c/ietf-draft-analyzer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.3.0: Gap-to-Draft pipeline, Living Standards Observatory, blog series

Browse Source 
Gap-to-Draft Pipeline (ietf pipeline):
- Context builder assembles ideas, RFC foundations, similar drafts, ecosystem vision
- Generator produces outlines + sections using rich context with Claude
- Quality gates: novelty (embedding similarity), references, format, self-rating
- Family coordinator generates 5-draft ecosystem (AEM/ATD/HITL/AEPB/APAE)
- I-D formatter with proper headers, references, 72-char wrapping

Living Standards Observatory (ietf observatory):
- Source abstraction with IETF + W3C fetchers
- 7-step update pipeline: snapshot, fetch, analyze, embed, ideas, gaps, record
- Static GitHub Pages dashboard (explorer, gap tracker, timeline)
- Weekly CI/CD automation via GitHub Actions

Also includes:
- 361 drafts (expanded from 260 with 6 new keywords), 403 authors, 1,262 ideas, 12 gaps
- Blog series (8 posts planned), reports, arXiv paper figures
- Agent team infrastructure (CLAUDE.md, scripts, dev journal)
- 5 new DB tables, schema migration, ~15 new query methods

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Christian Nennemann
2026-03-04 00:48:57 +01:00
parent be9cf9c5d9
commit d6beb9c0a0
87 changed files with 24471 additions and 401 deletions
Download Patch File Download Diff File Expand all files Collapse all files

210
data/reports/blog-series/data/00-master-stats.md Normal file
View File

@@ -0,0 +1,210 @@
# Master Statistics — Updated 2026-03-03 (Full 361-Draft Corpus)
All numbers below reflect the complete 361-draft dataset after pipeline run on 101 new drafts.
## Core Numbers
| Stat | Value | Notes |
|------|-------|-------|
| Total drafts | 361 | up from 260 after keyword expansion |
| Total authors | 557 | up from 403 |
| Total organizations | 230 | up from 184 |
| Total ideas (raw) | 1,780 | up from 1,262 (~4.9/draft avg) |
| Unique idea clusters | 1,467 | after fuzzy dedup |
| Cross-org ideas (2+ orgs) | 628 | 43% of unique clusters — LEAD METRIC |
| Total gaps | 12 | 3 critical, 6 high, 3 medium |
| Total embeddings | 361 | all drafts embedded |
| WG-adopted drafts | 36 (10.0%) | 18 WGs |
| Individual drafts | 325 (90.0%) | |
| RFC cross-references | 4,231 | 2,443 RFC + 698 draft + 1,090 BCP |
| Avg novelty | 3.32 | (1-5 scale) |
| Avg maturity | 2.96 | |
| Avg relevance | 3.84 | |
## Growth Curve (Monthly Submissions)
| Month | Drafts | Cumulative |
|-------|--------|------------|
| 2024-01 | 3 | 3 |
| 2024-02 | 1 | 4 |
| 2024-04 | 1 | 5 |
| 2024-09 | 2 | 7 |
| 2024-10 | 1 | 8 |
| 2024-12 | 1 | 9 |
| 2025-01 | 4 | 13 |
| 2025-04 | 5 | 18 |
| 2025-05 | 2 | 20 |
| 2025-06 | 5 | 25 |
| 2025-07 | 5 | 30 |
| 2025-08 | 8 | 38 |
| 2025-09 | 17 | 55 |
| 2025-10 | 67 | 122 |
| 2025-11 | 61 | 183 |
| 2025-12 | 16 | 199 |
| 2026-01 | 54 | 253 |
| 2026-02 | 86 | 339 |
| 2026-03 | 22 | 361 |
Peak: 86 drafts in Feb 2026. Growth from ~2/mo (mid-2024) to 86/mo = **43x acceleration**.
## Category Distribution (Full 361 Drafts)
| Category | Count | % |
|----------|-------|---|
| A2A protocols | 136 | 37.7% |
| Agent identity/auth | 121 | 33.5% |
| Autonomous netops | 98 | 27.1% |
| ML traffic mgmt | 74 | 20.5% |
| AI safety/alignment | 45 | 12.5% |
| Human-agent interaction | 30 | 8.3% |
Note: drafts can have multiple categories.
## Safety Ratio
- Safety drafts: 45 (12.5% of corpus)
- Capability drafts (any non-safety category): 351
- **Ratio: ~8:1 capability-to-safety**
- Improvement from original 4:1 (260 drafts) because keyword expansion brought in more ML infrastructure drafts, some with safety elements
## Keyword Expansion Impact (Original 260 vs New 101)
| Category | Original 260 | New 101 | Total |
|----------|-------------|---------|-------|
| Data formats/interop | 102 | 43 | 145 |
| A2A protocols | 92 | 28 | 120 |
| Agent identity/auth | 98 | 10 | 108 |
| Autonomous netops | 60 | 33 | 93 |
| Policy/governance | 60 | 31 | 91 |
| ML traffic mgmt | 23 | **50** | 73 |
| Agent discovery/reg | 57 | 8 | 65 |
| AI safety/alignment | 36 | 8 | 44 |
| Model serving/inference | 13 | **29** | 42 |
| Human-agent interaction | 22 | 8 | 30 |
**Key finding**: "ML traffic mgmt" and "Model serving/inference" surged with the new keywords — these categories more than doubled. The "inference" and "generative" keywords opened up the ML infrastructure community.
## Geopolitical Split
| Region | Drafts | Authors |
|--------|--------|---------|
| Chinese-affiliated | 152 | 218 |
| Western-affiliated | 94 | 81 |
| Other/Unclassified | 158 | 221 |
Chinese orgs contribute ~42% of drafts from ~39% of authors. Western orgs: ~26% of drafts from ~15% of authors.
## Idea Taxonomy (1,780 raw / 1,467 unique clusters / 628 cross-org)
| Type | Count | % |
|------|-------|---|
| mechanism | 663 | 37.2% |
| architecture | 280 | 15.7% |
| pattern | 251 | 14.1% |
| protocol | 228 | 12.8% |
| requirement | 171 | 9.6% |
| extension | 168 | 9.4% |
| framework | 9 | 0.5% |
| other | 10 | 0.6% |
**IMPORTANT**: Use 628 cross-org ideas as the lead metric, not 1,780 raw count. The raw count is a pipeline artifact (~4.9/draft avg). The 628 represents genuine multi-organizational convergence. See Post 5 data package for details.
## Top Organizations
| Org | Drafts | Authors | Composite Score |
|-----|--------|---------|-----------------|
| Huawei (all entities) | 57+ | 28+ | 3.1 |
| China Mobile | 35 | 24 | 3.2 |
| China Telecom | 23 | 22 | 3.0 |
| China Unicom | 22 | 22 | 3.0 |
| Cisco (all entities) | 25 | 19 | 3.4 |
| Tsinghua University | 16 | 13 | 3.5 |
| Telefonica | 13 | 2 | 3.2 |
| ZTE Corporation | 10 | 10 | 3.0 |
| Google | 10 | 4 | 3.3 |
| Five9 | 10 | 1 | 3.8 |
| Ericsson | 9 | 4 | 3.6 |
## Quality Leaders (Composite >= 3.5, min 3 drafts)
| Org | Drafts | Composite |
|-----|--------|-----------|
| Aiiva.org | 3 | 4.42 |
| AWS | 3 | 4.38 |
| Mozilla | 4 | 3.81 |
| Zhongguancun Lab | 6 | 3.81 |
| Five9 | 10 | 3.75 |
| Bitwave | 6 | 3.75 |
| Siemens | 5 | 3.75 |
| Inria | 4 | 3.70 |
| Ericsson | 9 | 3.59 |
| Nokia | 5 | 3.58 |
| Beijing Univ P&T | 4 | 3.57 |
| Tsinghua | 16 | 3.53 |
| Cisco Systems | 17 | 3.50 |
## WG Adoption
| WG | Drafts | Focus |
|----|--------|-------|
| lamps | 6 | PKI/certificates |
| lake | 5 | EDHOC/lightweight crypto |
| tls | 3 | TLS extensions |
| emu | 3 | EAP methods |
| sshm | 2 | SSH maintenance |
| httpbis | 2 | HTTP extensions |
| anima | 2 | Bootstrapping |
| aipref | 2 | AI preferences |
| ace | 2 | Auth for constrained envs |
19 of 36 WG drafts (53%) are in security/crypto WGs. Only 2 are in an agent-specific WG (aipref).
## Top 10 Highest-Scored Drafts
| Draft | Title | Composite |
|-------|-------|-----------|
| draft-aylward-daap-v2 | Distributed AI Accountability Protocol v2 | 4.75 |
| draft-ietf-lake-app-profiles | EDHOC Application Profiles | 4.75 |
| draft-cowles-volt | Verifiable Operations Ledger and Trace | 4.75 |
| draft-goswami-agentic-jwt | Secure Intent Protocol for Agents | 4.50 |
| draft-chang-agent-token-efficient | Token-efficient Data Layer for Agents | 4.50 |
| draft-birkholz-verifiable-agent-conversations | Verifiable Agent Conversations | 4.50 |
| draft-guy-bary-stamp-protocol | Secure Task-bound Agent Message Proof | 4.50 |
| draft-drake-email-tpm-attestation | Hardware Attestation for Email | 4.50 |
| draft-ietf-tls-ecdhe-mlkem | Post-quantum Hybrid Key Agreement | 4.50 |
| draft-ietf-hpke-hpke | Hybrid Public Key Encryption | 4.50 |
## Updated Gap List (12 gaps, refreshed)
### Critical (3)
1. **Agent Behavior Verification** — No mechanisms to verify agents actually behave according to declared policies
2. **Cross-Domain Agent Liability** — When agents cause harm across organizational boundaries, who's responsible?
3. **Human Override Protocols** — No standardized emergency override protocols for autonomous agents
### High (6)
4. **Agent Resource Exhaustion Protection** — No mechanisms to prevent agents from consuming excessive resources
5. **Agent-Generated Data Provenance** — Insufficient tracking of data origins as info flows between agents
6. **Agent Capability Degradation Handling** — No approach for detecting when agent capabilities degrade
7. **Multi-Agent Coordination Deadlocks** — Insufficient attention to preventing deadlock in multi-agent systems
8. **Agent Privacy Preservation** — Agents process sensitive data without adequate privacy protections
9. **Agent Firmware/Model Update Security** — Insufficient focus on secure update mechanisms
### Medium (3)
10. **Real-time Agent Debugging** — Missing protocols for debugging agents in production
11. **Cross-Protocol Agent Migration** — No mechanisms for migrating agent state between protocols
12. **Agent Energy Consumption Optimization** — Missing standards for energy-aware agent operation
## Most Referenced RFCs (Foundation Standards)
| RFC | Cited By | Subject |
|-----|----------|---------|
| RFC 2119 | 285 drafts | Key words (MUST, SHALL, etc.) |
| RFC 8174 | 237 drafts | Key words update |
| RFC 8446 | 42 drafts | TLS 1.3 |
| RFC 6749 | 36 drafts | OAuth 2.0 |
| RFC 9110 | 34 drafts | HTTP Semantics |
| RFC 8126 | 26 drafts | IANA Guidelines |
| RFC 8259 | 26 drafts | JSON |
| RFC 5280 | 22 drafts | X.509 PKI |
| RFC 7519 | 22 drafts | JWT |
| RFC 9052 | 20 drafts | CBOR Object Signing (COSE) |

48
data/reports/blog-series/data/01-gold-rush-data.md Normal file
View File

@@ -0,0 +1,48 @@
# Data Package: Post 1 — The IETF's AI Agent Gold Rush
## Key Numbers to Update
- **361 drafts** (was 260 in earlier draft)
- **557 authors** from **230 organizations** (was 403 from 184)
- **1,780 ideas** (was 1,262)
- Growth: 3 drafts in Jan 2024 to 86 in Feb 2026 = **~29x in 14 months** (or 43x peak-to-trough)
- Safety ratio: **~8:1** capability-to-safety (improved from 4:1 due to keyword expansion bringing in ML infra drafts with safety elements; the core agent space is still 4:1)
- 12 keywords: agent, ai-agent, llm, autonomous, machine-learning, artificial-intelligence, mcp, agentic, inference, generative, intelligent, aipref
- 6 NEW keywords added: mcp, agentic, inference, generative, intelligent, aipref — these brought 101 additional drafts
## Updated Category Breakdown (for Post 1 table)
| Category | Drafts | % of Corpus |
|----------|--------|-------------|
| A2A protocols | 136 | 37.7% |
| Agent identity/auth | 121 | 33.5% |
| Autonomous netops | 98 | 27.1% |
| Policy/governance | 91 | 25.2% |
| ML traffic mgmt | 74 | 20.5% |
| Agent discovery/reg | 65 | 18.0% |
| AI safety/alignment | 45 | 12.5% |
| Model serving/inference | 42 | 11.6% |
| Human-agent interaction | 30 | 8.3% |
## Growth Curve Data
The steepest acceleration: Sep 2025 (17) -> Oct 2025 (67) -> Nov 2025 (61) -> Feb 2026 (86).
The IETF 121 meeting was Nov 2025 in Dublin. The post-meeting submission spike is visible.
## Author Landscape Summary
- Top 5 authors all from Huawei: Bing Liu (23), Zhenbin Li (21), Nan Geng (20), Qiangzhou Gao (20), Xiaotong Shang (19)
- Jonathan Rosenberg (Five9) is highest-ranked non-Chinese author at #9 with 10 drafts
- Cisco authors collectively: ~25 drafts across entities
## Safety Deficit Framing
- 45 drafts touch safety/alignment (12.5%)
- 136 A2A protocol drafts (37.7%)
- 30 human-agent interaction drafts (8.3%)
- The ratio of A2A protocols to human-agent interaction: **4.5:1** — agents talking to each other, not to humans
## WG Adoption
Only 36 of 361 drafts (10%) are WG-adopted. The standards are still overwhelmingly individual submissions.

98
data/reports/blog-series/data/02-who-writes-rules-data.md Normal file
View File

@@ -0,0 +1,98 @@
# Data Package: Post 2 — Who's Writing the Rules for AI Agents?
## Geopolitical Split
| Region | Drafts | Authors | % of Drafts |
|--------|--------|---------|-------------|
| Chinese-affiliated | 152 | 218 | 42.1% |
| Western-affiliated | 94 | 81 | 26.0% |
| Other/Unclassified | 158 | 221 | - |
Note: "Other" includes universities, small companies, individuals whose affiliation doesn't map cleanly. Many drafts have co-authors from multiple regions.
## Huawei Dominance (Combined Entities)
Huawei appears under multiple entity names in the data:
- Huawei: 57 drafts, 28 authors
- Huawei Technologies: 19 drafts, 16 authors
- Huawei Technologies Co., Ltd.: 3 drafts
- Huawei Singapore: 3 drafts
Combined estimate: **~60+ unique drafts**, ~40+ unique authors (some overlap). This is approximately **16-17% of all drafts**.
## Top 15 Organizations
| Rank | Org | Drafts | Authors | Composite Score |
|------|-----|--------|---------|-----------------|
| 1 | Huawei | 57 | 28 | 3.11 |
| 2 | China Mobile | 35 | 24 | 3.21 |
| 3 | China Telecom | 23 | 22 | 2.98 |
| 4 | China Unicom | 22 | 22 | 3.02 |
| 5 | Huawei Technologies | 19 | 16 | 3.17 |
| 6 | Cisco Systems | 17 | 10 | 3.50 |
| 7 | Tsinghua University | 16 | 13 | 3.53 |
| 8 | Telefonica | 13 | 2 | 3.21 |
| 9 | ZTE Corporation | 10 | 10 | 3.02 |
| 10 | Pengcheng Laboratory | 10 | 8 | 3.30 |
| 11 | Google | 10 | 4 | 3.33 |
| 12 | Five9 | 10 | 1 | 3.75 |
| 13 | Ericsson | 9 | 4 | 3.59 |
| 14 | Sandelman Software Works | 7 | 1 | 3.46 |
| 15 | Zhongguancun Laboratory | 6 | 4 | 3.81 |
## Chinese Institutional Ecosystem Tiers
### Tier 1: Telecom Vendors
- Huawei (all entities): ~60+ drafts — networking, agent comm, autonomous netops
- ZTE Corporation: 10 drafts
### Tier 2: Telecom Operators
- China Mobile: 35 drafts
- China Telecom: 23 drafts
- China Unicom: 22 drafts
### Tier 3: Research
- Tsinghua University: 16 drafts (highest quality among Chinese orgs, composite 3.53)
- Pengcheng Laboratory: 10 drafts
- Zhongguancun Laboratory: 6 drafts (highest composite: 3.81)
- CAICT: 6 drafts (lowest composite: 2.35)
- Beijing University of Posts & Telecommunications: 4+ drafts
### Tier 4: Tech Companies
- Baidu: (part of multi-author drafts)
- Tencent: (part of multi-author drafts)
## Notable Western Absences
Major AI companies with minimal IETF presence:
- **Microsoft**: Not in top 30 orgs
- **Apple**: Not found
- **Meta/Facebook**: Not found
- **OpenAI**: Not found
- **Anthropic**: Not found
- **Google**: 10 drafts (modest given their agent ecosystem: Gemini, A2A protocol)
## Quality vs Quantity Insight
The inverse relationship is clear:
- High-volume Chinese orgs (Huawei, China Mobile, China Telecom): composite 2.98-3.21
- Lower-volume Western companies (Five9, Ericsson, Siemens, Mozilla): composite 3.59-3.81
- Exception: Tsinghua University — high volume (16) AND high quality (3.53)
- Strongest quality leaders: Aiiva.org (4.42), AWS (4.38), Mozilla (3.81) — all low volume
## Author Velocity (Oct 2025 - Mar 2026)
Top authors by recent output:
1. Bing Liu (Huawei): 23 drafts
2. Zhenbin Li (Huawei): 21 drafts (all in Nov 2025!)
3. Nan Geng (Huawei): 20 drafts
4. Qiangzhou Gao (Huawei): 20 drafts (all in Nov 2025!)
5. Xiaotong Shang (Huawei): 19 drafts (all in Nov 2025!)
The Huawei surge was concentrated in Nov 2025 — a coordinated submission campaign timed with IETF 121.
## Cross-Org Collaboration
180 ideas cross the Chinese-Western organizational divide. The strongest cross-divide convergences:
- A2A Communication: Huawei + China Mobile + CAICT on one side; Deutsche Telekom + Telefonica + Orange on the other
- Agent identity frameworks: both sides building on the same OAuth/SPIFFE foundations

62
data/reports/blog-series/data/03-oauth-wars-data.md Normal file
View File

@@ -0,0 +1,62 @@
# Data Package: Post 3 — The OAuth Wars and Other Battles
## OAuth-for-Agents Cluster (18 drafts touching OAuth + agents)
| Draft | Title | Novelty | Maturity | Relevance | Overlap |
|-------|-------|---------|----------|-----------|---------|
| draft-goswami-agentic-jwt | Secure Intent Protocol: JWT Agentic Identity | 5 | 4 | 5 | 2 |
| draft-guy-bary-stamp-protocol | Secure Task-bound Agent Message Proof (STAMP) | 5 | 4 | 5 | 1 |
| draft-oauth-ai-agents-on-behalf-of-user | On-Behalf-Of User Auth for AI Agents | 4 | 3 | 5 | 3 |
| draft-oauth-transaction-tokens-for-agents | Transaction Tokens For Agents | 4 | 4 | 5 | 3 |
| draft-chen-oauth-rar-agent-extensions | Policy & Lifecycle Extensions for OAuth RAR | 4 | 4 | 5 | 2 |
| draft-mishra-oauth-agent-grants | Delegated Agent Authorization Protocol (DAAP) | 4 | 4 | 5 | 3 |
| draft-liu-oauth-a2a-profile | A2A Profile for OAuth Transaction Tokens | 4 | 2 | 5 | 3 |
| draft-aap-oauth-profile | Agent Authorization Profile for OAuth 2.0 | 4 | 4 | 5 | 2 |
| draft-mw-spice-actor-chain | Verifiable Actor Chain for OAuth Token Exchange | 4 | 3 | 5 | 2 |
| draft-song-oauth-ai-agent-collaborate-authz | Multi-AI Agent Collaboration Auth | 4 | 3 | 4 | 3 |
| draft-rosenberg-oauth-aauth | AAuth - Agentic Authorization OAuth 2.1 | 4 | 3 | 4 | 2 |
| draft-gaikwad-south-authorization | SOUTH: Stochastic Auth for Agents | 4 | 4 | 4 | 2 |
| draft-song-oauth-ai-agent-authorization | OAuth Extension: Auth on Target | 3 | 2 | 4 | 4 |
| draft-yao-agent-auth-considerations | Considerations on Agent Auth via OAuth | 3 | 2 | 4 | 2 |
| draft-jia-oauth-scope-aggregation | Scope Aggregation for Agent Workflows | 3 | 3 | 4 | 2 |
## A2A Protocol Cluster Size: 136 drafts
The A2A space is the largest single category. Within it, competing approaches include:
- MCP-based approaches (MCP over MOQT, MCP for agents)
- Custom agent protocols (ANP, NLIP, aiproto/NACT)
- Existing protocol extensions (HTTP-based, gRPC-based)
## Identity/Auth Cluster Size: 121 drafts
Overlaps heavily with A2A. The key battleground is how agents prove identity and delegate authority.
## High-Overlap Drafts (Overlap score >= 4)
Multiple drafts flagged as high-overlap, particularly:
- `draft-hong-nmrg-agenticai-ps` — scored overlap 4, has overlap with 15+ other drafts
- Several OAuth drafts scored overlap 3-4, indicating convergent solutions
## RFC Foundation for Auth/Identity
| RFC | Cited By | What It Is |
|-----|----------|------------|
| RFC 6749 | 36 drafts | OAuth 2.0 (the foundation everyone builds on) |
| RFC 7519 | 22 drafts | JWT |
| RFC 5280 | 22 drafts | X.509 PKI |
| RFC 8392 | 18 drafts | CBOR Web Token (CWT) |
| RFC 9000 | 16 drafts | QUIC |
OAuth 2.0 is the undisputed foundation: 36 drafts explicitly cite it.
## Near-Duplicate Analysis
From embedding similarity, 25+ draft pairs have >0.98 cosine similarity. The densest cluster is around agent networking problem statements and use cases from the same author groups.
## Convergence Signals (Positive)
Despite fragmentation, some convergence exists:
1. **EDHOC** (lake WG, 5 drafts): lightweight crypto handshake gaining WG adoption
2. **SCIM** extensions for agents: building on existing identity management
3. **Verifiable Agent Conversations** (draft-birkholz): high score (4.5), unique approach
4. **STAMP protocol**: task-bound proofs (scored 4.5, overlap 1 = truly novel)

58
data/reports/blog-series/data/04-gaps-data.md Normal file
View File

@@ -0,0 +1,58 @@
# Data Package: Post 4 — What Nobody's Building (And Why It Matters)
## Updated Gap List (12 gaps, refreshed with 361-draft corpus)
### Critical (3)
1. **Agent Behavior Verification** — No mechanisms to verify agents actually behave according to declared policies. Many drafts define what agents SHOULD do, few address verification.
2. **Cross-Domain Agent Liability** — NEW in refreshed analysis. When autonomous agents operate across organizational boundaries and cause harm, who's liable? No framework exists.
3. **Human Override Protocols** — No standardized emergency override protocols. Only 30 of 361 drafts even address human-agent interaction.
### High (6)
4. **Agent Resource Exhaustion Protection** — No mechanisms to prevent agents from consuming excessive resources (compute, network, memory).
5. **Agent-Generated Data Provenance** — Despite 145 drafts on data formats, insufficient tracking of data origins as info flows between agents.
6. **Agent Capability Degradation Handling** — No approach for detecting/handling when agent capabilities degrade (model drift, data staleness).
7. **Multi-Agent Coordination Deadlocks** — With 136 A2A protocol drafts, almost no attention to preventing deadlock. Renamed from "Multi-Agent Consensus."
8. **Agent Privacy Preservation** — NEW gap. Agents process sensitive data without adequate privacy protections.
9. **Agent Firmware/Model Update Security** — 42 model serving drafts, but few address secure update mechanisms.
### Medium (3)
10. **Real-time Agent Debugging** — Missing protocols for debugging agents in production.
11. **Cross-Protocol Agent Migration** — No mechanisms for migrating agent state between different A2A protocols.
12. **Agent Energy Consumption Optimization** — No standards for energy-aware agent operation.
## Gap vs Category Contrast
| Focus Area | Drafts | Gap Coverage |
|-----------|--------|--------------|
| A2A protocols | 136 | Well-covered (too well — fragmented) |
| Identity/Auth | 121 | Well-covered |
| Autonomous netops | 98 | Moderately covered |
| Behavior verification | ~5 | CRITICAL GAP |
| Human override | ~30 | CRITICAL GAP (quantity insufficient, quality missing) |
| Resource management | ~0 explicit | CRITICAL GAP |
| Liability/accountability | ~3 (DAAP, VOLT) | CRITICAL GAP |
| Error recovery/deadlock | ~0 explicit | HIGH GAP |
## Key Contrasts for Narrative
- **136 A2A protocol drafts** vs **~5 behavior verification drafts** = 27:1 ratio
- **121 identity/auth drafts** vs **~0 resource exhaustion drafts** = infinity
- **30 human-agent interaction drafts** vs **136 A2A protocol drafts** = 4.5:1 agents-talking-to-agents vs agents-talking-to-humans
## Ideas that Address Gaps
From the 1,780 ideas, some partially address gaps:
- Behavior verification: "Verifiable Agent Conversations" (draft-birkholz), DAAP v2, VOLT
- Human override: scattered across 30 human-agent drafts but no unified approach
- Resource management: some ideas in ML traffic mgmt (74 drafts) but from network perspective, not agent perspective
- Liability: DAAP explicitly addresses accountability; VOLT addresses audit trails
## Structural Insight (from Architect)
The critical gaps are exactly the ones that require cross-team consensus: behavior verification needs input from security + A2A + safety + governance teams. But the team-bloc structure (33 blocs, mostly intra-org) makes cross-team work structurally difficult. **Gap severity correlates with coordination difficulty.**
## WG Gap Coverage
- 10 of 12 gaps have some WG coverage
- 2 gaps with ZERO WG backing: Agent Firmware/Model Update Security, Agent Energy Consumption
- Security WGs (lamps, lake, tls, emu, ace) cover 19 of 36 WG drafts — the IETF is addressing agent security through existing security WGs, not through new agent-specific WGs

89
data/reports/blog-series/data/05-ideas-data.md Normal file
View File

@@ -0,0 +1,89 @@
# Data Package: Post 5 — Where 230 Organizations Agree (And Where They Don't)
Reframed per Architect's direction: lead with cross-org convergence (628 ideas), not raw extraction count (1,780).
## Lead Metric: Cross-Organization Convergence
- **1,467 unique idea clusters** (after fuzzy dedup from 1,780 raw extractions)
- **628 ideas** appear across 2+ organizations = genuine multi-org convergence
- **628 / 1,467 = 43%** of ideas have cross-org validation
### Convergence Pyramid
| Org Count | Ideas | What It Means |
|-----------|-------|---------------|
| 14 orgs | 8 ideas | Single mega-consortium (ML infra draft) |
| 7+ orgs | 14 ideas | Strong multi-org convergence |
| 4-6 orgs | 179 ideas | Solid cross-org agreement |
| 2-3 orgs | 427 ideas | Early convergence signals |
| 1 org only | 839 ideas | Unique to one organization |
## The Real Convergence: Ideas in 2+ Independent Drafts from 2+ Orgs
These are the strongest convergence signals — ideas that different teams proposed independently:
| Idea | Drafts | Orgs | Significance |
|------|--------|------|-------------|
| AI Agent Communication Framework | 2 | 7 | Five9/Cisco AND Chinese telcos+ANP — cross-bloc convergence |
| Agent Gateway | 3 | 6 | China Telecom, Zhongguancun, AsiaInfo, Beijing U, Huawei, UnionPay |
| Distributed AI Inference Architecture | 2 | 5 | Cross-institution (Hong Kong, IRTF) |
| Network Digital Twin Support | 2 | 5 | Research + operator convergence |
| Multi-Agent Communication Protocol | 8 | 7 | AsiaInfo, BUPT, China Mobile, China Telecom, China Unicom, Huawei, Zhongguancun |
| AI Agent Communication Network (ACN) | 5 | 7 | ANP Community, China Mobile, China Telecom, China Unicom, Cisco, Five9, Huawei |
| Tool Enumeration/Invocation API | 3 | 2 | Rosenberg (Five9) — coherent toolkit across 3 drafts |
| CHEQ Protocol | 2 | 3 | Rosenberg — conversation verification |
**Key finding**: "AI Agent Communication Framework" spans the Chinese-Western divide (Five9+Cisco on one side, 4 Chinese telcos+ANP on the other). This is the strongest cross-bloc convergence signal in the dataset.
## The 14-Org Consortium (Context, Not Convergence)
8 ideas from one mega-draft (AI inference networking): Ultra-Low Latency Routing, Tensor Parallelization, FARE, Adaptive Load Balancing, etc. All 14 orgs (Hygon, Tencent, Baidu, Broadcom, Huawei, China Mobile + 8 more) are co-authors on a single draft. This is a consortium submission, not independent convergence. Still significant — it's the broadest cross-org collaboration in the dataset — but should not be presented as "14 organizations independently arrived at the same idea."
## Ideas to Watch (Top-Scored Drafts)
1. **DAAP v2** (Distributed AI Accountability Protocol) — Composite 4.75. Addresses behavior verification gap.
2. **VOLT** (Verifiable Operations Ledger and Trace) — Composite 4.75. Audit trail for agents.
3. **EDHOC Application Profiles** — WG-adopted (lake), composite 4.75. Lightweight crypto.
4. **Agentic JWT** (Secure Intent Protocol) — Composite 4.50. JWT-compatible agent identity.
5. **STAMP Protocol** — Composite 4.50, overlap=1 (truly novel). Task-bound message proofs.
6. **Verifiable Agent Conversations** — Composite 4.50. Cryptographic conversation records.
7. **Token-efficient Data Layer** — Composite 4.50. Cost-conscious agent communication.
## Idea Taxonomy (Background Context)
| Type | Count | % |
|------|-------|---|
| mechanism | 663 | 37.2% |
| architecture | 280 | 15.7% |
| pattern | 251 | 14.1% |
| protocol | 228 | 12.8% |
| requirement | 171 | 9.6% |
| extension | 168 | 9.4% |
| other | 19 | 1.1% |
Note: These are raw extraction counts (~4.9 per draft avg). Use as background taxonomy only — the convergence numbers are the lead metric.
## Convergence-Gap Tension
The punchline for Post 5: teams agree on WHAT to build but disagree on HOW. The 628 cross-org ideas show broad agreement on the problem space (agent communication, identity, infrastructure). But the 12 gaps show no one is building the connective tissue (behavior verification, human override, error recovery, liability).
| Convergence Area | Cross-Org Ideas | Corresponding Gap |
|-----------------|-----------------|-------------------|
| Agent communication | High (136 A2A drafts) | Cross-Protocol Migration (MEDIUM) |
| Agent identity | High (121 auth drafts) | Cross-Domain Liability (CRITICAL) |
| ML infrastructure | High (74 ML traffic) | Energy Optimization (MEDIUM) |
| Autonomous netops | High (98 drafts) | Capability Degradation (HIGH) |
| Safety/oversight | Low (45 drafts) | Behavior Verification (CRITICAL), Human Override (CRITICAL) |
## Gap-to-Idea Mapping
| Gap | Ideas Addressing It | Coverage Level |
|-----|-------------------|----------------|
| Behavior Verification | DAAP, VOLT, Verifiable Conversations | Partial (3 drafts) |
| Cross-Domain Liability | DAAP accountability, STAMP proofs | Minimal |
| Human Override | Scattered across 30 drafts | No unified approach |
| Resource Exhaustion | ML traffic mgmt ideas | Indirect only |
| Data Provenance | VOLT, some data format ideas | Partial |
| Capability Degradation | None explicit | Absent |
| Coordination Deadlocks | None explicit | Absent |
| Privacy Preservation | Some policy/governance ideas | Minimal |

65
data/reports/blog-series/data/06-big-picture-data.md Normal file
View File

@@ -0,0 +1,65 @@
# Data Package: Post 6 — Drawing the Big Picture
## Synthesis Numbers
- **361 drafts, 557 authors, 230 orgs, 1,780 ideas, 12 gaps**
- **136 A2A protocols** with no interoperability layer
- **121 identity/auth drafts** building on OAuth 2.0 (RFC 6749, cited by 36 drafts)
- **45 safety drafts** vs **316 capability drafts** = 7:1 ratio
- **36 WG-adopted drafts** (10%) — 19 in security WGs, 2 in aipref
## The Foundation Layer (RFC Cross-References)
The ecosystem is built on:
1. **OAuth 2.0** (RFC 6749, 36 citations) — the auth foundation
2. **TLS 1.3** (RFC 8446, 42 citations) — the security transport
3. **HTTP Semantics** (RFC 9110, 34 citations) — the API layer
4. **JWT** (RFC 7519, 22 citations) — token format
5. **X.509 PKI** (RFC 5280, 22 citations) — identity certificates
6. **COSE** (RFC 9052, 20 citations) — constrained object signing
7. **CBOR** (RFC 8949, 19 citations) — binary data format
8. **QUIC** (RFC 9000, 16 citations) — transport
This reveals the DNA: the agent ecosystem is being built on web + IoT foundations. OAuth + JWT + TLS for the web side, COSE + CBOR for the constrained/IoT side.
## WG Adoption as Traction Signal
| Category | WG Drafts | Individual Drafts | WG % |
|----------|-----------|-------------------|------|
| Security/Crypto (lamps, lake, tls, emu, ace) | 19 | - | 53% of WG |
| Agent-specific (aipref) | 2 | - | 6% of WG |
| Other (httpbis, anima, suit, etc.) | 15 | - | 42% of WG |
**Key insight**: The IETF is not building new agent WGs — it's retrofitting existing security WGs for agents. This is actually good: it builds on proven foundations.
## Five Proposed Ecosystem Drafts (from Architect)
These address the gaps:
1. **AEM** (Agent Execution Model) — DAG-based orchestration
2. **ATD** (Agent Trust and Delegation) — builds on SPIFFE/WIMSE
3. **HITL** (Human-in-the-Loop) — override protocols
4. **AEPB** (Agent Ecosystem Profile for Business) — assurance profiles
5. **APAE** (Agent Protocol Adaptation and Exchange) — interop layer
## Predictions Data Support
1. **WG consolidation is likely**: Multiple competing approaches in auth (14+ OAuth drafts) creates pressure for WG adoption
2. **Safety will lag**: Only 10% of WG drafts address safety; the structural bias toward capability continues
3. **Chinese institutional advantage**: 152 drafts from Chinese orgs, coordinated (Huawei bloc: 94% cohesion); Western response is fragmented and late
4. **The interop layer is the bottleneck**: 136 A2A drafts, no interop = the single biggest structural problem
## Two Equilibria (from Architect's Vision Document)
- **Microservices chaos**: If fragmentation persists and safety ratio holds, the agent ecosystem becomes like early microservices — technically possible but operationally painful, with each deployment requiring custom integration
- **Layered web architecture**: If WGs consolidate fragmentation and the safety ratio narrows, the ecosystem converges on a layered architecture like the web (transport -> session -> identity -> application)
The 8:1 safety ratio is the leading indicator. If it narrows toward 4:1 or better, the good equilibrium is achievable.
## Builder Guidance Data
For the "What to Do" section:
1. **Watch ECT** (Ephemeral Credential Trust) — bridges SPIFFE-WIMSE, already WG-tracked
2. **Build HITL now** — only 30 drafts in this space; early movers define the patterns
3. **Design for protocol translation** — the 136-protocol zoo means any production system needs translation layers
4. **Invest in error recovery** — zero explicit drafts on agent error recovery; this is a field-defining opportunity
5. **Participate in IETF** — only 10% of drafts are WG-adopted; there's room for new contributors to shape outcomes

175
data/reports/blog-series/data/deep-analysis-round2.md Normal file
View File

@@ -0,0 +1,175 @@
# Deep Analysis Round 2 — Tasks #23-28
## Task #23: Draft Revision Velocity
**Key finding: 55% of drafts are still at revision 00 — first submission, never iterated.**
### Overall Stats
| Metric | Value |
|--------|-------|
| Total drafts | 361 |
| At rev-00 (never iterated) | 198 (54.8%) |
| At rev-03+ (actively evolving) | 64 (17.7%) |
| Average revision | 2.21 |
### Iteration vs Fire-and-Forget by Org
| Org | Drafts | % at rev-00 | Avg Rev | Pattern |
|-----|--------|-------------|---------|---------|
| Ericsson | 9 | 11.1% | 4.8 | **Iterators** — almost everything gets revised |
| Sandelman Software | 7 | 14.3% | 14.3 | **Deep iterators** — fewer drafts, heavy revision |
| Nokia | 5 | 20.0% | 3.2 | **Iterators** |
| Siemens | 5 | 0.0% | 17.2 | **Deepest iterators** — zero fire-and-forget |
| Boeing R&T | 6 | 0.0% | 28.2 | **Extreme iterators** (mature, long-running drafts) |
| ZTE Corporation | 10 | 40.0% | 1.3 | **Mixed** |
| Telefonica | 13 | 46.2% | 1.8 | **Mixed** |
| Google | 10 | 50.0% | 1.7 | **Mixed** |
| China Unicom | 22 | 54.5% | 0.9 | **Mostly fire-and-forget** |
| China Telecom | 23 | 60.9% | 1.0 | **Mostly fire-and-forget** |
| Tsinghua | 16 | 62.5% | 0.4 | **Fire-and-forget** |
| Huawei | 57 | 64.9% | 0.6 | **Fire-and-forget** — 37 of 57 never revised |
| Huawei Technologies | 19 | 68.4% | 0.7 | **Fire-and-forget** |
| Five9 | 10 | 90.0% | 0.1 | **All new** (recent entrant) |
| Pengcheng Lab | 10 | 90.0% | 0.1 | **All new** |
**Narrative insight**: Western companies (Ericsson, Sandelman, Siemens, Boeing, Nokia) have dramatically lower fire-and-forget rates. They submit fewer drafts but iterate heavily. Chinese orgs submit more but ~60-65% are never revised. This is the "volume vs commitment" story — submitting a draft is cheap, iterating it signals genuine investment.
**Best quotable stat**: "65% of Huawei's 57 drafts have never been revised beyond their first submission."
---
## Task #24: Safety Ratio Trend Over Time
**Key finding: The safety ratio is NOT improving. It fluctuates wildly but the structural deficit persists.**
| Month | Safety | Capability-only | Total | Ratio |
|-------|--------|-----------------|-------|-------|
| 2025-07 | 2 | 3 | 5 | 1.5:1 |
| 2025-09 | 4 | 13 | 17 | 3.3:1 |
| 2025-10 | 5 | 62 | 67 | **12.4:1** |
| 2025-11 | 7 | 54 | 61 | 7.7:1 |
| 2025-12 | 3 | 13 | 16 | 4.3:1 |
| 2026-01 | 8 | 46 | 54 | 5.8:1 |
| 2026-02 | 13 | 73 | 86 | 5.6:1 |
| 2026-03 | 1 | 21 | 22 | **21:1** |
The ratio spiked to 12.4:1 during the Oct 2025 surge (IETF 121 pre-meeting rush — nearly all capability drafts). Feb 2026 shows some improvement (5.6:1) with 13 safety drafts — the best absolute month for safety. But the overall pattern is clear: safety submissions grow linearly while capability submissions grow exponentially. The gap widens during surges.
**For Post 4 (THE CLIMAX)**: The ratio data tells a story of structural neglect, not intentional choice. Nobody is anti-safety; the incentive structure just rewards capability work. Each org's submission campaign prioritizes its core protocol proposals, and safety is nobody's core.
---
## Task #25: RFC Foundation Divergence by Bloc
**Key finding: Chinese and Western blocs build on DIFFERENT foundations.**
### Chinese Bloc — Top RFCs
| RFC | Cited By | Subject |
|-----|----------|---------|
| RFC 2119 | 114 | Key words |
| RFC 8174 | 86 | Key words update |
| RFC 8259 | 11 | JSON |
| RFC 6749 | 11 | OAuth 2.0 |
| RFC 6241 | 10 | NETCONF |
| RFC 8446 | 8 | TLS 1.3 |
| RFC 8641 | 6 | YANG Push |
| RFC 8639 | 6 | Subscription to YANG Notifications |
| RFC 7950 | 5 | YANG |
| RFC 7575 | 5 | Autonomic networking |
### Western Bloc — Top RFCs
| RFC | Cited By | Subject |
|-----|----------|---------|
| RFC 2119 | 73 | Key words |
| RFC 8174 | 70 | Key words update |
| RFC 8446 | 18 | **TLS 1.3** |
| RFC 5280 | 12 | **X.509 PKI** |
| RFC 9528 | 11 | **EDHOC** |
| RFC 9110 | 11 | **HTTP Semantics** |
| RFC 9052 | 11 | **COSE** |
| RFC 8949 | 9 | **CBOR** |
| RFC 8613 | 9 | **OSCORE** |
| RFC 8392 | 9 | **CWT** |
| RFC 6749 | 7 | OAuth 2.0 |
| RFC 7252 | 7 | **CoAP** |
### The Divergence
| Foundation | Chinese | Western |
|-----------|---------|---------|
| **Network management (YANG/NETCONF)** | Strong (6241, 8639, 8641, 7950) | Absent |
| **PKI/Certificates (X.509)** | Absent | Strong (5280) |
| **IoT security (COSE/CBOR/OSCORE/CoAP)** | Absent | Strong (9052, 8949, 8613, 7252) |
| **Lightweight auth (EDHOC, CWT)** | Absent | Strong (9528, 8392) |
| **Web APIs (HTTP)** | Weak | Strong (9110) |
| **OAuth 2.0** | Present (11) | Present (7) |
| **TLS 1.3** | Moderate (8) | Strong (18) |
| **Autonomic networking** | Present (7575) | Absent |
**Narrative insight**: The Chinese bloc is building agent infrastructure on YANG/NETCONF — network management protocols for autonomous netops. The Western bloc is building on IoT security (COSE/CBOR/CoAP) and web infrastructure (HTTP/TLS/PKI). These are fundamentally different technology stacks. The ONLY shared foundation is OAuth 2.0, which both blocs cite at similar rates.
**For Post 2**: This means fragmentation goes deeper than protocol design — the two blocs are building on different technological DNA. Even if they agree on agent communication patterns, the underlying plumbing is incompatible.
---
## Task #27: Category Co-Occurrence Matrix
**Key finding: Safety IS structurally isolated from core protocol work.**
### Safety Co-Occurrence
| Safety co-occurs with | Drafts |
|----------------------|--------|
| Policy/governance | 26 |
| Agent identity/auth | 25 |
| A2A protocols | **12** |
| Data formats/interop | 7 |
| Human-agent interaction | 5 |
| Autonomous netops | 4 |
| ML traffic mgmt | 3 |
Safety co-occurs most with governance and identity — "paper" concerns. It co-occurs with A2A protocols only 12 times out of 136 A2A drafts (8.8%). Safety is essentially disconnected from the core protocol design work.
### Strongest Co-Occurrences (Top 10)
| Category Pair | Co-occurrences |
|---------------|---------------|
| A2A + Data formats | 55 |
| A2A + Agent discovery | 40 |
| Identity + Policy | 38 |
| A2A + Identity | 35 |
| A2A + Autonomous netops | 34 |
| Discovery + Data formats | 34 |
| Identity + Data formats | 33 |
| Autonomous netops + ML traffic | 28 |
| **Safety + Policy** | **26** |
| **Safety + Identity** | **25** |
**For Post 4**: Safety's strongest links are to governance and identity — abstract/policy-level work. Its weakest links are to A2A (12), ML traffic (3), and autonomous netops (4) — the categories where agents actually DO things. Safety is being thought about in the abstract, not integrated into protocol design. This is the structural version of the "highways before traffic lights" metaphor.
---
## Task #28: IETF Meeting Timing Effect
**Key finding: 51.5% of all drafts were submitted in the 4-week windows before IETF 121 and 122.**
| Window | Drafts | % of Total |
|--------|--------|------------|
| Pre-IETF 119 (Feb-Mar 2024) | 1 | 0.3% |
| Pre-IETF 120 (Jun-Jul 2024) | 0 | 0.0% |
| Pre-IETF 121 (Oct-Nov 2025) | **107** | **29.6%** |
| Pre-IETF 122 (Feb-Mar 2026) | **79** | **21.9%** |
| All other periods | 174 | 48.2% |
### Huawei's IETF 121 Campaign
| Period | Huawei Drafts |
|--------|--------------|
| Pre-IETF 121 (4-week window) | **43** |
| All other periods combined | 26 |
**62% of all Huawei drafts (43 of 69 across all entities) were submitted in the 4 weeks before IETF 121 Dublin.** This is not organic growth — this is a coordinated submission campaign timed for maximum standards-body impact.
For comparison, the entire corpus had 107 drafts in that same window. Huawei alone accounted for **40% of all pre-IETF 121 submissions**.
**For Post 1**: The growth curve isn't just organic interest — it's heavily driven by strategic submission campaigns timed to IETF meetings. The Oct-Nov 2025 spike (128 drafts in 2 months) is largely one company's coordinated push.
**For Post 2**: This is the strongest evidence of Huawei's strategic standards campaign. 43 drafts in 4 weeks from one organization is unprecedented in this dataset.

