c/ietf-draft-analyzer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
ietf-draft-analyzer/workspace/drafts/gap-analysis/draft-nennemann-agent-cross-domain-audit-00.html
Christian Nennemann 2506b6325a
Some checks failed
CI / test (3.11) (push) Failing after 1m37s
Details
CI / test (3.12) (push) Failing after 57s
Details
feat: add draft data, gap analysis report, and workspace config
2026-04-06 18:47:15 +02:00

2822 lines
118 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html lang="en" class="Internet-Draft">
<head>
<meta charset="utf-8">
<meta content="Common,Latin" name="scripts">
<meta content="initial-scale=1.0" name="viewport">
<title>Cross-Domain Agent Audit Trails and Resource Accounting</title>
<meta content="Christian Nennemann" name="author">
<meta content="
This document defines standardized formats and protocols for
maintaining audit trails when autonomous agents operate across
multiple administrative domains and organizations with divergent
regulatory requirements. It additionally specifies mechanisms for
tracking, recording, and settling agent resource consumption
across domain boundaries.
The cross-domain audit trail format extends the Execution Audit
Token (EAT) defined in with
regulatory profile metadata, audit trail stitching identifiers,
and selective disclosure controls. The resource accounting
framework introduces metering points, consumption records, and
a settlement protocol for multi-domain agent deployments.
" name="description">
<meta content="xml2rfc 3.31.0" name="generator">
<meta content="cross-domain audit" name="keyword">
<meta content="resource accounting" name="keyword">
<meta content="agent workflows" name="keyword">
<meta content="regulatory compliance" name="keyword">
<meta content="billing" name="keyword">
<meta content="draft-nennemann-agent-cross-domain-audit-00" name="ietf.draft">
<!-- Generator version information:
xml2rfc 3.31.0
Python 3.14.3
ConfigArgParse 1.7.1
google-i18n-address 3.1.1
intervaltree 3.2.1
Jinja2 3.1.6
lxml 6.0.2
platformdirs 4.9.2
pycountry 26.2.16
PyYAML 6.0.3
requests 2.32.5
wcwidth 0.6.0
-->
<link href="draft-nennemann-agent-cross-domain-audit-00.xml" rel="alternate" type="application/rfc+xml">
<link href="#copyright" rel="license">
<style type="text/css">/*
NOTE: Changes at the bottom of this file overrides some earlier settings.
Once the style has stabilized and has been adopted as an official RFC style,
this can be consolidated so that style settings occur only in one place, but
for now the contents of this file consists first of the initial CSS work as
provided to the RFC Formatter (xml2rfc) work, followed by itemized and
commented changes found necessary during the development of the v3
formatters.
*/
/* fonts */
@import url('https://static.ietf.org/fonts/noto-sans/import.css'); /* Sans-serif */
@import url('https://static.ietf.org/fonts/noto-serif/import.css'); /* Serif (print) */
@import url('https://static.ietf.org/fonts/roboto-mono/import.css'); /* Monospace */
:root {
--font-sans: 'Noto Sans', Arial, Helvetica, sans-serif;
--font-serif: 'Noto Serif', 'Times', 'Times New Roman', serif;
--font-mono: 'Roboto Mono', Courier, 'Courier New', monospace;
}
@viewport {
zoom: 1.0;
}
@-ms-viewport {
width: extend-to-zoom;
zoom: 1.0;
}
/* general and mobile first */
html {
}
body {
max-width: 90%;
margin: 1.5em auto;
color: #222;
background-color: #fff;
font-size: 14px;
font-family: var(--font-sans);
line-height: 1.6;
scroll-behavior: smooth;
overflow-wrap: break-word;
}
.ears {
display: none;
}
/* headings */
#title, h1, h2, h3, h4, h5, h6 {
margin: 1em 0 0.5em;
font-weight: bold;
line-height: 1.3;
}
#title {
clear: both;
border-bottom: 1px solid #ddd;
margin: 0 0 0.5em 0;
padding: 1em 0 0.5em;
}
.author {
padding-bottom: 4px;
}
h1 {
font-size: 26px;
margin: 1em 0;
}
h2 {
font-size: 22px;
margin-top: -20px; /* provide offset for in-page anchors */
padding-top: 33px;
}
h3 {
font-size: 18px;
margin-top: -36px; /* provide offset for in-page anchors */
padding-top: 42px;
}
h4 {
font-size: 16px;
margin-top: -36px; /* provide offset for in-page anchors */
padding-top: 42px;
}
h5, h6 {
font-size: 14px;
}
#n-copyright-notice {
border-bottom: 1px solid #ddd;
padding-bottom: 1em;
margin-bottom: 1em;
}
/* general structure */
p {
padding: 0;
margin: 0 0 1em 0;
text-align: left;
}
div, span {
position: relative;
}
div {
margin: 0;
}
.alignRight.art-text {
background-color: #f9f9f9;
border: 1px solid #eee;
border-radius: 3px;
padding: 1em 1em 0;
margin-bottom: 1.5em;
}
.alignRight.art-text pre {
padding: 0;
}
.alignRight {
margin: 1em 0;
}
.alignRight > *:first-child {
border: none;
margin: 0;
float: right;
clear: both;
}
.alignRight > *:nth-child(2) {
clear: both;
display: block;
border: none;
}
svg {
display: block;
}
@media print {
svg {
max-height: 850px;
max-width: 660px;
}
}
svg[font-family~="serif" i], svg [font-family~="serif" i] {
font-family: var(--font-serif);
}
svg[font-family~="sans-serif" i], svg [font-family~="sans-serif" i] {
font-family: var(--font-sans);
}
svg[font-family~="monospace" i], svg [font-family~="monospace" i] {
font-family: var(--font-mono);
}
.alignCenter.art-text {
background-color: #f9f9f9;
border: 1px solid #eee;
border-radius: 3px;
padding: 1em 1em 0;
margin-bottom: 1.5em;
}
.alignCenter.art-text pre {
padding: 0;
}
.alignCenter {
margin: 1em 0;
}
.alignCenter > *:first-child {
display: table;
border: none;
margin: 0 auto;
}
/* lists */
ol, ul {
padding: 0;
margin: 0 0 1em 2em;
}
ol ol, ul ul, ol ul, ul ol {
margin-left: 1em;
}
li {
margin: 0 0 0.25em 0;
}
.ulCompact li {
margin: 0;
}
ul.empty, .ulEmpty {
list-style-type: none;
}
ul.empty li, .ulEmpty li {
margin-top: 0.5em;
}
ul.ulBare, li.ulBare {
margin-left: 0em !important;
}
ul.compact, .ulCompact,
ol.compact, .olCompact {
line-height: 100%;
margin: 0 0 0 2em;
}
/* definition lists */
dl {
}
dl > dt {
float: left;
margin-right: 1em;
}
/*
dl.nohang > dt {
float: none;
}
*/
dl > dd {
margin-bottom: .8em;
min-height: 1.3em;
}
dl.compact > dd, .dlCompact > dd {
margin-bottom: 0em;
}
dl > dd > dl {
margin-top: 0.5em;
margin-bottom: 0em;
}
/* links */
a {
text-decoration: none;
}
a[href] {
color: #22e; /* Arlen: WCAG 2019 */
}
a[href]:hover {
background-color: #f2f2f2;
}
figcaption a[href],
a[href].selfRef {
color: #222;
}
/* XXX probably not this:
a.selfRef:hover {
background-color: transparent;
cursor: default;
} */
/* Figures */
tt, code, pre {
background-color: #f9f9f9;
font-family: var(--font-mono);
}
pre {
border: 1px solid #eee;
margin: 0;
padding: 1em;
}
img {
max-width: 100%;
}
figure {
margin: 0;
}
figure blockquote {
margin: 0.8em 0.4em 0.4em;
}
figcaption {
font-style: italic;
margin: 0 0 1em 0;
}
@media screen {
pre {
overflow-x: auto;
max-width: 100%;
max-width: calc(100% - 22px);
}
}
/* aside, blockquote */
aside, blockquote {
margin-left: 0;
padding: 1.2em 2em;
}
blockquote {
background-color: #f9f9f9;
color: #111; /* Arlen: WCAG 2019 */
border: 1px solid #ddd;
border-radius: 3px;
margin: 1em 0;
}
blockquote > *:last-child {
margin-bottom: 0;
}
cite {
display: block;
text-align: right;
font-style: italic;
}
.xref {
overflow-wrap: normal;
}
/* tables */
table {
width: 100%;
margin: 0 0 1em;
border-collapse: collapse;
border: 1px solid #eee;
}
th, td {
text-align: left;
vertical-align: top;
padding: 0.5em 0.75em;
}
th {
text-align: left;
background-color: #e9e9e9;
}
tr:nth-child(2n+1) > td {
background-color: #f5f5f5;
}
table caption {
font-style: italic;
margin: 0;
padding: 0;
text-align: left;
}
table p {
/* XXX to avoid bottom margin on table row signifiers. If paragraphs should
be allowed within tables more generally, it would be far better to select on a class. */
margin: 0;
}
/* pilcrow */
a.pilcrow {
color: #666; /* Arlen: AHDJ 2019 */
text-decoration: none;
visibility: hidden;
user-select: none;
-ms-user-select: none;
-o-user-select:none;
-moz-user-select: none;
-khtml-user-select: none;
-webkit-user-select: none;
-webkit-touch-callout: none;
}
@media screen {
aside:hover > a.pilcrow,
p:hover > a.pilcrow,
blockquote:hover > a.pilcrow,
div:hover > a.pilcrow,
li:hover > a.pilcrow,
pre:hover > a.pilcrow {
visibility: visible;
}
a.pilcrow:hover {
background-color: transparent;
}
}
/* misc */
hr {
border: 0;
border-top: 1px solid #eee;
}
.bcp14 {
font-variant: small-caps;
}
.role {
font-variant: all-small-caps;
}
/* info block */
#identifiers {
margin: 0;
font-size: 0.9em;
}
#identifiers dt {
width: 3em;
clear: left;
}
#identifiers dd {
float: left;
margin-bottom: 0;
}
/* Fix PDF info block run off issue */
@media print {
#identifiers dd {
max-width: 100%;
}
}
#identifiers .authors .author {
display: inline-block;
margin-right: 1.5em;
}
#identifiers .authors .org {
font-style: italic;
}
/* The prepared/rendered info at the very bottom of the page */
.docInfo {
color: #666; /* Arlen: WCAG 2019 */
font-size: 0.9em;
font-style: italic;
margin-top: 2em;
}
.docInfo .prepared {
float: left;
}
.docInfo .prepared {
float: right;
}
/* table of contents */
#toc {
padding: 0.75em 0 2em 0;
margin-bottom: 1em;
}
nav.toc ul {
margin: 0 0.5em 0 0;
padding: 0;
list-style: none;
}
nav.toc li {
line-height: 1.3em;
margin: 0.75em 0;
padding-left: 1.2em;
text-indent: -1.2em;
}
/* references */
.references dt {
text-align: right;
font-weight: bold;
min-width: 7em;
}
.references dd {
margin-left: 8em;
overflow: auto;
}
.refInstance {
margin-bottom: 1.25em;
}
.refSubseries {
margin-bottom: 1.25em;
}
.references .ascii {
margin-bottom: 0.25em;
}
/* index */
.index ul {
margin: 0 0 0 1em;
padding: 0;
list-style: none;
}
.index ul ul {
margin: 0;
}
.index li {
margin: 0;
text-indent: -2em;
padding-left: 2em;
padding-bottom: 5px;
}
.indexIndex {
margin: 0.5em 0 1em;
}
.index a {
font-weight: 700;
}
/* make the index two-column on all but the smallest screens */
@media (min-width: 600px) {
.index ul {
-moz-column-count: 2;
-moz-column-gap: 20px;
}
.index ul ul {
-moz-column-count: 1;
-moz-column-gap: 0;
}
}
/* authors */
address.vcard {
font-style: normal;
margin: 1em 0;
}
address.vcard .nameRole {
font-weight: 700;
margin-left: 0;
}
address.vcard .label {
font-family: var(--font-sans);
margin: 0.5em 0;
}
address.vcard .type {
display: none;
}
.alternative-contact {
margin: 1.5em 0 1em;
}
hr.addr {
border-top: 1px dashed;
margin: 0;
color: #ddd;
max-width: calc(100% - 16px);
}
/* temporary notes */
.rfcEditorRemove::before {
position: absolute;
top: 0.2em;
right: 0.2em;
padding: 0.2em;
content: "The RFC Editor will remove this note";
color: #9e2a00; /* Arlen: WCAG 2019 */
background-color: #ffd; /* Arlen: WCAG 2019 */
}
.rfcEditorRemove {
position: relative;
padding-top: 1.8em;
background-color: #ffd; /* Arlen: WCAG 2019 */
border-radius: 3px;
}
.cref {
background-color: #ffd; /* Arlen: WCAG 2019 */
padding: 2px 4px;
}
.crefSource {
font-style: italic;
}
/* alternative layout for smaller screens */
@media screen and (max-width: 1023px) {
body {
padding-top: 2em;
}
#title {
padding: 1em 0;
}
h1 {
font-size: 24px;
}
h2 {
font-size: 20px;
margin-top: -18px; /* provide offset for in-page anchors */
padding-top: 38px;
}
#identifiers dd {
max-width: 60%;
}
#toc {
position: fixed;
z-index: 2;
top: 0;
right: 0;
padding: 0;
margin: 0;
background-color: inherit;
border-bottom: 1px solid #ccc;
}
#toc h2 {
margin: -1px 0 0 0;
padding: 4px 0 4px 6px;
padding-right: 1em;
min-width: 190px;
font-size: 1.1em;
text-align: right;
background-color: #444;
color: white;
cursor: pointer;
}
#toc h2::before { /* css hamburger */
float: right;
position: relative;
width: 1em;
height: 1px;
left: -164px;
margin: 6px 0 0 0;
background: white none repeat scroll 0 0;
box-shadow: 0 4px 0 0 white, 0 8px 0 0 white;
content: "";
}
#toc nav {
display: none;
padding: 0.5em 1em 1em;
overflow: auto;
height: calc(100vh - 48px);
border-left: 1px solid #ddd;
}
}
/* alternative layout for wide screens */
@media screen and (min-width: 1024px) {
body {
max-width: 724px;
margin: 42px auto;
padding-left: 1.5em;
padding-right: 29em;
}
#toc {
position: fixed;
top: 42px;
right: 42px;
width: 25%;
margin: 0;
padding: 0 1em;
z-index: 1;
}
#toc h2 {
border-top: none;
border-bottom: 1px solid #ddd;
font-size: 1em;
font-weight: normal;
margin: 0;
padding: 0.25em 1em 1em 0;
}
#toc nav {
display: block;
height: calc(90vh - 84px);
bottom: 0;
padding: 0.5em 0 0;
overflow: auto;
}
img { /* future proofing */
max-width: 100%;
height: auto;
}
}
/* pagination */
@media print {
body {
width: 100%;
}
p {
orphans: 3;
widows: 3;
}
#n-copyright-notice {
border-bottom: none;
}
#toc, #n-introduction {
page-break-before: always;
}
#toc {
border-top: none;
padding-top: 0;
}
figure, pre {
page-break-inside: avoid;
}
figure {
overflow: scroll;
}
.breakable pre {
break-inside: auto;
}
h1, h2, h3, h4, h5, h6 {
page-break-after: avoid;
}
h2+*, h3+*, h4+*, h5+*, h6+* {
page-break-before: avoid;
}
pre {
