# Gap Analysis: IETF AI/Agent Draft Landscape *Generated 2026-05-22 10:24 UTC — analyzing 889 drafts, 898 technical ideas* ## Overview This report identifies **18 gaps** — areas, problems, or technical challenges not adequately addressed by the current 889 IETF AI/agent drafts. Each gap is cross-referenced with related drafts and extracted technical ideas to show partial coverage. | Severity | Count | |----------|------:| | **CRITICAL** | 4 | | **HIGH** | 9 | | **MEDIUM** | 5 | ### Safety Deficit Only **152** of 889 drafts address AI safety/alignment, while **157** focus on A2A protocols and **91** on autonomous operations. The ratio of capability-building to safety is roughly **1:1**. --- ## 1. Cross-SDO AI Agent Certification | | | |---|---| | **Severity** | CRITICAL | | **Category** | Policy/governance | | **Drafts in category** | 259 | No unified certification framework exists for AI agents that must comply with multiple standards bodies simultaneously. Organizations deploying AI agents face conflicting requirements across NIST trustworthiness, ISO safety, ETSI security, and ITU network integration standards. **Evidence:** Real deployments require simultaneous compliance with safety (ISO), security (ETSI), trustworthiness (NIST), and network standards (ITU), but no cross-recognition framework exists ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-sharif-openid-agent-identity](https://datatracker.ietf.org/doc/draft-sharif-openid-agent-identity/) (score 2.6) — OpenID Connect Agent Identity Claims for Autonomous AI Agents - [draft-zheng-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-agent-identity-management/) (score 3.7) — Agent Identity Managenment - [draft-zheng-dispatch-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-dispatch-agent-identity-management/) (score 3.3) — Agent Identity Managenment - [draft-li-dmsc-macp](https://datatracker.ietf.org/doc/draft-li-dmsc-macp/) (score 4.2) — Multi-agent Collaboration Protocol Suites Architecture - [draft-fu-nmop-agent-communication-framework](https://datatracker.ietf.org/doc/draft-fu-nmop-agent-communication-framework/) (score 3.0) — Agent Communication Framework for Network AIOps - [draft-ietf-anima-brski-ae](https://datatracker.ietf.org/doc/draft-ietf-anima-brski-ae/) (score 3.6) — BRSKI-AE: Alternative Enrollment Protocols in BRSKI **Top-rated in Policy/governance** (259 drafts): - [draft-kroehl-agentic-trust-aae](https://datatracker.ietf.org/doc/draft-kroehl-agentic-trust-aae/) (5.0) — Defines Agent Authorization Envelope (AAE) with machine-evaluable authorization semantics for autono - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [draft-aylward-daap-v2](https://datatracker.ietf.org/doc/draft-aylward-daap-v2/) (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and - [draft-sato-soos-hem](https://datatracker.ietf.org/doc/draft-sato-soos-hem/) (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove - [itu-t-y-3172](https://datatracker.ietf.org/doc/itu-t-y-3172/) (4.7) — Establishes comprehensive architectural framework for machine learning deployment in future networks ### Partially Addressing Ideas 1 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | Domain-Verified Skills Protocol | draft-zzn-dvs | protocol | --- ## 2. Real-time AI Agent Liability Attribution | | | |---|---| | **Severity** | CRITICAL | | **Category** | AI safety/alignment | | **Drafts in category** | 152 | When multiple autonomous AI agents interact and cause harm, no technical standard exists for real-time liability tracking and attribution. Current frameworks address governance but not the technical mechanisms for liability determination during multi-agent failures. **Evidence:** Multi-agent systems are being deployed without clear technical mechanisms to determine responsibility when agents interact and cause unintended consequences ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-an-nmrg-i2icf-cits](https://datatracker.ietf.org/doc/draft-an-nmrg-i2icf-cits/) (score 3.7) — Interface to In-Network Computing Functions for Cooperative Intelligent Transpor - [draft-zhao-detnet-enhanced-use-cases](https://datatracker.ietf.org/doc/draft-zhao-detnet-enhanced-use-cases/) (score 3.2) — Enhanced Use Cases for Scaling Deterministic Networks - [draft-zhang-rvp-problem-statement](https://datatracker.ietf.org/doc/draft-zhang-rvp-problem-statement/) (score 3.5) — Problem Statements and Requirements of Real-Virtual Agent Protocol (RVP): Commun - [draft-yuan-rtgwg-traffic-agent-usecase](https://datatracker.ietf.org/doc/draft-yuan-rtgwg-traffic-agent-usecase/) (score 3.7) — Use cases of the AI Network Traffic Optimization Agent - [draft-altanai-aipref-realtime-protocol-bindings](https://datatracker.ietf.org/doc/draft-altanai-aipref-realtime-protocol-bindings/) (score 3.6) — AI Preferences for Real-Time Protocol Bindings - [draft-sharif-openid-agent-identity](https://datatracker.ietf.org/doc/draft-sharif-openid-agent-identity/) (score 2.6) — OpenID Connect Agent Identity Claims for Autonomous AI Agents **Top-rated in AI safety/alignment** (152 drafts): - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [draft-aylward-daap-v2](https://datatracker.ietf.org/doc/draft-aylward-daap-v2/) (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and - [draft-sato-soos-hem](https://datatracker.ietf.org/doc/draft-sato-soos-hem/) (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove - [draft-guy-bary-stamp-protocol](https://datatracker.ietf.org/doc/draft-guy-bary-stamp-protocol/) (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou - [draft-drake-email-tpm-attestation](https://datatracker.ietf.org/doc/draft-drake-email-tpm-attestation/) (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb ### Partially Addressing Ideas 7 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | A2A Protocol Transport over MOQT | draft-a2a-moqt-transport | protocol | | Dynamic Task Coordination Requirements for AI Agents | draft-cui-ai-agent-task | requirement | | Dynamic Attestation for TLS Sessions | draft-jiang-seat-dynamic-attestation | mechanism | | SLIM protocol for real-time interactive messaging | draft-mpsb-agntcy-slim | protocol | | High-Frequency Action-Integrity Protocol | draft-sovereign-haip | protocol | | AI Network Security Agent | draft-yuan-rtgwg-security-agent-usecase | architecture | | AI Network Traffic Optimization Agent | draft-yuan-rtgwg-traffic-agent-usecase | architecture | --- ## 3. Cross-Organization AI Agent Liability Framework | | | |---|---| | **Severity** | CRITICAL | | **Category** | Policy/governance | | **Drafts in category** | 259 | No unified framework exists for determining legal liability when AI agents from different organizations interact and cause harm. Current standards focus on technical requirements but lack coordinated governance for multi-party agent scenarios. **Evidence:** NIST covers risk management and ISO has safety requirements, but no standard addresses liability chains when autonomous agents interact across organizational boundaries ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-nennemann-wimse-ect](https://datatracker.ietf.org/doc/draft-nennemann-wimse-ect/) (score 4.0) — Execution Context Tokens for Distributed Agentic Workflows - [draft-haberkamp-ipp](https://datatracker.ietf.org/doc/draft-haberkamp-ipp/) (score 4.0) — Intent Provenance