59
data/reports/blog-series/data/surprising-findings.md Normal file
View File

@@ -0,0 +1,59 @@
# Surprising Findings — Deep Analysis Phase
These findings challenge assumptions or reveal unexpected patterns in the 361-draft corpus.
## 1. The Keyword Expansion Uncovered a Different Community
The 101 new drafts from keywords (mcp, agentic, inference, generative, intelligent, aipref) brought:
- **154 new authors** (557 total, up from 403)
- **46 new organizations** (230 total, up from 184)
- Heavy skew toward ML infrastructure: "ML traffic mgmt" went from 23 to 73 drafts, "Model serving/inference" from 13 to 42
This means the original analysis systematically missed the ML infrastructure community. The "agent" keyword captured the protocol designers; "inference" and "generative" captured the infrastructure builders. These are largely separate communities working on adjacent problems.
## 2. The Safety Ratio Improved — But It's an Illusion
The safety ratio went from 4:1 (260 drafts) to ~8:1 by tag count but the improvement is because the ML infrastructure drafts have broader category tags (many touch "safety" tangentially through network reliability). The core agent protocol space remains deeply safety-deficient.
## 3. Huawei's Nov 2025 Coordinated Campaign
Five Huawei authors each submitted 19-21 drafts in a single month (Nov 2025). This is the largest coordinated submission campaign in the dataset. Zhenbin Li, Qiangzhou Gao, and Xiaotong Shang all published exclusively in Nov 2025. This looks like a strategic push timed for IETF 121 (Dublin, Nov 2025).
## 4. Quality Inversely Correlates with Quantity
| Pattern | Examples | Avg Composite |
|---------|----------|---------------|
| High volume, low quality | Huawei (57 drafts, 3.11), CAICT (6, 2.35), Futurewei (6, 2.67) | ~2.7-3.1 |
| Low volume, high quality | AWS (3, 4.38), Aiiva.org (3, 4.42), Mozilla (4, 3.81) | ~3.8-4.4 |
| Exception | Tsinghua (16, 3.53), Five9 (10, 3.75) | High both |
The top-rated organizations are nearly all low-volume Western/independent contributors. Volume does not predict quality.
## 5. The Agent Ecosystem is Being Built in Security WGs, Not Agent WGs
19 of 36 WG-adopted drafts (53%) are in security WGs (lamps, lake, tls, emu, ace). Only 2 are in the agent-specific "aipref" WG. The IETF isn't creating new infrastructure for agents — it's adapting existing security infrastructure. This is arguably the right approach but means agent-specific concerns (behavior verification, human override) have no natural WG home.
## 6. The 14-Author Mega-Draft Consortium
One draft about AI inference networking has 14 co-authors from 14 different organizations (Hygon, China Mobile, Tencent, Huawei, Broadcom, Ruijie, Metanet, Biren, Baidu, Moore Threads, Resnics, Centec, Cloudnine, Enflame). This is by far the broadest cross-org collaboration in the dataset — and it's focused on ML infrastructure, not agent protocols.
## 7. Jonathan Rosenberg Is the Western Counterweight
Five9's Jonathan Rosenberg (9 drafts, composite 3.75) is the only Western individual matching Huawei's output volume. His drafts (AAuth, NACT, aiproto) represent a coherent vision for agent communication — arguably the closest thing to a Western "ecosystem proposal" matching Huawei's breadth.
## 8. The Accountability Drafts Are the Best-Scored
The top 3 drafts by composite score are ALL about accountability/verification:
1. DAAP v2 (Distributed AI Accountability Protocol) — 4.75
2. EDHOC Application Profiles — 4.75
3. VOLT (Verifiable Operations Ledger and Trace) — 4.75
The market is hungry for safety/accountability solutions — when they appear, they're rated highest. The problem isn't that safety work is unwanted; it's that few teams are doing it.
## 9. OAuth 2.0 Is the Undisputed Foundation
RFC 6749 (OAuth 2.0) is cited by 36 drafts — more than any non-boilerplate RFC. The agent identity ecosystem is essentially an OAuth ecosystem. Any agent auth approach that doesn't build on OAuth will face adoption headwinds.
## 10. Two Gaps Have Zero Institutional Backing
"Agent Firmware/Model Update Security" and "Agent Energy Consumption Optimization" have zero WG-adopted drafts addressing them. These represent the intersection of importance and neglect — critical infrastructure needs that no working group has prioritized.