white-space: pre-wrap;
word-wrap: break-word;
font-size: 10pt;
}
table {
border: 1px solid #ddd;
}
td {
border-top: 1px solid #ddd;
}
}
/* This is commented out here, as the string-set: doesn't
pass W3C validation currently */
/*
.ears thead .left {
string-set: ears-top-left content();
}
.ears thead .center {
string-set: ears-top-center content();
}
.ears thead .right {
string-set: ears-top-right content();
}
.ears tfoot .left {
string-set: ears-bottom-left content();
}
.ears tfoot .center {
string-set: ears-bottom-center content();
}
.ears tfoot .right {
string-set: ears-bottom-right content();
}
*/
@page :first {
padding-top: 0;
@top-left {
content: normal;
border: none;
}
@top-center {
content: normal;
border: none;
}
@top-right {
content: normal;
border: none;
}
}
@page {
size: A4;
margin-bottom: 45mm;
padding-top: 20px;
/* The following is commented out here, but set appropriately by in code, as
the content depends on the document */
/*
@top-left {
content: 'Internet-Draft';
vertical-align: bottom;
border-bottom: solid 1px #ccc;
}
@top-left {
content: string(ears-top-left);
vertical-align: bottom;
border-bottom: solid 1px #ccc;
}
@top-center {
content: string(ears-top-center);
vertical-align: bottom;
border-bottom: solid 1px #ccc;
}
@top-right {
content: string(ears-top-right);
vertical-align: bottom;
border-bottom: solid 1px #ccc;
}
@bottom-left {
content: string(ears-bottom-left);
vertical-align: top;
border-top: solid 1px #ccc;
}
@bottom-center {
content: string(ears-bottom-center);
vertical-align: top;
border-top: solid 1px #ccc;
}
@bottom-right {
content: '[Page ' counter(page) ']';
vertical-align: top;
border-top: solid 1px #ccc;
}
*/
}
/* Changes introduced to fix issues found during implementation */
/* Make sure links are clickable even if overlapped by following H* */
a {
z-index: 2;
}
/* Separate body from document info even without intervening H1 */
section {
clear: both;
}
/* Top align author divs, to avoid names without organization dropping level with org names */
.author {
vertical-align: top;
}
/* Leave room in document info to show Internet-Draft on one line */
#identifiers dt {
width: 8em;
}
/* Don't waste quite as much whitespace between label and value in doc info */
#identifiers dd {
margin-left: 1em;
}
/* Give floating toc a background color (needed when it's a div inside section */
#toc {
background-color: white;
}
/* Make the collapsed ToC header render white on gray also when it's a link */
@media screen and (max-width: 1023px) {
#toc h2 a,
#toc h2 a:link,
#toc h2 a:focus,
#toc h2 a:hover,
#toc a.toplink,
#toc a.toplink:hover {
color: white;
background-color: #444;
text-decoration: none;
}
}
/* Give the bottom of the ToC some whitespace */
@media screen and (min-width: 1024px) {
#toc {
padding: 0 0 1em 1em;
}
}
/* Style section numbers with more space between number and title */
.section-number {
padding-right: 0.5em;
}
/* prevent monospace from becoming overly large */
tt, code, pre {
font-size: 95%;
}
/* Fix the height/width aspect for ascii art*/
.sourcecode pre,
.art-text pre {
line-height: 1.12;
}
/* Add styling for a link in the ToC that points to the top of the document */
a.toplink {
float: right;
margin-right: 0.5em;
}
/* Fix the dl styling to match the RFC 7992 attributes */
dl > dt,
dl.dlParallel > dt {
float: left;
margin-right: 1em;
}
dl.dlNewline > dt {
float: none;
}
/* Provide styling for table cell text alignment */
table td.text-left,
table th.text-left {
text-align: left;
}
table td.text-center,
table th.text-center {
text-align: center;
}
table td.text-right,
table th.text-right {
text-align: right;
}
/* Make the alternative author contact information look less like just another
author, and group it closer with the primary author contact information */
.alternative-contact {
margin: 0.5em 0 0.25em 0;
}
address .non-ascii {
margin: 0 0 0 2em;
}
/* With it being possible to set tables with alignment
left, center, and right, { width: 100%; } does not make sense */
table {
width: auto;
}
/* Avoid reference text that sits in a block with very wide left margin,
because of a long floating dt label.*/
.references dd {
overflow: visible;
}
/* Control caption placement */
caption {
caption-side: bottom;
}
/* Limit the width of the author address vcard, so names in right-to-left
script don't end up on the other side of the page. */
address.vcard {
max-width: 30em;
margin-right: auto;
}
/* For address alignment dependent on LTR or RTL scripts */
address div.left {
text-align: left;
}
address div.right {
text-align: right;
}
/* Provide table alignment support. We can't use the alignX classes above
since they do unwanted things with caption and other styling. */
table.right {
margin-left: auto;
margin-right: 0;
}
table.center {
margin-left: auto;
margin-right: auto;
}
table.left {
margin-left: 0;
margin-right: auto;
}
/* Give the table caption label the same styling as the figcaption */
caption a[href] {
color: #222;
}
@media print {
.toplink {
display: none;
}
/* avoid overwriting the top border line with the ToC header */
#toc {
padding-top: 1px;
}
/* Avoid page breaks inside dl and author address entries */
.vcard {
page-break-inside: avoid;
}
}
/* Tweak the bcp14 keyword presentation */
.bcp14 {
font-variant: small-caps;
font-weight: bold;
font-size: 0.9em;
}
/* Tweak the invisible space above H* in order not to overlay links in text above */
h2 {
margin-top: -18px; /* provide offset for in-page anchors */
padding-top: 31px;
}
h3 {
margin-top: -18px; /* provide offset for in-page anchors */
padding-top: 24px;
}
h4 {
margin-top: -18px; /* provide offset for in-page anchors */
padding-top: 24px;
}
/* Float artwork pilcrow to the right */
@media screen {
.artwork a.pilcrow {
display: block;
line-height: 0.7;
margin-top: 0.15em;
}
}
/* Make pilcrows on dd visible */
@media screen {
dd:hover > a.pilcrow {
visibility: visible;
}
}
/* Make the placement of figcaption match that of a table's caption
by removing the figure's added bottom margin */
.alignLeft.art-text,
.alignCenter.art-text,
.alignRight.art-text {
margin-bottom: 0;
}
.alignLeft,
.alignCenter,
.alignRight {
margin: 1em 0 0 0;
}
/* In print, the pilcrow won't show on hover, so prevent it from taking up space,
possibly even requiring a new line */
@media print {
a.pilcrow {
display: none;
}
}
/* Styling for the external metadata */
div#external-metadata {
background-color: #eee;
padding: 0.5em;
margin-bottom: 0.5em;
display: none;
}
div#internal-metadata {
padding: 0.5em; /* to match the external-metadata padding */
}
/* Styling for title RFC Number */
h1#rfcnum {
clear: both;
margin: 0 0 -1em;
padding: 1em 0 0 0;
}
/* Make .olPercent look the same as <ol><li> */
dl.olPercent > dd {
margin-bottom: 0.25em;
min-height: initial;
}
/* Give aside some styling to set it apart */
aside {
border-left: 1px solid #ddd;
margin: 1em 0 1em 2em;
padding: 0.2em 2em;
}
aside > dl,
aside > ol,
aside > ul,
aside > table,
aside > p {
margin-bottom: 0.5em;
}
/* Additional page break settings */
@media print {
figcaption, table caption {
page-break-before: avoid;
}
}
/* Font size adjustments for print */
@media print {
body { font-size: 10pt; line-height: normal; max-width: 96%; }
h1 { font-size: 1.72em; padding-top: 1.5em; } /* 1*1.2*1.2*1.2 */
h2 { font-size: 1.44em; padding-top: 1.5em; } /* 1*1.2*1.2 */
h3 { font-size: 1.2em; padding-top: 1.5em; } /* 1*1.2 */
h4 { font-size: 1em; padding-top: 1.5em; }
h5, h6 { font-size: 1em; margin: initial; padding: 0.5em 0 0.3em; }
}
/* Sourcecode margin in print, when there's no pilcrow */
@media print {
.artwork,
.artwork > pre,
.sourcecode {
margin-bottom: 1em;
}
}
/* Avoid narrow tables forcing too narrow table captions, which may render badly */
table {
min-width: 20em;
}
/* ol type a */
ol.type-a { list-style-type: lower-alpha; }
ol.type-A { list-style-type: upper-alpha; }
ol.type-i { list-style-type: lower-roman; }
ol.type-I { list-style-type: upper-roman; }
/* Apply the print table and row borders in general, on request from the RPC,
and increase the contrast between border and odd row background slightly */
table {
border: 1px solid #ddd;
}
td {
border-top: 1px solid #ddd;
}
tr {
break-inside: avoid;
}
tr:nth-child(2n+1) > td {
background-color: #f8f8f8;
}
/* Use style rules to govern display of the TOC. */
@media screen and (max-width: 1023px) {
#toc nav { display: none; }
#toc.active nav { display: block; }
}
/* Add support for keepWithNext */
.keepWithNext {
break-after: avoid-page;
break-after: avoid-page;
}
/* Add support for keepWithPrevious */
.keepWithPrevious {
break-before: avoid-page;
}
/* Change the approach to avoiding breaks inside artwork etc. */
figure, pre, table, .artwork, .sourcecode {
break-before: auto;
break-after: auto;
}
/* Avoid breaks between <dt> and <dd> */
dl {
break-before: auto;
break-inside: auto;
}
dt {
break-before: auto;
break-after: avoid-page;
}
dd {
break-before: avoid-page;
break-after: auto;
orphans: 3;
widows: 3
}
span.break, dd.break {
margin-bottom: 0;
min-height: 0;
break-before: auto;
break-inside: auto;
break-after: auto;
}
/* Undo break-before ToC */
@media print {
#toc {
break-before: auto;
}
}
/* Text in compact lists should not get extra bottom margin space,
since that would makes the list not compact */
ul.compact p, .ulCompact p,
ol.compact p, .olCompact p {
margin: 0;
}
/* But the list as a whole needs the extra space at the end */
section ul.compact,
section .ulCompact,
section ol.compact,
section .olCompact {
margin-bottom: 1em; /* same as p not within ul.compact etc. */
}
/* The tt and code background above interferes with for instance table cell
backgrounds. Changed to something a bit more selective. */
tt, code {
background-color: transparent;
}
p tt, p code, li tt, li code, dt tt, dt code {
background-color: #f8f8f8;
}
/* Tweak the pre margin -- 0px doesn't come out well */
pre {
margin-top: 0.5px;
}
/* Tweak the compact list text */
ul.compact, .ulCompact,
ol.compact, .olCompact,
dl.compact, .dlCompact {
line-height: normal;
}
/* Don't add top margin for nested lists */
li > ul, li > ol, li > dl,
dd > ul, dd > ol, dd > dl,
dl > dd > dl {
margin-top: initial;
}
/* Elements that should not be rendered on the same line as a <dt> */
/* This should match the element list in writer.text.TextWriter.render_dl() */
dd > div.artwork:first-child,
dd > aside:first-child,
dd > blockquote:first-child,
dd > figure:first-child,
dd > ol:first-child,
dd > div.sourcecode:first-child,
dd > table:first-child,
dd > ul:first-child {
clear: left;
}
/* fix for weird browser behaviour when <dd/> is empty */
dt+dd:empty::before{
content: "\00a0";
}
/* Make paragraph spacing inside <li> smaller than in body text, to fit better within the list */
li > p {
margin-bottom: 0.5em
}
/* Don't let p margin spill out from inside list items */
li > p:last-of-type:only-child {
margin-bottom: 0;
}
</style>
<link href="rfc-local.css" rel="stylesheet" type="text/css">
<script type="application/javascript">async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(let t=0;t<e.length;t++)if(/#identifiers/.exec(e[t].selectorText)){const a=e[t].cssText.replace("#identifiers","#external-updates");document.styleSheets[0].insertRule(a,document.styleSheets[0].cssRules.length)}}catch(e){console.log(e)}const e=document.getElementById("external-metadata");if(e)try{var t,a="",o=function(e){const t=document.getElementsByTagName("meta");for(let a=0;a<t.length;a++)if(t[a].getAttribute("name")===e)return t[a].getAttribute("content");return""}("rfc.number");if(o){t="https://www.rfc-editor.org/rfc/rfc"+o+".json";try{const e=await fetch(t);a=await e.json()}catch(e){t=document.URL.indexOf("html")>=0?document.URL.replace(/html$/,"json"):document.URL+".json";const o=await fetch(t);a=await o.json()}}if(!a)return;e.style.display="block";const s="",d="https://datatracker.ietf.org/doc",n="https://datatracker.ietf.org/ipr/search",c="https://www.rfc-editor.org/info",l=a.doc_id.toLowerCase(),i=a.doc_id.slice(0,3).toLowerCase(),f=a.doc_id.slice(3).replace(/^0+/,""),u={status:"Status",obsoletes:"Obsoletes",obsoleted_by:"Obsoleted By",updates:"Updates",updated_by:"Updated By",see_also:"See Also",errata_url:"Errata"};let h="<dl style='overflow:hidden' id='external-updates'>";["status","obsoletes","obsoleted_by","updates","updated_by","see_also","errata_url"].forEach(e=>{if("status"==e){a[e]=a[e].toLowerCase();var t=a[e].split(" "),o=t.length,w="",p=1;for(let e=0;e<o;e++)p<o?w=w+r(t[e])+" ":w+=r(t[e]),p++;a[e]=w}else if("obsoletes"==e||"obsoleted_by"==e||"updates"==e||"updated_by"==e){var g,m="",b=1;g=a[e].length;for(let t=0;t<g;t++)a[e][t]&&(a[e][t]=String(a[e][t]).toLowerCase(),m=b<g?m+"<a href='"+s+"/rfc/".concat(a[e][t])+"'>"+a[e][t].slice(3)+"</a>, ":m+"<a href='"+s+"/rfc/".concat(a[e][t])+"'>"+a[e][t].slice(3)+"</a>",b++);a[e]=m}else if("see_also"==e){var y,L="",C=1;y=a[e].length;for(let t=0;t<y;t++)if(a[e][t]){a[e][t]=String(a[e][t]);var _=a[e][t].slice(0,3),v=a[e][t].slice(3).replace(/^0+/,"");L=C<y?"RFC"!=_?L+"<a href='"+s+"/info/"+_.toLowerCase().concat(v.toLowerCase())+"'>"+_+" "+v+"</a>, ":L+"<a href='"+s+"/info/"+_.toLowerCase().concat(v.toLowerCase())+"'>"+v+"</a>, ":"RFC"!=_?L+"<a href='"+s+"/info/"+_.toLowerCase().concat(v.toLowerCase())+"'>"+_+" "+v+"</a>":L+"<a href='"+s+"/info/"+_.toLowerCase().concat(v.toLowerCase())+"'>"+v+"</a>",C++}a[e]=L}else if("errata_url"==e){var R="";R=a[e]?R+"<a href='"+a[e]+"'>Errata exist</a> | <a href='"+d+"/"+l+"'>Datatracker</a>| <a href='"+n+"/?"+i+"="+f+"&submit="+i+"'>IPR</a> | <a href='"+c+"/"+l+"'>Info page</a>":"<a href='"+d+"/"+l+"'>Datatracker</a> | <a href='"+n+"/?"+i+"="+f+"&submit="+i+"'>IPR</a> | <a href='"+c+"/"+l+"'>Info page</a>",a[e]=R}""!=a[e]?"Errata"==u[e]?h+=`<dt>More info:</dt><dd>${a[e]}</dd>`:h+=`<dt>${u[e]}:</dt><dd>${a[e]}</dd>`:"Errata"==u[e]&&(h+=`<dt>More info:</dt><dd>${a[e]}</dd>`)}),h+="</dl>",e.innerHTML=h}catch(e){console.log(e)}else console.log("Could not locate metadata <div> element");function r(e){return e.charAt(0).toUpperCase()+e.slice(1)}}window.removeEventListener("load",addMetadata),window.addEventListener("load",addMetadata);</script>