Protocol (IPP) - [draft-bates-atp](https://datatracker.ietf.org/doc/draft-bates-atp/) (score 4.2) — Agent Transaction Protocol (ATP) - [draft-song-dmsc-problem-statement](https://datatracker.ietf.org/doc/draft-song-dmsc-problem-statement/) (score 3.0) — Problem Statement and Requirements for Dynamic Multi-agent Secured Collaboration - [draft-condrey-rats-witnessd-enrollment](https://datatracker.ietf.org/doc/draft-condrey-rats-witnessd-enrollment/) (score 3.0) — Trust Anchor Bootstrap Protocol for Proof of Process - [draft-sharif-openid-agent-identity](https://datatracker.ietf.org/doc/draft-sharif-openid-agent-identity/) (score 2.6) — OpenID Connect Agent Identity Claims for Autonomous AI Agents **Top-rated in Policy/governance** (259 drafts): - [draft-kroehl-agentic-trust-aae](https://datatracker.ietf.org/doc/draft-kroehl-agentic-trust-aae/) (5.0) — Defines Agent Authorization Envelope (AAE) with machine-evaluable authorization semantics for autono - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [draft-aylward-daap-v2](https://datatracker.ietf.org/doc/draft-aylward-daap-v2/) (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and - [draft-sato-soos-hem](https://datatracker.ietf.org/doc/draft-sato-soos-hem/) (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove - [itu-t-y-3172](https://datatracker.ietf.org/doc/itu-t-y-3172/) (4.7) — Establishes comprehensive architectural framework for machine learning deployment in future networks ### Partially Addressing Ideas 64 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | AgentCard Identity Format | draft-aevum-agentcard | protocol | | Intelligent Agent Communication Gateway Architecture | draft-agent-gw | architecture | | Tiered Risk-Based Governance for Autonomous AI Agents | draft-aylward-aiga-1 | architecture | | Tiered Risk-Based Governance for Autonomous AI Agents | draft-aylward-aiga-2 | architecture | | Distributed AI Accountability Protocol | draft-aylward-daap-v2 | protocol | | Zero Trust Runtime Agent Architecture | draft-berlinai-vera | architecture | | Agentic Hypercall Protocol | draft-campbell-agentic-http | pattern | | Context Distribution Optimization Framework | draft-chang-agent-context-interaction | mechanism | *...and 56 more* --- ## 4. AI Agent Emergency Shutdown Coordination | | | |---|---| | **Severity** | CRITICAL | | **Category** | AI safety/alignment | | **Drafts in category** | 152 | No standardized protocols exist for coordinating emergency shutdown of interconnected autonomous agents during cascading failure scenarios. Individual shutdown mechanisms exist but not coordinated response. **Evidence:** ISO safety standards cover individual machine shutdown but not coordinated multi-agent emergency responses ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-sharif-openid-agent-identity](https://datatracker.ietf.org/doc/draft-sharif-openid-agent-identity/) (score 2.6) — OpenID Connect Agent Identity Claims for Autonomous AI Agents - [draft-zheng-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-agent-identity-management/) (score 3.7) — Agent Identity Managenment - [draft-zheng-dispatch-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-dispatch-agent-identity-management/) (score 3.3) — Agent Identity Managenment - [draft-li-dmsc-macp](https://datatracker.ietf.org/doc/draft-li-dmsc-macp/) (score 4.2) — Multi-agent Collaboration Protocol Suites Architecture - [draft-fu-nmop-agent-communication-framework](https://datatracker.ietf.org/doc/draft-fu-nmop-agent-communication-framework/) (score 3.0) — Agent Communication Framework for Network AIOps - [draft-aylward-daap-v2](https://datatracker.ietf.org/doc/draft-aylward-daap-v2/) (score 4.8) — Distributed AI Accountability Protocol (DAAP) Version 2.0 **Top-rated in AI safety/alignment** (152 drafts): - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [draft-aylward-daap-v2](https://datatracker.ietf.org/doc/draft-aylward-daap-v2/) (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and - [draft-sato-soos-hem](https://datatracker.ietf.org/doc/draft-sato-soos-hem/) (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove - [draft-guy-bary-stamp-protocol](https://datatracker.ietf.org/doc/draft-guy-bary-stamp-protocol/) (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou - [draft-drake-email-tpm-attestation](https://datatracker.ietf.org/doc/draft-drake-email-tpm-attestation/) (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb ### Partially Addressing Ideas 12 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | Distributed AI Accountability Protocol | draft-aylward-daap-v2 | protocol | | Agent-based OAuth Token Revocation | draft-chen-oauth-agent-revocation | extension | | Agentic network architecture for multi-agent coordination | draft-chuyi-nmrg-agentic-network-inference | architecture | | Dynamic Task Coordination Requirements for AI Agents | draft-cui-ai-agent-task | requirement | | Multi-Agent Communication Framework for AIOps | draft-fu-nmop-agent-communication-framework | architecture | | Meta-Layer Coordination Substrate | draft-meta-layer-overview | architecture | | Substrate-Observation Coordination | draft-morrison-substrate-observation | pattern | | Agentic Overlay Network Architecture | draft-xu-agentic-overlay-network-architecture | architecture | *...and 4 more* --- ## 5. Cross-Domain AI Model Poisoning Detection | | | |---|---| | **Severity** | HIGH | | **Category** | AI safety/alignment | | **Drafts in category** | 152 | While NIST addresses adversarial ML, no standard exists for detecting model poisoning when AI agents share or federate models across organizational boundaries. Cross-domain poisoning attacks remain undetectable by current frameworks. **Evidence:** Federated learning and model sharing are increasing, but poisoning attacks across trust boundaries lack standardized detection mechanisms ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-diaconu-agents-authz-info-sharing](https://datatracker.ietf.org/doc/draft-diaconu-agents-authz-info-sharing/) (score 3.2) — Cross-Domain AuthZ Information sharing for Agents - [draft-cui-dmsc-agent-cdi](https://datatracker.ietf.org/doc/draft-cui-dmsc-agent-cdi/) (score 3.0) — Cross-Domain Interoperability Framework for AI Agent Collaboration - [draft-kiliram-agent-trust-auth-framework](https://datatracker.ietf.org/doc/draft-kiliram-agent-trust-auth-framework/) (score 4.2) — A Trust and Authentication Framework for Cross-Domain Agent-to-Agent Communicati - [draft-han-rtgwg-agent-gateway-intercomm-framework](https://datatracker.ietf.org/doc/draft-han-rtgwg-agent-gateway-intercomm-framework/) (score 3.6) — Agent Gateway Intercommunication Framework - [draft-ni-a2a-ai-agent-security-requirements](https://datatracker.ietf.org/doc/draft-ni-a2a-ai-agent-security-requirements/) (score 3.7) — Security Requirements for AI Agents - [draft-messous-eat-ai](https://datatracker.ietf.org/doc/draft-messous-eat-ai/) (score 3.6) — Entity Attestation Token (EAT) Profile for Autonomous AI Agents **Top-rated in AI safety/alignment** (152 drafts): - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [draft-aylward-daap-v2](https://datatracker.ietf.org/doc/draft-aylward-daap-v2/) (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and - [draft-sato-soos-hem](https://datatracker.ietf.org/doc/draft-sato-soos-hem/) (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove - [draft-guy-bary-stamp-protocol](https://datatracker.ietf.org/doc/draft-guy-bary-stamp-protocol/) (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou - [draft-drake-email-tpm-attestation](https://datatracker.ietf.org/doc/draft-drake-email-tpm-attestation/) (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb ### Partially Addressing Ideas 1 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | MCP-based Intent-Driven Network Troubleshooting | draft-zm-rtgwg-mcp-troubleshooting | protocol | --- ## 6. AI Agent Resource Exhaustion Prevention | | | |---|---| | **Severity** | HIGH | | **Category** | Autonomous netops | | **Drafts in category** | 91 | No standard exists to prevent AI agents from consuming excessive computational, network, or storage resources when operating autonomously. Current traffic management focuses on characterization but not prevention of resource abuse. **Evidence:** Autonomous agents can cause denial-of-service through resource overconsumption, but no preventive standards exist beyond basic traffic characterization ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-sharif-openid-agent-identity](https://datatracker.ietf.org/doc/draft-sharif-openid-agent-identity/) (score 2.6) — OpenID Connect Agent Identity Claims for Autonomous AI Agents - [draft-zheng-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-agent-identity-management/) (score 3.7) — Agent Identity Managenment - [draft-zheng-dispatch-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-dispatch-agent-identity-management/) (score 3.3) — Agent Identity Managenment - [draft-li-dmsc-macp](https://datatracker.ietf.org/doc/draft-li-dmsc-macp/) (score 4.2) — Multi-agent Collaboration Protocol Suites Architecture - [draft-fu-nmop-agent-communication-framework](https://datatracker.ietf.org/doc/draft-fu-nmop-agent-communication-framework/) (score 3.0) — Agent Communication Framework for Network AIOps - [draft-jia-oauth-scope-aggregation](https://datatracker.ietf.org/doc/draft-jia-oauth-scope-aggregation/) (score 3.5) — OAuth 2.0 Scope Aggregation for Multi-Step AI Agent Workflows **Top-rated in Autonomous netops** (91 drafts): - [itu-t-y-3172](https://datatracker.ietf.org/doc/itu-t-y-3172/) (4.7) — Establishes comprehensive architectural framework for machine learning deployment in future networks - [draft-song-anp-aip](https://datatracker.ietf.org/doc/draft-song-anp-aip/) (4.6) — Provides best-effort datagram delivery between AI agents identified by agent:// URIs. Serves as narr - [iso-pas-8800-2024](https://datatracker.ietf.org/doc/iso-pas-8800-2024/) (4.5) — Addresses safety-related E/E systems using AI technology in series-production road vehicles, coverin - [draft-cui-nmrg-llm-benchmark](https://datatracker.ietf.org/doc/draft-cui-nmrg-llm-benchmark/) (4.3) — Provides comprehensive evaluation framework for LLM-based network configuration agents. Includes emu - [iso-22733-1-2021](https://datatracker.ietf.org/doc/iso-22733-1-2021/) (4.3) — Specifies test methodology for evaluating autonomous emergency braking system performance in car-to- ### Partially Addressing Ideas 13 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | SCIM 2.0 Extension for Agents and Agentic Applications | draft-abbey-scim-agent-extension | extension | | AgentCard Identity Format | draft-aevum-agentcard | protocol | | AI Discovery Endpoint | draft-aiendpoint-ai-discovery | mechanism | | Fluid Agentic DeFi Protocol (FADP) | draft-fluid-fadp | protocol | | Events Query Protocol | draft-gupta-httpapi-events-query | protocol | | Agent Directory (AD) | draft-jimenez-agent-directory | protocol | | Micro Agent Communication Protocol (µACP) | draft-mallick-muacp | protocol | | MOQT Binding for A2A and MCP Protocols | draft-nandakumar-ai-agent-moq-transport | extension | *...and 5 more* --- ## 7. Multi-Modal Agent Authentication | | | |---|---| | **Severity** | HIGH | | **Category** | Agent identity/auth | | **Drafts in category** | 202 | Current agent identity standards assume single authentication modalities, but real AI agents operate across voice, text, visual, and sensor inputs simultaneously. No standard addresses unified authentication across multiple modalities. **Evidence:** Multi-modal AI agents are being deployed without standardized cross-modality authentication, creating security vulnerabilities ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-hw-protocol-agent](https://datatracker.ietf.org/doc/draft-hw-protocol-agent/) (score 3.1) — AI Agent Protocols for Multi-modality - [draft-xsaopig-nmop-service-flow-modal-mapping](https://datatracker.ietf.org/doc/draft-xsaopig-nmop-service-flow-modal-mapping/) (score 3.3) — Architecture for Service Flow Characteristics and Modal Mapping Based on SDN and - [draft-hw-ai-agent-6g](https://datatracker.ietf.org/doc/draft-hw-ai-agent-6g/) (score 3.1) — Requirements and Enabling Technologies of Agent Protocols for 6G Networks - [draft-yl-agent-id-requirements](https://datatracker.ietf.org/doc/draft-yl-agent-id-requirements/) (score 2.9) — Digital Identity Management for AI Agent Communication Protocols - [draft-howe-sipcore-mcp-extension](https://datatracker.ietf.org/doc/draft-howe-sipcore-mcp-extension/) (score 3.7) — SIP Extension for Model Context Protocol (MCP) - [draft-sharif-openid-agent-identity](https://datatracker.ietf.org/doc/draft-sharif-openid-agent-identity/) (score 2.6) — OpenID Connect Agent Identity Claims for Autonomous AI Agents **Top-rated in Agent identity/auth** (202 drafts): - [draft-kroehl-agentic-trust-aae](https://datatracker.ietf.org/doc/draft-kroehl-agentic-trust-aae/) (5.0) — Defines Agent Authorization Envelope (AAE) with machine-evaluable authorization semantics for autono - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [draft-aylward-daap-v2](https://datatracker.ietf.org/doc/draft-aylward-daap-v2/) (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and - [draft-guy-bary-stamp-protocol](https://datatracker.ietf.org/doc/draft-guy-bary-stamp-protocol/) (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou - [draft-drake-email-tpm-attestation](https://datatracker.ietf.org/doc/draft-drake-email-tpm-attestation/) (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb ### Partially Addressing Ideas 19 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | AI Discovery Endpoint | draft-aiendpoint-ai-discovery | mechanism | | Agentic Hypercall Protocol | draft-campbell-agentic-http | pattern | | Dynamic Behavior-Based Authentication and Authorization Requirements | draft-chen-ai-agent-auth-new-requirements | requirement | | AI Agent Metadata Format | draft-cui-ai-agent-discovery-invocation | extension | | HTTP Agent Profile (HAP) | draft-dhir-http-agent-profile | protocol | | AI Agent Protocol Framework | draft-hw-protocol-agent | protocol | | Multi-modal Data Quality Awareness | draft-hw-protocol-agent | requirement | | VWRAP Application-Layer Authentication Model | draft-ietf-vwrap-authentication | protocol | *...and 11 more* --- ## 8. Real-time Agent Capability Negotiation | | | |---|---| | **Severity** | HIGH | | **Category** | Agent discovery/reg | | **Drafts in category** | 84 | Autonomous agents need standardized protocols to dynamically discover and negotiate capabilities in real-time interactions. Current discovery mechanisms assume