparency log primitives. Execution Audit Tokens~\cite{id-exec-audit} define per-action audit records. Neither addresses cross-domain correlation or causal ordering.
% ------------------------------------------------------------------
\subsubsection{Gap 7: Human Override Standardization}
\label{sec:gap7}
\paragraph{Problem Statement}
Autonomous agents must always be subject to human override, but no cross-vendor protocol exists for sending override signals to agents. Required override types include emergency stop (immediate halt), graceful pause (complete current step then halt), parameter modification (adjust constraints while running), and forced rollback (undo recent actions).
\paragraph{Evidence and Examples}
The ACP-DAG-HITL framework~\cite{id-dag-hitl-safety} defines \emph{when} human approval is required (policy gates in the DAG execution plan) but does not specify the \emph{protocol} for delivering override signals to a running agent. In a multi-vendor deployment, if Agent~A (from Vendor~X) misbehaves and the management platform (from Vendor~Y) needs to issue an emergency stop, there is no standard message format, delivery mechanism, or acknowledgment protocol.
The absence of standard override creates an asymmetric safety risk: more capable agents that can take more impactful actions are precisely the ones that are hardest to stop if something goes wrong.
\paragraph{Impact Assessment}
Operators lose the ability to control autonomous agents in emergency situations, creating unacceptable safety risks for any deployment beyond sandboxed experimentation.
\paragraph{Existing Partial Solutions}
ACP-DAG-HITL~\cite{id-dag-hitl-safety} defines HITL policies but not override delivery. Vendor-specific kill switches exist but are not interoperable.
% ------------------------------------------------------------------
\subsection{MEDIUM Gaps}
\subsubsection{Gap 8: Cross-Protocol Agent Migration}
\label{sec:gap8}
\paragraph{Problem Statement}
Agents may need to migrate between protocol environments (e.g., from an A2A-based system~\cite{a2a-protocol} to an MCP-based system~\cite{mcp-protocol}) while preserving execution context, identity, and accumulated state. No standard defines how agent context is translated or preserved across protocol boundaries.
\paragraph{Impact Assessment}
Agent deployments become fragmented across protocol silos, reducing interoperability and increasing operational complexity. As the protocol landscape matures and consolidates, lack of migration support will strand early adopters.
\paragraph{Existing Partial Solutions}
ECTs~\cite{id-wimse-ect} provide a protocol-neutral context token but do not define migration procedures.
% ------------------------------------------------------------------
\subsubsection{Gap 9: Agent Resource Accounting and Billing}
\label{sec:gap9}
\paragraph{Problem Statement}
Autonomous agents consume computational, network, and API resources across administrative domains. No standardized mechanism exists for tracking, reporting, and reconciling resource consumption by agents, especially in multi-domain scenarios where an agent's actions incur costs in domains other than its own.
\paragraph{Impact Assessment}
Organizations cannot accurately track or bill for agent resource consumption, hindering the development of sustainable commercial multi-domain agent ecosystems.
\paragraph{Existing Partial Solutions}
No existing IETF work addresses agent-specific resource accounting. Cloud provider billing APIs exist but are domain-specific and do not correlate consumption with agent identity or execution context.
% ------------------------------------------------------------------
\subsubsection{Gap 10: Agent Capability Negotiation}
\label{sec:gap10}
\paragraph{Problem Statement}
When agents interact, they need to discover and negotiate each other's capabilities dynamically. No standardized capability negotiation protocol exists for agents to advertise their functions, agree on interaction protocols, and establish compatible communication parameters.
Well-Known URIs~\cite{rfc8615} and HTTP content negotiation~\cite{rfc9110} provide basic discovery primitives, but agent capability negotiation requires richer semantics: versioned capability declarations, conditional capabilities that depend on policy or context, and mutual negotiation where both parties agree on a compatible interaction profile.
\paragraph{Impact Assessment}
Agent interactions require pre-configured knowledge of peer capabilities, limiting dynamic composition and ad-hoc agent collaboration.
\paragraph{Existing Partial Solutions}
A2A Agent Cards~\cite{a2a-protocol} provide capability advertisement but without policy-constrained negotiation semantics. HTTP content negotiation~\cite{rfc9110} provides basic media type negotiation but not agent-capability-level negotiation.
% ------------------------------------------------------------------
\subsubsection{Gap 11: Agent Performance Benchmarking}
\label{sec:gap11}
\paragraph{Problem Statement}
No standardized metrics or benchmarking methodology exists for evaluating autonomous agent performance. Agent performance spans multiple dimensions: task completion accuracy, latency, resource efficiency, safety compliance rate, and behavioral consistency. Without common metrics, operators cannot compare agent implementations, set performance baselines, or detect performance degradation over time.
\paragraph{Impact Assessment}
Operators cannot objectively evaluate or compare autonomous agent implementations, hindering procurement and deployment decisions.
\paragraph{Existing Partial Solutions}
No existing IETF work addresses agent performance benchmarking. ML model evaluation benchmarks exist but do not address the operational performance dimensions unique to autonomous agents.
% ==================================================================
\section{Proposed Solution Framework}
\label{sec:solutions}
To address the identified gaps, we have developed six companion Internet-Drafts. Table~\ref{tab:roadmap} maps each draft to the gaps it addresses.
\begin{table}[htbp]
\centering
\caption{Companion Draft Roadmap}
\label{tab:roadmap}
\small
\begin{tabular}{@{}p{4.2cm}cc@{}}
\toprule
\textbf{Companion Draft} & \textbf{Gaps} & \textbf{Priority} \\
\midrule
Behavioral Verification~\cite{id-behavioral-verification} & 1, 11 & CRITICAL \\
Cascade Prevention~\cite{id-cascade-prevention} & 2, 4 & CRITICAL \\
\midrule
Consensus Protocol~\cite{id-consensus} & 3, 10 & HIGH \\
Cross-Domain Audit~\cite{id-cross-domain-audit} & 6, 9 & HIGH \\
Override Protocol~\cite{id-override-protocol} & 7 & HIGH \\
Federation Privacy~\cite{id-federation-privacy} & 5, 8 & HIGH \\
\bottomrule
\end{tabular}
\end{table}
\subsection{Companion A: Behavioral Verification}
The Agent Behavioral Verification draft~\cite{id-behavioral-verification} extends the RATS attestation model to agent behavior. It defines behavioral profiles (machine-readable descriptions of permitted agent actions), verification evidence formats (signed attestations of observed behavior), and appraisal procedures for comparing observed behavior against declared profiles. This draft also addresses Gap~11 by defining standardized performance metrics that can be included in behavioral attestations.
\subsection{Companion B: Cascade Prevention}
The Agent Failure Cascade Prevention draft~\cite{id-cascade-prevention} defines protocol-level circuit breakers, failure isolation boundaries, and coordinated rollback for multi-agent DAG workflows. Circuit breaker states (Closed, Open, Half-Open) are communicated between agents using standardized health signals. The draft also addresses Gap~4 (Rollback) by defining checkpoint and undo semantics for agent actions.
\subsection{Companion C: Consensus Protocol}
The Multi-Agent Consensus draft~\cite{id-consensus} defines a consensus protocol tailored to heterogeneous agents. It supports weighted voting, capability-based participation, and policy-constrained proposals. The protocol builds on classical consensus theory~\cite{ongaro2014raft,lamport1998paxos} while adding agent-specific extensions. This draft also addresses Gap~10 by defining capability negotiation as a precursor to consensus formation.
\subsection{Companion D: Cross-Domain Audit}
The Cross-Domain Agent Audit Trails draft~\cite{id-cross-domain-audit} defines a standard format for cross-domain audit records with causal ordering (Lamport timestamps and vector clocks), domain boundary linkage, and tamper-evident aggregation using Merkle trees. The draft builds on SCITT transparency log primitives and Execution Audit Tokens~\cite{id-exec-audit}. It also addresses Gap~9 by including resource consumption records in the audit trail.
\subsection{Companion E: Override Protocol}
The Standardized Human Override Protocol~\cite{id-override-protocol} defines message formats and delivery mechanisms for four override types: emergency stop, graceful pause, parameter modification, and forced rollback. The protocol supports multi-vendor environments with standard acknowledgment semantics and escalation procedures when an agent fails to respond to an override signal.
\subsection{Companion F: Federation Privacy}
The Federated Agent Learning Privacy draft~\cite{id-federation-privacy} defines privacy controls for agents sharing data across domains, including differential privacy parameters for agent telemetry, data minimization profiles, and consent management. The draft also addresses Gap~8 (Cross-Protocol Migration) by defining context preservation mechanisms for agents moving between protocol environments.
\subsection{Dependency Analysis}
The companion drafts have the following dependency structure:
\begin{itemize}
\item \textbf{Behavioral Verification} (A) is foundational: its attestation format is used by Cascade Prevention (B) and Cross-Domain Audit (D).
\item \textbf{Cascade Prevention} (B) defines failure containment that Override Protocol (E) builds upon.
\item \textbf{Consensus} (C) extends behavioral verification with multi-agent agreement.
\item \textbf{Cross-Domain Audit} (D) provides the audit infrastructure that Federation Privacy (F) adds privacy controls to.
\end{itemize}
This dependency ordering implies a natural implementation sequence: A $\rightarrow$ B $\rightarrow$ E and A $\rightarrow$ D $\rightarrow$ F, with C depending on A.
% ==================================================================
\section{Discussion}
\label{sec:discussion}
\subsection{Cross-Cutting Themes}
Several themes cut across multiple gaps:
\paragraph{Trust Propagation}
Gaps~1, 3, 5, 6, and 7 all involve trust relationships that must be established, verified, and maintained across agent and domain boundaries. The ECT~\cite{id-wimse-ect} provides a foundation for trust propagation, but the gaps reveal that identity-based trust is necessary but not sufficient---behavioral trust, consensus-based trust, and audit-verified trust are equally important.
\paragraph{Safety vs.\ Autonomy Trade-off}
Gaps~1, 2, 4, and 7 reflect the fundamental tension between agent autonomy and safety. Greater autonomy enables more valuable agent applications but increases the risk and blast radius of failures. The companion drafts collectively define a ``safety envelope'' that enables autonomy within verified boundaries.
\paragraph{Cross-Domain Operations}
Gaps~5, 6, 8, and 9 all involve operations that cross organizational boundaries. Cross-domain agent operations are where the most valuable applications lie (federated network management, multi-cloud orchestration, supply-chain automation) but also where the standards gaps are most acute.
\subsection{Prioritization Rationale}
The severity classification reflects two criteria:
\begin{enumerate}
\item \textbf{Safety Impact:} Gaps that could lead to safety incidents if unaddressed are rated CRITICAL or HIGH.
\item \textbf{Blocking Effect:} Gaps that prevent entire classes of agent deployments are rated higher than those that merely reduce efficiency.
\end{enumerate}
Gaps~1 and 2 are CRITICAL because they represent fundamental safety requirements: without behavioral verification (Gap~1), operators cannot trust agents, and without cascade prevention (Gap~2), a single failure can cause widespread disruption. Gap~7 (Human Override) is rated HIGH rather than CRITICAL because manual, vendor-specific overrides exist as imperfect stopgaps; the gap is in interoperability, not in the complete absence of override capability.
\subsection{Relationship to Industry Protocols}
The A2A~\cite{a2a-protocol} and MCP~\cite{mcp-protocol} protocols address important aspects of agent communication but operate at a different layer than the gaps identified here. A2A focuses on task-level agent interaction; MCP focuses on tool integration. Neither addresses the safety, governance, and cross-domain concerns that constitute the majority of our identified gaps. We view the companion drafts as complementary to industry protocols: A2A and MCP handle the ``what'' of agent communication, while the companion drafts address the ``how safely'' and ``how accountably.''
\subsection{Limitations}
This analysis has several limitations:
\begin{enumerate}
\item \textbf{Evolving Landscape.} The agent protocol landscape is evolving rapidly. New standards and industry protocols may address some identified gaps by the time the companion drafts reach maturity.
\item \textbf{Implementation Validation.} The gap analysis is based on specification review and architectural analysis, not on experimental evaluation of prototype implementations. Some gaps may prove easier or harder to address in practice than our analysis suggests.
\item \textbf{Scope.} We focus on IETF-style protocol standards and do not analyze gaps in other standardization bodies (W3C, IEEE, ISO) that may also be relevant to autonomous agents.
\item \textbf{Single-Author Perspective.} While informed by discussions in multiple IETF working groups, this analysis reflects a single researcher's assessment. Community review may identify additional gaps or disagree with severity classifications.
\end{enumerate}
% ==================================================================
\section{Conclusion and Future Work}
\label{sec:conclusion}
We have presented a systematic gap analysis of IETF standards for autonomous AI agent protocols. Our analysis identified eleven specific gaps across four severity categories, organized within a four-layer reference architecture. The two CRITICAL gaps---behavioral verification and cascade prevention---represent fundamental safety requirements that must be addressed before autonomous agents can be deployed responsibly in production environments.
Six companion Internet-Drafts have been developed to address the most pressing gaps, with a dependency-ordered implementation roadmap. These drafts are designed to be complementary to existing IETF work (WIMSE, RATS, SCITT) and to industry protocols (A2A, MCP).
Future work includes:
\begin{itemize}
\item \textbf{Prototype Implementation:} Building reference implementations of the companion drafts to validate feasibility and identify specification gaps.
\item \textbf{Interoperability Testing:} Developing an interoperability test suite for multi-vendor agent deployments using the proposed standards.
\item \textbf{Formal Verification:} Applying formal methods to verify safety properties of the proposed protocols, particularly the cascade prevention and override mechanisms.
\item \textbf{Performance Evaluation:} Measuring the overhead introduced by behavioral verification, audit logging, and consensus protocols in realistic agent workloads.
\item \textbf{Community Engagement:} Presenting this analysis to relevant IETF working groups (WIMSE, RATS, NMOP) to solicit feedback and build consensus on prioritization.
\end{itemize}
The autonomous agent ecosystem is at an inflection point: capable enough to deliver real value, but lacking the protocol-level safety and governance infrastructure needed for responsible deployment. Closing the gaps identified in this analysis is essential for realizing the potential of autonomous agents while maintaining the safety and accountability that critical infrastructure demands.
% ==================================================================
\section*{Acknowledgments}
The author thanks the participants of the WIMSE, RATS, and NMOP working groups for discussions that informed this analysis.
% ==================================================================
% Switch to IEEEtran for final arXiv submission:
% \bibliographystyle{IEEEtran}
\bibliographystyle{plain}
\bibliography{references}
\end{document}

316
workspace/drafts/gap-analysis/arxiv/references.bib Normal file
View File

@@ -0,0 +1,316 @@
% ============================================================
% RFCs
% ============================================================
@misc{rfc2119,
author = {Scott Bradner},
title = {Key words for use in {RFCs} to Indicate Requirement Levels},
howpublished = {RFC 2119},
month = mar,
year = 1997,
publisher = {RFC Editor},
doi = {10.17487/RFC2119},
url = {https://www.rfc-editor.org/rfc/rfc2119},
}
@misc{rfc8174,
author = {Barry Leiba},
title = {Ambiguity of Uppercase vs Lowercase in {RFC} 2119 Key Words},
howpublished = {RFC 8174},
month = may,
year = 2017,
publisher = {RFC Editor},
doi = {10.17487/RFC8174},
url = {https://www.rfc-editor.org/rfc/rfc8174},
}
@misc{rfc9334,
author = {Henk Birkholz and Dave Thaler and Michael Richardson and Ned Smith and Wei Pan},
title = {Remote {ATtestation} Procedures ({RATS}) Architecture},
howpublished = {RFC 9334},
month = jan,
year = 2023,
publisher = {RFC Editor},
doi = {10.17487/RFC9334},
url = {https://www.rfc-editor.org/rfc/rfc9334},
}
@misc{rfc7519,
author = {Michael Jones and John Bradley and Nat Sakimura},
title = {{JSON} Web Token ({JWT})},
howpublished = {RFC 7519},
month = may,
year = 2015,
publisher = {RFC Editor},
doi = {10.17487/RFC7519},
url = {https://www.rfc-editor.org/rfc/rfc7519},
}
@misc{rfc9110,
author = {Roy Fielding and Mark Nottingham and Julian Reschke},
title = {{HTTP} Semantics},
howpublished = {RFC 9110},
month = jun,
year = 2022,
publisher = {RFC Editor},
doi = {10.17487/RFC9110},
url = {https://www.rfc-editor.org/rfc/rfc9110},
}
@misc{rfc8615,
author = {Mark Nottingham},
title = {Well-Known Uniform Resource Identifiers ({URIs})},
howpublished = {RFC 8615},
month = may,
year = 2019,
publisher = {RFC Editor},
doi = {10.17487/RFC8615},
url = {https://www.rfc-editor.org/rfc/rfc8615},
}
@misc{rfc6241,
author = {Rob Enns and Martin Bjorklund and Juergen Schoenwaelder and Andy Bierman},
title = {Network Configuration Protocol ({NETCONF})},
howpublished = {RFC 6241},
month = jun,
year = 2011,
publisher = {RFC Editor},
doi = {10.17487/RFC6241},
url = {https://www.rfc-editor.org/rfc/rfc6241},
}
% ============================================================
% IETF Internet-Drafts (companion drafts)
% ============================================================
@misc{id-wimse-ect,
author = {Christian Nennemann},
title = {Execution Context Tokens for Distributed Agentic Workflows},
howpublished = {Internet-Draft draft-nennemann-wimse-ect},
year = 2025,
url = {https://datatracker.ietf.org/doc/draft-nennemann-wimse-ect/},
}
@misc{id-dag-hitl-safety,
author = {Christian Nennemann},
title = {Agent Context Policy Token: {DAG} Delegation with Human Override},
howpublished = {Internet-Draft draft-nennemann-agent-dag-hitl-safety},
year = 2025,
url = {https://datatracker.ietf.org/doc/draft-nennemann-agent-dag-hitl-safety/},
}
@misc{id-exec-audit,
author = {Christian Nennemann},
title = {Cross-Domain Execution Audit Tokens},
howpublished = {Internet-Draft draft-nennemann-exec-audit},
year = 2025,
url = {https://datatracker.ietf.org/doc/draft-nennemann-exec-audit/},
}
@misc{id-behavioral-verification,
author = {Christian Nennemann},
title = {Agent Behavioral Verification and Performance Benchmarking},
howpublished = {Internet-Draft draft-nennemann-agent-behavioral-verification},
year = 2025,
url = {https://datatracker.ietf.org/doc/draft-nennemann-agent-behavioral-verification/},
}
@misc{id-cascade-prevention,
author = {Christian Nennemann},
title = {Agent Failure Cascade Prevention and Rollback},
howpublished = {Internet-Draft draft-nennemann-agent-cascade-prevention},
year = 2025,
url = {https://datatracker.ietf.org/doc/draft-nennemann-agent-cascade-prevention/},
}
@misc{id-consensus,
author = {Christian Nennemann},
title = {Multi-Agent Consensus and Capability Negotiation Protocols},
howpublished = {Internet-Draft draft-nennemann-agent-consensus},
year = 2025,
url = {https://datatracker.ietf.org/doc/draft-nennemann-agent-consensus/},
}
@misc{id-cross-domain-audit,
author = {Christian Nennemann},
title = {Cross-Domain Agent Audit Trails and Resource Accounting},
howpublished = {Internet-Draft draft-nennemann-agent-cross-domain-audit},
year = 2025,
url = {https://datatracker.ietf.org/doc/draft-nennemann-agent-cross-domain-audit/},
}
@misc{id-override-protocol,
author = {Christian Nennemann},
title = {Standardized Human Override Protocol for Autonomous Agents},
howpublished = {Internet-Draft draft-nennemann-agent-override-protocol},
year = 2025,
url = {https://datatracker.ietf.org/doc/draft-nennemann-agent-override-protocol/},
}
@misc{id-federation-privacy,
author = {Christian Nennemann},
title = {Federated Agent Learning Privacy and Cross-Protocol Migration},
howpublished = {Internet-Draft draft-nennemann-agent-federation-privacy},
year = 2025,
url = {https://datatracker.ietf.org/doc/draft-nennemann-agent-federation-privacy/},
}
@misc{id-gap-analysis,
author = {Christian Nennemann},
title = {Gap Analysis for Autonomous Agent Protocols},
howpublished = {Internet-Draft draft-nennemann-agent-gap-analysis-00},
year = 2025,
url = {https://datatracker.ietf.org/doc/draft-nennemann-agent-gap-analysis/},
}
% ============================================================
% Industry protocols
% ============================================================
@misc{a2a-protocol,
author = {{Google}},
title = {Agent-to-Agent ({A2A}) Protocol Specification},