</head>
<body class="xml2rfc">
<table class="ears">
<thead><tr>
<td class="left">Internet-Draft</td>
<td class="center">Agent Cross-Domain Audit</td>
<td class="right">March 2026</td>
</tr></thead>
<tfoot><tr>
<td class="left">Nennemann</td>
<td class="center">Expires 7 September 2026</td>
<td class="right">[Page]</td>
</tr></tfoot>
</table>
<div id="external-metadata" class="document-information"></div>
<div id="internal-metadata" class="document-information">
<dl id="identifiers">
<dt class="label-workgroup">Workgroup:</dt>
<dd class="workgroup">NMOP</dd>
<dt class="label-internet-draft">Internet-Draft:</dt>
<dd class="internet-draft">draft-nennemann-agent-cross-domain-audit-00</dd>
<dt class="label-published">Published:</dt>
<dd class="published">
<time datetime="2026-03-06" class="published">6 March 2026</time>
</dd>
<dt class="label-intended-status">Intended Status:</dt>
<dd class="intended-status">Standards Track</dd>
<dt class="label-expires">Expires:</dt>
<dd class="expires"><time datetime="2026-09-07">7 September 2026</time></dd>
<dt class="label-authors">Author:</dt>
<dd class="authors">
<div class="author">
<div class="author-name">C. Nennemann</div>
<div class="org">Independent Researcher</div>
</div>
</dd>
</dl>
</div>
<h1 id="title">Cross-Domain Agent Audit Trails and Resource Accounting</h1>
<section id="section-abstract">
<h2 id="abstract"><a href="#abstract" class="selfRef">Abstract</a></h2>
<p id="section-abstract-1">This document defines standardized formats and protocols for
maintaining audit trails when autonomous agents operate across
multiple administrative domains and organizations with divergent
regulatory requirements. It additionally specifies mechanisms for
tracking, recording, and settling agent resource consumption
across domain boundaries.<a href="#section-abstract-1" class="pilcrow"></a></p>
<p id="section-abstract-2">The cross-domain audit trail format extends the Execution Audit
Token (EAT) defined in <span>[<a href="#I-D.nennemann-exec-audit" class="cite xref">I-D.nennemann-exec-audit</a>]</span> with
regulatory profile metadata, audit trail stitching identifiers,
and selective disclosure controls. The resource accounting
framework introduces metering points, consumption records, and
a settlement protocol for multi-domain agent deployments.<a href="#section-abstract-2" class="pilcrow"></a></p>
</section>
<div id="status-of-memo">
<section id="section-boilerplate.1">
<h2 id="name-status-of-this-memo">
<a href="#name-status-of-this-memo" class="section-name selfRef">Status of This Memo</a>
</h2>
<p id="section-boilerplate.1-1">
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.<a href="#section-boilerplate.1-1" class="pilcrow"></a></p>
<p id="section-boilerplate.1-2">
Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF). Note that other groups may also distribute working
documents as Internet-Drafts. The list of current Internet-Drafts is
at <span><a href="https://datatracker.ietf.org/drafts/current/">https://datatracker.ietf.org/drafts/current/</a></span>.<a href="#section-boilerplate.1-2" class="pilcrow"></a></p>
<p id="section-boilerplate.1-3">
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow"></a></p>
<p id="section-boilerplate.1-4">
This Internet-Draft will expire on 7 September 2026.<a href="#section-boilerplate.1-4" class="pilcrow"></a></p>
</section>
</div>
<div id="copyright">
<section id="section-boilerplate.2">
<h2 id="name-copyright-notice">
<a href="#name-copyright-notice" class="section-name selfRef">Copyright Notice</a>
</h2>
<p id="section-boilerplate.2-1">
Copyright (c) 2026 IETF Trust and the persons identified as the
document authors. All rights reserved.<a href="#section-boilerplate.2-1" class="pilcrow"></a></p>
<p id="section-boilerplate.2-2">
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<span><a href="https://trustee.ietf.org/license-info">https://trustee.ietf.org/license-info</a></span>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Revised BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Revised BSD License.<a href="#section-boilerplate.2-2" class="pilcrow"></a></p>
</section>
</div>
<div id="toc">
<section id="section-toc.1">
<a href="#" onclick="scroll(0,0)" class="toplink"></a><h2 id="name-table-of-contents">
<a href="#name-table-of-contents" class="section-name selfRef">Table of Contents</a>
</h2>
<nav class="toc"><ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1">
<p id="section-toc.1-1.1.1" class="keepWithNext"><a href="#section-1" class="auto internal xref">1</a>.  <a href="#name-introduction" class="internal xref">Introduction</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1.2.1">
<p id="section-toc.1-1.1.2.1.1" class="keepWithNext"><a href="#section-1.1" class="auto internal xref">1.1</a>.  <a href="#name-scope" class="internal xref">Scope</a></p>
</li>
</ul>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.2">
<p id="section-toc.1-1.2.1" class="keepWithNext"><a href="#section-2" class="auto internal xref">2</a>.  <a href="#name-terminology" class="internal xref">Terminology</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3">
<p id="section-toc.1-1.3.1"><a href="#section-3" class="auto internal xref">3</a>.  <a href="#name-cross-domain-audit-trails" class="internal xref">Cross-Domain Audit Trails</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.1">
<p id="section-toc.1-1.3.2.1.1"><a href="#section-3.1" class="auto internal xref">3.1</a>.  <a href="#name-audit-architecture" class="internal xref">Audit Architecture</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.2">
<p id="section-toc.1-1.3.2.2.1"><a href="#section-3.2" class="auto internal xref">3.2</a>.  <a href="#name-audit-record-format" class="internal xref">Audit Record Format</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.2.2.1">
<p id="section-toc.1-1.3.2.2.2.1.1"><a href="#section-3.2.1" class="auto internal xref">3.2.1</a>.  <a href="#name-base-audit-record-structure" class="internal xref">Base Audit Record Structure</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.2.2.2">
<p id="section-toc.1-1.3.2.2.2.2.1"><a href="#section-3.2.2" class="auto internal xref">3.2.2</a>.  <a href="#name-domain-specific-extensions" class="internal xref">Domain-Specific Extensions</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.2.2.3">
<p id="section-toc.1-1.3.2.2.2.3.1"><a href="#section-3.2.3" class="auto internal xref">3.2.3</a>.  <a href="#name-cross-reference-identifiers" class="internal xref">Cross-Reference Identifiers</a></p>
</li>
</ul>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.3">
<p id="section-toc.1-1.3.2.3.1"><a href="#section-3.3" class="auto internal xref">3.3</a>.  <a href="#name-regulatory-profile-mapping" class="internal xref">Regulatory Profile Mapping</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.3.2.1">
<p id="section-toc.1-1.3.2.3.2.1.1"><a href="#section-3.3.1" class="auto internal xref">3.3.1</a>.  <a href="#name-profile-definitions" class="internal xref">Profile Definitions</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.3.2.2">
<p id="section-toc.1-1.3.2.3.2.2.1"><a href="#section-3.3.2" class="auto internal xref">3.3.2</a>.  <a href="#name-compliance-field-mapping" class="internal xref">Compliance Field Mapping</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.3.2.3">
<p id="section-toc.1-1.3.2.3.2.3.1"><a href="#section-3.3.3" class="auto internal xref">3.3.3</a>.  <a href="#name-regulatory-metadata-claims" class="internal xref">Regulatory Metadata Claims</a></p>
</li>
</ul>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.4">
<p id="section-toc.1-1.3.2.4.1"><a href="#section-3.4" class="auto internal xref">3.4</a>.  <a href="#name-audit-trail-stitching" class="internal xref">Audit Trail Stitching</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.4.2.1">
<p id="section-toc.1-1.3.2.4.2.1.1"><a href="#section-3.4.1" class="auto internal xref">3.4.1</a>.  <a href="#name-cross-domain-correlation-pr" class="internal xref">Cross-Domain Correlation Protocol</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.4.2.2">
<p id="section-toc.1-1.3.2.4.2.2.1"><a href="#section-3.4.2" class="auto internal xref">3.4.2</a>.  <a href="#name-boundary-crossing-records" class="internal xref">Boundary Crossing Records</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.4.2.3">
<p id="section-toc.1-1.3.2.4.2.3.1"><a href="#section-3.4.3" class="auto internal xref">3.4.3</a>.  <a href="#name-partial-trail-assembly" class="internal xref">Partial Trail Assembly</a></p>
</li>
</ul>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.5">
<p id="section-toc.1-1.3.2.5.1"><a href="#section-3.5" class="auto internal xref">3.5</a>.  <a href="#name-selective-disclosure" class="internal xref">Selective Disclosure</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.5.2.1">
<p id="section-toc.1-1.3.2.5.2.1.1"><a href="#section-3.5.1" class="auto internal xref">3.5.1</a>.  <a href="#name-using-sd-jwt-concepts-for-a" class="internal xref">Using SD-JWT Concepts for Audit Records</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.5.2.2">
<p id="section-toc.1-1.3.2.5.2.2.1"><a href="#section-3.5.2" class="auto internal xref">3.5.2</a>.  <a href="#name-per-domain-visibility-contr" class="internal xref">Per-Domain Visibility Controls</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.5.2.3">
<p id="section-toc.1-1.3.2.5.2.3.1"><a href="#section-3.5.3" class="auto internal xref">3.5.3</a>.  <a href="#name-redaction-and-minimization-" class="internal xref">Redaction and Minimization Rules</a></p>
</li>
</ul>
</li>
</ul>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4">
<p id="section-toc.1-1.4.1"><a href="#section-4" class="auto internal xref">4</a>.  <a href="#name-resource-accounting" class="internal xref">Resource Accounting</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.1">
<p id="section-toc.1-1.4.2.1.1"><a href="#section-4.1" class="auto internal xref">4.1</a>.  <a href="#name-resource-metering-model" class="internal xref">Resource Metering Model</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.1.2.1">
<p id="section-toc.1-1.4.2.1.2.1.1"><a href="#section-4.1.1" class="auto internal xref">4.1.1</a>.  <a href="#name-resource-types" class="internal xref">Resource Types</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.1.2.2">
<p id="section-toc.1-1.4.2.1.2.2.1"><a href="#section-4.1.2" class="auto internal xref">4.1.2</a>.  <a href="#name-metering-points" class="internal xref">Metering Points</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.1.2.3">
<p id="section-toc.1-1.4.2.1.2.3.1"><a href="#section-4.1.3" class="auto internal xref">4.1.3</a>.  <a href="#name-meter-reading-format" class="internal xref">Meter Reading Format</a></p>
</li>
</ul>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2">
<p id="section-toc.1-1.4.2.2.1"><a href="#section-4.2" class="auto internal xref">4.2</a>.  <a href="#name-consumption-records" class="internal xref">Consumption Records</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2.2.1">
<p id="section-toc.1-1.4.2.2.2.1.1"><a href="#section-4.2.1" class="auto internal xref">4.2.1</a>.  <a href="#name-per-agent-resource-consumpt" class="internal xref">Per-Agent Resource Consumption Claims</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2.2.2">
<p id="section-toc.1-1.4.2.2.2.2.1"><a href="#section-4.2.2" class="auto internal xref">4.2.2</a>.  <a href="#name-aggregation-across-dag-node" class="internal xref">Aggregation Across DAG Nodes</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2.2.3">