static capability sets and don't handle evolving AI models. **Evidence:** IETF has 84 agent discovery drafts but most focus on registration, not dynamic capability negotiation during active sessions ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-an-nmrg-i2icf-cits](https://datatracker.ietf.org/doc/draft-an-nmrg-i2icf-cits/) (score 3.7) — Interface to In-Network Computing Functions for Cooperative Intelligent Transpor - [draft-zhao-detnet-enhanced-use-cases](https://datatracker.ietf.org/doc/draft-zhao-detnet-enhanced-use-cases/) (score 3.2) — Enhanced Use Cases for Scaling Deterministic Networks - [draft-zhang-rvp-problem-statement](https://datatracker.ietf.org/doc/draft-zhang-rvp-problem-statement/) (score 3.5) — Problem Statements and Requirements of Real-Virtual Agent Protocol (RVP): Commun - [draft-yuan-rtgwg-traffic-agent-usecase](https://datatracker.ietf.org/doc/draft-yuan-rtgwg-traffic-agent-usecase/) (score 3.7) — Use cases of the AI Network Traffic Optimization Agent - [draft-altanai-aipref-realtime-protocol-bindings](https://datatracker.ietf.org/doc/draft-altanai-aipref-realtime-protocol-bindings/) (score 3.6) — AI Preferences for Real-Time Protocol Bindings - [draft-sharif-openid-agent-identity](https://datatracker.ietf.org/doc/draft-sharif-openid-agent-identity/) (score 2.6) — OpenID Connect Agent Identity Claims for Autonomous AI Agents **Top-rated in Agent discovery/reg** (84 drafts): - [draft-drake-agent-identity-registry](https://datatracker.ietf.org/doc/draft-drake-agent-identity-registry/) (4.6) — Defines federated registry architecture for persistent, hardware-anchored identities for autonomous - [draft-song-anp-ans](https://datatracker.ietf.org/doc/draft-song-anp-ans/) (4.6) — Defines Agent Name System mapping agent:// URIs to network peer identifiers in the ANP suite. Provid - [iso-37181-2022](https://datatracker.ietf.org/doc/iso-37181-2022/) (4.5) — Establishes guidelines for introducing and organizing autonomous vehicles on public roads. Addresses - [iso-37168-2022](https://datatracker.ietf.org/doc/iso-37168-2022/) (4.2) — Provides implementation guidance for Electric, Connected, and Autonomous Vehicles (eCAVs) in on-dema - [draft-deforth-arp-reasoning-protocol](https://datatracker.ietf.org/doc/draft-deforth-arp-reasoning-protocol/) (4.2) — Defines ARP v2.0, a machine-readable protocol for entities to publish context, corrections, and expe ### Partially Addressing Ideas 40 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | A2A Protocol Transport over MOQT | draft-a2a-moqt-transport | protocol | | Dynamic Task Coordination Requirements for AI Agents | draft-cui-ai-agent-task | requirement | | Agent Trust Negotiation Protocol | draft-somoza-atn-agent-trust-negotiation | protocol | | MCP Aggregation Protocol | draft-abbott-mcp-ax | protocol | | Intelligent Agent Communication Gateway Architecture | draft-agent-gw | architecture | | AI-Native Network Protocol (AINP) | draft-ainp-protocol | protocol | | Agentic Data Optimization Layer (ADOL) | draft-chang-agent-token-efficient | protocol | | Multi-Provider AI Inference Extensions | draft-chen-nmrg-multi-provider-inference-api | extension | *...and 32 more* --- ## 9. Federated AI Agent Training Security | | | |---|---| | **Severity** | HIGH | | **Category** | AI safety/alignment | | **Drafts in category** | 152 | Standards lack comprehensive security frameworks for federated learning scenarios where multiple AI agents collaborate on model training. Privacy-preserving techniques and poisoning attack prevention are inadequately specified. **Evidence:** ITU-T Y.3178 covers federated ML framework but NIST adversarial ML taxonomy doesn't address multi-agent training scenarios ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-kale-agntcy-federated-privacy](https://datatracker.ietf.org/doc/draft-kale-agntcy-federated-privacy/) (score 3.2) — Privacy-Preserving Federated Learning Architecture for Multi-Tenant AI Agent Sys - [draft-cui-dmsc-agent-cdi](https://datatracker.ietf.org/doc/draft-cui-dmsc-agent-cdi/) (score 3.0) — Cross-Domain Interoperability Framework for AI Agent Collaboration - [itu-t-y-3178](https://datatracker.ietf.org/doc/itu-t-y-3178/) (score 4.0) — ITU-T Y.3178: Requirements and framework of federated machine learning - [draft-ai-traffic](https://datatracker.ietf.org/doc/draft-ai-traffic/) (score 2.5) — Handling inter-DC/Edge AI-related network traffic: Problem statement - [draft-aft-ai-traffic](https://datatracker.ietf.org/doc/draft-aft-ai-traffic/) (score 3.1) — Handling inter-DC/Edge AI-related network traffic: Problem statement - [draft-sharif-openid-agent-identity](https://datatracker.ietf.org/doc/draft-sharif-openid-agent-identity/) (score 2.6) — OpenID Connect Agent Identity Claims for Autonomous AI Agents **Top-rated in AI safety/alignment** (152 drafts): - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [draft-aylward-daap-v2](https://datatracker.ietf.org/doc/draft-aylward-daap-v2/) (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and - [draft-sato-soos-hem](https://datatracker.ietf.org/doc/draft-sato-soos-hem/) (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove - [draft-guy-bary-stamp-protocol](https://datatracker.ietf.org/doc/draft-guy-bary-stamp-protocol/) (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou - [draft-drake-email-tpm-attestation](https://datatracker.ietf.org/doc/draft-drake-email-tpm-attestation/) (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb ### Partially Addressing Ideas 30 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | Privacy-Preserving Federated Learning for Multi-Tenant AI Agents | draft-kale-agntcy-federated-privacy | architecture | | AI Traffic Characterization Framework | draft-aft-ai-traffic | requirement | | AI Traffic Characterization Framework | draft-ai-traffic | requirement | | Zero Trust Runtime Agent Architecture | draft-berlinai-vera | architecture | | Cross-Domain Agent Interoperability Framework | draft-cui-dmsc-agent-cdi | architecture | | Agent Identity Registry | draft-drake-agent-identity-registry | architecture | | Agentic AI for Autonomous Network Management | draft-hong-nmrg-agenticai-ps | requirement | | Trust and security framework for structured email | draft-ietf-sml-trust | requirement | *...and 22 more* --- ## 10. Human Override Verification Protocols | | | |---|---| | **Severity** | HIGH | | **Category** | Human-agent interaction | | **Drafts in category** | 70 | While human-in-the-loop protocols exist, there's no standard for cryptographically verifying that human overrides of autonomous systems are authentic and authorized, creating security vulnerabilities. **Evidence:** IETF has human-in-the-loop confirmation protocols but lack cryptographic verification of human identity and authorization ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-beyer-agent-identity-architecture](https://datatracker.ietf.org/doc/draft-beyer-agent-identity-architecture/) (score 4.2) — Architecture for Human-Anchored Agent Identity, Delegation, and Provenance - [draft-beyer-agent-identity-problem-statement](https://datatracker.ietf.org/doc/draft-beyer-agent-identity-problem-statement/) (score 4.2) — Problem Statement for Human-Anchored Agent Identity, Delegation, and Provenance - [draft-sato-soos-hem](https://datatracker.ietf.org/doc/draft-sato-soos-hem/) (score 4.8) — The Human Escalation Mechanism (HEM) for Agentic AI Systems - [draft-dhir-http-agent-profile](https://datatracker.ietf.org/doc/draft-dhir-http-agent-profile/) (score 4.2) — HTTP Agent Profile (HAP): Authenticated and Monetized Agent Traffic on the Web - [draft-sato-soos-cap](https://datatracker.ietf.org/doc/draft-sato-soos-cap/) (score 4.5) — The Constitutional AI Protocol (CAP) for Agentic AI Systems - [draft-stone-adrp](https://datatracker.ietf.org/doc/draft-stone-adrp/) (score 3.8) — ADRP: Agent Dispute Resolution Protocol **Top-rated in Human-agent interaction** (70 drafts): - [draft-sato-soos-hem](https://datatracker.ietf.org/doc/draft-sato-soos-hem/) (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove - [draft-drake-email-tpm-attestation](https://datatracker.ietf.org/doc/draft-drake-email-tpm-attestation/) (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb - [draft-sato-soos-cap](https://datatracker.ietf.org/doc/draft-sato-soos-cap/) (4.5) — Specifies kernel-enforced prohibition architecture for agentic AI systems with three-tier prohibitio - [iso-37181-2022](https://datatracker.ietf.org/doc/iso-37181-2022/) (4.5) — Establishes guidelines for introducing and organizing autonomous vehicles on public roads. Addresses - [iso-pas-8800-2024](https://datatracker.ietf.org/doc/iso-pas-8800-2024/) (4.5) — Addresses safety-related E/E systems using AI technology in series-production road vehicles, coverin ### Partially Addressing Ideas 1 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | Verified Commerce for Agent Protocols | draft-stone-vcap | protocol | --- ## 11. Cross-Domain AI Model Provenance Tracking | | | |---|---| | **Severity** | HIGH | | **Category** | Data formats/interop | | **Drafts in category** | 202 | Standards lack unified approaches for tracking AI model provenance across different domains and organizations, making it difficult to verify model origins and modifications in complex agent ecosystems. **Evidence:** NIST covers synthetic content provenance but not comprehensive model provenance across organizational boundaries ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-diaconu-agents-authz-info-sharing](https://datatracker.ietf.org/doc/draft-diaconu-agents-authz-info-sharing/) (score 3.2) — Cross-Domain AuthZ Information sharing for Agents - [draft-cui-dmsc-agent-cdi](https://datatracker.ietf.org/doc/draft-cui-dmsc-agent-cdi/) (score 3.0) — Cross-Domain Interoperability Framework for AI Agent Collaboration - [draft-kiliram-agent-trust-auth-framework](https://datatracker.ietf.org/doc/draft-kiliram-agent-trust-auth-framework/) (score 4.2) — A Trust and Authentication Framework for Cross-Domain Agent-to-Agent Communicati - [draft-han-rtgwg-agent-gateway-intercomm-framework](https://datatracker.ietf.org/doc/draft-han-rtgwg-agent-gateway-intercomm-framework/) (score 3.6) — Agent Gateway Intercommunication Framework - [draft-ni-a2a-ai-agent-security-requirements](https://datatracker.ietf.org/doc/draft-ni-a2a-ai-agent-security-requirements/) (score 3.7) — Security Requirements for AI Agents - [draft-messous-eat-ai](https://datatracker.ietf.org/doc/draft-messous-eat-ai/) (score 3.6) — Entity Attestation Token (EAT) Profile for Autonomous AI Agents **Top-rated in Data formats/interop** (202 drafts): - [draft-kroehl-agentic-trust-aae](https://datatracker.ietf.org/doc/draft-kroehl-agentic-trust-aae/) (5.0) — Defines Agent Authorization Envelope (AAE) with machine-evaluable authorization semantics for autono - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [itu-t-y-3172](https://datatracker.ietf.org/doc/itu-t-y-3172/) (4.7) — Establishes comprehensive architectural framework for machine learning deployment in future networks - [iso-iec-22989-2022](https://datatracker.ietf.org/doc/iso-iec-22989-2022/) (4.7) — ISO/IEC standard defining core AI concepts and establishing standardized terminology across the fiel - [draft-williams-netmod-lm-hierarchy-topology](https://datatracker.ietf.org/doc/draft-williams-netmod-lm-hierarchy-topology/) (4.6) — Defines YANG data model for hierarchical language model coordination across tiny, small, and large L ### Partially Addressing Ideas 9 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | Human-Anchored Agent Identity Model | draft-beyer-agent-identity-architecture | architecture | | Crovia Seal | draft-crovia-seal | protocol | | EAT Profile for AI Agent Attestation | draft-messous-eat-ai | extension | | Cryptographic AI Inference Provenance Chain | draft-mw-spice-inference-chain | mechanism | | Cryptographic Content Provenance Chain | draft-mw-spice-intent-chain | mechanism | | Protocol Layer Prompt Engineering Specification (PLPES) | draft-reilly-plpes | protocol | | Agent Public Key Infrastructure (APKI) | draft-sharif-apki-agent-pki | architecture | | ML Model Description Framework | iso-iec-awi-25623 | framework | *...and 1 more* --- ## 12. Autonomous Agent Legal Standing Recognition | | | |---|---| | **Severity** | HIGH | | **Category** | Policy/governance | | **Drafts in category** | 259 | No framework exists for recognizing when AI agents can act with legal standing versus when they require human principals. This creates uncertainty in contract formation and legal obligations. **Evidence:** Legal recognition gaps mentioned in governance discussions but no technical standards address digital identity for legal standing ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [iso-18497-3-2024](https://datatracker.ietf.org/doc/iso-18497-3-2024/) (score 3.0) — ISO 18497-3:2024: Agricultural machinery and tractors — Safety of partially auto - [draft-sovereign-satp](https://datatracker.ietf.org/doc/draft-sovereign-satp/) (score 2.5) — Sovereign Autonomous Trust Protocol (SATP) v1.0 - [draft-kim-nmrg-2nmai5g](https://datatracker.ietf.org/doc/draft-kim-nmrg-2nmai5g/) (score 2.1) — Native Network Management using Artificial Intelligence over an Adaptive B5G Net - [draft-sovereign-svtp](https://datatracker.ietf.org/doc/draft-sovereign-svtp/) (score 3.2) — Sovereign Verification & Trust Protocol (SVTP) v1.0 - [iso-17757-2017](https://datatracker.ietf.org/doc/iso-17757-2017/) (score 2.6) — ISO 17757:2017: Earth-moving machinery and mining — Autonomous and semi-autonomo - [draft-sharif-openid-agent-identity](https://datatracker.ietf.org/doc/draft-sharif-openid-agent-identity/) (score 2.6) — OpenID Connect Agent Identity Claims for Autonomous AI Agents **Top-rated in Policy/governance** (259 drafts): - [draft-kroehl-agentic-trust-aae](https://datatracker.ietf.org/doc/draft-kroehl-agentic-trust-aae/) (5.0) — Defines Agent Authorization Envelope (AAE) with machine-evaluable authorization semantics for autono - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [draft-aylward-daap-v2](https://datatracker.ietf.org/doc/draft-aylward-daap-v2/) (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and - [draft-sato-soos-hem](https://datatracker.ietf.org/doc/draft-sato-soos-hem/) (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove - [itu-t-y-3172](https://datatracker.ietf.org/doc/itu-t-y-3172/) (4.7) — Establishes comprehensive architectural framework for machine learning deployment in future networks ### Partially Addressing Ideas 65 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | AI Agent Architecture for Network Digital Twin | draft-zhao-nmrg-ai-agent-for-ndt | architecture | | AgentCard Identity Format | draft-aevum-agentcard | protocol | | Tiered Risk-Based Governance for Autonomous AI Agents | draft-aylward-aiga-1 | architecture | | Tiered Risk-Based Governance for Autonomous AI Agents | draft-aylward-aiga-2 | architecture | | Distributed AI Accountability Protocol | draft-aylward-daap-v2 | protocol | | Dynamic Behavior-Based Authentication and Authorization Requirements | draft-chen-ai-agent-auth-new-requirements | requirement | | Agent-based OAuth Token Revocation | draft-chen-oauth-agent-revocation | extension | | Dynamic Task Coordination Requirements for AI Agents | draft-cui-ai-agent-task | requirement | *...and 57 more* --- ## 13. Inter-Standards-Body Protocol Mapping | | | |---|---| | **Severity** | HIGH | | **Category** | Data formats/interop | | **Drafts in category** | 202 | Critical gaps exist in mapping between protocols from different standards bodies (IETF networking, ISO safety, ITU-T AI frameworks), preventing cohesive implementation of agent systems that must comply with multiple standards. **Evidence:** Each standards body develops protocols in isolation with minimal cross-referencing or compatibility requirements ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-cui-nmrg-auto-test](https://datatracker.ietf.org/doc/draft-cui-nmrg-auto-test/) (score 3.6) — Framework and Automation Levels for AI-Assisted Network Protocol Testing - [draft-cosmos-protocol-specification](https://datatracker.ietf.org/doc/draft-cosmos-protocol-specification/) (score 3.3) — The Cosmos Protocol Specification (Trust-Native Semantic Protocol) - [draft-tu-nmrg-blockchain-trusted-protocol](https://datatracker.ietf.org/doc/draft-tu-nmrg-blockchain-trusted-protocol/) (score 1.8) — A Blockchain Trusted Protocol for Intelligent Communication Network - [draft-yang-ioa-protocol](https://datatracker.ietf.org/doc/draft-yang-ioa-protocol/) (score 3.6) — Internet of Agents Protocol (IoA Protocol) for Heterogeneous Agent Collaboration - [draft-yang-dmsc-ioa-task-protocol](https://datatracker.ietf.org/doc/draft-yang-dmsc-ioa-task-protocol/) (score 3.0) — Internet of Agents Task Protocol (IoA Task Protocol) for Heterogeneous Agent Col - [draft-moreno-lisp-uberlay](https://datatracker.ietf.org/doc/draft-moreno-lisp-uberlay/) (score 3.6) — Uberlay Interconnection of Multiple LISP overlays **Top-rated in Data formats/interop** (202 drafts): - [draft-kroehl-agentic-trust-aae](https://datatracker.ietf.org/doc/draft-kroehl-agentic-trust-aae/) (5.0) — Defines Agent Authorization Envelope (AAE) with machine-evaluable authorization semantics for autono - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [itu-t-y-3172](https://datatracker.ietf.org/doc/itu-t-y-3172/) (4.7) — Establishes comprehensive architectural framework for machine learning deployment in future networks - [iso-iec-22989-2022](https://datatracker.ietf.org/doc/iso-iec-22989-2022/) (4.7) — ISO/IEC standard defining core AI concepts and establishing standardized terminology across the fiel - [draft-williams-netmod-lm-hierarchy-topology](https://datatracker.ietf.org/doc/draft-williams-netmod-lm-hierarchy-topology/) (4.6) — Defines YANG data model for hierarchical language model coordination across tiny, small, and large L ### Partially Addressing Ideas 6 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | Model Context Protocol over MOQT | draft-jennings-ai-mcp-over-moq | protocol | | Model Context Protocol over MOQT | draft-jennings-mcp-over-moqt | protocol | | Model Context Protocol over MOQT | draft-mcp-over-moqt | protocol | | MOQT Binding for A2A and MCP Protocols | draft-nandakumar-ai-agent-moq-transport | extension | | LISP for AI Agent Networking | draft-wang-lisp-ai-agent | extension | | ALTO-based Service Flow to Network Resource Mapping | draft-xsaopig-nmop-service-flow-modal-mapping | architecture | --- ## 14. Agent Behavior Drift Detection | | | |---|---| | **Severity** | MEDIUM | | **Category** | AI safety/alignment | | **Drafts in category** | 152 | No technical standard exists for detecting when AI agents' behavior drifts from their original training or intended function over time. Current standards address initial validation but not ongoing behavioral monitoring. **Evidence:** AI agents deployed in production environments change behavior over time, but no standardized drift detection mechanisms exist ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-sharif-openid-agent-identity](https://datatracker.ietf.org/doc/draft-sharif-openid-agent-identity/) (score 2.6) — OpenID Connect Agent Identity Claims for Autonomous AI Agents - [draft-zheng-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-agent-identity-management/) (score 3.7) — Agent Identity Managenment - [draft-zheng-dispatch-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-dispatch-agent-identity-management/) (score 3.3) — Agent Identity Managenment - [draft-li-dmsc-macp](https://datatracker.ietf.org/doc/draft-li-dmsc-macp/) (score 4.2) — Multi-agent Collaboration Protocol Suites Architecture - [draft-fu-nmop-agent-communication-framework](https://datatracker.ietf.org/doc/draft-fu-nmop-agent-communication-framework/) (score 3.0) — Agent Communication Framework for Network AIOps - [draft-ruan-spring-priority-flow-control-sid](https://datatracker.ietf.org/doc/draft-ruan-spring-priority-flow-control-sid/) (score 3.1) — SRv6 behavior extention for Flow Control in WAN **Top-rated in AI safety/alignment** (152 drafts): - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [draft-aylward-daap-v2](https://datatracker.ietf.org/doc/draft-aylward-daap-v2/) (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and - [draft-sato-soos-hem](https://datatracker.ietf.org/doc/draft-sato-soos-hem/) (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove - [draft-guy-bary-stamp-protocol](https://datatracker.ietf.org/doc/draft-guy-bary-stamp-protocol/) (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou - [draft-drake-email-tpm-attestation](https://datatracker.ietf.org/doc/draft-drake-email-tpm-attestation/) (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb ### Partially Addressing Ideas 13 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | Agent Event Behaviour Analysis Framework | draft-sharif-aeba | protocol | | AI Network Security Agent | draft-yuan-rtgwg-security-agent-usecase | architecture | | Distributed AI Accountability Protocol | draft-aylward-daap-v2 | protocol | | Post-Discovery Authorization Handshake | draft-barney-caam | protocol | | Evidence-based Autonomy Maturity Model | draft-berlinai-vera | mechanism | | Intent-Based Just-in-Time Authorization | draft-chen-agent-decoupled-authorization-model | architecture | | Dynamic Behavior-Based Authentication and Authorization Requirements | draft-chen-ai-agent-auth-new-requirements | requirement | | Proof-of-Behavior Protocol | draft-dembowski-agentledger-proof-of-behavior | protocol | *...and 5 more* --- ## 15. AI Agent Training Data Provenance Verification | | | |---|---| | **Severity** | MEDIUM | | **Category** | Data formats/interop | | **Drafts in category** | 202 | No standard exists for AI agents to verify and communicate the provenance of their training data to other agents or humans during interactions. This creates trust and compliance issues in regulated industries. **Evidence:** Regulated industries require training data provenance for AI decisions, but agents lack standardized mechanisms to communicate this information ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-sharif-openid-agent-identity](https://datatracker.ietf.org/doc/draft-sharif-openid-agent-identity/) (score 2.6) — OpenID Connect Agent Identity Claims for Autonomous AI Agents - [draft-zheng-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-agent-identity-management/) (score 3.7) — Agent Identity Managenment - [draft-zheng-dispatch-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-dispatch-agent-identity-management/) (score 3.3) — Agent Identity Managenment - [draft-li-dmsc-macp](https://datatracker.ietf.org/doc/draft-li-dmsc-macp/) (score 4.2) — Multi-agent Collaboration Protocol Suites Architecture - [draft-fu-nmop-agent-communication-framework](https://datatracker.ietf.org/doc/draft-fu-nmop-agent-communication-framework/) (score 3.0) — Agent Communication Framework for Network AIOps - [draft-akhavain-moussa-ai-network](https://datatracker.ietf.org/doc/draft-akhavain-moussa-ai-network/) (score 3.9) — AI Network for Training, Inference, and Agentic Interactions **Top-rated in Data formats/interop** (202 drafts): - [draft-kroehl-agentic-trust-aae](https://datatracker.ietf.org/doc/draft-kroehl-agentic-trust-aae/) (5.0) — Defines Agent Authorization Envelope (AAE) with machine-evaluable authorization semantics for autono - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [itu-t-y-3172](https://datatracker.ietf.org/doc/itu-t-y-3172/) (4.7) — Establishes comprehensive architectural framework for machine learning deployment in future networks - [iso-iec-22989-2022](https://datatracker.ietf.org/doc/iso-iec-22989-2022/) (4.7) — ISO/IEC standard defining core AI concepts and establishing standardized terminology across the fiel - [draft-williams-netmod-lm-hierarchy-topology](https://datatracker.ietf.org/doc/draft-williams-netmod-lm-hierarchy-topology/) (4.6) — Defines YANG data model for hierarchical language model coordination across tiny, small, and large L ### Partially Addressing Ideas 79 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | EAT Profile for AI Agent Attestation | draft-messous-eat-ai | extension | | Verifiable Agent Conversation Format | draft-birkholz-verifiable-agent-conversations | protocol | | Warrant Certificate Authority (WCA) | draft-bondar-wca | architecture | | Agentic Reasoning Protocol v1 | draft-deforth-arp | protocol | | Blockchain-Anchored Integrity for AI Provenance | draft-reilly-sentinel-protocol | mechanism | | PAIT Token-Level Inference Provenance | draft-vasylenko-pait-protocol | protocol | | AgentCard Identity Format | draft-aevum-agentcard | protocol | | AI Traffic Characterization Framework | draft-aft-ai-traffic | requirement | *...and 71 more* --- ## 16. AI Agent Resource Consumption Accounting | | | |---|---| | **Severity** | MEDIUM | | **Category** | Model serving/inference | | **Drafts in category** | 54 | No standardized methodology exists for measuring and accounting for computational resources consumed by autonomous agents across different infrastructure providers. This creates billing and resource management challenges. **Evidence:** ISO electronic fee collection standards exist for simple systems, but no equivalent for complex AI agent resource usage across cloud providers ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-sharif-openid-agent-identity](https://datatracker.ietf.org/doc/draft-sharif-openid-agent-identity/) (score 2.6) — OpenID Connect Agent Identity Claims for Autonomous AI Agents - [draft-zheng-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-agent-identity-management/) (score 3.7) — Agent Identity Managenment - [draft-zheng-dispatch-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-dispatch-agent-identity-management/) (score 3.3) — Agent Identity Managenment - [draft-li-dmsc-macp](https://datatracker.ietf.org/doc/draft-li-dmsc-macp/) (score 4.2) — Multi-agent Collaboration Protocol Suites Architecture - [draft-fu-nmop-agent-communication-framework](https://datatracker.ietf.org/doc/draft-fu-nmop-agent-communication-framework/) (score 3.0) — Agent Communication Framework for Network AIOps - [draft-jia-oauth-scope-aggregation](https://datatracker.ietf.org/doc/draft-jia-oauth-scope-aggregation/) (score 3.5) — OAuth 2.0 Scope Aggregation for Multi-Step AI Agent Workflows **Top-rated in Model serving/inference** (54 drafts): - [itu-t-y-3172](https://datatracker.ietf.org/doc/itu-t-y-3172/) (4.7) — Establishes comprehensive architectural framework for machine learning deployment in future networks - [draft-williams-netmod-lm-hierarchy-topology](https://datatracker.ietf.org/doc/draft-williams-netmod-lm-hierarchy-topology/) (4.6) — Defines YANG data model for hierarchical language model coordination across tiny, small, and large L - [draft-chang-agent-token-efficient](https://datatracker.ietf.org/doc/draft-chang-agent-token-efficient/) (4.5) — Defines ADOL (Agentic Data Optimization Layer) to address token bloat in agent communication protoco - [draft-calabria-bmwg-ai-fabric-inference-bench](https://datatracker.ietf.org/doc/draft-calabria-bmwg-ai-fabric-inference-bench/) (4.5) — Defines benchmarking methodology for AI inference network fabrics. Establishes KPIs and test procedu - [draft-wang-cats-odsi](https://datatracker.ietf.org/doc/draft-wang-cats-odsi/) (4.5) — Specifies framework for decentralized LLM inference across untrusted participants with layer-aware e ### Partially Addressing Ideas 17 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | SCIM 2.0 Extension for Agents and Agentic Applications | draft-abbey-scim-agent-extension | extension | | AgentCard Identity Format | draft-aevum-agentcard | protocol | | AI Discovery Endpoint | draft-aiendpoint-ai-discovery | mechanism | | Semantic Context Compression for Agent Communication | draft-benzing-accp | protocol | | Context Distribution Optimization Framework | draft-chang-agent-context-interaction | mechanism | | Agentic Reasoning Protocol v1 | draft-deforth-arp | protocol | | Fluid Agentic DeFi Protocol (FADP) | draft-fluid-fadp | protocol | | Events Query Protocol | draft-gupta-httpapi-events-query | protocol | *...and 9 more* --- ## 17. Multi-Modal AI Agent Communication Standards | | | |---|---| | **Severity** | MEDIUM | | **Category** | A2A protocols | | **Drafts in category** | 157 | Current protocols focus on text-based agent communication but lack standards for agents that communicate through multiple modalities (text, voice, images, sensor data) simultaneously in coordinated interactions. **Evidence:** IETF A2A protocols are primarily text-based, while real-world agents increasingly use multi-modal interfaces ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-hw-protocol-agent](https://datatracker.ietf.org/doc/draft-hw-protocol-agent/) (score 3.1) — AI Agent Protocols for Multi-modality - [draft-xsaopig-nmop-service-flow-modal-mapping](https://datatracker.ietf.org/doc/draft-xsaopig-nmop-service-flow-modal-mapping/) (score 3.3) — Architecture for Service Flow Characteristics and Modal Mapping Based on SDN and - [draft-hw-ai-agent-6g](https://datatracker.ietf.org/doc/draft-hw-ai-agent-6g/) (score 3.1) — Requirements and Enabling Technologies of Agent Protocols for 6G Networks - [draft-yl-agent-id-requirements](https://datatracker.ietf.org/doc/draft-yl-agent-id-requirements/) (score 2.9) — Digital Identity Management for AI Agent Communication Protocols - [draft-howe-sipcore-mcp-extension](https://datatracker.ietf.org/doc/draft-howe-sipcore-mcp-extension/) (score 3.7) — SIP Extension for Model Context Protocol (MCP) - [draft-sharif-openid-agent-identity](https://datatracker.ietf.org/doc/draft-sharif-openid-agent-identity/) (score 2.6) — OpenID Connect Agent Identity Claims for Autonomous AI Agents **Top-rated in A2A protocols** (157 drafts): - [draft-guy-bary-stamp-protocol](https://datatracker.ietf.org/doc/draft-guy-bary-stamp-protocol/) (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou - [draft-williams-netmod-lm-hierarchy-topology](https://datatracker.ietf.org/doc/draft-williams-netmod-lm-hierarchy-topology/) (4.6) — Defines YANG data model for hierarchical language model coordination across tiny, small, and large L - [draft-song-anp-ans](https://datatracker.ietf.org/doc/draft-song-anp-ans/) (4.6) — Defines Agent Name System mapping agent:// URIs to network peer identifiers in the ANP suite. Provid - [draft-song-anp-aitp](https://datatracker.ietf.org/doc/draft-song-anp-aitp/) (4.6) — Message-framed invocation transport protocol above AIP for AI agents. Provides method-aware framing - [draft-song-anp-aip](https://datatracker.ietf.org/doc/draft-song-anp-aip/) (4.6) — Provides best-effort datagram delivery between AI agents identified by agent:// URIs. Serves as narr ### Partially Addressing Ideas 55 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | AgentCard Identity Format | draft-aevum-agentcard | protocol | | Intelligent Agent Communication Gateway Architecture | draft-agent-gw | architecture | | AI-Native Network Protocol (AINP) | draft-ainp-protocol | protocol | | Agent-to-Agent Communication in Transportation Networks | draft-an-nmrg-i2icf-cits | pattern | | Semantic Context Compression for Agent Communication | draft-benzing-accp | protocol | | Agentic Data Optimization Layer (ADOL) | draft-chang-agent-token-efficient | protocol | | Agent Envelope Exchange (AEE) JSON envelope format | draft-cowles-aee | protocol | | Agentic Reasoning Protocol v2 | draft-deforth-arp-reasoning-protocol | protocol | *...and 47 more* --- ## 18. AI Agent Behavioral Audit Trail Standards | | | |---|---| | **Severity** | MEDIUM | | **Category** | AI safety/alignment | | **Drafts in category** | 152 | While logging exists, there's no standardized format for comprehensive behavioral audit trails that can track decision-making processes across different AI agent architectures and be used for post-incident analysis. **Evidence:** ETSI has AI security testing but lacks standardized audit trail formats for behavioral analysis ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-sharif-openid-agent-identity](https://datatracker.ietf.org/doc/draft-sharif-openid-agent-identity/) (score 2.6) — OpenID Connect Agent Identity Claims for Autonomous AI Agents - [draft-zheng-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-agent-identity-management/) (score 3.7) — Agent Identity Managenment - [draft-zheng-dispatch-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-dispatch-agent-identity-management/) (score 3.3) — Agent Identity Managenment - [draft-li-dmsc-macp](https://datatracker.ietf.org/doc/draft-li-dmsc-macp/) (score 4.2) — Multi-agent Collaboration Protocol Suites Architecture - [draft-fu-nmop-agent-communication-framework](https://datatracker.ietf.org/doc/draft-fu-nmop-agent-communication-framework/) (score 3.0) — Agent Communication Framework for Network AIOps - [draft-kamimura-rats-behavioral-evidence](https://datatracker.ietf.org/doc/draft-kamimura-rats-behavioral-evidence/) (score 3.0) — On the Relationship Between Remote Attestation and Behavioral Evidence Recording **Top-rated in AI safety/alignment** (152 drafts): - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [draft-aylward-daap-v2](https://datatracker.ietf.org/doc/draft-aylward-daap-v2/) (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and - [draft-sato-soos-hem](https://datatracker.ietf.org/doc/draft-sato-soos-hem/) (4.8) — Specifies Human Escalation Mechanism as a kernel-level protocol for AI agent escalation to human ove - [draft-guy-bary-stamp-protocol](https://datatracker.ietf.org/doc/draft-guy-bary-stamp-protocol/) (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou - [draft-drake-email-tpm-attestation](https://datatracker.ietf.org/doc/draft-drake-email-tpm-attestation/) (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb ### Partially Addressing Ideas 25 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | Proof-of-Behavior Protocol | draft-dembowski-agentledger-proof-of-behavior | protocol | | SCITT AI Agent Profile | draft-emirdag-scitt-ai-agent-execution | extension | | Compliance-oriented agent memory model | draft-gaikwad-aps-profile | pattern | | Delegated Agent Authorization Protocol | draft-mishra-oauth-agent-grants | protocol | | Vorim Agent Identity Protocol (VAIP) | draft-nyantakyi-vaip-agent-identity | protocol | | Agent Audit Trail Standard | draft-sharif-agent-audit-trail | protocol | | Distributed AI Accountability Protocol | draft-aylward-daap-v2 | protocol | | Cryptographically Verifiable DAG for Agent Transactions | draft-bates-atp | protocol | *...and 17 more* --- ## Cross-Cutting Analysis ### Gaps by Category | Category | Drafts | Gaps | Gap Topics | |----------|-------:|-----:|------------| | a2a protocols | 157 | 1 | Multi-Modal AI Agent Communication Standards | | agent discovery/reg | 84 | 1 | Real-time Agent Capability Negotiation | | agent identity/auth | 202 | 1 | Multi-Modal Agent Authentication | | ai safety/alignment | 152 | 6 | Real-time AI Agent Liability Attribution; AI Agent Emergency Shutdown Coordination; Cross-Domain AI Model Poisoning Detection; Federated AI Agent Training Security; Agent Behavior Drift Detection; AI Agent Behavioral Audit Trail Standards | | autonomous netops | 91 | 1 | AI Agent Resource Exhaustion Prevention | | data formats/interop | 202 | 3 | Cross-Domain AI Model Provenance Tracking; Inter-Standards-Body Protocol Mapping; AI Agent Training Data Provenance Verification | | human-agent interaction | 70 | 1 | Human Override Verification Protocols | | model serving/inference | 54 | 1 | AI Agent Resource Consumption Accounting | | policy/governance | 259 | 3 | Cross-SDO AI Agent Certification; Cross-Organization AI Agent Liability Framework; Autonomous Agent Legal Standing Recognition | ## Recommendations Based on the gap analysis, the highest-impact areas for new standardization work: 1. **Runtime behavior verification** — The most critical safety gap. Agents declare policies but nothing validates compliance at runtime. 2. **Error recovery and rollback** — Autonomous operations need standardized failure handling before real deployment at scale. 3. **Protocol interoperability layer** — 92 competing A2A protocols need a translation/negotiation framework to avoid fragmentation. 4. **Dynamic trust systems** — Static certificates cannot scale to long-running agent ecosystems. Trust must be earned and revocable. 5. **Human emergency override** — The 7:1 ratio of autonomous capability to human oversight drafts is concerning for production deployments.