c/ietf-draft-analyzer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add draft data, gap analysis report, and workspace config
Some checks failed
CI / test (3.11) (push) Failing after 1m37s
Details
CI / test (3.12) (push) Failing after 57s
Details

Browse Source
This commit is contained in:
Christian Nennemann
2026-04-06 18:47:15 +02:00
parent 4f310407b0
commit 2506b6325a
189 changed files with 62649 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

862
workspace/drafts/gap-analysis/draft-nennemann-agent-problem-statement-00.xml Normal file
View File

@@ -0,0 +1,862 @@
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.31 (Ruby 3.4.8) -->
<!DOCTYPE rfc [
<!ENTITY nbsp "&#160;">
<!ENTITY zwsp "&#8203;">
<!ENTITY nbhy "&#8209;">
<!ENTITY wj "&#8288;">
]>
<rfc ipr="trust200902" docName="draft-nennemann-agent-problem-statement-00" category="info" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true">
<front>
<title abbrev="Agent Problem Statement">Problem Statement for Autonomous Agent Protocol Gaps</title>
<author fullname="Christian Nennemann">
<organization>Independent Researcher</organization>
<address>
<email>ietf@nennemann.de</email>
</address>
</author>
<date year="2026" month="March" day="06"/>
<area>OPS</area>
<workgroup>NMOP</workgroup>
<abstract>
<?line 57?>
<t>The IETF autonomous agent landscape spans over 260 drafts
touching agent communication, identity, safety, and
operations, yet critical gaps remain where standardization
is absent or insufficient. This document provides a
condensed problem statement identifying eleven protocol
gaps, classifies them by severity, and maps them to a
suite of companion drafts that form a coherent solution
framework. It is intended as an actionable reference for
working group chairs, area directors, and protocol
designers evaluating where autonomous-agent standardization
efforts should focus.</t>
</abstract>
</front>
<middle>
<?line 71?>
<section anchor="introduction"><name>Introduction</name>
<t>Autonomous software agents are moving from research
prototypes to production deployments in network management,
cloud orchestration, supply-chain logistics, and AI-driven
workflows. A survey of IETF work reveals over 260 drafts
relevant to agent capabilities, yet no single reference
architecture ties them together. Several critical
capabilities -- runtime behavioral verification, failure
cascade prevention, cross-vendor human override -- lack
any standardization at all.</t>
<t>This document distills the findings of a comprehensive
gap analysis <xref target="ARXIV-GAP"/> into an actionable problem
statement. It identifies eleven gaps, groups them by
severity, and presents a solution roadmap of nine
companion drafts. The full analysis, including a survey
of existing IETF work across WIMSE, RATS, OAuth/GNAP,
SCITT, and NMOP, is available in
<xref target="I-D.nennemann-agent-dag-hitl-safety"/> and the
companion arXiv paper <xref target="ARXIV-GAP"/>.</t>
<t>The intended audience is working group chairs, area
directors, and protocol designers who need a concise
summary of what is missing and what to build next.</t>
</section>
<section anchor="terminology"><name>Terminology</name>
<t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
<?line -18?>
<t>The following terms are used throughout this document:</t>
<dl>
<dt>Agent:</dt>
<dd>
<t>A software component that acts on behalf of a principal
(human or organizational) to perform tasks autonomously.</t>
</dd>
<dt>ECT (Execution Context Token):</dt>
<dd>
<t>A cryptographically signed token carrying execution
context for an agent action.
See <xref target="I-D.nennemann-wimse-ect"/>.</t>
</dd>
<dt>ACP (Agent Context Policy):</dt>
<dd>
<t>A policy specifying permitted behaviors, resource limits,
and escalation rules for an agent.
See <xref target="I-D.nennemann-agent-dag-hitl-safety"/>.</t>
</dd>
<dt>HITL (Human-in-the-Loop):</dt>
<dd>
<t>A control pattern requiring human approval before an
agent action takes effect.</t>
</dd>
<dt>Cascade Failure:</dt>
<dd>
<t>A failure mode where an error in one agent propagates
through a multi-agent workflow, causing successive
agents to fail.</t>
</dd>
<dt>Override Signal:</dt>
<dd>
<t>A message from a human operator instructing an agent
to halt, modify, or roll back its current action.</t>
</dd>
</dl>
</section>
<section anchor="problem-landscape"><name>Problem Landscape</name>
<t>The autonomous agent ecosystem can be organized into four
layers, each with distinct standardization gaps. The
following diagram presents this reference architecture:</t>
<figure title="Agent Ecosystem Reference Architecture" anchor="fig-arch"><artwork type="ascii-art"><![CDATA[
+-------------------------------------------------------------+
| HUMAN OPERATORS |
| [Override & HITL Layer -- GAP 7] |
+-------------------------------------------------------------+
| AGENT INTERACTION LAYER |
| +---------+ +---------+ +---------+ +---------+ |
| | Agent A |<>| Agent B |<>| Agent C |<>| Agent D | |
| +----+----+ +----+----+ +----+----+ +----+----+ |
| | GAP 3: | GAP 10: | GAP 1: | |
| | Consensus | Cap.Neg. | Behav. | |
| | | | Verif. | |
+-------+------------+------------+------------+--------------+
| EXECUTION LAYER (ECT) |
| DAG Execution | Checkpoints | Rollback | Circuit Breakers |
| [GAP 2: Cascade Prevention] [GAP 4: Rollback] |
+-------------------------------------------------------------+
| POLICY & GOVERNANCE LAYER |
| ACP-DAG-HITL | Trust Scoring | Assurance Profiles |
| [GAP 5: Federated Privacy] [GAP 6: Cross-Domain Audit] |
+-------------------------------------------------------------+
| INFRASTRUCTURE LAYER |
| Identity | Discovery | Registration | Protocol Bridges |
| [GAP 8: Cross-Protocol] [GAP 9: Resource Accounting] |
| [GAP 11: Performance Benchmarking] |
+-------------------------------------------------------------+
]]></artwork></figure>
<dl>
<dt>Human Operators Layer:</dt>
<dd>
<t>Provides override and human-in-the-loop controls.