<p id="section-toc.1-1.4.2.2.2.3.1"><a href="#section-4.2.3" class="auto internal xref">4.2.3</a>.  <a href="#name-multi-tenant-isolation" class="internal xref">Multi-Tenant Isolation</a></p>
</li>
</ul>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.3">
<p id="section-toc.1-1.4.2.3.1"><a href="#section-4.3" class="auto internal xref">4.3</a>.  <a href="#name-billing-integration" class="internal xref">Billing Integration</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.3.2.1">
<p id="section-toc.1-1.4.2.3.2.1.1"><a href="#section-4.3.1" class="auto internal xref">4.3.1</a>.  <a href="#name-settlement-protocol-overvie" class="internal xref">Settlement Protocol Overview</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.3.2.2">
<p id="section-toc.1-1.4.2.3.2.2.1"><a href="#section-4.3.2" class="auto internal xref">4.3.2</a>.  <a href="#name-usage-report-format" class="internal xref">Usage Report Format</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.3.2.3">
<p id="section-toc.1-1.4.2.3.2.3.1"><a href="#section-4.3.3" class="auto internal xref">4.3.3</a>.  <a href="#name-fair-use-enforcement-mechan" class="internal xref">Fair-Use Enforcement Mechanisms</a></p>
</li>
</ul>
</li>
</ul>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5">
<p id="section-toc.1-1.5.1"><a href="#section-5" class="auto internal xref">5</a>.  <a href="#name-integration-with-ect-and-ex" class="internal xref">Integration with ECT and Exec-Audit</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6">
<p id="section-toc.1-1.6.1"><a href="#section-6" class="auto internal xref">6</a>.  <a href="#name-security-considerations" class="internal xref">Security Considerations</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6.2.1">
<p id="section-toc.1-1.6.2.1.1"><a href="#section-6.1" class="auto internal xref">6.1</a>.  <a href="#name-audit-trail-tampering-acros" class="internal xref">Audit Trail Tampering Across Domains</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6.2.2">
<p id="section-toc.1-1.6.2.2.1"><a href="#section-6.2" class="auto internal xref">6.2</a>.  <a href="#name-resource-metering-fraud" class="internal xref">Resource Metering Fraud</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6.2.3">
<p id="section-toc.1-1.6.2.3.1"><a href="#section-6.3" class="auto internal xref">6.3</a>.  <a href="#name-privacy-leakage-through-aud" class="internal xref">Privacy Leakage Through Audit Correlation</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6.2.4">
<p id="section-toc.1-1.6.2.4.1"><a href="#section-6.4" class="auto internal xref">6.4</a>.  <a href="#name-selective-disclosure-attack" class="internal xref">Selective Disclosure Attacks</a></p>
</li>
</ul>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.7">
<p id="section-toc.1-1.7.1"><a href="#section-7" class="auto internal xref">7</a>.  <a href="#name-iana-considerations" class="internal xref">IANA Considerations</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.7.2.1">
<p id="section-toc.1-1.7.2.1.1"><a href="#section-7.1" class="auto internal xref">7.1</a>.  <a href="#name-jwt-claims-registration" class="internal xref">JWT Claims Registration</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.7.2.2">
<p id="section-toc.1-1.7.2.2.1"><a href="#section-7.2" class="auto internal xref">7.2</a>.  <a href="#name-regulatory-profile-registry" class="internal xref">Regulatory Profile Registry</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.7.2.3">
<p id="section-toc.1-1.7.2.3.1"><a href="#section-7.3" class="auto internal xref">7.3</a>.  <a href="#name-resource-type-registry" class="internal xref">Resource Type Registry</a></p>
</li>
</ul>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8">
<p id="section-toc.1-1.8.1"><a href="#section-8" class="auto internal xref">8</a>.  <a href="#name-references" class="internal xref">References</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8.2.1">
<p id="section-toc.1-1.8.2.1.1"><a href="#section-8.1" class="auto internal xref">8.1</a>.  <a href="#name-normative-references" class="internal xref">Normative References</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8.2.2">
<p id="section-toc.1-1.8.2.2.1"><a href="#section-8.2" class="auto internal xref">8.2</a>.  <a href="#name-informative-references" class="internal xref">Informative References</a></p>
</li>
</ul>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.9">
<p id="section-toc.1-1.9.1"><a href="#appendix-A" class="auto internal xref"></a><a href="#name-acknowledgments" class="internal xref">Acknowledgments</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10">
<p id="section-toc.1-1.10.1"><a href="#appendix-B" class="auto internal xref"></a><a href="#name-authors-address" class="internal xref">Author's Address</a></p>
</li>
</ul>
</nav>
</section>
</div>
<div id="introduction">
<section id="section-1">
<h2 id="name-introduction">
<a href="#section-1" class="section-number selfRef">1. </a><a href="#name-introduction" class="section-name selfRef">Introduction</a>
</h2>
<p id="section-1-1">Autonomous agent workflows increasingly span multiple
administrative domains, each subject to distinct regulatory
regimes. An agent operating in the European Union must satisfy
GDPR data protection requirements; the same workflow may cross
into a US domain governed by HIPAA for healthcare data or SOX
for financial reporting. Each domain maintains its own audit
infrastructure, retention policies, and disclosure obligations.<a href="#section-1-1" class="pilcrow"></a></p>
<p id="section-1-2">This document addresses two gaps identified in
<span>[<a href="#I-D.nennemann-agent-gap-analysis" class="cite xref">I-D.nennemann-agent-gap-analysis</a>]</span>:<a href="#section-1-2" class="pilcrow"></a></p>
<span class="break"></span><dl class="dlParallel" id="section-1-3">
<dt id="section-1-3.1">Gap 6 -- Cross-Domain Audit Trails:</dt>
<dd style="margin-left: 1.5em" id="section-1-3.2">
<p id="section-1-3.2.1">No standardized mechanism exists for maintaining coherent
audit trails when agent workflows cross organizational
boundaries with different regulatory requirements. Existing
audit systems are domain-local and cannot correlate execution
records across trust boundaries without leaking regulated
information.<a href="#section-1-3.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-1-3.3">Gap 9 -- Resource Accounting:</dt>
<dd style="margin-left: 1.5em" id="section-1-3.4">
<p id="section-1-3.4.1">Agent workflows consume computational resources -- CPU cycles,
network bandwidth, storage, API calls, and large language
model token usage -- across multiple domains. No standard
format exists for metering these resources, attributing
consumption to specific agents or tasks, and settling costs
across organizational boundaries.<a href="#section-1-3.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
<p id="section-1-4">This document builds on the Execution Audit Token (EAT) format
defined in <span>[<a href="#I-D.nennemann-exec-audit" class="cite xref">I-D.nennemann-exec-audit</a>]</span> and the Execution Context
Token (ECT) defined in <span>[<a href="#I-D.nennemann-wimse-ect" class="cite xref">I-D.nennemann-wimse-ect</a>]</span>. It extends
both with cross-domain audit claims and resource accounting
fields while preserving backward compatibility.<a href="#section-1-4" class="pilcrow"></a></p>
<div id="scope">
<section id="section-1.1">
<h3 id="name-scope">
<a href="#section-1.1" class="section-number selfRef">1.1. </a><a href="#name-scope" class="section-name selfRef">Scope</a>
</h3>
<p id="section-1.1-1">This document defines:<a href="#section-1.1-1" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-1.1-2.1">
<p id="section-1.1-2.1.1">Cross-domain audit record format extending EAT
(<a href="#audit-architecture" class="auto internal xref">Section 3.1</a>)<a href="#section-1.1-2.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-1.1-2.2">
<p id="section-1.1-2.2.1">Regulatory profile mapping for GDPR, SOX, and HIPAA
(<a href="#regulatory-profiles" class="auto internal xref">Section 3.3</a>)<a href="#section-1.1-2.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-1.1-2.3">
<p id="section-1.1-2.3.1">Audit trail stitching protocol for cross-domain correlation
(<a href="#audit-stitching" class="auto internal xref">Section 3.4</a>)<a href="#section-1.1-2.3.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-1.1-2.4">
<p id="section-1.1-2.4.1">Selective disclosure mechanisms for privacy-preserving audit
(<a href="#selective-disclosure" class="auto internal xref">Section 3.5</a>)<a href="#section-1.1-2.4.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-1.1-2.5">
<p id="section-1.1-2.5.1">Resource metering model and consumption record format
(<a href="#resource-metering" class="auto internal xref">Section 4.1</a>)<a href="#section-1.1-2.5.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-1.1-2.6">
<p id="section-1.1-2.6.1">Billing integration and settlement protocol
(<a href="#billing-integration" class="auto internal xref">Section 4.3</a>)<a href="#section-1.1-2.6.1" class="pilcrow"></a></p>
</li>
</ul>
</section>
</div>
</section>
</div>
<div id="terminology">
<section id="section-2">
<h2 id="name-terminology">
<a href="#section-2" class="section-number selfRef">2. </a><a href="#name-terminology" class="section-name selfRef">Terminology</a>
</h2>
<p id="section-2-1">The key words "<span class="bcp14">MUST</span>", "<span class="bcp14">MUST NOT</span>", "<span class="bcp14">REQUIRED</span>", "<span class="bcp14">SHALL</span>", "<span class="bcp14">SHALL NOT</span>", "<span class="bcp14">SHOULD</span>", "<span class="bcp14">SHOULD NOT</span>", "<span class="bcp14">RECOMMENDED</span>", "<span class="bcp14">NOT RECOMMENDED</span>",
"<span class="bcp14">MAY</span>", and "<span class="bcp14">OPTIONAL</span>" in this document are to be interpreted as
described in BCP 14 <span>[<a href="#RFC2119" class="cite xref">RFC2119</a>]</span> <span>[<a href="#RFC8174" class="cite xref">RFC8174</a>]</span> when, and only when, they
appear in all capitals, as shown here.<a href="#section-2-1" class="pilcrow"></a></p>
<p id="section-2-2">The following terms are used in this document:<a href="#section-2-2" class="pilcrow"></a></p>
<span class="break"></span><dl class="dlParallel" id="section-2-3">
<dt id="section-2-3.1">Audit Domain:</dt>
<dd style="margin-left: 1.5em" id="section-2-3.2">
<p id="section-2-3.2.1">An administrative boundary within which a single set of audit
policies, retention requirements, and regulatory obligations
apply uniformly.<a href="#section-2-3.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-3.3">Domain Boundary:</dt>
<dd style="margin-left: 1.5em" id="section-2-3.4">
<p id="section-2-3.4.1">The point at which an agent workflow transitions from one audit
domain to another, triggering boundary crossing records and
potential selective disclosure.<a href="#section-2-3.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-3.5">Regulatory Profile:</dt>
<dd style="margin-left: 1.5em" id="section-2-3.6">
<p id="section-2-3.6.1">A machine-readable identifier specifying the regulatory
framework (e.g., GDPR, SOX, HIPAA) governing audit records
within an audit domain.<a href="#section-2-3.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-3.7">Audit Record:</dt>
<dd style="margin-left: 1.5em" id="section-2-3.8">
<p id="section-2-3.8.1">A single entry in the cross-domain audit trail, extending the
EAT format with domain-specific metadata and cross-reference
identifiers.<a href="#section-2-3.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-3.9">Audit Stitching:</dt>
<dd style="margin-left: 1.5em" id="section-2-3.10">
<p id="section-2-3.10.1">The process of correlating audit records across domain
boundaries to reconstruct end-to-end workflow execution
history without requiring full data disclosure.<a href="#section-2-3.10.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-3.11">Selective Disclosure:</dt>
<dd style="margin-left: 1.5em" id="section-2-3.12">
<p id="section-2-3.12.1">A mechanism allowing an audit record holder to reveal only
specific claims to a verifier while proving the integrity of
the complete record.<a href="#section-2-3.12.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-3.13">Resource Meter:</dt>
<dd style="margin-left: 1.5em" id="section-2-3.14">
<p id="section-2-3.14.1">A component that measures agent resource consumption at defined
metering points within the execution pipeline.<a href="#section-2-3.14.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-3.15">Consumption Record:</dt>
<dd style="margin-left: 1.5em" id="section-2-3.16">