year = 2025,
url = {https://google.github.io/A2A/},
note = {Open specification for agent interoperability},
}
@misc{mcp-protocol,
author = {{Anthropic}},
title = {Model Context Protocol ({MCP}) Specification},
year = 2024,
url = {https://modelcontextprotocol.io/},
note = {Open protocol for LLM tool and context integration},
}
@misc{autogen,
author = {Qingyun Wu and Gagan Bansal and Jieyu Zhang and Yiran Wu and Beibin Li and Erkang Zhu and Li Jiang and Xiaoyun Zhang and Chi Wang},
title = {{AutoGen}: Enabling Next-Gen {LLM} Applications via Multi-Agent Conversation},
year = 2023,
eprint = {2308.08155},
archiveprefix = {arXiv},
primaryclass = {cs.AI},
}
@misc{crewai,
author = {{crewAI Inc.}},
title = {{CrewAI}: Framework for Orchestrating Role-Playing Autonomous {AI} Agents},
year = 2024,
url = {https://www.crewai.com/},
}
% ============================================================
% Academic references
% ============================================================
@article{ongaro2014raft,
author = {Diego Ongaro and John Ousterhout},
title = {In Search of an Understandable Consensus Algorithm},
journal = {Proceedings of the 2014 USENIX Annual Technical Conference (ATC)},
pages = {305--319},
year = 2014,
}
@article{lamport1998paxos,
author = {Leslie Lamport},
title = {The Part-Time Parliament},
journal = {ACM Transactions on Computer Systems},
volume = 16,
number = 2,
pages = {133--169},
year = 1998,
doi = {10.1145/279227.279229},
}
@article{castro1999pbft,
author = {Miguel Castro and Barbara Liskov},
title = {Practical {Byzantine} Fault Tolerance},
journal = {Proceedings of the Third Symposium on Operating Systems Design and Implementation (OSDI)},
pages = {173--186},
year = 1999,
}
@book{nygard2018releaseit,
author = {Michael T. Nygard},
title = {Release It!: Design and Deploy Production-Ready Software},
publisher = {Pragmatic Bookshelf},
edition = {2nd},
year = 2018,
isbn = {978-1680502398},
}
@article{mcmahan2017fedavg,
author = {Brendan McMahan and Eider Moore and Daniel Ramage and Seth Hampson and Blaise Ag{\"u}era y Arcas},
title = {Communication-Efficient Learning of Deep Networks from Decentralized Data},
journal = {Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS)},
pages = {1273--1282},
year = 2017,
}
@article{dwork2006diffprivacy,
author = {Cynthia Dwork},
title = {Differential Privacy},
journal = {Proceedings of the 33rd International Colloquium on Automata, Languages and Programming (ICALP)},
pages = {1--12},
year = 2006,
doi = {10.1007/11787006_1},
}
@article{wooldridge2009multiagent,
author = {Michael Wooldridge},
title = {An Introduction to {MultiAgent} Systems},
publisher = {John Wiley \& Sons},
edition = {2nd},
year = 2009,
isbn = {978-0470519462},
}
@article{dorri2018mas-iot,
author = {Ali Dorri and Salil S. Kanhere and Raja Jurdak},
title = {Multi-Agent Systems: A Survey},
journal = {IEEE Access},
volume = 6,
pages = {28573--28593},
year = 2018,
doi = {10.1109/ACCESS.2018.2831228},
}
@inproceedings{jennings1998agent-applications,
author = {Nicholas R. Jennings and Katia Sycara and Michael Wooldridge},
title = {A Roadmap of Agent Research and Development},
booktitle = {Autonomous Agents and Multi-Agent Systems},
volume = 1,
number = 1,
pages = {7--38},
year = 1998,
}
@article{kairouz2021fedlearning-advances,
author = {Peter Kairouz and H. Brendan McMahan and others},
title = {Advances and Open Problems in Federated Learning},
journal = {Foundations and Trends in Machine Learning},
volume = 14,
number = {1--2},
pages = {1--210},
year = 2021,
doi = {10.1561/2200000083},
}
@inproceedings{wang2024survey-llm-agents,
author = {Lei Wang and Chen Ma and Xueyang Feng and others},
title = {A Survey on Large Language Model based Autonomous Agents},
booktitle = {Frontiers of Computer Science},
volume = 18,
number = 6,
year = 2024,
doi = {10.1007/s11704-024-40231-1},
}
@misc{openai2023gpt4,
author = {{OpenAI}},
title = {{GPT-4} Technical Report},
year = 2023,
eprint = {2303.08774},
archiveprefix = {arXiv},
primaryclass = {cs.CL},
}