Gap 7 addresses the absence of a cross-vendor override
protocol.</t>
</dd>
<dt>Agent Interaction Layer:</dt>
<dd>
<t>Where agents communicate, negotiate capabilities
(Gap 10), reach consensus (Gap 3), and undergo
behavioral verification (Gap 1).</t>
</dd>
<dt>Execution Layer:</dt>
<dd>
<t>Manages DAG-based workflows with cascade prevention
(Gap 2) and rollback (Gap 4), built on Execution
Context Tokens <xref target="I-D.nennemann-wimse-ect"/>.</t>
</dd>
<dt>Policy and Governance Layer:</dt>
<dd>
<t>Enforces privacy in federated learning (Gap 5) and
cross-domain audit trails (Gap 6).</t>
</dd>
<dt>Infrastructure Layer:</dt>
<dd>
<t>Handles identity, discovery, cross-protocol migration
(Gap 8), resource accounting (Gap 9), and performance
benchmarking (Gap 11).</t>
</dd>
</dl>
</section>
<section anchor="critical-gaps"><name>Critical Gaps</name>
<section anchor="critical-severity"><name>CRITICAL Severity</name>
<section anchor="gap-1-agent-behavioral-verification"><name>Gap 1: Agent Behavioral Verification</name>
<t>No standardized mechanism exists for runtime verification
of agent policy compliance. RATS <xref target="RFC9334"/> covers
platform attestation but not behavioral conformance.
Without this, operators cannot detect drifted, compromised,
or out-of-bounds agents -- especially dangerous in
multi-agent workflows where one misbehaving agent corrupts
downstream results.
Addressed by <xref target="I-D.nennemann-agent-behavioral-verification"/>.</t>
</section>
<section anchor="gap-2-agent-failure-cascade-prevention"><name>Gap 2: Agent Failure Cascade Prevention</name>
<t>Multi-agent dependency chains lack standardized circuit
breakers, failure isolation, or cascade containment.
Current ad-hoc timeout and retry logic is neither
interoperable nor sufficient for DAG-structured workflows.
A single agent failure can cascade through an entire
deployment with no automated containment.
Addressed by <xref target="I-D.nennemann-agent-cascade-prevention"/>.</t>
</section>
</section>
<section anchor="high-severity"><name>HIGH Severity</name>
<section anchor="gap-3-multi-agent-consensus-protocols"><name>Gap 3: Multi-Agent Consensus Protocols</name>
<t>No standardized consensus protocol exists for
heterogeneous agents with different capabilities, trust
levels, and policy constraints. Distributed systems
consensus (Raft, Paxos) does not address agent-specific
semantics like weighted voting and capability-based
participation. Multi-vendor coordination remains
impossible without proprietary mechanisms.
Addressed by <xref target="I-D.nennemann-agent-consensus"/>.</t>
</section>
<section anchor="gap-4-real-time-agent-rollback"><name>Gap 4: Real-Time Agent Rollback</name>
<t>No generalized rollback mechanism exists for autonomous
agent actions. Protocol-specific approaches (e.g.,
NETCONF confirmed-commit) do not extend to arbitrary
agent actions or coordinated multi-agent rollbacks.
Operators cannot safely deploy agents for critical
operations without manual intervention for every action.
Addressed by <xref target="I-D.nennemann-agent-cascade-prevention"/>.</t>
</section>
<section anchor="gap-5-federated-agent-learning-privacy"><name>Gap 5: Federated Agent Learning Privacy</name>
<t>Agents sharing operational data across domains need
privacy guarantees beyond transport encryption:
differential privacy parameters, data minimization for
shared telemetry, and consent management. Without these,
organizations face unacceptable privacy risks in
federated agent ecosystems.
Addressed by <xref target="I-D.nennemann-agent-federation-privacy"/>.</t>
</section>
<section anchor="gap-6-cross-domain-agent-audit-trails"><name>Gap 6: Cross-Domain Agent Audit Trails</name>
<t>No standardized format exists for cross-domain audit
trails that preserve causal ordering and provide
tamper-evident logging. Execution Audit Tokens
<xref target="I-D.nennemann-exec-audit"/> provide per-action records,
but aggregation and correlation across domains remain
undefined. Compliance requirements for automated
decision-making make this urgent.
Addressed by <xref target="I-D.nennemann-agent-cross-domain-audit"/>.</t>
</section>
<section anchor="gap-7-human-override-standardization"><name>Gap 7: Human Override Standardization</name>
<t>No cross-vendor protocol exists for sending override
signals (emergency stop, graceful pause, forced rollback)
to running agents. ACP-DAG-HITL
<xref target="I-D.nennemann-agent-dag-hitl-safety"/> defines when
human approval is required but not how to deliver
override signals. This is a fundamental safety gap.
Addressed by <xref target="I-D.nennemann-agent-override-protocol"/>.</t>
</section>
</section>
<section anchor="medium-severity"><name>MEDIUM Severity</name>
<section anchor="gap-8-cross-protocol-agent-migration"><name>Gap 8: Cross-Protocol Agent Migration</name>
<t>Agents migrating between protocol environments (e.g.,
A2A to MCP) have no standard for preserving execution
context, identity, and state across protocol boundaries.
ECT <xref target="I-D.nennemann-wimse-ect"/> provides a
protocol-neutral token but not migration procedures.
Addressed by <xref target="I-D.nennemann-agent-federation-privacy"/>.</t>
</section>
<section anchor="gap-9-agent-resource-accounting-and-billing"><name>Gap 9: Agent Resource Accounting and Billing</name>
<t>No mechanism exists for tracking and reconciling agent
resource consumption across administrative domains.
This is a prerequisite for sustainable multi-domain
agent ecosystems with cost attribution.
Addressed by <xref target="I-D.nennemann-agent-cross-domain-audit"/>.</t>
</section>
<section anchor="gap-10-agent-capability-negotiation"><name>Gap 10: Agent Capability Negotiation</name>
<t>Agents lack a standardized protocol to dynamically
advertise functions, agree on interaction protocols,
and establish compatible parameters. HTTP content
negotiation <xref target="RFC9110"/> provides basic discovery but
not agent-specific capability semantics.
Addressed by <xref target="I-D.nennemann-agent-consensus"/>.</t>
</section>
<section anchor="gap-11-agent-performance-benchmarking"><name>Gap 11: Agent Performance Benchmarking</name>
<t>No standardized metrics or methodology exists for
evaluating agent performance across dimensions of
accuracy, latency, resource efficiency, safety
compliance, and behavioral consistency.
Addressed by <xref target="I-D.nennemann-agent-behavioral-verification"/>.</t>
</section>
</section>
</section>
<section anchor="solution-roadmap"><name>Solution Roadmap</name>
<section anchor="companion-draft-mapping"><name>Companion Draft Mapping</name>
<t>The following table maps each companion draft to the
gaps it addresses:</t>
<texttable title="Companion Draft to Gap Mapping" anchor="tab-roadmap">
<ttcol align='left'>Companion Draft</ttcol>
<ttcol align='center'>Gaps Addressed</ttcol>
<ttcol align='center'>Priority</ttcol>
<c><xref target="I-D.nennemann-wimse-ect"/></c>
<c>Foundation</c>
<c>CRITICAL</c>
<c><xref target="I-D.nennemann-agent-dag-hitl-safety"/></c>
<c>Foundation</c>
<c>CRITICAL</c>
<c><xref target="I-D.nennemann-exec-audit"/></c>
<c>Foundation</c>
<c>HIGH</c>
<c><xref target="I-D.nennemann-agent-behavioral-verification"/></c>
<c>1, 11</c>
<c>CRITICAL</c>
<c><xref target="I-D.nennemann-agent-cascade-prevention"/></c>
<c>2, 4</c>
<c>CRITICAL</c>
<c><xref target="I-D.nennemann-agent-consensus"/></c>
<c>3, 10</c>
<c>HIGH</c>
<c><xref target="I-D.nennemann-agent-cross-domain-audit"/></c>
<c>6, 9</c>
<c>HIGH</c>
<c><xref target="I-D.nennemann-agent-override-protocol"/></c>
<c>7</c>
<c>HIGH</c>
<c><xref target="I-D.nennemann-agent-federation-privacy"/></c>
<c>5, 8</c>
<c>HIGH</c>
</texttable>
</section>
<section anchor="companion-draft-summaries"><name>Companion Draft Summaries</name>
<dl>
<dt>ECT (<xref target="I-D.nennemann-wimse-ect"/>):</dt>
<dd>
<t>Defines Execution Context Tokens that carry task
identity, delegated authority, and constraints across
agent boundaries. Foundational for all other drafts.</t>
</dd>
<dt>ACP-DAG-HITL (<xref target="I-D.nennemann-agent-dag-hitl-safety"/>):</dt>
<dd>
<t>Specifies Agent Context Policy tokens for DAG-based
delegation with human-in-the-loop safety gates.
Foundational for policy enforcement across all gaps.</t>
</dd>
<dt>Execution Audit (<xref target="I-D.nennemann-exec-audit"/>):</dt>
<dd>
<t>Defines per-action audit tokens for tamper-evident
recording of agent actions. Foundation for
cross-domain audit trails.</t>
</dd>
<dt>Behavioral Verification (<xref target="I-D.nennemann-agent-behavioral-verification"/>):</dt>
<dd>
<t>Defines behavioral profiles, verification evidence
formats, and appraisal procedures for runtime agent
compliance. Addresses Gaps 1 and 11.</t>
</dd>
<dt>Cascade Prevention (<xref target="I-D.nennemann-agent-cascade-prevention"/>):</dt>
<dd>
<t>Specifies circuit breakers, failure isolation,
checkpointing, and rollback mechanisms for multi-agent
workflows. Addresses Gaps 2 and 4.</t>
</dd>
<dt>Consensus (<xref target="I-D.nennemann-agent-consensus"/>):</dt>
<dd>
<t>Defines protocols for multi-agent agreement with
weighted voting, capability negotiation, and
policy-constrained proposals. Addresses Gaps 3 and 10.</t>
</dd>
<dt>Cross-Domain Audit (<xref target="I-D.nennemann-agent-cross-domain-audit"/>):</dt>
<dd>
<t>Specifies audit trail aggregation, correlation, and
query across administrative domains, plus resource
accounting. Addresses Gaps 6 and 9.</t>
</dd>
<dt>Override Protocol (<xref target="I-D.nennemann-agent-override-protocol"/>):</dt>
<dd>
<t>Defines a cross-vendor protocol for emergency stop,
graceful pause, parameter modification, and forced
rollback signals. Addresses Gap 7.</t>
</dd>
<dt>Federation Privacy (<xref target="I-D.nennemann-agent-federation-privacy"/>):</dt>
<dd>
<t>Specifies privacy-preserving mechanisms for federated
agent learning and cross-protocol migration procedures.
Addresses Gaps 5 and 8.</t>
</dd>
</dl>
</section>
<section anchor="dependencies"><name>Dependencies</name>
<t>The companion drafts have the following dependency
structure:</t>
<figure title="Companion Draft Dependencies" anchor="fig-deps"><artwork type="ascii-art"><![CDATA[
behavioral-verification ---+
| |
v |
cascade-prevention |
| |
v v
override-protocol cross-domain-audit
| |
v v
consensus federation-privacy
]]></artwork></figure>
<t>Behavioral verification is foundational: its attestation
format is consumed by cascade prevention and cross-domain
audit. Cascade prevention defines failure containment
that override protocol builds upon. Consensus extends
behavioral verification with multi-agent agreement.
Cross-domain audit provides the infrastructure that
federation privacy adds privacy controls to.</t>
</section>
</section>
<section anchor="recommended-prioritization"><name>Recommended Prioritization</name>
<t>Work should proceed in three phases:</t>
<dl>
<dt>Phase 1 -- Safety Foundation (Immediate):</dt>
<dd>
<t>Behavioral Verification (Gaps 1, 11) and Cascade
Prevention (Gaps 2, 4). These are CRITICAL severity
gaps with direct safety implications. Without runtime
verification and failure containment, no autonomous
agent deployment can be considered safe.</t>
</dd>
<dt>Phase 2 -- Control and Accountability (Near-term):</dt>
<dd>
<t>Human Override (Gap 7) and Cross-Domain Audit (Gaps 6, 9).
Override capability is a prerequisite for any production
deployment. Audit trails are required for regulatory
compliance in enterprise environments.</t>
</dd>
<dt>Phase 3 -- Interoperability and Scale (Medium-term):</dt>
<dd>
<t>Consensus (Gaps 3, 10) and Federation Privacy (Gaps 5, 8).
These enable multi-vendor and multi-domain agent
ecosystems but depend on the safety and accountability
foundations from Phases 1 and 2.</t>
</dd>
</dl>
</section>
<section anchor="security-considerations"><name>Security Considerations</name>
<t>The gaps identified in this document have cross-cutting
security implications:</t>
<t><list style="symbols">
<t>Behavioral Verification (Gap 1): Without runtime
verification, compromised agents exploit trusted
identities to perform unauthorized actions undetected.</t>
<t>Cascade Prevention (Gap 2): Absence of containment
creates a denial-of-service vector where compromising
a single agent disrupts entire multi-agent workflows.</t>
<t>Human Override (Gap 7): Without a standard override
protocol, safety-critical agent actions may not be
stoppable in emergency situations.</t>
<t>Cross-Domain Audit (Gap 6): Audit trail gaps across
domain boundaries enable agents to evade detection
and accountability.</t>
<t>Federated Privacy (Gap 5): Sharing agent data across
domains without privacy controls exposes network
topology, operational patterns, and business logic.</t>
</list></t>
<t>Implementers of autonomous agent systems <bcp14>SHOULD</bcp14> treat
the CRITICAL and HIGH severity gaps as security
requirements and prioritize their resolution. The
companion drafts each contain detailed security
considerations specific to their scope.</t>
</section>
<section anchor="iana-considerations"><name>IANA Considerations</name>
<t>This document has no IANA actions.</t>
</section>
</middle>
<back>
<references title='References' anchor="sec-combined-references">
<references title='Normative References' anchor="sec-normative-references">
<reference anchor="RFC2119">
<front>
<title>Key words for use in RFCs to Indicate Requirement Levels</title>
<author fullname="S. Bradner" initials="S." surname="Bradner"/>
<date month="March" year="1997"/>
<abstract>
<t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="14"/>
<seriesInfo name="RFC" value="2119"/>
<seriesInfo name="DOI" value="10.17487/RFC2119"/>
</reference>
<reference anchor="RFC8174">
<front>
<title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
<author fullname="B. Leiba" initials="B." surname="Leiba"/>
<date month="May" year="2017"/>
<abstract>
<t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
</abstract>
</front>
<seriesInfo name="BCP" value="14"/>
<seriesInfo name="RFC" value="8174"/>
<seriesInfo name="DOI" value="10.17487/RFC8174"/>
</reference>
</references>
<references title='Informative References' anchor="sec-informative-references">
<reference anchor="RFC9334">
<front>
<title>Remote ATtestation procedureS (RATS) Architecture</title>
<author fullname="H. Birkholz" initials="H." surname="Birkholz"/>
<author fullname="D. Thaler" initials="D." surname="Thaler"/>
<author fullname="M. Richardson" initials="M." surname="Richardson"/>
<author fullname="N. Smith" initials="N." surname="Smith"/>
<author fullname="W. Pan" initials="W." surname="Pan"/>
<date month="January" year="2023"/>
<abstract>
<t>In network protocol exchanges, it is often useful for one end of a communication to know whether the other end is in an intended operating state. This document provides an architectural overview of the entities involved that make such tests possible through the process of generating, conveying, and evaluating evidentiary Claims. It provides a model that is neutral toward processor architectures, the content of Claims, and protocols.</t>
</abstract>
</front>
<seriesInfo name="RFC" value="9334"/>
<seriesInfo name="DOI" value="10.17487/RFC9334"/>
</reference>
<reference anchor="RFC9110">
<front>
<title>HTTP Semantics</title>
<author fullname="R. Fielding" initials="R." role="editor" surname="Fielding"/>
<author fullname="M. Nottingham" initials="M." role="editor" surname="Nottingham"/>
<author fullname="J. Reschke" initials="J." role="editor" surname="Reschke"/>
<date month="June" year="2022"/>
<abstract>
<t>The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypertext information systems. This document describes the overall architecture of HTTP, establishes common terminology, and defines aspects of the protocol that are shared by all versions. In this definition are core protocol elements, extensibility mechanisms, and the "http" and "https" Uniform Resource Identifier (URI) schemes.</t>
<t>This document updates RFC 3864 and obsoletes RFCs 2818, 7231, 7232, 7233, 7235, 7538, 7615, 7694, and portions of 7230.</t>
</abstract>
</front>
<seriesInfo name="STD" value="97"/>
<seriesInfo name="RFC" value="9110"/>
<seriesInfo name="DOI" value="10.17487/RFC9110"/>
</reference>
<reference anchor="I-D.nennemann-wimse-ect" target="https://datatracker.ietf.org/doc/draft-nennemann-wimse-ect/">
<front>
<title>Execution Context Tokens for Distributed Agentic Workflows</title>
<author >
<organization></organization>
</author>
<date year="n.d."/>
</front>
</reference>
<reference anchor="I-D.nennemann-agent-dag-hitl-safety" target="https://datatracker.ietf.org/doc/draft-nennemann-agent-dag-hitl-safety/">
<front>
<title>Agent Context Policy Token: DAG Delegation with Human Override</title>
<author >
<organization></organization>
</author>
<date year="n.d."/>
</front>
</reference>
<reference anchor="I-D.nennemann-exec-audit" target="https://datatracker.ietf.org/doc/draft-nennemann-exec-audit/">
<front>
<title>Cross-Domain Execution Audit Tokens</title>
<author >
<organization></organization>
</author>
<date year="n.d."/>
</front>
</reference>
<reference anchor="I-D.nennemann-agent-behavioral-verification" target="https://datatracker.ietf.org/doc/draft-nennemann-agent-behavioral-verification/">
<front>
<title>Agent Behavioral Verification and Performance Benchmarking</title>
<author >
<organization></organization>
</author>
<date year="n.d."/>
</front>
</reference>
<reference anchor="I-D.nennemann-agent-cascade-prevention" target="https://datatracker.ietf.org/doc/draft-nennemann-agent-cascade-prevention/">
<front>
<title>Agent Failure Cascade Prevention and Rollback</title>
<author >
<organization></organization>
</author>
<date year="n.d."/>
</front>
</reference>
<reference anchor="I-D.nennemann-agent-consensus" target="https://datatracker.ietf.org/doc/draft-nennemann-agent-consensus/">
<front>
<title>Multi-Agent Consensus and Capability Negotiation Protocols</title>
<author >
<organization></organization>
</author>
<date year="n.d."/>
</front>
</reference>
<reference anchor="I-D.nennemann-agent-cross-domain-audit" target="https://datatracker.ietf.org/doc/draft-nennemann-agent-cross-domain-audit/">
<front>
<title>Cross-Domain Agent Audit Trails and Resource Accounting</title>
<author >
<organization></organization>
</author>
<date year="n.d."/>
</front>
</reference>
<reference anchor="I-D.nennemann-agent-override-protocol" target="https://datatracker.ietf.org/doc/draft-nennemann-agent-override-protocol/">
<front>
<title>Standardized Human Override Protocol for Autonomous Agents</title>
<author >
<organization></organization>
</author>
<date year="n.d."/>
</front>
</reference>
<reference anchor="I-D.nennemann-agent-federation-privacy" target="https://datatracker.ietf.org/doc/draft-nennemann-agent-federation-privacy/">
<front>
<title>Federated Agent Learning Privacy and Cross-Protocol Migration</title>
<author >
<organization></organization>
</author>
<date year="n.d."/>
</front>
</reference>
<reference anchor="ARXIV-GAP" target="https://arxiv.org/abs/2507.02492">
<front>
<title>Gap Analysis for Autonomous Agent Protocols in the IETF Landscape</title>
<author fullname="Christian Nennemann">
<organization></organization>
</author>
<date year="2025"/>
</front>
</reference>
</references>
</references>
<?line 476?>
<section anchor="acknowledgments"><name>Acknowledgments</name>
<t>The author thanks the participants of the WIMSE, RATS,
and NMOP working groups for discussions that informed
this analysis. The full gap analysis is available as
<xref target="ARXIV-GAP"/>.</t>
</section>
</back>
<!-- ##markdown-source:
H4sIAAAAAAAAA7Vc6XIbOZL+j6fIlSMmrG0Wbcl222b0zixNybYirGMluY/o
6B9gFUgiVAXUACjKHEv9LPss+2QbmTiqioetXbv9o4ek6kgk8vjyy8RkWcac
dKUYwd6F0dNSVHDluBOVUA5m2sC4cVrpSjcWxnP88cJop3Ndwjte2z3Gp1Mj
liPYS3/tP2SP5dyJuTarEUg106zQueKVGEFh+MxlSiglKq5UxvEBWe0fkNn4
gOzpU8aN4CPYO7+42mO32tzMjW7qEeydnZ5f7DHbTCtprdTKrWoxgpPj67ds
OYJnjPHGLbQZMYAMZk1Z+jdPFkZaJ7mCs/h2BgCgzZwr+S/upFYjOFGFqIUq
cFmXwgpu8oUwdKGouCxHIIWb/WdawLAQjCltKu7kUuA7L99ODg8OXoePrw5e
Ph8xhkroX/P62bPn8ePBwVP8eJIdDVvN3MrKikzkbkRvjxt2/EnkDcoKE62c
+OTgWt8IZWnfjqR1Rk4bJwq/cTKHX7S5mZX61u7553AzF24EC+dqO3rypOCO
O8PzG2GGuLShNvMnhc6frO9UkufJhqh+Ews+zxbSlZnlM+FWfbG9oUSRL3Qp
85WXfARH43dwJEoxpz2AW+kW8L6puILzpTBGFuIbRd8q3+YyxCeRZ7wp5JrK
J0Zbmx3piksFrf7HeGXQ/jcK2L55l3KnYsGXUhteZkth5Ezm3mC3KPlNuhR+
7lwKXBVwIQwZosoFvBEqX1Tc3Eg1/y4K3iHjriXl3Oa8EFltxBJNdftq3nJZ
NkbAxF8NF+lqWtClLsspz2++ywI2Jdopu1ZWKNvYvsinTelklmzdX0JyTnjN
p7KUbgVnYq6d9HsS4+q3GtCaVDvFJksuyJK/aul+GcHKDZelX8mlsLoxuYBx
nutGue9lPZuy7VqFDlEB0wZpr7+IK8dVwU0h/yWKtTjS5rFtWe77bMKGdLuW
MROFMGQGWW3kkudrIfOt/3sM5fBBcKOkmsOFv9rbFWktLetUzv0jv8tSNiXE
tYwvfz35OXs3vuiL+47XMFa8XFlpvwwiLEgFbiEoZ8MHrgqb8zoE+TZ547+H
JPCCOzGCw6eHL7aumZtPckkL5VP75PDF05fDp4fPXx8ylmUZ8KlFhTjGrqNA
vJWb1ABllBBszZUF3GE4/PGpBzOWOd3kC9wYf3muq6pRIfgNQCKWkG41AJ93
BrhvTNdBs3YAK+EgN9LJnJcw57UFI8gDbxfCCLDJnukGJi1KjW/SBqSyzWwm
cymUGwJcL6SFQucNQbna6KUshAXOco2YxooCAtaChLWChLMVLkGUGPog2i5D
cQaQl9xaOZPC4r5VMF2BFRjjw3KgQqnpT04DZ7aRToCeoS5qrjDSeV2BW3CC
mBVwyDWuTzmwuqSUymaGVwKx3hDgxIFES3GIxgrgGH2A53gdn5YCjJjh3bnA
xxFARPkJJEK+4NLYASCEhEIakTtN31XRLq0QVs6VMBbEkpcNx0gWVN6agPeE
jT0Qs5k2zoJd6KYsYKbzxg69RVWyKErB2CM4Uc7ooiGRGeu4g9Uzd8vxPRR2
UEyo9BLfPzO6AhOAJyNZEd9a1GudngaFqEu9quhuqUAJhwqAiis+p00dsLzU
TQEa8SuauDdG29R1ucpQPwpKPUeHyoNixidZYeRSKFImQcYhwBhsY5ZihbtJ
7kEvwgTJy01XMGg/XDkyA+8NMfFJEUxdabBSzbtbyHC10oncYap3yc6cngu3
EGYIcIX2xsvkKKz7YMgyMJiLKgEtCoEuChnAzCMJFrI8tFl+AD75LIUqtIEF
5YwYx/HZJc9vGFerdTsA7oCX5RCjR9fxCtRrWdIqYCZVIdXcogY5eYQRC6Gs
XAp0L+AxaH7+nELr/T1avl4z+eC6LLlucBPvv6iH4L7ea8kXkseyvsfWaGRk
fMn9wGheVLxGQZVUgq17LwUYQSE5ST0AqfKyKSj+BVthegbiE+pAzTtGw0nL
8MvJ6dXxAC7H11cDOB83bvHk3dn4YsCuJifX1146rPEG6P98yWVJi5eKff78
gLrj/p6e4BZd+bn5VS6h5rUwfTUPfeBvw0xTSAoq0sLumMJ2xBRoY8rtQoMS
+ETItcqlFcw2VcUNedIthkFpgUpY1Jwq/G9Ow7SRZQFKfHJDjCLXwlRS6VLP
V17WG7FC0QoLe6cfr673Bv5/4eycPl8e/9fHk8vjI/x89X784UP6wMIVV+/P
P344aj+1d07OT0+Pz478zWfn19D7ie2djn/b8yveO7+4Pjk/G3/Y88m8a/0Y
znAdXq2mNsJRAMeImxs5FQXe82Zy8T//ffAcPn/+t1Ay39+HL1g0399jLFb+
bVqVq/DVLcSK8boWHJMfeh+GGOl4iXtBEflWAUbxIWP//jtq5o8R/DTN64Pn
fw8/4IJ7P0ad9X4knW3+snGzV+KWn7a8Jmmz9/uapvvyjn/rfY967/z40z9K
qQRkB6/+8XfmbWSmy1LfomU5YSqfYRrM/m5hdDNf6Mb1N23EGIG0ERthyI8J
Cj1IK9xUStw8dxa0ohhbznxAq41Uuax5yQAeh9BpeqwKL/cpffnaExy3N7aT
YsvVkLHjyTU83sFt7HuhcrOqnZ4bXi8wAZQrIF8rwOFFkHNjPISJT2GArkfP
QTyKsZRSko+oQ4ZJRcB6UEk8BwWH8eQCHm8jL4JQtWcybC3ygKBq9FeHFh8z
kR1gRvdFUykr6eyAAdm1sDkvfSYxTSlsT85dAu6IekPG3p9cf4DHVPJkUmVu
IbIPWtdRfxrxSAk1d04YBUb8s5EGRfa7xmvEi7yEqZhpBCeowK7GwPEbzDGz
mcgxNsWSPJTo/i0hy0KlCxHRlAJhDIFV0CqgHoyZNZ9zJyyDaJbAoaIS2l8S
ccgAct5QnLRNngtLqRMienKaXjpkLJV5V3KueOkFqoS1fC48suIxuRP89vjZ
GQRVFIT9I1EeDQteugEuQ85WAzRpo8sSkGsA6SzkjTFdY2KPEg2aKhrvixv1
hMi1XVknKsg5+lJ0FoqLuBrdGFbylUDLETxfeEqMQIXKN8AoZXufmlnr94Xk
c8OrNs+Tu7eguYu4Roz9+eefwG0uZcaNYz9k3/LvB3YHW/69/3g6PoPzi+PL
8fX55dW2S8K/u7UH/J429m9ANv4BlYPA7N34Al7+seUBf8EKxu+Oz67h5Oz6
+HI8wSAMH8a/HV/uXkErww8P/tK9/y5SMHD309/jlzfdL5PulyO42/L+H7pv
+fqXjR24A1Lys1Hny8HTUedL/Mv2HbyDDhOGX3g9PBPzIf2FqMrh1+7v/Lz2
hfjN7fdHrfYM4YFfdhjA8a/Hk4+djX98PLne37r9YQFIbLc57Q4mC5Hf1Fqi
O94l6hL/IE3eSAdvjOA3iB79/b+jfg9HW7jPP8Ifn4/SY/5Ye/9f4AEX5x9O
Jr/B3+Dd+c/Hl2fjs8nxTh+gBYwnF9nR+F1GTnsH16axDq5yTVnnDsbWNoa4
6AujZxITYP9+WuOLEbRUWOC+4vp/HEGfs0Te8I+/TAEnZ28vx1fXlx8n1x8v
d6+9XcBJIH/gDnszOdaU+PlSYOXti3K4a1nJN0YW86CFVgGvRms0X1z969E2
NvaPdQUeHIx2Ev+bsfM7mtCff/7JPo/g0UzOM8w3niv8j8DsH6c0eJmy0riT
lfbuGQv0bcjW1gd+zOsXkdpKZTriqUUX+pRa1xH0WARTyFC+BF4URljrKQbP
pOUi1OZdFiA+mEEq74YBJCOzI0wARUmkXzzY8aCkJQHFAFRg/EWPDUG8jCId
PN1HgIh5PhH4/i/P9n3506hCmLlmsIvcCA/aRyCd4k0S7JRYIYvhKJtyrAIS
weORxSYjEmU73CcBTAxV9OPz/QEVqQ5LgeMO2l7rSH4ZWYceID7+HepakW0m
oY+xY5oLC4F5RvA4S2GgjFw4CfSCpES43+khUCnvwPnOBV33IyroRM0M96AP
cWp64XuuCoxALV9bRI+N/FAq86tIs0c9vdrvYHyeXNH/8XXYxrr1QdrK1gvD
/tEGPoJJ5IKx2c7Yo0cwuTy5PpmMP3gWTLoV/vqIDPpgBF9s+zF2pjuIURRQ
iXzBlbSV52h80RHZs65VIY0TsLrfK6wGS4nyD4H4G/j8ObSy7++BdGVZXXLn
CV7nBDJVaIvTBnk/17XfXKuojSH7RbpUkw4SOrcIkPG2QmBMgMLImRPFwJNo
upJWFAOGvtq4TM+yqW5UYaMLZhkIqsuoViy4mguDIFwqtq3IsKFawQqlktZL
2iH1jWlqZ1mhb7FkEJxo2qZ0dsjGIaQUSIxvL9d29EbJE+JWHsat3N3zZOy0
I3ocVcCtQUbXElHZ3+3cQws2DdAi8aAgrS4DNapNigEYMLlUxC6ySSxyimyh
c0ALwV2ikCCcWRGFnCORpYREopYR40P7h5yd0gba/oQfURi/y5L3dSLRkI0j
LewXF8XEGikKl8pEBagPI1hLhPtQpjTVWxVFid5aHrBJm/3fsD/w/uTd+y3O
92wE21u+qdW16X5tjE/hpPVDthCov7lQItWLNpZ/s5lvl/QpdYegiiHvW0Y2
MnorGipHtDmE3miIT7uWddLNJZ+5AVzwT9ruQ6GFJXcNudLLkXmSQ+bMotKw
cQClvBFwK+R8gc9dahfJzCTjyqccVnPjJPJEVC5D0FvItbnWppAqMCHU/LJM
VrW2VqId3YbwgJyBkcIhi5rC2MMcMK2153KInwUvs2uMfX4TI56mncONMLyk
jUtJcGsAbat81uVMUPXRGJICPdXCsTMDj8VwPhyws+PryfnZW4qK0lSiyBBB
SIebQVshPiFDTX0VM5XOcLPqvwi6esQw3wkUUXQ7ZOfrsRX5I4yP5EjR4nBF
qdPS9irTRlRcNbz0/G4cx8B7BAHcyIl8i8v5/elh/+1t8IDJkPnlVFckcXmJ
vWEe+w4eFlhi5VlEFfOGG66cEBamYqVRw4YrW2vjQCiiHGkwJXmf5GWCJDXH
fqWjqEpvqqSSVaRl0J1RJmQoRSkqDJjeQb0tuk67bgjQpkBhBWa1lkC1MOO5
gEbxPBe1C70gL4ORyKZKxVpwtMYyPcw/Nnv9vY3YKLQ2hkM2I50fees6ySY+
YwGfEb1MXJVZCqL7eAnaFMLEiBKa2czxqhYmE0sCapiB5lIhn7B9MmujadTO
Wt3fx4ciNMsCnjcix+bKgCFm4fO5iXNpfueMEYGxXTMrH7YYYvWZVKIYIh6O
eCmQraJK3pWyFCtELnGOMas4YcGK3wjP1jVm/uDUtTE909u+l6P1SZirtY42
7l6v/tmSncAKamW2tZElohWjWCVQWKTCna6x98hzMWuQbW6sGACB+TaG7jOn
EXOqhLCo19yhCx7c7PPqJvSm2BqTTYwnKb5IEHShbzGKFqKUS2FYqh/DUuIQ
BfYeYdaoguOe8TJMbyDZ+qAN2RgDilDi9Pjo5OPpFjCxUeYHJ0szPSnShfJD
zWEq3K3ozGuAUEtptPJ2FnLL+HCMKz6dXOzDgi8FdeDD9tO2Br/rN09C66Q7
wIIeQL3naPvptYS8uZHCDqmV84XSrzuVEu/PlGgcFgW+lRO3KpVZeE8uisaI
7xLMXkegvYU9oUW+kWUp1ZycYmu2pyGqeDVGDJXLMtkyS6UgRvqmqrvxgheY
JTz7sxQxfAxZa3W1EWS1FodoyO0aiziW4r5P6/4uth7pQzmvrcPqi+DegxPx
lwMIUr4B5G6dZEy2SRUI7yeCZCbodyvFK9+/Y7xYCuOkxZEClYdpKD43Aqsw
Dy5CUI5PsAPm+2aYBKVd+AEjRyCxzcZDgPfX1xe++6ccU52JS1+xHhw87Vri
lFuZt/U+GiAj/NvDvR1QCwkCfwP4PEi1+y52blvx7gwCb23w40IXNBjQrSA6
w0yheO88POYsWeEACqHGGeN53hierwZQcocxvMNliFC85Wl+jbUsgI8I/Zre
SkvP+PaqGK7iXMqln0vxVEia6TjCmRQ45XVNmlpre3tnwbG0wKz1RlnQEnFC
hKbtpGtJwRFjdxvvuCMmBtoFIWUrtSFil92Nsiyj/4zCf9ndFwPgHbylcBm7
ApHc2Xbfrqz3f3lGD/Gs3UiF7e4X79wguIODARwcPEz+bSgf7uBwAM8f+IDW
geAOng3g4OnXhd8W0uAOfhzA66/fvCV/wx28/PqN23IP3MGLAbxqb0ZW3PFp
FieuAjG+bnhOU6AINo6E+BYPuKKxIiSU/RTFF0yPJgGOAmDaeZKEsDiNU9Cs
BoMuJ+rPadCkFA7qJlzQYRtClEnTAx1wAB3r434KGyd4NHJHcciMhi7attHG
ena4BK3tyodqEUeO1w6cuM5RmUiGM4iLSodPNtsICfw5Qa2EjVUEzkV41tqP
QYV8X/qh3h437yuUjaV1PbW3V536JNDa7Ur6BRGDUMEQTp/BOhnR8X7MFl/g
zIeM7TpKsmNPdkaL3lo6+aIObb9Bv5vhl0Isua8hA7GFuJ5L628MeLDHXsfx
jR5RPU4NH4riB/Sog4POAEvnTMmOlW0LYGsGF4hW+BLRiqKlHrBU80G/u9JS
WrSqDoPDAHpDuf0lHdJjnuOKWkbvq4G0b2BpNn/tzR6PJYIVBenTfYMuLOog
rUHoyXjPyFJ88Hiw1tYXW2tLeeZ35ymuZaOxu3NRWwL92u50DLtb1A+6FX2U
+J+NJ7G+ANcHUJeNTTAJQ12qIDYX9SMt6nV3QinVeDuWtCX99PaL7yjWiYTr
1+IMNqrxBJX9fFMakUYxfaWOYSSaZVsZ99YFL4eMvU3ZLh1L2bGibXlxbZPC
71mnHl1ziURypeSSOoGUhHa06Xr148b2vKB7X/ny/Cj2VCihIqjcOMNANbTr
wc22E8NSc2Njqqrbvu0FSKBueafzvrUb335e7vj7ZpTafv//5/lLBrBhlPiH
Tef7Dm+iB6dYFv5tWlBvwqAQOOy+HUh1dxVh1JsdfXQ6utSm9hGN+nUamSxw
mtKG0t5XN5sN9I45xlodVYOk4Oa1kcJKLa+2b8UIjCWSqiVccEjcQlNTM6UN
+75NYNmuQQHCN1vD+zAE3B4SSBWyoyH5XuccJWPtniRGmhdF27WP8xfgNNV0
lwL7Gn7WPtRQiYHEk8rxRA05rB8UdwskBOoF9+XZBX6AA2zvXnlU1oE0j0+q
ShQ4akGhZSd+8UgAC5j9cDyTNoVBDwv45DqA5/t+vNIKGqRO9Uo8UYERFi8N
fTo8GhARo0Qg4t9qOyR/ACwM+rtD8XfTCAaxrRkaTDH2dZqfYZKUCvBCIN+J
Agyjug5RXZMwAEyHfXy6inn78ZngJsNZcdLbGldM0wkv9zsHDvtZ2Se5Abze
x+iabuvggu28Fp6oaQ81ERCPC8Jk053fQL0nKpcgn5g3JTayVj28hwYj/KkD
5JW6dGhSxjNUxknbqPYi4uKucl4KeHwqCtlUrTomvbEc6+tPr45t+c8nlQG8
InV4uxFd9i4kbTo416HzEnztEHpIhfrkgpQYemEwLMLDvU0ktBw9wfp5Z1pw
xLyHnlUReUPMxSTYir/e5zrPh8TzRMXm2Q7KfT6u5Y1DuMNsfGDX1keMZV90
PzjYH33FHXpzHrEzKT7VpSa7aKzHAaE4leGQXDhl0KhQoCJrFluk2JzBSRJR
4GG9bWfKw9TTCMbtYFg3HGO+E1gFAodCKMlLHDwhtJLj9AweCgqDJEl4VBIg
J9odbyikpYGSMMiwde6djhTucMZWeS3Zum1mLdJ2WTph2u8aV3wVJnMYEF6s
w2mrLoyUrgkhjNS2PQTAj6i2Ds4mY0pcQLDxlgyIPtGO8Ysl7obfIh8QNq2c
JNiYB41zYCO4Cl3goOW2/5tEsJ1xgrUkJT7VGv0lnKekgwA1MayDXls5HKEI
ZekUzybgmARNw+CIWVWXlFNxlBdr8PUTANG7wzkhHCfCTN9JLfhc4opijgna
tBDdjfVair5DGvIpoVNpqDzxFGo4HrABZePUIdo3Kp7LElNHfEXeCxGQiHDP
nkoDNte1oLByMj4bbwkp/diBUyX+ykhI+DOzft7iEYzzG6VvS1HMaVXp/MQC
aY4FVzceiKRZEly5ntFv3VOFLB4h7B/h8yUEsvyN9eQ3gSv//80iCkaRLp5r
7J517J3S7B1K5Nhf7h0n/F//DW+xXUcAAA==
-->
</rfc>