<p id="section-2-3.16.1">A signed attestation of resource usage by an agent or task,
including resource type, quantity, and attribution metadata.<a href="#section-2-3.16.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-3.17">Settlement:</dt>
<dd style="margin-left: 1.5em" id="section-2-3.18">
<p id="section-2-3.18.1">The process of reconciling consumption records across domain
boundaries and resolving financial obligations between
organizations.<a href="#section-2-3.18.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="cross-domain-audit-trails">
<section id="section-3">
<h2 id="name-cross-domain-audit-trails">
<a href="#section-3" class="section-number selfRef">3. </a><a href="#name-cross-domain-audit-trails" class="section-name selfRef">Cross-Domain Audit Trails</a>
</h2>
<div id="audit-architecture">
<section id="section-3.1">
<h3 id="name-audit-architecture">
<a href="#section-3.1" class="section-number selfRef">3.1. </a><a href="#name-audit-architecture" class="section-name selfRef">Audit Architecture</a>
</h3>
<p id="section-3.1-1">Cross-domain audit trails follow a federated architecture where
each domain maintains sovereign control over its audit records
while enabling end-to-end trail reconstruction through
cryptographic stitching.<a href="#section-3.1-1" class="pilcrow"></a></p>
<span id="name-cross-domain-audit-architec"></span><div id="fig-audit-arch">
<figure id="figure-1">
<div class="alignLeft art-text artwork" id="section-3.1-2.1">
<pre>
+------------------+ +------------------+ +------------------+
| Domain A | | Domain B | | Domain C |
| (GDPR) | | (SOX) | | (HIPAA) |
| | | | | |
| +------+ +----+ | | +------+ +----+ | | +------+ +----+ |
| |Agent | |Audit| | | |Agent | |Audit| | | |Agent | |Audit| |
| | A1 |-&gt;| Log| | | | B1 |-&gt;| Log| | | | C1 |-&gt;| Log| |
| +------+ +--+-+ | | +------+ +--+-+ | | +------+ +--+-+ |
| | | | | | | | |
| +---------+ | | | +---------+ | | | +---------+ | |
| |Reg. | | | | |Reg. | | | | |Reg. | | |
| |Profile | | | | |Profile | | | | |Profile | | |
| +---------+ | | | +---------+ | | | +---------+ | |
+--------------+----+ +--------------+----+ +--------------+----+
| | |
v v v
+-----+-------------------------+-------------------------+----+
| Cross-Domain Audit Stitching Layer |
| |
| Boundary Crossing Records + Correlation Identifiers |
+--------------------------------------------------------------+
</pre>
</div>
<figcaption><a href="#figure-1" class="selfRef">Figure 1</a>:
<a href="#name-cross-domain-audit-architec" class="selfRef">Cross-Domain Audit Architecture</a>
</figcaption></figure>
</div>
<p id="section-3.1-3">Each domain operates independently with its own audit log and
regulatory profile. The stitching layer connects audit records
across boundaries using cryptographic cross-references without
requiring domains to share raw audit data.<a href="#section-3.1-3" class="pilcrow"></a></p>
</section>
</div>
<div id="audit-record-format">
<section id="section-3.2">
<h3 id="name-audit-record-format">
<a href="#section-3.2" class="section-number selfRef">3.2. </a><a href="#name-audit-record-format" class="section-name selfRef">Audit Record Format</a>
</h3>
<p id="section-3.2-1">The cross-domain audit record extends the EAT payload defined
in <span>[<a href="#I-D.nennemann-exec-audit" class="cite xref">I-D.nennemann-exec-audit</a>]</span> with additional claims for
domain identification, regulatory context, and cross-referencing.<a href="#section-3.2-1" class="pilcrow"></a></p>
<div id="base-audit-record-structure">
<section id="section-3.2.1">
<h4 id="name-base-audit-record-structure">
<a href="#section-3.2.1" class="section-number selfRef">3.2.1. </a><a href="#name-base-audit-record-structure" class="section-name selfRef">Base Audit Record Structure</a>
</h4>
<p id="section-3.2.1-1">The base audit record is a JSON object carried as the payload of
a JWS <span>[<a href="#RFC7515" class="cite xref">RFC7515</a>]</span> with the following claims:<a href="#section-3.2.1-1" class="pilcrow"></a></p>
<div class="lang-json sourcecode" id="section-3.2.1-2">
<pre>
{
"iss": "https://domain-a.example.com/audit",
"sub": "agent:a1:task:12345",
"iat": 1700000000,
"jti": "urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6",
"eat_ref": "urn:uuid:a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"aud_domain": "domain-a.example.com",
"reg_profile": "gdpr-v1",
"xref": {
"prev_domain": "domain-b.example.com",
"prev_jti": "urn:uuid:12345678-abcd-ef01-2345-678901234567",
"boundary_id": "urn:uuid:bnd-98765432-dcba-10fe-5432-109876543210"
},
"task_desc": "Process customer data enrichment",
"inputs_hash": "sha256:abc123...",
"outputs_hash": "sha256:def456...",
"assurance_level": "L2"
}
</pre><a href="#section-3.2.1-2" class="pilcrow"></a>
</div>
<p id="section-3.2.1-3">The claims are defined as follows:<a href="#section-3.2.1-3" class="pilcrow"></a></p>
<span class="break"></span><dl class="dlParallel" id="section-3.2.1-4">
<dt id="section-3.2.1-4.1">eat_ref:</dt>
<dd style="margin-left: 1.5em" id="section-3.2.1-4.2">
<p id="section-3.2.1-4.2.1"><span class="bcp14">REQUIRED</span>. A reference to the corresponding Execution Audit
Token for this task, enabling correlation between the audit
record and the execution context.<a href="#section-3.2.1-4.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-3.2.1-4.3">aud_domain:</dt>
<dd style="margin-left: 1.5em" id="section-3.2.1-4.4">
<p id="section-3.2.1-4.4.1"><span class="bcp14">REQUIRED</span>. The fully qualified domain name of the audit domain
that produced this record.<a href="#section-3.2.1-4.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-3.2.1-4.5">reg_profile:</dt>
<dd style="margin-left: 1.5em" id="section-3.2.1-4.6">
<p id="section-3.2.1-4.6.1"><span class="bcp14">REQUIRED</span>. The regulatory profile identifier governing this
audit record. See <a href="#regulatory-profiles" class="auto internal xref">Section 3.3</a>.<a href="#section-3.2.1-4.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-3.2.1-4.7">xref:</dt>
<dd style="margin-left: 1.5em" id="section-3.2.1-4.8">
<p id="section-3.2.1-4.8.1"><span class="bcp14">OPTIONAL</span>. Cross-reference object for audit trail stitching.
Present when this record follows a domain boundary crossing.
See <a href="#audit-stitching" class="auto internal xref">Section 3.4</a>.<a href="#section-3.2.1-4.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="domain-specific-extensions">
<section id="section-3.2.2">
<h4 id="name-domain-specific-extensions">
<a href="#section-3.2.2" class="section-number selfRef">3.2.2. </a><a href="#name-domain-specific-extensions" class="section-name selfRef">Domain-Specific Extensions</a>
</h4>
<p id="section-3.2.2-1">Each regulatory profile <span class="bcp14">MAY</span> define additional required claims.
Domain-specific extensions are carried in a "domain_ext" object:<a href="#section-3.2.2-1" class="pilcrow"></a></p>
<div class="lang-json sourcecode" id="section-3.2.2-2">
<pre>
{
"domain_ext": {
"gdpr": {
"data_subject_category": "customer",
"processing_purpose": "enrichment",
"legal_basis": "legitimate_interest",
"retention_days": 730,
"dpo_contact": "dpo@domain-a.example.com"
}
}
}
</pre><a href="#section-3.2.2-2" class="pilcrow"></a>
</div>
</section>
</div>
<div id="cross-reference-identifiers">
<section id="section-3.2.3">
<h4 id="name-cross-reference-identifiers">
<a href="#section-3.2.3" class="section-number selfRef">3.2.3. </a><a href="#name-cross-reference-identifiers" class="section-name selfRef">Cross-Reference Identifiers</a>
</h4>
<p id="section-3.2.3-1">Cross-reference identifiers enable trail stitching without
requiring access to the full audit records of other domains:<a href="#section-3.2.3-1" class="pilcrow"></a></p>
<span class="break"></span><dl class="dlParallel" id="section-3.2.3-2">
<dt id="section-3.2.3-2.1">boundary_id:</dt>
<dd style="margin-left: 1.5em" id="section-3.2.3-2.2">
<p id="section-3.2.3-2.2.1">A globally unique identifier assigned at the domain boundary
crossing point. Both the outgoing record in the source domain
and the incoming record in the destination domain carry the
same boundary_id.<a href="#section-3.2.3-2.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-3.2.3-2.3">prev_jti:</dt>
<dd style="margin-left: 1.5em" id="section-3.2.3-2.4">
<p id="section-3.2.3-2.4.1">The JTI of the last audit record in the preceding domain.
This enables sequential chain verification.<a href="#section-3.2.3-2.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-3.2.3-2.5">prev_domain:</dt>
<dd style="margin-left: 1.5em" id="section-3.2.3-2.6">
<p id="section-3.2.3-2.6.1">The audit domain identifier of the preceding domain.<a href="#section-3.2.3-2.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
</section>
</div>
<div id="regulatory-profiles">
<section id="section-3.3">
<h3 id="name-regulatory-profile-mapping">
<a href="#section-3.3" class="section-number selfRef">3.3. </a><a href="#name-regulatory-profile-mapping" class="section-name selfRef">Regulatory Profile Mapping</a>
</h3>
<div id="profile-definitions">
<section id="section-3.3.1">
<h4 id="name-profile-definitions">
<a href="#section-3.3.1" class="section-number selfRef">3.3.1. </a><a href="#name-profile-definitions" class="section-name selfRef">Profile Definitions</a>
</h4>
<p id="section-3.3.1-1">A regulatory profile is identified by a string of the form
"{framework}-v{version}". This document defines the following
initial profiles:<a href="#section-3.3.1-1" class="pilcrow"></a></p>
<span id="name-regulatory-profile-definiti"></span><div id="tab-profiles">
<table class="center" id="table-1">
<caption>
<a href="#table-1" class="selfRef">Table 1</a>:
<a href="#name-regulatory-profile-definiti" class="selfRef">Regulatory Profile Definitions</a>
</caption>
<thead>
<tr>
<th class="text-left" rowspan="1" colspan="1">Profile ID</th>
<th class="text-left" rowspan="1" colspan="1">Framework</th>
<th class="text-left" rowspan="1" colspan="1">Required Claims</th>
<th class="text-left" rowspan="1" colspan="1">Retention</th>
</tr>
</thead>
<tbody>
<tr>
<td class="text-left" rowspan="1" colspan="1">gdpr-v1</td>
<td class="text-left" rowspan="1" colspan="1">EU GDPR</td>
<td class="text-left" rowspan="1" colspan="1">data_subject_category, processing_purpose, legal_basis, retention_days</td>
<td class="text-left" rowspan="1" colspan="1">Per purpose</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">sox-v1</td>
<td class="text-left" rowspan="1" colspan="1">US SOX</td>
<td class="text-left" rowspan="1" colspan="1">control_objective, control_id, evidence_class, attestor</td>
<td class="text-left" rowspan="1" colspan="1">7 years</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">hipaa-v1</td>
<td class="text-left" rowspan="1" colspan="1">US HIPAA</td>
<td class="text-left" rowspan="1" colspan="1">phi_category, access_purpose, minimum_necessary, covered_entity</td>
<td class="text-left" rowspan="1" colspan="1">6 years</td>
</tr>
</tbody>
</table>
</div>
</section>
</div>
<div id="compliance-field-mapping">
<section id="section-3.3.2">
<h4 id="name-compliance-field-mapping">
<a href="#section-3.3.2" class="section-number selfRef">3.3.2. </a><a href="#name-compliance-field-mapping" class="section-name selfRef">Compliance Field Mapping</a>
</h4>
<p id="section-3.3.2-1">Each profile maps to a set of required and optional claims in the
"domain_ext" object. An audit record <span class="bcp14">MUST</span> include all required
claims for its declared regulatory profile. A verifier <span class="bcp14">MUST</span>
reject records missing required claims.<a href="#section-3.3.2-1" class="pilcrow"></a></p>
<span class="break"></span><dl class="dlParallel" id="section-3.3.2-2">
<dt id="section-3.3.2-2.1">GDPR Profile (gdpr-v1):</dt>
<dd style="margin-left: 1.5em" id="section-3.3.2-2.2">
<p id="section-3.3.2-2.2.1"><span class="bcp14">REQUIRED</span> claims: data_subject_category, processing_purpose,
legal_basis, retention_days.
<span class="bcp14">OPTIONAL</span> claims: dpo_contact, cross_border_transfer,
data_categories, recipients.<a href="#section-3.3.2-2.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-3.3.2-2.3">SOX Profile (sox-v1):</dt>
<dd style="margin-left: 1.5em" id="section-3.3.2-2.4">
<p id="section-3.3.2-2.4.1"><span class="bcp14">REQUIRED</span> claims: control_objective, control_id, evidence_class,
attestor.
<span class="bcp14">OPTIONAL</span> claims: deficiency_flag, management_response,
test_procedure.<a href="#section-3.3.2-2.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-3.3.2-2.5">HIPAA Profile (hipaa-v1):</dt>
<dd style="margin-left: 1.5em" id="section-3.3.2-2.6">
<p id="section-3.3.2-2.6.1"><span class="bcp14">REQUIRED</span> claims: phi_category, access_purpose,
minimum_necessary, covered_entity.
