# Gap Analysis: IETF AI/Agent Draft Landscape *Generated 2026-03-08 14:30 UTC — analyzing 474 drafts, 462 technical ideas* ## Overview This report identifies **12 gaps** — areas, problems, or technical challenges not adequately addressed by the current 474 IETF AI/agent drafts. Each gap is cross-referenced with related drafts and extracted technical ideas to show partial coverage. | Severity | Count | |----------|------:| | **CRITICAL** | 3 | | **HIGH** | 6 | | **MEDIUM** | 3 | ### Safety Deficit Only **46** of 474 drafts address AI safety/alignment, while **150** focus on A2A protocols and **110** on autonomous operations. The ratio of capability-building to safety is roughly **5:1**. --- ## 1. Real-time Agent Behavior Verification | | | |---|---| | **Severity** | CRITICAL | | **Category** | AI safety/alignment | | **Drafts in category** | 46 | Current AI safety drafts focus on governance but lack technical protocols for real-time verification that agents are behaving according to their declared policies. There's no standard way to cryptographically prove agent actions match stated intentions. **Evidence:** Only 46 safety drafts versus 474 total, with governance focus rather than technical verification ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-an-nmrg-i2icf-cits](https://datatracker.ietf.org/doc/draft-an-nmrg-i2icf-cits/) (score 3.7) — Interface to In-Network Computing Functions for Cooperative Intelligent Transpor - [draft-zhao-detnet-enhanced-use-cases](https://datatracker.ietf.org/doc/draft-zhao-detnet-enhanced-use-cases/) (score 3.2) — Enhanced Use Cases for Scaling Deterministic Networks - [draft-zhang-rvp-problem-statement](https://datatracker.ietf.org/doc/draft-zhang-rvp-problem-statement/) (score 3.5) — Problem Statements and Requirements of Real-Virtual Agent Protocol (RVP): Commun - [draft-yuan-rtgwg-traffic-agent-usecase](https://datatracker.ietf.org/doc/draft-yuan-rtgwg-traffic-agent-usecase/) (score 3.7) — Use cases of the AI Network Traffic Optimization Agent - [draft-altanai-aipref-realtime-protocol-bindings](https://datatracker.ietf.org/doc/draft-altanai-aipref-realtime-protocol-bindings/) (score 3.6) — AI Preferences for Real-Time Protocol Bindings - [draft-zheng-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-agent-identity-management/) (score 3.7) — Agent Identity Managenment **Top-rated in AI safety/alignment** (46 drafts): - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [draft-aylward-daap-v2](https://datatracker.ietf.org/doc/draft-aylward-daap-v2/) (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and - [draft-guy-bary-stamp-protocol](https://datatracker.ietf.org/doc/draft-guy-bary-stamp-protocol/) (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou - [draft-drake-email-tpm-attestation](https://datatracker.ietf.org/doc/draft-drake-email-tpm-attestation/) (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb - [draft-goswami-agentic-jwt](https://datatracker.ietf.org/doc/draft-goswami-agentic-jwt/) (4.5) — Extends OAuth 2.0 with Agentic JWT to address authorization challenges in autonomous AI systems. Int ### Partially Addressing Ideas 17 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | Distributed AI Accountability Protocol | draft-aylward-daap-v2 | protocol | | AGENTS.TXT Policy File | draft-srijal-agents-policy | protocol | | AI Network Security Agent | draft-yuan-rtgwg-security-agent-usecase | architecture | | A2A Protocol Transport over MOQT | draft-a2a-moqt-transport | protocol | | Post-Discovery Authorization Handshake | draft-barney-caam | protocol | | Evidence-based Autonomy Maturity Model | draft-berlinai-vera | mechanism | | Verifiable Agent Conversation Format | draft-birkholz-verifiable-agent-conversations | protocol | | Intent-Based Just-in-Time Authorization | draft-chen-agent-decoupled-authorization-model | architecture | *...and 9 more* --- ## 2. Multi-Agent Consensus Under Byzantine Conditions | | | |---|---| | **Severity** | CRITICAL | | **Category** | A2A protocols | | **Drafts in category** | 150 | While agent discovery and A2A protocols exist, there's no framework for handling consensus when some agents may be compromised or malicious. Critical for autonomous systems making collective decisions. **Evidence:** Complex autonomous systems require Byzantine fault tolerance but it's absent from protocol designs ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-li-dmsc-mcps-agw](https://datatracker.ietf.org/doc/draft-li-dmsc-mcps-agw/) (score 3.5) — Multi-agent Collaboration Protocol Suite based on Agent Gateway - [draft-li-dmsc-inf-architecture](https://datatracker.ietf.org/doc/draft-li-dmsc-inf-architecture/) (score 3.1) — Dynamic Multi-agent Secured Collaboration Infrastructure Architecture - [draft-yue-anima-agent-recovery-networks](https://datatracker.ietf.org/doc/draft-yue-anima-agent-recovery-networks/) (score 4.1) — Task-Oriented Multi-Agent Recovery Framework for High-Reliability in Converged M - [draft-chang-agent-context-interaction](https://datatracker.ietf.org/doc/draft-chang-agent-context-interaction/) (score 2.9) — Agent Context Interaction Optimizations - [draft-fu-nmop-agent-communication-framework](https://datatracker.ietf.org/doc/draft-fu-nmop-agent-communication-framework/) (score 3.0) — Agent Communication Framework for Network AIOps - [draft-ramakrishna-satp-views-addresses](https://datatracker.ietf.org/doc/draft-ramakrishna-satp-views-addresses/) (score 3.4) — Views and View Addresses for Secure Asset Transfer **Top-rated in A2A protocols** (150 drafts): - [draft-guy-bary-stamp-protocol](https://datatracker.ietf.org/doc/draft-guy-bary-stamp-protocol/) (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou - [draft-williams-netmod-lm-hierarchy-topology](https://datatracker.ietf.org/doc/draft-williams-netmod-lm-hierarchy-topology/) (4.6) — Defines YANG data model for hierarchical language model coordination across tiny, small, and large L - [draft-ietf-lake-edhoc](https://datatracker.ietf.org/doc/draft-ietf-lake-edhoc/) (4.6) — Specifies EDHOC, a compact authenticated Diffie-Hellman key exchange protocol for constrained enviro - [draft-chang-agent-token-efficient](https://datatracker.ietf.org/doc/draft-chang-agent-token-efficient/) (4.5) — Defines ADOL (Agentic Data Optimization Layer) to address token bloat in agent communication protoco - [draft-chen-oauth-rar-agent-extensions](https://datatracker.ietf.org/doc/draft-chen-oauth-rar-agent-extensions/) (4.2) — Extends OAuth RAR with policy_context and lifecycle_binding members for AI agent environments. Enabl ### Partially Addressing Ideas 2 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | ASRank Structural Vulnerability Analysis | draft-xu-sidrops-asrank-vulnerabilities | requirement | | MCP and A2A Complementary Solutions for Network Management | draft-zeng-opsawg-applicability-mcp-a2a | architecture | --- ## 3. Emergency Agent Shutdown Coordination | | | |---|---| | **Severity** | CRITICAL | | **Category** | AI safety/alignment | | **Drafts in category** | 46 | Missing protocols for coordinated emergency shutdown of autonomous agent networks when safety issues are detected. Individual agent controls exist but not network-wide coordination mechanisms. **Evidence:** Human-in-the-loop drafts exist but no emergency coordination protocols for autonomous systems ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-aylward-daap-v2](https://datatracker.ietf.org/doc/draft-aylward-daap-v2/) (score 4.8) — Distributed AI Accountability Protocol (DAAP) Version 2.0 - [draft-khatri-sipcore-call-transfer-fail-response](https://datatracker.ietf.org/doc/draft-khatri-sipcore-call-transfer-fail-response/) (score 3.3) — A SIP Response Code (497) for Call Transfer Failure - [draft-cui-dmsc-agent-cdi](https://datatracker.ietf.org/doc/draft-cui-dmsc-agent-cdi/) (score 3.0) — Cross-Domain Interoperability Framework for AI Agent Collaboration - [draft-yu-ai-agent-use-cases-in-6g](https://datatracker.ietf.org/doc/draft-yu-ai-agent-use-cases-in-6g/) (score 2.5) — AI Agent Use Cases and Requirements in 6G Network - [draft-zhang-rvp-problem-statement](https://datatracker.ietf.org/doc/draft-zhang-rvp-problem-statement/) (score 3.5) — Problem Statements and Requirements of Real-Virtual Agent Protocol (RVP): Commun - [draft-zheng-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-agent-identity-management/) (score 3.7) — Agent Identity Managenment **Top-rated in AI safety/alignment** (46 drafts): - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [draft-aylward-daap-v2](https://datatracker.ietf.org/doc/draft-aylward-daap-v2/) (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and - [draft-guy-bary-stamp-protocol](https://datatracker.ietf.org/doc/draft-guy-bary-stamp-protocol/) (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou - [draft-drake-email-tpm-attestation](https://datatracker.ietf.org/doc/draft-drake-email-tpm-attestation/) (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb - [draft-goswami-agentic-jwt](https://datatracker.ietf.org/doc/draft-goswami-agentic-jwt/) (4.5) — Extends OAuth 2.0 with Agentic JWT to address authorization challenges in autonomous AI systems. Int ### Partially Addressing Ideas 9 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | Distributed AI Accountability Protocol | draft-aylward-daap-v2 | protocol | | Agentic network architecture for multi-agent coordination | draft-chuyi-nmrg-agentic-network-inference | architecture | | Dynamic Task Coordination Requirements for AI Agents | draft-cui-ai-agent-task | requirement | | Multi-Agent Communication Framework for AIOps | draft-fu-nmop-agent-communication-framework | architecture | | Meta-Layer Coordination Substrate | draft-meta-layer-overview | architecture | | Trinity Configuration for Agent Coordination | draft-takagi-srta-trinity | pattern | | Internet of Agents Task Protocol for heterogeneous collaboration | draft-yang-dmsc-ioa-task-protocol | protocol | | Task-Oriented Multi-Agent Recovery Framework | draft-yue-anima-agent-recovery-networks | architecture | *...and 1 more* --- ## 4. Cross-Protocol Agent Migration | | | |---|---| | **Severity** | HIGH | | **Category** | A2A protocols | | **Drafts in category** | 150 | While A2A protocols exist, there's no standardized mechanism for agents to migrate between different protocol frameworks or service providers while maintaining state and identity. This creates vendor lock-in and limits agent portability across heterogeneous systems. **Evidence:** 150 A2A protocol drafts with high overlap suggest fragmentation without migration solutions ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (score 4.8) — Verifiable Operations Ledger and Trace (VOLT) Protocol - [draft-han-ai-agent-impact-infra](https://datatracker.ietf.org/doc/draft-han-ai-agent-impact-infra/) (score 2.3) — The Impact of AI Agent to Network Infrastructure - [draft-narajala-ans](https://datatracker.ietf.org/doc/draft-narajala-ans/) (score 4.2) — Agent Name Service (ANS): A Universal Directory for Secure AI Agent Discovery an - [draft-ietf-emu-eap-edhoc](https://datatracker.ietf.org/doc/draft-ietf-emu-eap-edhoc/) (score 3.2) — Using the Extensible Authentication Protocol (EAP) with Ephemeral Diffie-Hellman - [draft-howe-sipcore-mcp-extension](https://datatracker.ietf.org/doc/draft-howe-sipcore-mcp-extension/) (score 3.7) — SIP Extension for Model Context Protocol (MCP) - [draft-zheng-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-agent-identity-management/) (score 3.7) — Agent Identity Managenment **Top-rated in A2A protocols** (150 drafts): - [draft-guy-bary-stamp-protocol](https://datatracker.ietf.org/doc/draft-guy-bary-stamp-protocol/) (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou - [draft-williams-netmod-lm-hierarchy-topology](https://datatracker.ietf.org/doc/draft-williams-netmod-lm-hierarchy-topology/) (4.6) — Defines YANG data model for hierarchical language model coordination across tiny, small, and large L - [draft-ietf-lake-edhoc](https://datatracker.ietf.org/doc/draft-ietf-lake-edhoc/) (4.6) — Specifies EDHOC, a compact authenticated Diffie-Hellman key exchange protocol for constrained enviro - [draft-chang-agent-token-efficient](https://datatracker.ietf.org/doc/draft-chang-agent-token-efficient/) (4.5) — Defines ADOL (Agentic Data Optimization Layer) to address token bloat in agent communication protoco - [draft-chen-oauth-rar-agent-extensions](https://datatracker.ietf.org/doc/draft-chen-oauth-rar-agent-extensions/) (4.2) — Extends OAuth RAR with policy_context and lifecycle_binding members for AI agent environments. Enabl ### Partially Addressing Ideas No directly related technical ideas found in current drafts — this gap is entirely unaddressed. --- ## 5. Agent Resource Accounting and Billing | | | |---|---| | **Severity** | HIGH | | **Category** | new | | **Drafts in category** | 0 | No standardized protocols exist for tracking and billing computational resources consumed by autonomous agents across distributed systems. This is essential for commercial deployment but completely unaddressed. **Evidence:** High focus on protocols and deployment but zero drafts addressing economic models ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-zheng-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-agent-identity-management/) (score 3.7) — Agent Identity Managenment - [draft-li-dmsc-macp](https://datatracker.ietf.org/doc/draft-li-dmsc-macp/) (score 4.2) — Multi-agent Collaboration Protocol Suite - [draft-zheng-dispatch-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-dispatch-agent-identity-management/) (score 3.3) — Agent Identity Managenment - [draft-fu-nmop-agent-communication-framework](https://datatracker.ietf.org/doc/draft-fu-nmop-agent-communication-framework/) (score 3.0) — Agent Communication Framework for Network AIOps - [draft-zyyhl-agent-networks-framework](https://datatracker.ietf.org/doc/draft-zyyhl-agent-networks-framework/) (score 3.6) — Framework for AI Agent Networks - [draft-jia-oauth-scope-aggregation](https://datatracker.ietf.org/doc/draft-jia-oauth-scope-aggregation/) (score 3.5) — OAuth 2.0 Scope Aggregation for Multi-Step AI Agent Workflows ### Partially Addressing Ideas 8 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | SCIM 2.0 Extension for Agents and Agentic Applications | draft-abbey-scim-agent-extension | extension | | Events Query Protocol | draft-gupta-httpapi-events-query | protocol | | Micro Agent Communication Protocol (µACP) | draft-mallick-muacp | protocol | | MOQT Binding for A2A and MCP Protocols | draft-nandakumar-ai-agent-moq-transport | extension | | SCIM 2.0 Agent Extension | draft-scim-agent-extension | extension | | Authorized Connection Policy Framework | draft-steckbeck-ua-conn-sec | mechanism | | Agent Workflow Protocol Well-Known Resource | draft-vinaysingh-awp-wellknown | extension | | AI Network Traffic Optimization Agent | draft-yuan-rtgwg-traffic-agent-usecase | architecture | --- ## 6. Agent Capability Advertisement Verification | | | |---|---| | **Severity** | HIGH | | **Category** | Agent discovery/reg | | **Drafts in category** | 87 | While agent discovery protocols exist, there's no way to cryptographically verify that advertised agent capabilities are accurate. Agents could falsely claim capabilities leading to system failures. **Evidence:** 87 discovery drafts but no mention of capability verification mechanisms ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-zheng-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-agent-identity-management/) (score 3.7) — Agent Identity Managenment - [draft-li-dmsc-macp](https://datatracker.ietf.org/doc/draft-li-dmsc-macp/) (score 4.2) — Multi-agent Collaboration Protocol Suite - [draft-zheng-dispatch-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-dispatch-agent-identity-management/) (score 3.3) — Agent Identity Managenment - [draft-fu-nmop-agent-communication-framework](https://datatracker.ietf.org/doc/draft-fu-nmop-agent-communication-framework/) (score 3.0) — Agent Communication Framework for Network AIOps - [draft-zyyhl-agent-networks-framework](https://datatracker.ietf.org/doc/draft-zyyhl-agent-networks-framework/) (score 3.6) — Framework for AI Agent Networks - [draft-li-dmsc-inf-architecture](https://datatracker.ietf.org/doc/draft-li-dmsc-inf-architecture/) (score 3.1) — Dynamic Multi-agent Secured Collaboration Infrastructure Architecture **Top-rated in Agent discovery/reg** (87 drafts): - [draft-narajala-ans](https://datatracker.ietf.org/doc/draft-narajala-ans/) (4.2) — Introduces Agent Name Service (ANS) as a DNS-based universal directory for AI agent discovery and ve - [draft-li-dmsc-macp](https://datatracker.ietf.org/doc/draft-li-dmsc-macp/) (4.2) — Specifies a comprehensive multi-agent collaboration protocol suite using Agent Gateways for registra - [draft-cui-dns-native-agent-naming-resolution](https://datatracker.ietf.org/doc/draft-cui-dns-native-agent-naming-resolution/) (4.1) — Specifies DNS-native naming and resolution for AI agents using FQDNs and SVCB records. Emphasizes DN - [draft-nederveld-adl](https://datatracker.ietf.org/doc/draft-nederveld-adl/) (4.1) — Defines ADL, a JSON-based standard for describing AI agents including their capabilities, tools, per - [draft-rosenberg-ai-protocols](https://datatracker.ietf.org/doc/draft-rosenberg-ai-protocols/) (4.1) — Establishes framework for AI agent communications on the Internet, surveying existing protocols like ### Partially Addressing Ideas 25 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | DNS-based AI Agent Discovery | draft-mozleywilliams-dnsop-bandaid | mechanism | | DNS namespace for AI agent discovery | draft-mozleywilliams-dnsop-dnsaid | mechanism | | Agent Registration and Discovery Protocol | draft-pioli-agent-discovery | protocol | | Intent-based Agent Interconnection Protocol | draft-sun-zhang-iaip | protocol | | Capability Advertisement and Intent Resolution | draft-sz-dmsc-iaip | mechanism | | Intelligent Agent Communication Gateway Architecture | draft-agent-gw | architecture | | AI-Native Network Protocol (AINP) | draft-ainp-protocol | protocol | | Distributed AI Accountability Protocol | draft-aylward-daap-v2 | protocol | *...and 17 more* --- ## 7. Cross-Domain Agent Communication Security | | | |---|---| | **Severity** | HIGH | | **Category** | Agent identity/auth | | **Drafts in category** | 145 | Current identity/auth solutions don't address secure communication between agents operating in different security domains or trust boundaries. Critical for enterprise and government deployments. **Evidence:** 145 identity drafts show awareness but cross-domain scenarios appear unaddressed ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-diaconu-agents-authz-info-sharing](https://datatracker.ietf.org/doc/draft-diaconu-agents-authz-info-sharing/) (score 3.2) — Cross-Domain AuthZ Information sharing for Agents - [draft-cui-dmsc-agent-cdi](https://datatracker.ietf.org/doc/draft-cui-dmsc-agent-cdi/) (score 3.0) — Cross-Domain Interoperability Framework for AI Agent Collaboration - [draft-han-rtgwg-agent-gateway-intercomm-framework](https://datatracker.ietf.org/doc/draft-han-rtgwg-agent-gateway-intercomm-framework/) (score 3.6) — Agent Gateway Intercommunication Framework - [draft-ni-a2a-ai-agent-security-requirements](https://datatracker.ietf.org/doc/draft-ni-a2a-ai-agent-security-requirements/) (score 3.7) — Security Requirements for AI Agents - [draft-intellinode-ai-semantic-contract](https://datatracker.ietf.org/doc/draft-intellinode-ai-semantic-contract/) (score 3.2) — Semantic-Driven Traffic Shaping Contract for AI Networks - [draft-zheng-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-agent-identity-management/) (score 3.7) — Agent Identity Managenment **Top-rated in Agent identity/auth** (145 drafts): - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [draft-aylward-daap-v2](https://datatracker.ietf.org/doc/draft-aylward-daap-v2/) (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and - [draft-guy-bary-stamp-protocol](https://datatracker.ietf.org/doc/draft-guy-bary-stamp-protocol/) (4.6) — Defines STAMP protocol for cryptographic delegation and proof in AI agent systems. Provides task-bou - [draft-drake-email-tpm-attestation](https://datatracker.ietf.org/doc/draft-drake-email-tpm-attestation/) (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb - [draft-williams-netmod-lm-hierarchy-topology](https://datatracker.ietf.org/doc/draft-williams-netmod-lm-hierarchy-topology/) (4.6) — Defines YANG data model for hierarchical language model coordination across tiny, small, and large L ### Partially Addressing Ideas 46 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | Centralized Gateway for Multi-Agent Communication | draft-song-dmsc-problem-statement | architecture | | Multi-Tenant Policy Enforcement Infrastructure | draft-song-dmsc-problem-statement | architecture | | Intelligent Agent Communication Gateway Architecture | draft-agent-gw | architecture | | AI-Native Network Protocol (AINP) | draft-ainp-protocol | protocol | | Agent-to-Agent Communication in Transportation Networks | draft-an-nmrg-i2icf-cits | pattern | | Zero Trust Runtime Agent Architecture | draft-berlinai-vera | architecture | | Agentic Data Optimization Layer (ADOL) | draft-chang-agent-token-efficient | protocol | | Agentic network architecture for multi-agent coordination | draft-chuyi-nmrg-agentic-network-inference | architecture | *...and 38 more* --- ## 8. Agent Performance Degradation Detection | | | |---|---| | **Severity** | HIGH | | **Category** | new | | **Drafts in category** | 0 | No standardized protocols exist for detecting when AI agents are experiencing model drift, adversarial attacks, or performance degradation. Essential for maintaining autonomous system reliability. **Evidence:** ML traffic management exists but not agent health monitoring standards ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-zheng-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-agent-identity-management/) (score 3.7) — Agent Identity Managenment - [draft-li-dmsc-macp](https://datatracker.ietf.org/doc/draft-li-dmsc-macp/) (score 4.2) — Multi-agent Collaboration Protocol Suite - [draft-zheng-dispatch-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-dispatch-agent-identity-management/) (score 3.3) — Agent Identity Managenment - [draft-fu-nmop-agent-communication-framework](https://datatracker.ietf.org/doc/draft-fu-nmop-agent-communication-framework/) (score 3.0) — Agent Communication Framework for Network AIOps - [draft-zyyhl-agent-networks-framework](https://datatracker.ietf.org/doc/draft-zyyhl-agent-networks-framework/) (score 3.6) — Framework for AI Agent Networks - [draft-xiong-rtgwg-use-cases-hp-wan](https://datatracker.ietf.org/doc/draft-xiong-rtgwg-use-cases-hp-wan/) (score 2.6) — Use Cases for High-performance Wide Area Network ### Partially Addressing Ideas 5 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | Virtual In-Cloud Router as IPv6 Enhancement Agent | draft-he-yi-srv6ops-ipv6-enhancemnet-in-cloud-uc | architecture | | 6G Agent Protocol Requirements and Enabling Technologies | draft-hw-ai-agent-6g | requirement | | Comparative analysis of messaging protocols for agentic AI | draft-mpsb-agntcy-messaging | pattern | | AI Network Security Agent | draft-yuan-rtgwg-security-agent-usecase | architecture | | Task-Oriented Multi-Agent Recovery Framework | draft-yue-anima-agent-recovery-networks | architecture | --- ## 9. Legal Liability Attribution Protocols | | | |---|---| | **Severity** | HIGH | | **Category** | Policy/governance | | **Drafts in category** | 115 | Missing technical protocols for creating audit trails that can determine legal liability when autonomous agents cause harm. Governance drafts exist but not technical accountability mechanisms. **Evidence:** 115 governance drafts but legal technology gap for liability attribution ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-madhavan-aipref-displaybasedpref](https://datatracker.ietf.org/doc/draft-madhavan-aipref-displaybasedpref/) (score 2.5) — A Vocabulary for Controlling Usage of Content Collected by Search and AI Crawler - [draft-farzdusa-aipref-enduser](https://datatracker.ietf.org/doc/draft-farzdusa-aipref-enduser/) (score 3.8) — AI Preferences Signaling: End User Impact - [draft-kotecha-agentic-dispute-protocol](https://datatracker.ietf.org/doc/draft-kotecha-agentic-dispute-protocol/) (score 3.6) — Agentic Dispute Protocol - [draft-cui-dmsc-agent-cdi](https://datatracker.ietf.org/doc/draft-cui-dmsc-agent-cdi/) (score 3.0) — Cross-Domain Interoperability Framework for AI Agent Collaboration - [draft-ietf-aipref-vocab](https://datatracker.ietf.org/doc/draft-ietf-aipref-vocab/) (score 4.4) — A Vocabulary For Expressing AI Usage Preferences - [draft-aylward-aiga-1](https://datatracker.ietf.org/doc/draft-aylward-aiga-1/) (score 4.2) — AI Governance and Accountability Protocol (AIGA) **Top-rated in Policy/governance** (115 drafts): - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [draft-aylward-daap-v2](https://datatracker.ietf.org/doc/draft-aylward-daap-v2/) (4.8) — Defines comprehensive protocol for AI agent accountability including authentication, monitoring, and - [draft-goswami-agentic-jwt](https://datatracker.ietf.org/doc/draft-goswami-agentic-jwt/) (4.5) — Extends OAuth 2.0 with Agentic JWT to address authorization challenges in autonomous AI systems. Int - [draft-wang-cats-odsi](https://datatracker.ietf.org/doc/draft-wang-cats-odsi/) (4.5) — Specifies framework for decentralized LLM inference across untrusted participants with layer-aware e - [draft-birkholz-verifiable-agent-conversations](https://datatracker.ietf.org/doc/draft-birkholz-verifiable-agent-conversations/) (4.5) — Defines CDDL-based data format for verifiable agent conversation records using COSE signing. Support ### Partially Addressing Ideas No directly related technical ideas found in current drafts — this gap is entirely unaddressed. --- ## 10. Agent Memory and State Persistence Standards | | | |---|---| | **Severity** | MEDIUM | | **Category** | Data formats/interop | | **Drafts in category** | 165 | No standardized formats or protocols exist for how agents should persist long-term memory, experience, and learned behaviors across system restarts or migrations. Each implementation creates proprietary solutions. **Evidence:** 165 data format drafts focus on communication but not persistent state management ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-zheng-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-agent-identity-management/) (score 3.7) — Agent Identity Managenment - [draft-li-dmsc-macp](https://datatracker.ietf.org/doc/draft-li-dmsc-macp/) (score 4.2) — Multi-agent Collaboration Protocol Suite - [draft-zheng-dispatch-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-dispatch-agent-identity-management/) (score 3.3) — Agent Identity Managenment - [draft-fu-nmop-agent-communication-framework](https://datatracker.ietf.org/doc/draft-fu-nmop-agent-communication-framework/) (score 3.0) — Agent Communication Framework for Network AIOps - [draft-zyyhl-agent-networks-framework](https://datatracker.ietf.org/doc/draft-zyyhl-agent-networks-framework/) (score 3.6) — Framework for AI Agent Networks - [draft-gaikwad-llm-benchmarking-terminology](https://datatracker.ietf.org/doc/draft-gaikwad-llm-benchmarking-terminology/) (score 2.7) — Benchmarking Terminology for Large Language Model Serving **Top-rated in Data formats/interop** (165 drafts): - [draft-cowles-volt](https://datatracker.ietf.org/doc/draft-cowles-volt/) (4.8) — Defines tamper-evident execution trace format for AI agent workflows using hash chains and cryptogra - [draft-williams-netmod-lm-hierarchy-topology](https://datatracker.ietf.org/doc/draft-williams-netmod-lm-hierarchy-topology/) (4.6) — Defines YANG data model for hierarchical language model coordination across tiny, small, and large L - [draft-ietf-lake-app-profiles](https://datatracker.ietf.org/doc/draft-ietf-lake-app-profiles/) (4.6) — Defines canonical CBOR representation for EDHOC application profiles and coordination mechanisms for - [draft-chang-agent-token-efficient](https://datatracker.ietf.org/doc/draft-chang-agent-token-efficient/) (4.5) — Defines ADOL (Agentic Data Optimization Layer) to address token bloat in agent communication protoco - [draft-birkholz-verifiable-agent-conversations](https://datatracker.ietf.org/doc/draft-birkholz-verifiable-agent-conversations/) (4.5) — Defines CDDL-based data format for verifiable agent conversation records using COSE signing. Support ### Partially Addressing Ideas 16 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | Compliance-oriented agent memory model | draft-gaikwad-aps-profile | pattern | | Zero Trust Interoperability Framework | draft-liu-saag-zt-problem-statement | requirement | | Intelligent Agent Communication Gateway Architecture | draft-agent-gw | architecture | | Zero Trust Runtime Agent Architecture | draft-berlinai-vera | architecture | | Agentic Hypercall Protocol | draft-campbell-agentic-http | pattern | | Agent Persistent State Profile | draft-gaikwad-aps-profile | architecture | | Agentic AI for Autonomous Network Management | draft-hong-nmrg-agenticai-ps | requirement | | LISP-based geospatial intelligence network | draft-ietf-lisp-nexagon | protocol | *...and 8 more* --- ## 11. Agent-to-Human Escalation Standards | | | |---|---| | **Severity** | MEDIUM | | **Category** | Human-agent interaction | | **Drafts in category** | 41 | While human-in-the-loop protocols exist, there's no standardized framework for when and how agents should escalate decisions to humans based on uncertainty, risk, or ethical considerations. **Evidence:** Only 41 human-agent interaction drafts versus complex autonomous systems requiring escalation ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-williams-netmod-lm-hierarchy-topology](https://datatracker.ietf.org/doc/draft-williams-netmod-lm-hierarchy-topology/) (score 4.6) — Hierarchical Topology for Language Model Coordination - [draft-ietf-websec-mime-sniff](https://datatracker.ietf.org/doc/draft-ietf-websec-mime-sniff/) (score 3.7) — Media Type Sniffing - [draft-scrm-aiproto-usecases](https://datatracker.ietf.org/doc/draft-scrm-aiproto-usecases/) (score 4.1) — Agentic AI Use Cases - [draft-zeng-opsawg-llm-netconf-gap](https://datatracker.ietf.org/doc/draft-zeng-opsawg-llm-netconf-gap/) (score 3.9) — Gap Analysis of Network Configuration Protocols in LLM-Driven Intent-Based Netwo - [draft-jadoon-nmrg-agentic-ai-autonomous-networks](https://datatracker.ietf.org/doc/draft-jadoon-nmrg-agentic-ai-autonomous-networks/) (score 4.1) — Agentic AI Architectural Principles for Autonomous Computer Networks **Top-rated in Human-agent interaction** (41 drafts): - [draft-drake-email-tpm-attestation](https://datatracker.ietf.org/doc/draft-drake-email-tpm-attestation/) (4.6) — Defines hardware attestation for email using TPM verification chains to prevent spam and provide Syb - [draft-ietf-aipref-vocab](https://datatracker.ietf.org/doc/draft-ietf-aipref-vocab/) (4.4) — Defines a standardized vocabulary for expressing preferences about how digital assets should be used - [draft-dhir-http-agent-profile](https://datatracker.ietf.org/doc/draft-dhir-http-agent-profile/) (4.2) — Defines HTTP Agent Profile for authenticating agent traffic, separating human from agent traffic, an - [draft-song-tsvwg-camp](https://datatracker.ietf.org/doc/draft-song-tsvwg-camp/) (4.2) — Proposes CAMP, a multipath transport protocol for interactive multimodal LLM systems that maintains - [draft-liu-agent-operation-authorization](https://datatracker.ietf.org/doc/draft-liu-agent-operation-authorization/) (4.1) — Specifies framework for verifiable delegation of actions from humans to AI agents using JWT tokens. ### Partially Addressing Ideas No directly related technical ideas found in current drafts — this gap is entirely unaddressed. --- ## 12. Federated Agent Learning Privacy | | | |---|---| | **Severity** | MEDIUM | | **Category** | new | | **Drafts in category** | 0 | Federated AI operations models exist but lack privacy-preserving protocols for agents learning from shared experiences without exposing sensitive data from individual deployments. **Evidence:** Federated models mentioned but privacy-preserving learning protocols absent ### Related Drafts **Keyword matches** (drafts mentioning gap topic): - [draft-kale-agntcy-federated-privacy](https://datatracker.ietf.org/doc/draft-kale-agntcy-federated-privacy/) (score 3.2) — Privacy-Preserving Federated Learning Architecture for Multi-Tenant AI Agent Sys - [draft-cui-dmsc-agent-cdi](https://datatracker.ietf.org/doc/draft-cui-dmsc-agent-cdi/) (score 3.0) — Cross-Domain Interoperability Framework for AI Agent Collaboration - [draft-ai-traffic](https://datatracker.ietf.org/doc/draft-ai-traffic/) (score 2.5) — Handling inter-DC/Edge AI-related network traffic: Problem statement - [draft-aft-ai-traffic](https://datatracker.ietf.org/doc/draft-aft-ai-traffic/) (score 3.1) — Handling inter-DC/Edge AI-related network traffic: Problem statement - [draft-aylward-aiga-1](https://datatracker.ietf.org/doc/draft-aylward-aiga-1/) (score 4.2) — AI Governance and Accountability Protocol (AIGA) - [draft-zheng-agent-identity-management](https://datatracker.ietf.org/doc/draft-zheng-agent-identity-management/) (score 3.7) — Agent Identity Managenment ### Partially Addressing Ideas 5 extracted ideas touch on this gap: | Idea | Draft | Type | |------|-------|------| | Privacy-Preserving Federated Learning for Multi-Tenant AI Agents | draft-kale-agntcy-federated-privacy | architecture | | Cross-Domain Agent Interoperability Framework | draft-cui-dmsc-agent-cdi | architecture | | HTTP Agent Profile (HAP) | draft-dhir-http-agent-profile | protocol | | AI Network Security Agent | draft-yuan-rtgwg-security-agent-usecase | architecture | | AI Network Traffic Optimization Agent | draft-yuan-rtgwg-traffic-agent-usecase | architecture | --- ## Cross-Cutting Analysis ### Gaps by Category | Category | Drafts | Gaps | Gap Topics | |----------|-------:|-----:|------------| | a2a protocols | 150 | 2 | Multi-Agent Consensus Under Byzantine Conditions; Cross-Protocol Agent Migration | | agent discovery/reg | 87 | 1 | Agent Capability Advertisement Verification | | agent identity/auth | 145 | 1 | Cross-Domain Agent Communication Security | | ai safety/alignment | 46 | 2 | Real-time Agent Behavior Verification; Emergency Agent Shutdown Coordination | | data formats/interop | 165 | 1 | Agent Memory and State Persistence Standards | | human-agent interaction | 41 | 1 | Agent-to-Human Escalation Standards | | new | 0 | 3 | Agent Resource Accounting and Billing; Agent Performance Degradation Detection; Federated Agent Learning Privacy | | policy/governance | 115 | 1 | Legal Liability Attribution Protocols | ## Recommendations Based on the gap analysis, the highest-impact areas for new standardization work: 1. **Runtime behavior verification** — The most critical safety gap. Agents declare policies but nothing validates compliance at runtime. 2. **Error recovery and rollback** — Autonomous operations need standardized failure handling before real deployment at scale. 3. **Protocol interoperability layer** — 92 competing A2A protocols need a translation/negotiation framework to avoid fragmentation. 4. **Dynamic trust systems** — Static certificates cannot scale to long-running agent ecosystems. Trust must be earned and revocable. 5. **Human emergency override** — The 7:1 ratio of autonomous capability to human oversight drafts is concerning for production deployments.