<span class="bcp14">OPTIONAL</span> claims: business_associate, disclosure_authorization,
breach_risk_assessment.<a href="#section-3.3.2-2.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="regulatory-metadata-claims">
<section id="section-3.3.3">
<h4 id="name-regulatory-metadata-claims">
<a href="#section-3.3.3" class="section-number selfRef">3.3.3. </a><a href="#name-regulatory-metadata-claims" class="section-name selfRef">Regulatory Metadata Claims</a>
</h4>
<p id="section-3.3.3-1">Regulatory metadata is carried as claims in the EAT payload
under the "reg_meta" key:<a href="#section-3.3.3-1" class="pilcrow"></a></p>
<div class="lang-json sourcecode" id="section-3.3.3-2">
<pre>
{
"reg_meta": {
"profile": "gdpr-v1",
"jurisdiction": "EU",
"supervisory_authority": "de-bfdi",
"cross_border": true,
"adequacy_decision": "eu-us-dpf",
"retention_expiry": 1763078400
}
}
</pre><a href="#section-3.3.3-2" class="pilcrow"></a>
</div>
</section>
</div>
</section>
</div>
<div id="audit-stitching">
<section id="section-3.4">
<h3 id="name-audit-trail-stitching">
<a href="#section-3.4" class="section-number selfRef">3.4. </a><a href="#name-audit-trail-stitching" class="section-name selfRef">Audit Trail Stitching</a>
</h3>
<div id="cross-domain-correlation-protocol">
<section id="section-3.4.1">
<h4 id="name-cross-domain-correlation-pr">
<a href="#section-3.4.1" class="section-number selfRef">3.4.1. </a><a href="#name-cross-domain-correlation-pr" class="section-name selfRef">Cross-Domain Correlation Protocol</a>
</h4>
<p id="section-3.4.1-1">When a workflow crosses a domain boundary, the following protocol
ensures audit trail continuity:<a href="#section-3.4.1-1" class="pilcrow"></a></p>
<ol start="1" type="1" class="normal type-1" id="section-3.4.1-2">
<li id="section-3.4.1-2.1">
<p id="section-3.4.1-2.1.1">The source domain creates a boundary crossing record containing
the last audit record's JTI and a newly generated boundary_id.<a href="#section-3.4.1-2.1.1" class="pilcrow"></a></p>
</li>
<li id="section-3.4.1-2.2">
<p id="section-3.4.1-2.2.1">The source domain signs the boundary crossing record and
transmits it to the destination domain along with the agent
handoff.<a href="#section-3.4.1-2.2.1" class="pilcrow"></a></p>
</li>
<li id="section-3.4.1-2.3">
<p id="section-3.4.1-2.3.1">The destination domain creates its first audit record with
an xref object referencing the boundary_id and the source
domain's last JTI.<a href="#section-3.4.1-2.3.1" class="pilcrow"></a></p>
</li>
<li id="section-3.4.1-2.4">
<p id="section-3.4.1-2.4.1">Both domains independently log the boundary crossing record
in their respective audit ledgers.<a href="#section-3.4.1-2.4.1" class="pilcrow"></a></p>
</li>
</ol>
</section>
</div>
<div id="boundary-crossing-records">
<section id="section-3.4.2">
<h4 id="name-boundary-crossing-records">
<a href="#section-3.4.2" class="section-number selfRef">3.4.2. </a><a href="#name-boundary-crossing-records" class="section-name selfRef">Boundary Crossing Records</a>
</h4>
<p id="section-3.4.2-1">A boundary crossing record is a JWS-signed JSON object:<a href="#section-3.4.2-1" class="pilcrow"></a></p>
<div class="lang-json sourcecode" id="section-3.4.2-2">
<pre>
{
"type": "boundary_crossing",
"boundary_id": "urn:uuid:bnd-98765432-dcba-10fe-5432-109876543210",
"source_domain": "domain-a.example.com",
"dest_domain": "domain-b.example.com",
"source_last_jti": "urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6",
"crossing_time": 1700000100,
"workflow_id": "urn:uuid:wf-11111111-2222-3333-4444-555555555555",
"source_reg_profile": "gdpr-v1",
"dest_reg_profile": "sox-v1",
"disclosed_claims": ["task_desc", "inputs_hash", "outputs_hash"],
"redacted_claims": ["data_subject_category", "processing_purpose"]
}
</pre><a href="#section-3.4.2-2" class="pilcrow"></a>
</div>
<p id="section-3.4.2-3">The "disclosed_claims" and "redacted_claims" arrays enumerate
which claims from the source domain's audit record are visible
to the destination domain and which are withheld for privacy.<a href="#section-3.4.2-3" class="pilcrow"></a></p>
</section>
</div>
<div id="partial-trail-assembly">
<section id="section-3.4.3">
<h4 id="name-partial-trail-assembly">
<a href="#section-3.4.3" class="section-number selfRef">3.4.3. </a><a href="#name-partial-trail-assembly" class="section-name selfRef">Partial Trail Assembly</a>
</h4>
<p id="section-3.4.3-1">An auditor with access to multiple domains can reconstruct the
full workflow trail by following the chain of boundary_id
references. When an auditor lacks access to a particular domain,
the trail contains a gap that can be verified structurally
(the boundary crossing records on either side reference the same
boundary_id) without revealing the content of the missing
domain's records.<a href="#section-3.4.3-1" class="pilcrow"></a></p>
<p id="section-3.4.3-2">This allows privacy-preserving end-to-end audit where each domain
proves its segment of the trail without exposing regulated data
to unauthorized parties.<a href="#section-3.4.3-2" class="pilcrow"></a></p>
</section>
</div>
</section>
</div>
<div id="selective-disclosure">
<section id="section-3.5">
<h3 id="name-selective-disclosure">
<a href="#section-3.5" class="section-number selfRef">3.5. </a><a href="#name-selective-disclosure" class="section-name selfRef">Selective Disclosure</a>
</h3>
<div id="using-sd-jwt-concepts-for-audit-records">
<section id="section-3.5.1">
<h4 id="name-using-sd-jwt-concepts-for-a">
<a href="#section-3.5.1" class="section-number selfRef">3.5.1. </a><a href="#name-using-sd-jwt-concepts-for-a" class="section-name selfRef">Using SD-JWT Concepts for Audit Records</a>
</h4>
<p id="section-3.5.1-1">Cross-domain audit records <span class="bcp14">MAY</span> use Selective Disclosure JWT
(SD-JWT) <span>[<a href="#SD-JWT" class="cite xref">SD-JWT</a>]</span> mechanisms to enable fine-grained claim
disclosure. When an audit record is issued, the issuer creates
an SD-JWT where each claim can be independently disclosed or
withheld.<a href="#section-3.5.1-1" class="pilcrow"></a></p>
<p id="section-3.5.1-2">An SD-JWT audit record replaces direct claims with hashed
disclosures:<a href="#section-3.5.1-2" class="pilcrow"></a></p>
<div class="lang-json sourcecode" id="section-3.5.1-3">
<pre>
{
"iss": "https://domain-a.example.com/audit",
"aud_domain": "domain-a.example.com",
"reg_profile": "gdpr-v1",
"_sd": [
"WyJ...base64url-encoded disclosure hash..."
],
"_sd_alg": "sha-256"
}
</pre><a href="#section-3.5.1-3" class="pilcrow"></a>
</div>
<p id="section-3.5.1-4">Individual claims are disclosed by providing the corresponding
disclosure values alongside the SD-JWT.<a href="#section-3.5.1-4" class="pilcrow"></a></p>
</section>
</div>
<div id="per-domain-visibility-controls">
<section id="section-3.5.2">
<h4 id="name-per-domain-visibility-contr">
<a href="#section-3.5.2" class="section-number selfRef">3.5.2. </a><a href="#name-per-domain-visibility-contr" class="section-name selfRef">Per-Domain Visibility Controls</a>
</h4>
<p id="section-3.5.2-1">Each audit domain declares a visibility policy specifying which
claims are:<a href="#section-3.5.2-1" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-3.5.2-2.1">
<p id="section-3.5.2-2.1.1">Public: Disclosed to all domains in the workflow trail.<a href="#section-3.5.2-2.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-3.5.2-2.2">
<p id="section-3.5.2-2.2.1">Boundary: Disclosed only to the immediate upstream and
downstream domains.<a href="#section-3.5.2-2.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-3.5.2-2.3">
<p id="section-3.5.2-2.3.1">Private: Never disclosed outside the originating domain.<a href="#section-3.5.2-2.3.1" class="pilcrow"></a></p>
</li>
</ul>
<p id="section-3.5.2-3">The visibility policy is declared in the regulatory profile
and enforced at each domain boundary crossing.<a href="#section-3.5.2-3" class="pilcrow"></a></p>
</section>
</div>
<div id="redaction-and-minimization-rules">
<section id="section-3.5.3">
<h4 id="name-redaction-and-minimization-">
<a href="#section-3.5.3" class="section-number selfRef">3.5.3. </a><a href="#name-redaction-and-minimization-" class="section-name selfRef">Redaction and Minimization Rules</a>
</h4>
<p id="section-3.5.3-1">When an audit record crosses a domain boundary, the following
rules apply:<a href="#section-3.5.3-1" class="pilcrow"></a></p>
<ol start="1" type="1" class="normal type-1" id="section-3.5.3-2">
<li id="section-3.5.3-2.1">
<p id="section-3.5.3-2.1.1">Claims classified as "private" <span class="bcp14">MUST</span> be redacted using SD-JWT
disclosures. The destination domain receives proof that the
claims exist but cannot read their values.<a href="#section-3.5.3-2.1.1" class="pilcrow"></a></p>
</li>
<li id="section-3.5.3-2.2">
<p id="section-3.5.3-2.2.1">Claims classified as "boundary" <span class="bcp14">MUST</span> be disclosed to the
immediate destination domain but redacted for subsequent
domains in the chain.<a href="#section-3.5.3-2.2.1" class="pilcrow"></a></p>
</li>
<li id="section-3.5.3-2.3">
<p id="section-3.5.3-2.3.1">Claims classified as "public" <span class="bcp14">MUST</span> be disclosed to all
domains.<a href="#section-3.5.3-2.3.1" class="pilcrow"></a></p>
</li>
<li id="section-3.5.3-2.4">
<p id="section-3.5.3-2.4.1">The minimum set of public claims required for trail stitching
is: jti, boundary_id, aud_domain, and crossing_time.<a href="#section-3.5.3-2.4.1" class="pilcrow"></a></p>
</li>
</ol>
</section>
</div>
</section>
</div>
</section>
</div>
<div id="resource-accounting">
<section id="section-4">
<h2 id="name-resource-accounting">
<a href="#section-4" class="section-number selfRef">4. </a><a href="#name-resource-accounting" class="section-name selfRef">Resource Accounting</a>
</h2>
<div id="resource-metering">
<section id="section-4.1">
<h3 id="name-resource-metering-model">
<a href="#section-4.1" class="section-number selfRef">4.1. </a><a href="#name-resource-metering-model" class="section-name selfRef">Resource Metering Model</a>
</h3>
<div id="resource-types">
<section id="section-4.1.1">
<h4 id="name-resource-types">
<a href="#section-4.1.1" class="section-number selfRef">4.1.1. </a><a href="#name-resource-types" class="section-name selfRef">Resource Types</a>
</h4>
<p id="section-4.1.1-1">This document defines the following resource types for agent
metering:<a href="#section-4.1.1-1" class="pilcrow"></a></p>
<span id="name-resource-type-definitions"></span><div id="tab-resources">
<table class="center" id="table-2">
<caption>
<a href="#table-2" class="selfRef">Table 2</a>:
<a href="#name-resource-type-definitions" class="selfRef">Resource Type Definitions</a>
</caption>
<thead>
<tr>
<th class="text-left" rowspan="1" colspan="1">Resource Type</th>
<th class="text-left" rowspan="1" colspan="1">Unit</th>
<th class="text-left" rowspan="1" colspan="1">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td class="text-left" rowspan="1" colspan="1">compute</td>
<td class="text-left" rowspan="1" colspan="1">cpu-ms</td>
<td class="text-left" rowspan="1" colspan="1">CPU time in milliseconds</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">memory</td>
<td class="text-left" rowspan="1" colspan="1">byte-s</td>
<td class="text-left" rowspan="1" colspan="1">Memory usage in byte-seconds</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">network_egress</td>
<td class="text-left" rowspan="1" colspan="1">bytes</td>
<td class="text-left" rowspan="1" colspan="1">Outbound network transfer</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">network_ingress</td>
<td class="text-left" rowspan="1" colspan="1">bytes</td>
<td class="text-left" rowspan="1" colspan="1">Inbound network transfer</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">storage</td>
<td class="text-left" rowspan="1" colspan="1">byte-s</td>
<td class="text-left" rowspan="1" colspan="1">Persistent storage in byte-seconds</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">api_calls</td>
<td class="text-left" rowspan="1" colspan="1">count</td>
<td class="text-left" rowspan="1" colspan="1">External API invocations</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">llm_tokens</td>
<td class="text-left" rowspan="1" colspan="1">count</td>
<td class="text-left" rowspan="1" colspan="1">Large language model tokens consumed</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">gpu_compute</td>
<td class="text-left" rowspan="1" colspan="1">gpu-ms</td>
<td class="text-left" rowspan="1" colspan="1">GPU time in milliseconds</td>
</tr>
</tbody>
</table>
</div>
</section>
</div>
<div id="metering-points">
<section id="section-4.1.2">
<h4 id="name-metering-points">
<a href="#section-4.1.2" class="section-number selfRef">4.1.2. </a><a href="#name-metering-points" class="section-name selfRef">Metering Points</a>
</h4>
<p id="section-4.1.2-1">Resource meters are placed at defined points in the agent
execution pipeline:<a href="#section-4.1.2-1" class="pilcrow"></a></p>
<ol start="1" type="1" class="normal type-1" id="section-4.1.2-2">
<li id="section-4.1.2-2.1">
<p id="section-4.1.2-2.1.1">Task Ingress: Resources consumed receiving and parsing task
inputs.<a href="#section-4.1.2-2.1.1" class="pilcrow"></a></p>
</li>
<li id="section-4.1.2-2.2">
<p id="section-4.1.2-2.2.1">Execution: Resources consumed during task execution proper.<a href="#section-4.1.2-2.2.1" class="pilcrow"></a></p>
</li>
<li id="section-4.1.2-2.3">
<p id="section-4.1.2-2.3.1">Tool Invocation: Resources consumed by each tool call within
a task.<a href="#section-4.1.2-2.3.1" class="pilcrow"></a></p>
</li>
<li id="section-4.1.2-2.4">
<p id="section-4.1.2-2.4.1">Task Egress: Resources consumed producing and transmitting
task outputs.<a href="#section-4.1.2-2.4.1" class="pilcrow"></a></p>
</li>
<li id="section-4.1.2-2.5">
<p id="section-4.1.2-2.5.1">Audit Overhead: Resources consumed generating and transmitting
audit records themselves.<a href="#section-4.1.2-2.5.1" class="pilcrow"></a></p>
</li>
</ol>
<p id="section-4.1.2-3">Each metering point produces a meter reading that is included
in the task's consumption record.<a href="#section-4.1.2-3" class="pilcrow"></a></p>
</section>
</div>
<div id="meter-reading-format">
<section id="section-4.1.3">
<h4 id="name-meter-reading-format">
<a href="#section-4.1.3" class="section-number selfRef">4.1.3. </a><a href="#name-meter-reading-format" class="section-name selfRef">Meter Reading Format</a>
</h4>
<p id="section-4.1.3-1">A meter reading is a JSON object:<a href="#section-4.1.3-1" class="pilcrow"></a></p>
<div class="lang-json sourcecode" id="section-4.1.3-2">
<pre>
{
"meter_point": "execution",
"resource_type": "llm_tokens",
"quantity": 4096,
"unit": "count",
"start_time": 1700000000,
"end_time": 1700000005,
"confidence": "measured"
}
</pre><a href="#section-4.1.3-2" class="pilcrow"></a>
</div>
<p id="section-4.1.3-3">The "confidence" field indicates whether the reading is
"measured" (exact instrumentation), "estimated" (statistical
sampling), or "allocated" (apportioned from a shared pool).<a href="#section-4.1.3-3" class="pilcrow"></a></p>
</section>
</div>
</section>
</div>
<div id="consumption-records">
<section id="section-4.2">
<h3 id="name-consumption-records">
<a href="#section-4.2" class="section-number selfRef">4.2. </a><a href="#name-consumption-records" class="section-name selfRef">Consumption Records</a>
</h3>
<div id="per-agent-resource-consumption-claims">
<section id="section-4.2.1">
<h4 id="name-per-agent-resource-consumpt">
<a href="#section-4.2.1" class="section-number selfRef">4.2.1. </a><a href="#name-per-agent-resource-consumpt" class="section-name selfRef">Per-Agent Resource Consumption Claims</a>
</h4>
<p id="section-4.2.1-1">Resource consumption is recorded as claims in the EAT payload
under the "resource" key:<a href="#section-4.2.1-1" class="pilcrow"></a></p>
<div class="lang-json sourcecode" id="section-4.2.1-2">
<pre>
{
"resource": {
"agent_id": "spiffe://domain-a.example.com/agent/a1",
"task_id": "urn:uuid:a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"domain": "domain-a.example.com",
"period": {
"start": 1700000000,
"end": 1700000010
},
"meters": [
{
"meter_point": "execution",
"resource_type": "compute",
"quantity": 2500,
"unit": "cpu-ms",
"confidence": "measured"
},
{
"meter_point": "execution",
"resource_type": "llm_tokens",
"quantity": 4096,
"unit": "count",
"confidence": "measured"
},
{
"meter_point": "tool_invocation",
"resource_type": "api_calls",
"quantity": 3,
"unit": "count",
"confidence": "measured"
}
]
}
}
</pre><a href="#section-4.2.1-2" class="pilcrow"></a>
</div>
</section>
</div>
<div id="aggregation-across-dag-nodes">
<section id="section-4.2.2">
<h4 id="name-aggregation-across-dag-node">
<a href="#section-4.2.2" class="section-number selfRef">4.2.2. </a><a href="#name-aggregation-across-dag-node" class="section-name selfRef">Aggregation Across DAG Nodes</a>
</h4>
<p id="section-4.2.2-1">When a workflow DAG spans multiple tasks, consumption records
can be aggregated to produce a workflow-level resource summary.
The aggregation <span class="bcp14">MUST</span>:<a href="#section-4.2.2-1" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-4.2.2-2.1">
<p id="section-4.2.2-2.1.1">Sum quantities of the same resource type and unit across all
DAG nodes within a domain.<a href="#section-4.2.2-2.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.2-2.2">
<p id="section-4.2.2-2.2.1">Maintain per-task granularity for dispute resolution.<a href="#section-4.2.2-2.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.2-2.3">
<p id="section-4.2.2-2.3.1">Record the aggregation method ("sum", "max", "weighted") for
each resource type.<a href="#section-4.2.2-2.3.1" class="pilcrow"></a></p>
</li>
</ul>
</section>
</div>
<div id="multi-tenant-isolation">
<section id="section-4.2.3">
<h4 id="name-multi-tenant-isolation">
<a href="#section-4.2.3" class="section-number selfRef">4.2.3. </a><a href="#name-multi-tenant-isolation" class="section-name selfRef">Multi-Tenant Isolation</a>
</h4>
<p id="section-4.2.3-1">In shared infrastructure deployments, resource meters <span class="bcp14">MUST</span>
provide tenant isolation guarantees:<a href="#section-4.2.3-1" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-4.2.3-2.1">
<p id="section-4.2.3-2.1.1">Each agent's resource consumption <span class="bcp14">MUST</span> be independently
metered.<a href="#section-4.2.3-2.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.3-2.2">
<p id="section-4.2.3-2.2.1">Shared resources (e.g., shared GPU pools) <span class="bcp14">MUST</span> use the
"allocated" confidence level and document the allocation
method.<a href="#section-4.2.3-2.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.3-2.3">
<p id="section-4.2.3-2.3.1">Consumption records <span class="bcp14">MUST NOT</span> leak information about other
tenants' resource usage.<a href="#section-4.2.3-2.3.1" class="pilcrow"></a></p>
</li>
</ul>
</section>
</div>
</section>
</div>
<div id="billing-integration">
<section id="section-4.3">
<h3 id="name-billing-integration">
<a href="#section-4.3" class="section-number selfRef">4.3. </a><a href="#name-billing-integration" class="section-name selfRef">Billing Integration</a>
</h3>
<div id="settlement-protocol-overview">
<section id="section-4.3.1">
<h4 id="name-settlement-protocol-overvie">
<a href="#section-4.3.1" class="section-number selfRef">4.3.1. </a><a href="#name-settlement-protocol-overvie" class="section-name selfRef">Settlement Protocol Overview</a>
</h4>
<p id="section-4.3.1-1">Settlement between domains follows a three-phase protocol:<a href="#section-4.3.1-1" class="pilcrow"></a></p>
<span class="break"></span><dl class="dlParallel" id="section-4.3.1-2">
<dt id="section-4.3.1-2.1">Phase 1 -- Reporting:</dt>
<dd style="margin-left: 1.5em" id="section-4.3.1-2.2">
<p id="section-4.3.1-2.2.1">Each domain produces a signed usage report summarizing
consumption records for a billing period. The report is
signed using the domain's audit signing key.<a href="#section-4.3.1-2.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-4.3.1-2.3">Phase 2 -- Reconciliation:</dt>
<dd style="margin-left: 1.5em" id="section-4.3.1-2.4">
<p id="section-4.3.1-2.4.1">Participating domains exchange usage reports and verify that
boundary crossing records match. Discrepancies are flagged
for manual review.<a href="#section-4.3.1-2.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-4.3.1-2.5">Phase 3 -- Settlement:</dt>
<dd style="margin-left: 1.5em" id="section-4.3.1-2.6">
<p id="section-4.3.1-2.6.1">Reconciled usage is converted to monetary amounts using
pre-agreed rate cards. Settlement records are logged in
each domain's audit ledger.<a href="#section-4.3.1-2.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="usage-report-format">
<section id="section-4.3.2">
<h4 id="name-usage-report-format">
<a href="#section-4.3.2" class="section-number selfRef">4.3.2. </a><a href="#name-usage-report-format" class="section-name selfRef">Usage Report Format</a>
</h4>
<p id="section-4.3.2-1">A usage report is a JWS-signed JSON object:<a href="#section-4.3.2-1" class="pilcrow"></a></p>
<div class="lang-json sourcecode" id="section-4.3.2-2">
<pre>
{
"type": "usage_report",
"reporter_domain": "domain-a.example.com",
"billing_period": {
"start": 1700000000,
"end": 1702592000
},
"counterparty_domain": "domain-b.example.com",
"summary": [
{
"resource_type": "compute",
"total_quantity": 15000000,
"unit": "cpu-ms",
"task_count": 1250
},
{
"resource_type": "llm_tokens",
"total_quantity": 5242880,
"unit": "count",
"task_count": 1250
}
],
"detail_hash": "sha256:fedcba987654...",
"rate_card_ref": "urn:uuid:rc-aabbccdd-1122-3344-5566-778899001122"
}
</pre><a href="#section-4.3.2-2" class="pilcrow"></a>
</div>
<p id="section-4.3.2-3">The "detail_hash" is a hash of the full set of per-task
consumption records, enabling the counterparty to request and
verify individual records during dispute resolution.<a href="#section-4.3.2-3" class="pilcrow"></a></p>
</section>
</div>
<div id="fair-use-enforcement-mechanisms">
<section id="section-4.3.3">
<h4 id="name-fair-use-enforcement-mechan">
<a href="#section-4.3.3" class="section-number selfRef">4.3.3. </a><a href="#name-fair-use-enforcement-mechan" class="section-name selfRef">Fair-Use Enforcement Mechanisms</a>
</h4>
<p id="section-4.3.3-1">Domains <span class="bcp14">MAY</span> enforce fair-use policies on agent resource
consumption:<a href="#section-4.3.3-1" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-4.3.3-2.1">
<p id="section-4.3.3-2.1.1">Rate Limiting: Domains <span class="bcp14">MAY</span> impose per-agent or per-workflow
rate limits on resource types. Rate limit policies <span class="bcp14">SHOULD</span>
be communicated in the boundary crossing record.<a href="#section-4.3.3-2.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.3.3-2.2">
<p id="section-4.3.3-2.2.1">Budget Caps: Workflows <span class="bcp14">MAY</span> carry a resource budget in the ECT
that specifies maximum consumption per resource type. Agents
<span class="bcp14">MUST NOT</span> exceed the declared budget without obtaining a revised
ECT.<a href="#section-4.3.3-2.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.3.3-2.3">
<p id="section-4.3.3-2.3.1">Anomaly Detection: Domains <span class="bcp14">SHOULD</span> monitor consumption patterns
and flag anomalous usage (e.g., token consumption 10x above
the workflow's declared budget).<a href="#section-4.3.3-2.3.1" class="pilcrow"></a></p>
</li>
</ul>
</section>
</div>
</section>
</div>
</section>
</div>
<div id="integration-with-ect-and-exec-audit">
<section id="section-5">
<h2 id="name-integration-with-ect-and-ex">
<a href="#section-5" class="section-number selfRef">5. </a><a href="#name-integration-with-ect-and-ex" class="section-name selfRef">Integration with ECT and Exec-Audit</a>
</h2>
<p id="section-5-1">The cross-domain audit and resource accounting claims defined in
this document extend the existing token formats as follows:<a href="#section-5-1" class="pilcrow"></a></p>
<span class="break"></span><dl class="dlParallel" id="section-5-2">
<dt id="section-5-2.1">ECT Extensions (<span>[<a href="#I-D.nennemann-wimse-ect" class="cite xref">I-D.nennemann-wimse-ect</a>]</span>):</dt>
<dd style="margin-left: 1.5em" id="section-5-2.2">
<p id="section-5-2.2.1">The ECT payload is extended with a "resource_budget" claim
specifying per-resource-type consumption limits for the
workflow. The ECT <span class="bcp14">MAY</span> also carry a "reg_profiles" array
listing the regulatory profiles that the workflow is expected
to traverse.<a href="#section-5-2.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5-2.3">EAT Extensions (<span>[<a href="#I-D.nennemann-exec-audit" class="cite xref">I-D.nennemann-exec-audit</a>]</span>):</dt>
<dd style="margin-left: 1.5em" id="section-5-2.4">
<p id="section-5-2.4.1">The EAT payload is extended with the "aud_domain", "reg_profile",
"reg_meta", "xref", "domain_ext", and "resource" claims defined
in this document. These claims are <span class="bcp14">OPTIONAL</span> for single-domain
deployments and <span class="bcp14">REQUIRED</span> for cross-domain workflows.<a href="#section-5-2.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5-2.5">Backward Compatibility:</dt>
<dd style="margin-left: 1.5em" id="section-5-2.6">
<p id="section-5-2.6.1">Existing ECT and EAT processors that do not recognize the new
claims <span class="bcp14">MUST</span> ignore them per standard JWT processing rules
<span>[<a href="#RFC7519" class="cite xref">RFC7519</a>]</span>. Cross-domain audit functionality degrades
gracefully: single-domain deployments continue to function
without modification.<a href="#section-5-2.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="security-considerations">
<section id="section-6">
<h2 id="name-security-considerations">
<a href="#section-6" class="section-number selfRef">6. </a><a href="#name-security-considerations" class="section-name selfRef">Security Considerations</a>
</h2>
<div id="audit-trail-tampering-across-domains">
<section id="section-6.1">
<h3 id="name-audit-trail-tampering-acros">
<a href="#section-6.1" class="section-number selfRef">6.1. </a><a href="#name-audit-trail-tampering-acros" class="section-name selfRef">Audit Trail Tampering Across Domains</a>
</h3>
<p id="section-6.1-1">Because each domain signs its own audit records independently,
a compromised domain can fabricate or alter its segment of the
audit trail. Mitigations include:<a href="#section-6.1-1" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-6.1-2.1">
<p id="section-6.1-2.1.1">Requiring Level 3 assurance (ledger-anchored EATs) for
cross-domain workflows in regulated environments.<a href="#section-6.1-2.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-6.1-2.2">
<p id="section-6.1-2.2.1">Cross-domain ledger anchoring as defined in
<span>[<a href="#I-D.nennemann-exec-audit" class="cite xref">I-D.nennemann-exec-audit</a>]</span> to detect tampering after the
fact.<a href="#section-6.1-2.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-6.1-2.3">
<p id="section-6.1-2.3.1">Independent third-party audit of boundary crossing records.<a href="#section-6.1-2.3.1" class="pilcrow"></a></p>
</li>
</ul>
</section>
</div>
<div id="resource-metering-fraud">
<section id="section-6.2">
<h3 id="name-resource-metering-fraud">
<a href="#section-6.2" class="section-number selfRef">6.2. </a><a href="#name-resource-metering-fraud" class="section-name selfRef">Resource Metering Fraud</a>
</h3>
<p id="section-6.2-1">A malicious domain could under-report resource consumption to
reduce settlement obligations or over-report to inflate charges.
Mitigations include:<a href="#section-6.2-1" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-6.2-2.1">
<p id="section-6.2-2.1.1">Bilateral verification of boundary crossing records, which
constrain the plausible range of resource consumption.<a href="#section-6.2-2.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-6.2-2.2">
<p id="section-6.2-2.2.1">Statistical sampling and spot-checking of consumption records
against actual infrastructure metrics.<a href="#section-6.2-2.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-6.2-2.3">
<p id="section-6.2-2.3.1">Requiring "measured" confidence level for high-value resource
types and rejecting "estimated" readings above a threshold.<a href="#section-6.2-2.3.1" class="pilcrow"></a></p>
</li>
</ul>
</section>
</div>
<div id="privacy-leakage-through-audit-correlation">
<section id="section-6.3">
<h3 id="name-privacy-leakage-through-aud">
<a href="#section-6.3" class="section-number selfRef">6.3. </a><a href="#name-privacy-leakage-through-aud" class="section-name selfRef">Privacy Leakage Through Audit Correlation</a>
</h3>
<p id="section-6.3-1">Even with selective disclosure, the structure of the audit trail
(timing, frequency, and pattern of boundary crossings) can leak
information about the nature of the workflow. Mitigations
include:<a href="#section-6.3-1" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-6.3-2.1">
<p id="section-6.3-2.1.1">Batching boundary crossing records to obscure individual
workflow timing.<a href="#section-6.3-2.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-6.3-2.2">
<p id="section-6.3-2.2.1">Using domain-specific pseudonymous identifiers in cross-
references rather than globally unique agent identifiers.<a href="#section-6.3-2.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-6.3-2.3">
<p id="section-6.3-2.3.1">Minimizing the set of public claims to the structural minimum
required for trail stitching.<a href="#section-6.3-2.3.1" class="pilcrow"></a></p>
</li>
</ul>
</section>
</div>
<div id="selective-disclosure-attacks">
<section id="section-6.4">
<h3 id="name-selective-disclosure-attack">
<a href="#section-6.4" class="section-number selfRef">6.4. </a><a href="#name-selective-disclosure-attack" class="section-name selfRef">Selective Disclosure Attacks</a>
</h3>
<p id="section-6.4-1">An adversary with access to multiple boundary crossing records
could attempt to correlate redacted claims across domains.
SD-JWT provides unlinkability guarantees when fresh salts are
used for each disclosure. Implementations <span class="bcp14">MUST</span> use
cryptographically random salts of at least 128 bits for each
SD-JWT disclosure.<a href="#section-6.4-1" class="pilcrow"></a></p>
</section>
</div>
</section>
</div>
<div id="iana-considerations">
<section id="section-7">
<h2 id="name-iana-considerations">
<a href="#section-7" class="section-number selfRef">7. </a><a href="#name-iana-considerations" class="section-name selfRef">IANA Considerations</a>
</h2>
<div id="jwt-claims-registration">
<section id="section-7.1">
<h3 id="name-jwt-claims-registration">
<a href="#section-7.1" class="section-number selfRef">7.1. </a><a href="#name-jwt-claims-registration" class="section-name selfRef">JWT Claims Registration</a>
</h3>
<p id="section-7.1-1">This document requests registration of the following claims in
the JSON Web Token Claims registry established by <span>[<a href="#RFC7519" class="cite xref">RFC7519</a>]</span>:<a href="#section-7.1-1" class="pilcrow"></a></p>
<span id="name-jwt-claims-registration-2"></span><div id="tab-claims">
<table class="center" id="table-3">
<caption>
<a href="#table-3" class="selfRef">Table 3</a>:
<a href="#name-jwt-claims-registration-2" class="selfRef">JWT Claims Registration</a>
</caption>
<thead>
<tr>
<th class="text-left" rowspan="1" colspan="1">Claim Name</th>
<th class="text-left" rowspan="1" colspan="1">Description</th>
<th class="text-left" rowspan="1" colspan="1">Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td class="text-left" rowspan="1" colspan="1">aud_domain</td>
<td class="text-left" rowspan="1" colspan="1">Audit domain identifier</td>
<td class="text-left" rowspan="1" colspan="1">This document</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">reg_profile</td>
<td class="text-left" rowspan="1" colspan="1">Regulatory profile identifier</td>
<td class="text-left" rowspan="1" colspan="1">This document</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">reg_meta</td>
<td class="text-left" rowspan="1" colspan="1">Regulatory metadata object</td>
<td class="text-left" rowspan="1" colspan="1">This document</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">xref</td>
<td class="text-left" rowspan="1" colspan="1">Cross-domain reference object</td>
<td class="text-left" rowspan="1" colspan="1">This document</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">domain_ext</td>
<td class="text-left" rowspan="1" colspan="1">Domain-specific extension claims</td>
<td class="text-left" rowspan="1" colspan="1">This document</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">resource</td>
<td class="text-left" rowspan="1" colspan="1">Resource consumption record</td>
<td class="text-left" rowspan="1" colspan="1">This document</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">resource_budget</td>
<td class="text-left" rowspan="1" colspan="1">Resource budget limits</td>
<td class="text-left" rowspan="1" colspan="1">This document</td>
</tr>
</tbody>
</table>
</div>
</section>
</div>
<div id="regulatory-profile-registry">
<section id="section-7.2">
<h3 id="name-regulatory-profile-registry">
<a href="#section-7.2" class="section-number selfRef">7.2. </a><a href="#name-regulatory-profile-registry" class="section-name selfRef">Regulatory Profile Registry</a>
</h3>
<p id="section-7.2-1">This document establishes a new "Agent Audit Regulatory Profiles"
registry. The registration policy is Specification Required
<span>[<a href="#RFC8126" class="cite xref">RFC8126</a>]</span>.<a href="#section-7.2-1" class="pilcrow"></a></p>
<p id="section-7.2-2">Initial registrations:<a href="#section-7.2-2" class="pilcrow"></a></p>
<span id="name-regulatory-profile-registry-2"></span><div id="tab-reg-profiles">
<table class="center" id="table-4">
<caption>
<a href="#table-4" class="selfRef">Table 4</a>:
<a href="#name-regulatory-profile-registry-2" class="selfRef">Regulatory Profile Registry</a>
</caption>
<thead>
<tr>
<th class="text-left" rowspan="1" colspan="1">Profile ID</th>
<th class="text-left" rowspan="1" colspan="1">Framework</th>
<th class="text-left" rowspan="1" colspan="1">Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td class="text-left" rowspan="1" colspan="1">gdpr-v1</td>
<td class="text-left" rowspan="1" colspan="1">EU General Data Protection Regulation</td>
<td class="text-left" rowspan="1" colspan="1">This document</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">sox-v1</td>
<td class="text-left" rowspan="1" colspan="1">US Sarbanes-Oxley Act</td>
<td class="text-left" rowspan="1" colspan="1">This document</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">hipaa-v1</td>
<td class="text-left" rowspan="1" colspan="1">US Health Insurance Portability and Accountability Act</td>
<td class="text-left" rowspan="1" colspan="1">This document</td>
</tr>
</tbody>
</table>
</div>
</section>
</div>
<div id="resource-type-registry">
<section id="section-7.3">
<h3 id="name-resource-type-registry">
<a href="#section-7.3" class="section-number selfRef">7.3. </a><a href="#name-resource-type-registry" class="section-name selfRef">Resource Type Registry</a>
</h3>
<p id="section-7.3-1">This document establishes a new "Agent Resource Types" registry.
The registration policy is Specification Required <span>[<a href="#RFC8126" class="cite xref">RFC8126</a>]</span>.<a href="#section-7.3-1" class="pilcrow"></a></p>
<p id="section-7.3-2">Initial registrations are listed in <a href="#tab-resources" class="auto internal xref">Table 2</a>.<a href="#section-7.3-2" class="pilcrow"></a></p>
</section>
</div>
</section>
</div>
<div id="sec-combined-references">
<section id="section-8">
<h2 id="name-references">
<a href="#section-8" class="section-number selfRef">8. </a><a href="#name-references" class="section-name selfRef">References</a>
</h2>
<div id="sec-normative-references">
<section id="section-8.1">
<h3 id="name-normative-references">
<a href="#section-8.1" class="section-number selfRef">8.1. </a><a href="#name-normative-references" class="section-name selfRef">Normative References</a>
</h3>
<dl class="references">
<dt id="I-D.nennemann-exec-audit">[I-D.nennemann-exec-audit]</dt>
<dd>
<span class="refTitle">"Cross-Domain Execution Audit Tokens"</span>, <span>n.d.</span>, <span>&lt;<a href="https://datatracker.ietf.org/doc/draft-nennemann-exec-audit/">https://datatracker.ietf.org/doc/draft-nennemann-exec-audit/</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="I-D.nennemann-wimse-ect">[I-D.nennemann-wimse-ect]</dt>
<dd>
<span class="refTitle">"Execution Context Tokens for Distributed Agentic Workflows"</span>, <span>n.d.</span>, <span>&lt;<a href="https://datatracker.ietf.org/doc/draft-nennemann-wimse-ect/">https://datatracker.ietf.org/doc/draft-nennemann-wimse-ect/</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC2119">[RFC2119]</dt>
<dd>
<span class="refAuthor">Bradner, S.</span>, <span class="refTitle">"Key words for use in RFCs to Indicate Requirement Levels"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 2119</span>, <span class="seriesInfo">DOI 10.17487/RFC2119</span>, <time datetime="1997-03" class="refDate">March 1997</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc2119">https://www.rfc-editor.org/rfc/rfc2119</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC7515">[RFC7515]</dt>
<dd>
<span class="refAuthor">Jones, M.</span>, <span class="refAuthor">Bradley, J.</span>, and <span class="refAuthor">N. Sakimura</span>, <span class="refTitle">"JSON Web Signature (JWS)"</span>, <span class="seriesInfo">RFC 7515</span>, <span class="seriesInfo">DOI 10.17487/RFC7515</span>, <time datetime="2015-05" class="refDate">May 2015</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc7515">https://www.rfc-editor.org/rfc/rfc7515</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC7519">[RFC7519]</dt>
<dd>
<span class="refAuthor">Jones, M.</span>, <span class="refAuthor">Bradley, J.</span>, and <span class="refAuthor">N. Sakimura</span>, <span class="refTitle">"JSON Web Token (JWT)"</span>, <span class="seriesInfo">RFC 7519</span>, <span class="seriesInfo">DOI 10.17487/RFC7519</span>, <time datetime="2015-05" class="refDate">May 2015</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc7519">https://www.rfc-editor.org/rfc/rfc7519</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC8126">[RFC8126]</dt>
<dd>
<span class="refAuthor">Cotton, M.</span>, <span class="refAuthor">Leiba, B.</span>, and <span class="refAuthor">T. Narten</span>, <span class="refTitle">"Guidelines for Writing an IANA Considerations Section in RFCs"</span>, <span class="seriesInfo">BCP 26</span>, <span class="seriesInfo">RFC 8126</span>, <span class="seriesInfo">DOI 10.17487/RFC8126</span>, <time datetime="2017-06" class="refDate">June 2017</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc8126">https://www.rfc-editor.org/rfc/rfc8126</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC8174">[RFC8174]</dt>
<dd>
<span class="refAuthor">Leiba, B.</span>, <span class="refTitle">"Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 8174</span>, <span class="seriesInfo">DOI 10.17487/RFC8174</span>, <time datetime="2017-05" class="refDate">May 2017</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc8174">https://www.rfc-editor.org/rfc/rfc8174</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC9110">[RFC9110]</dt>
<dd>
<span class="refAuthor">Fielding, R., Ed.</span>, <span class="refAuthor">Nottingham, M., Ed.</span>, and <span class="refAuthor">J. Reschke, Ed.</span>, <span class="refTitle">"HTTP Semantics"</span>, <span class="seriesInfo">STD 97</span>, <span class="seriesInfo">RFC 9110</span>, <span class="seriesInfo">DOI 10.17487/RFC9110</span>, <time datetime="2022-06" class="refDate">June 2022</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc9110">https://www.rfc-editor.org/rfc/rfc9110</a>&gt;</span>. </dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="sec-informative-references">
<section id="section-8.2">
<h3 id="name-informative-references">
<a href="#section-8.2" class="section-number selfRef">8.2. </a><a href="#name-informative-references" class="section-name selfRef">Informative References</a>
</h3>
<dl class="references">
<dt id="EU-AI-ACT">[EU-AI-ACT]</dt>
<dd>
<span class="refAuthor">European Parliament and Council</span>, <span class="refTitle">"Regulation (EU) 2024/1689 (AI Act)"</span>, <time datetime="2024" class="refDate">2024</time>, <span>&lt;<a href="https://eur-lex.europa.eu/eli/reg/2024/1689/oj">https://eur-lex.europa.eu/eli/reg/2024/1689/oj</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="I-D.ietf-scitt-architecture">[I-D.ietf-scitt-architecture]</dt>
<dd>
<span class="refAuthor">Birkholz, H.</span>, <span class="refAuthor">Delignat-Lavaud, A.</span>, <span class="refAuthor">Fournet, C.</span>, <span class="refAuthor">Deshpande, Y.</span>, and <span class="refAuthor">S. Lasker</span>, <span class="refTitle">"An Architecture for Trustworthy and Transparent Digital Supply Chains"</span>, <span class="refContent">Work in Progress</span>, <span class="seriesInfo">Internet-Draft, draft-ietf-scitt-architecture-22</span>, <time datetime="2025-10-10" class="refDate">10 October 2025</time>, <span>&lt;<a href="https://datatracker.ietf.org/doc/html/draft-ietf-scitt-architecture-22">https://datatracker.ietf.org/doc/html/draft-ietf-scitt-architecture-22</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="I-D.nennemann-agent-gap-analysis">[I-D.nennemann-agent-gap-analysis]</dt>
<dd>
<span class="refTitle">"Gap Analysis for Autonomous Agent Protocols"</span>, <span>n.d.</span>, <span>&lt;<a href="https://datatracker.ietf.org/doc/draft-nennemann-agent-gap-analysis/">https://datatracker.ietf.org/doc/draft-nennemann-agent-gap-analysis/</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC9334">[RFC9334]</dt>
<dd>
<span class="refAuthor">Birkholz, H.</span>, <span class="refAuthor">Thaler, D.</span>, <span class="refAuthor">Richardson, M.</span>, <span class="refAuthor">Smith, N.</span>, and <span class="refAuthor">W. Pan</span>, <span class="refTitle">"Remote ATtestation procedureS (RATS) Architecture"</span>, <span class="seriesInfo">RFC 9334</span>, <span class="seriesInfo">DOI 10.17487/RFC9334</span>, <time datetime="2023-01" class="refDate">January 2023</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc9334">https://www.rfc-editor.org/rfc/rfc9334</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="SD-JWT">[SD-JWT]</dt>
<dd>
<span class="refTitle">"Selective Disclosure for JWTs (SD-JWT)"</span>, <span class="refContent">Work in Progress</span>, <span class="seriesInfo">Internet-Draft, draft-ietf-oauth-selective-disclosure-jwt</span>, <time datetime="2024" class="refDate">2024</time>, <span>&lt;<a href="https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/">https://datatracker.ietf.org/doc/draft-ietf-oauth-selective-disclosure-jwt/</a>&gt;</span>. </dd>
<dd class="break"></dd>
</dl>
</section>
</div>
</section>
</div>
<div id="acknowledgments">
<section id="appendix-A">
<h2 id="name-acknowledgments">
<a href="#name-acknowledgments" class="section-name selfRef">Acknowledgments</a>
</h2>
<p id="appendix-A-1">The author thanks the participants of the NMOP working group
for their feedback on agent management and operational
challenges.<a href="#appendix-A-1" class="pilcrow"></a></p>
</section>
</div>
<div id="authors-addresses">
<section id="appendix-B">
<h2 id="name-authors-address">
<a href="#name-authors-address" class="section-name selfRef">Author's Address</a>
</h2>
<address class="vcard">
<div dir="auto" class="left"><span class="fn nameRole">Christian Nennemann</span></div>
<div dir="auto" class="left"><span class="org">Independent Researcher</span></div>
<div class="email">
<span>Email:</span>
<a href="mailto:ietf@nennemann.de" class="email">ietf@nennemann.de</a>
</div>
</address>
</section>
</div>
<script>const toc = document.getElementById("toc");
toc.querySelector("h2").addEventListener("click", e => {
toc.classList.toggle("active");
});
toc.querySelector("nav").addEventListener("click", e => {
toc.classList.remove("active");
});
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink