2794 lines
120 KiB
HTML
2794 lines
120 KiB
HTML
<!DOCTYPE html>
|
||
<html lang="en" class="Internet-Draft">
|
||
<head>
|
||
<meta charset="utf-8">
|
||
<meta content="Common,Latin" name="scripts">
|
||
<meta content="initial-scale=1.0" name="viewport">
|
||
<title>Federated Agent Learning Privacy and Cross-Protocol Migration</title>
|
||
<meta content="Christian Nennemann" name="author">
|
||
<meta content="
|
||
This document defines privacy-preserving protocols for federated
|
||
agent learning across organizational boundaries and standardized
|
||
mechanisms for agent migration between protocols, domains, and
|
||
infrastructure providers while maintaining state and identity
|
||
continuity. Federated learning enables multiple agent deployments
|
||
to collaboratively improve without sharing raw data, but requires
|
||
formal privacy guarantees to prevent data leakage between
|
||
participants. Cross-protocol migration enables agents to move
|
||
between environments while preserving operational state and
|
||
cryptographic identity through Execution Context Tokens (ECTs).
|
||
" name="description">
|
||
<meta content="xml2rfc 3.31.0" name="generator">
|
||
<meta content="federated learning" name="keyword">
|
||
<meta content="agent privacy" name="keyword">
|
||
<meta content="agent migration" name="keyword">
|
||
<meta content="cross-protocol" name="keyword">
|
||
<meta content="differential privacy" name="keyword">
|
||
<meta content="draft-nennemann-agent-federation-privacy-00" name="ietf.draft">
|
||
<!-- Generator version information:
|
||
xml2rfc 3.31.0
|
||
Python 3.14.3
|
||
ConfigArgParse 1.7.1
|
||
google-i18n-address 3.1.1
|
||
intervaltree 3.2.1
|
||
Jinja2 3.1.6
|
||
lxml 6.0.2
|
||
platformdirs 4.9.2
|
||
pycountry 26.2.16
|
||
PyYAML 6.0.3
|
||
requests 2.32.5
|
||
wcwidth 0.6.0
|
||
-->
|
||
<link href="draft-nennemann-agent-federation-privacy-00.xml" rel="alternate" type="application/rfc+xml">
|
||
<link href="#copyright" rel="license">
|
||
<style type="text/css">/*
|
||
|
||
NOTE: Changes at the bottom of this file overrides some earlier settings.
|
||
|
||
Once the style has stabilized and has been adopted as an official RFC style,
|
||
this can be consolidated so that style settings occur only in one place, but
|
||
for now the contents of this file consists first of the initial CSS work as
|
||
provided to the RFC Formatter (xml2rfc) work, followed by itemized and
|
||
commented changes found necessary during the development of the v3
|
||
formatters.
|
||
|
||
*/
|
||
|
||
/* fonts */
|
||
@import url('https://static.ietf.org/fonts/noto-sans/import.css'); /* Sans-serif */
|
||
@import url('https://static.ietf.org/fonts/noto-serif/import.css'); /* Serif (print) */
|
||
@import url('https://static.ietf.org/fonts/roboto-mono/import.css'); /* Monospace */
|
||
|
||
:root {
|
||
--font-sans: 'Noto Sans', Arial, Helvetica, sans-serif;
|
||
--font-serif: 'Noto Serif', 'Times', 'Times New Roman', serif;
|
||
--font-mono: 'Roboto Mono', Courier, 'Courier New', monospace;
|
||
}
|
||
|
||
@viewport {
|
||
zoom: 1.0;
|
||
}
|
||
@-ms-viewport {
|
||
width: extend-to-zoom;
|
||
zoom: 1.0;
|
||
}
|
||
/* general and mobile first */
|
||
html {
|
||
}
|
||
body {
|
||
max-width: 90%;
|
||
margin: 1.5em auto;
|
||
color: #222;
|
||
background-color: #fff;
|
||
font-size: 14px;
|
||
font-family: var(--font-sans);
|
||
line-height: 1.6;
|
||
scroll-behavior: smooth;
|
||
overflow-wrap: break-word;
|
||
}
|
||
.ears {
|
||
display: none;
|
||
}
|
||
|
||
/* headings */
|
||
#title, h1, h2, h3, h4, h5, h6 {
|
||
margin: 1em 0 0.5em;
|
||
font-weight: bold;
|
||
line-height: 1.3;
|
||
}
|
||
#title {
|
||
clear: both;
|
||
border-bottom: 1px solid #ddd;
|
||
margin: 0 0 0.5em 0;
|
||
padding: 1em 0 0.5em;
|
||
}
|
||
.author {
|
||
padding-bottom: 4px;
|
||
}
|
||
h1 {
|
||
font-size: 26px;
|
||
margin: 1em 0;
|
||
}
|
||
h2 {
|
||
font-size: 22px;
|
||
margin-top: -20px; /* provide offset for in-page anchors */
|
||
padding-top: 33px;
|
||
}
|
||
h3 {
|
||
font-size: 18px;
|
||
margin-top: -36px; /* provide offset for in-page anchors */
|
||
padding-top: 42px;
|
||
}
|
||
h4 {
|
||
font-size: 16px;
|
||
margin-top: -36px; /* provide offset for in-page anchors */
|
||
padding-top: 42px;
|
||
}
|
||
h5, h6 {
|
||
font-size: 14px;
|
||
}
|
||
#n-copyright-notice {
|
||
border-bottom: 1px solid #ddd;
|
||
padding-bottom: 1em;
|
||
margin-bottom: 1em;
|
||
}
|
||
/* general structure */
|
||
p {
|
||
padding: 0;
|
||
margin: 0 0 1em 0;
|
||
text-align: left;
|
||
}
|
||
div, span {
|
||
position: relative;
|
||
}
|
||
div {
|
||
margin: 0;
|
||
}
|
||
.alignRight.art-text {
|
||
background-color: #f9f9f9;
|
||
border: 1px solid #eee;
|
||
border-radius: 3px;
|
||
padding: 1em 1em 0;
|
||
margin-bottom: 1.5em;
|
||
}
|
||
.alignRight.art-text pre {
|
||
padding: 0;
|
||
}
|
||
.alignRight {
|
||
margin: 1em 0;
|
||
}
|
||
.alignRight > *:first-child {
|
||
border: none;
|
||
margin: 0;
|
||
float: right;
|
||
clear: both;
|
||
}
|
||
.alignRight > *:nth-child(2) {
|
||
clear: both;
|
||
display: block;
|
||
border: none;
|
||
}
|
||
svg {
|
||
display: block;
|
||
}
|
||
@media print {
|
||
svg {
|
||
max-height: 850px;
|
||
max-width: 660px;
|
||
}
|
||
}
|
||
svg[font-family~="serif" i], svg [font-family~="serif" i] {
|
||
font-family: var(--font-serif);
|
||
}
|
||
svg[font-family~="sans-serif" i], svg [font-family~="sans-serif" i] {
|
||
font-family: var(--font-sans);
|
||
}
|
||
svg[font-family~="monospace" i], svg [font-family~="monospace" i] {
|
||
font-family: var(--font-mono);
|
||
}
|
||
.alignCenter.art-text {
|
||
background-color: #f9f9f9;
|
||
border: 1px solid #eee;
|
||
border-radius: 3px;
|
||
padding: 1em 1em 0;
|
||
margin-bottom: 1.5em;
|
||
}
|
||
.alignCenter.art-text pre {
|
||
padding: 0;
|
||
}
|
||
.alignCenter {
|
||
margin: 1em 0;
|
||
}
|
||
.alignCenter > *:first-child {
|
||
display: table;
|
||
border: none;
|
||
margin: 0 auto;
|
||
}
|
||
|
||
/* lists */
|
||
ol, ul {
|
||
padding: 0;
|
||
margin: 0 0 1em 2em;
|
||
}
|
||
ol ol, ul ul, ol ul, ul ol {
|
||
margin-left: 1em;
|
||
}
|
||
li {
|
||
margin: 0 0 0.25em 0;
|
||
}
|
||
.ulCompact li {
|
||
margin: 0;
|
||
}
|
||
ul.empty, .ulEmpty {
|
||
list-style-type: none;
|
||
}
|
||
ul.empty li, .ulEmpty li {
|
||
margin-top: 0.5em;
|
||
}
|
||
ul.ulBare, li.ulBare {
|
||
margin-left: 0em !important;
|
||
}
|
||
ul.compact, .ulCompact,
|
||
ol.compact, .olCompact {
|
||
line-height: 100%;
|
||
margin: 0 0 0 2em;
|
||
}
|
||
|
||
/* definition lists */
|
||
dl {
|
||
}
|
||
dl > dt {
|
||
float: left;
|
||
margin-right: 1em;
|
||
}
|
||
/*
|
||
dl.nohang > dt {
|
||
float: none;
|
||
}
|
||
*/
|
||
dl > dd {
|
||
margin-bottom: .8em;
|
||
min-height: 1.3em;
|
||
}
|
||
dl.compact > dd, .dlCompact > dd {
|
||
margin-bottom: 0em;
|
||
}
|
||
dl > dd > dl {
|
||
margin-top: 0.5em;
|
||
margin-bottom: 0em;
|
||
}
|
||
|
||
/* links */
|
||
a {
|
||
text-decoration: none;
|
||
}
|
||
a[href] {
|
||
color: #22e; /* Arlen: WCAG 2019 */
|
||
}
|
||
a[href]:hover {
|
||
background-color: #f2f2f2;
|
||
}
|
||
figcaption a[href],
|
||
a[href].selfRef {
|
||
color: #222;
|
||
}
|
||
/* XXX probably not this:
|
||
a.selfRef:hover {
|
||
background-color: transparent;
|
||
cursor: default;
|
||
} */
|
||
|
||
/* Figures */
|
||
tt, code, pre {
|
||
background-color: #f9f9f9;
|
||
font-family: var(--font-mono);
|
||
}
|
||
pre {
|
||
border: 1px solid #eee;
|
||
margin: 0;
|
||
padding: 1em;
|
||
}
|
||
img {
|
||
max-width: 100%;
|
||
}
|
||
figure {
|
||
margin: 0;
|
||
}
|
||
figure blockquote {
|
||
margin: 0.8em 0.4em 0.4em;
|
||
}
|
||
figcaption {
|
||
font-style: italic;
|
||
margin: 0 0 1em 0;
|
||
}
|
||
@media screen {
|
||
pre {
|
||
overflow-x: auto;
|
||
max-width: 100%;
|
||
max-width: calc(100% - 22px);
|
||
}
|
||
}
|
||
|
||
/* aside, blockquote */
|
||
aside, blockquote {
|
||
margin-left: 0;
|
||
padding: 1.2em 2em;
|
||
}
|
||
blockquote {
|
||
background-color: #f9f9f9;
|
||
color: #111; /* Arlen: WCAG 2019 */
|
||
border: 1px solid #ddd;
|
||
border-radius: 3px;
|
||
margin: 1em 0;
|
||
}
|
||
blockquote > *:last-child {
|
||
margin-bottom: 0;
|
||
}
|
||
cite {
|
||
display: block;
|
||
text-align: right;
|
||
font-style: italic;
|
||
}
|
||
.xref {
|
||
overflow-wrap: normal;
|
||
}
|
||
|
||
/* tables */
|
||
table {
|
||
width: 100%;
|
||
margin: 0 0 1em;
|
||
border-collapse: collapse;
|
||
border: 1px solid #eee;
|
||
}
|
||
th, td {
|
||
text-align: left;
|
||
vertical-align: top;
|
||
padding: 0.5em 0.75em;
|
||
}
|
||
th {
|
||
text-align: left;
|
||
background-color: #e9e9e9;
|
||
}
|
||
tr:nth-child(2n+1) > td {
|
||
background-color: #f5f5f5;
|
||
}
|
||
table caption {
|
||
font-style: italic;
|
||
margin: 0;
|
||
padding: 0;
|
||
text-align: left;
|
||
}
|
||
table p {
|
||
/* XXX to avoid bottom margin on table row signifiers. If paragraphs should
|
||
be allowed within tables more generally, it would be far better to select on a class. */
|
||
margin: 0;
|
||
}
|
||
|
||
/* pilcrow */
|
||
a.pilcrow {
|
||
color: #666; /* Arlen: AHDJ 2019 */
|
||
text-decoration: none;
|
||
visibility: hidden;
|
||
user-select: none;
|
||
-ms-user-select: none;
|
||
-o-user-select:none;
|
||
-moz-user-select: none;
|
||
-khtml-user-select: none;
|
||
-webkit-user-select: none;
|
||
-webkit-touch-callout: none;
|
||
}
|
||
@media screen {
|
||
aside:hover > a.pilcrow,
|
||
p:hover > a.pilcrow,
|
||
blockquote:hover > a.pilcrow,
|
||
div:hover > a.pilcrow,
|
||
li:hover > a.pilcrow,
|
||
pre:hover > a.pilcrow {
|
||
visibility: visible;
|
||
}
|
||
a.pilcrow:hover {
|
||
background-color: transparent;
|
||
}
|
||
}
|
||
|
||
/* misc */
|
||
hr {
|
||
border: 0;
|
||
border-top: 1px solid #eee;
|
||
}
|
||
.bcp14 {
|
||
font-variant: small-caps;
|
||
}
|
||
|
||
.role {
|
||
font-variant: all-small-caps;
|
||
}
|
||
|
||
/* info block */
|
||
#identifiers {
|
||
margin: 0;
|
||
font-size: 0.9em;
|
||
}
|
||
#identifiers dt {
|
||
width: 3em;
|
||
clear: left;
|
||
}
|
||
#identifiers dd {
|
||
float: left;
|
||
margin-bottom: 0;
|
||
}
|
||
/* Fix PDF info block run off issue */
|
||
@media print {
|
||
#identifiers dd {
|
||
max-width: 100%;
|
||
}
|
||
}
|
||
#identifiers .authors .author {
|
||
display: inline-block;
|
||
margin-right: 1.5em;
|
||
}
|
||
#identifiers .authors .org {
|
||
font-style: italic;
|
||
}
|
||
|
||
/* The prepared/rendered info at the very bottom of the page */
|
||
.docInfo {
|
||
color: #666; /* Arlen: WCAG 2019 */
|
||
font-size: 0.9em;
|
||
font-style: italic;
|
||
margin-top: 2em;
|
||
}
|
||
.docInfo .prepared {
|
||
float: left;
|
||
}
|
||
.docInfo .prepared {
|
||
float: right;
|
||
}
|
||
|
||
/* table of contents */
|
||
#toc {
|
||
padding: 0.75em 0 2em 0;
|
||
margin-bottom: 1em;
|
||
}
|
||
nav.toc ul {
|
||
margin: 0 0.5em 0 0;
|
||
padding: 0;
|
||
list-style: none;
|
||
}
|
||
nav.toc li {
|
||
line-height: 1.3em;
|
||
margin: 0.75em 0;
|
||
padding-left: 1.2em;
|
||
text-indent: -1.2em;
|
||
}
|
||
/* references */
|
||
.references dt {
|
||
text-align: right;
|
||
font-weight: bold;
|
||
min-width: 7em;
|
||
}
|
||
.references dd {
|
||
margin-left: 8em;
|
||
overflow: auto;
|
||
}
|
||
|
||
.refInstance {
|
||
margin-bottom: 1.25em;
|
||
}
|
||
|
||
.refSubseries {
|
||
margin-bottom: 1.25em;
|
||
}
|
||
|
||
.references .ascii {
|
||
margin-bottom: 0.25em;
|
||
}
|
||
|
||
/* index */
|
||
.index ul {
|
||
margin: 0 0 0 1em;
|
||
padding: 0;
|
||
list-style: none;
|
||
}
|
||
.index ul ul {
|
||
margin: 0;
|
||
}
|
||
.index li {
|
||
margin: 0;
|
||
text-indent: -2em;
|
||
padding-left: 2em;
|
||
padding-bottom: 5px;
|
||
}
|
||
.indexIndex {
|
||
margin: 0.5em 0 1em;
|
||
}
|
||
.index a {
|
||
font-weight: 700;
|
||
}
|
||
/* make the index two-column on all but the smallest screens */
|
||
@media (min-width: 600px) {
|
||
.index ul {
|
||
-moz-column-count: 2;
|
||
-moz-column-gap: 20px;
|
||
}
|
||
.index ul ul {
|
||
-moz-column-count: 1;
|
||
-moz-column-gap: 0;
|
||
}
|
||
}
|
||
|
||
/* authors */
|
||
address.vcard {
|
||
font-style: normal;
|
||
margin: 1em 0;
|
||
}
|
||
|
||
address.vcard .nameRole {
|
||
font-weight: 700;
|
||
margin-left: 0;
|
||
}
|
||
address.vcard .label {
|
||
font-family: var(--font-sans);
|
||
margin: 0.5em 0;
|
||
}
|
||
address.vcard .type {
|
||
display: none;
|
||
}
|
||
.alternative-contact {
|
||
margin: 1.5em 0 1em;
|
||
}
|
||
hr.addr {
|
||
border-top: 1px dashed;
|
||
margin: 0;
|
||
color: #ddd;
|
||
max-width: calc(100% - 16px);
|
||
}
|
||
|
||
/* temporary notes */
|
||
.rfcEditorRemove::before {
|
||
position: absolute;
|
||
top: 0.2em;
|
||
right: 0.2em;
|
||
padding: 0.2em;
|
||
content: "The RFC Editor will remove this note";
|
||
color: #9e2a00; /* Arlen: WCAG 2019 */
|
||
background-color: #ffd; /* Arlen: WCAG 2019 */
|
||
}
|
||
.rfcEditorRemove {
|
||
position: relative;
|
||
padding-top: 1.8em;
|
||
background-color: #ffd; /* Arlen: WCAG 2019 */
|
||
border-radius: 3px;
|
||
}
|
||
.cref {
|
||
background-color: #ffd; /* Arlen: WCAG 2019 */
|
||
padding: 2px 4px;
|
||
}
|
||
.crefSource {
|
||
font-style: italic;
|
||
}
|
||
/* alternative layout for smaller screens */
|
||
@media screen and (max-width: 1023px) {
|
||
body {
|
||
padding-top: 2em;
|
||
}
|
||
#title {
|
||
padding: 1em 0;
|
||
}
|
||
h1 {
|
||
font-size: 24px;
|
||
}
|
||
h2 {
|
||
font-size: 20px;
|
||
margin-top: -18px; /* provide offset for in-page anchors */
|
||
padding-top: 38px;
|
||
}
|
||
#identifiers dd {
|
||
max-width: 60%;
|
||
}
|
||
#toc {
|
||
position: fixed;
|
||
z-index: 2;
|
||
top: 0;
|
||
right: 0;
|
||
padding: 0;
|
||
margin: 0;
|
||
background-color: inherit;
|
||
border-bottom: 1px solid #ccc;
|
||
}
|
||
#toc h2 {
|
||
margin: -1px 0 0 0;
|
||
padding: 4px 0 4px 6px;
|
||
padding-right: 1em;
|
||
min-width: 190px;
|
||
font-size: 1.1em;
|
||
text-align: right;
|
||
background-color: #444;
|
||
color: white;
|
||
cursor: pointer;
|
||
}
|
||
#toc h2::before { /* css hamburger */
|
||
float: right;
|
||
position: relative;
|
||
width: 1em;
|
||
height: 1px;
|
||
left: -164px;
|
||
margin: 6px 0 0 0;
|
||
background: white none repeat scroll 0 0;
|
||
box-shadow: 0 4px 0 0 white, 0 8px 0 0 white;
|
||
content: "";
|
||
}
|
||
#toc nav {
|
||
display: none;
|
||
padding: 0.5em 1em 1em;
|
||
overflow: auto;
|
||
height: calc(100vh - 48px);
|
||
border-left: 1px solid #ddd;
|
||
}
|
||
}
|
||
|
||
/* alternative layout for wide screens */
|
||
@media screen and (min-width: 1024px) {
|
||
body {
|
||
max-width: 724px;
|
||
margin: 42px auto;
|
||
padding-left: 1.5em;
|
||
padding-right: 29em;
|
||
}
|
||
#toc {
|
||
position: fixed;
|
||
top: 42px;
|
||
right: 42px;
|
||
width: 25%;
|
||
margin: 0;
|
||
padding: 0 1em;
|
||
z-index: 1;
|
||
}
|
||
#toc h2 {
|
||
border-top: none;
|
||
border-bottom: 1px solid #ddd;
|
||
font-size: 1em;
|
||
font-weight: normal;
|
||
margin: 0;
|
||
padding: 0.25em 1em 1em 0;
|
||
}
|
||
#toc nav {
|
||
display: block;
|
||
height: calc(90vh - 84px);
|
||
bottom: 0;
|
||
padding: 0.5em 0 0;
|
||
overflow: auto;
|
||
}
|
||
img { /* future proofing */
|
||
max-width: 100%;
|
||
height: auto;
|
||
}
|
||
}
|
||
|
||
/* pagination */
|
||
@media print {
|
||
body {
|
||
width: 100%;
|
||
}
|
||
p {
|
||
orphans: 3;
|
||
widows: 3;
|
||
}
|
||
#n-copyright-notice {
|
||
border-bottom: none;
|
||
}
|
||
#toc, #n-introduction {
|
||
page-break-before: always;
|
||
}
|
||
#toc {
|
||
border-top: none;
|
||
padding-top: 0;
|
||
}
|
||
figure, pre {
|
||
page-break-inside: avoid;
|
||
}
|
||
figure {
|
||
overflow: scroll;
|
||
}
|
||
.breakable pre {
|
||
break-inside: auto;
|
||
}
|
||
h1, h2, h3, h4, h5, h6 {
|
||
page-break-after: avoid;
|
||
}
|
||
h2+*, h3+*, h4+*, h5+*, h6+* {
|
||
page-break-before: avoid;
|
||
}
|
||
pre {
|
||
white-space: pre-wrap;
|
||
word-wrap: break-word;
|
||
font-size: 10pt;
|
||
}
|
||
table {
|
||
border: 1px solid #ddd;
|
||
}
|
||
td {
|
||
border-top: 1px solid #ddd;
|
||
}
|
||
}
|
||
|
||
/* This is commented out here, as the string-set: doesn't
|
||
pass W3C validation currently */
|
||
/*
|
||
.ears thead .left {
|
||
string-set: ears-top-left content();
|
||
}
|
||
|
||
.ears thead .center {
|
||
string-set: ears-top-center content();
|
||
}
|
||
|
||
.ears thead .right {
|
||
string-set: ears-top-right content();
|
||
}
|
||
|
||
.ears tfoot .left {
|
||
string-set: ears-bottom-left content();
|
||
}
|
||
|
||
.ears tfoot .center {
|
||
string-set: ears-bottom-center content();
|
||
}
|
||
|
||
.ears tfoot .right {
|
||
string-set: ears-bottom-right content();
|
||
}
|
||
*/
|
||
|
||
@page :first {
|
||
padding-top: 0;
|
||
@top-left {
|
||
content: normal;
|
||
border: none;
|
||
}
|
||
@top-center {
|
||
content: normal;
|
||
border: none;
|
||
}
|
||
@top-right {
|
||
content: normal;
|
||
border: none;
|
||
}
|
||
}
|
||
|
||
@page {
|
||
size: A4;
|
||
margin-bottom: 45mm;
|
||
padding-top: 20px;
|
||
/* The following is commented out here, but set appropriately by in code, as
|
||
the content depends on the document */
|
||
/*
|
||
@top-left {
|
||
content: 'Internet-Draft';
|
||
vertical-align: bottom;
|
||
border-bottom: solid 1px #ccc;
|
||
}
|
||
@top-left {
|
||
content: string(ears-top-left);
|
||
vertical-align: bottom;
|
||
border-bottom: solid 1px #ccc;
|
||
}
|
||
@top-center {
|
||
content: string(ears-top-center);
|
||
vertical-align: bottom;
|
||
border-bottom: solid 1px #ccc;
|
||
}
|
||
@top-right {
|
||
content: string(ears-top-right);
|
||
vertical-align: bottom;
|
||
border-bottom: solid 1px #ccc;
|
||
}
|
||
@bottom-left {
|
||
content: string(ears-bottom-left);
|
||
vertical-align: top;
|
||
border-top: solid 1px #ccc;
|
||
}
|
||
@bottom-center {
|
||
content: string(ears-bottom-center);
|
||
vertical-align: top;
|
||
border-top: solid 1px #ccc;
|
||
}
|
||
@bottom-right {
|
||
content: '[Page ' counter(page) ']';
|
||
vertical-align: top;
|
||
border-top: solid 1px #ccc;
|
||
}
|
||
*/
|
||
|
||
}
|
||
|
||
/* Changes introduced to fix issues found during implementation */
|
||
/* Make sure links are clickable even if overlapped by following H* */
|
||
a {
|
||
z-index: 2;
|
||
}
|
||
/* Separate body from document info even without intervening H1 */
|
||
section {
|
||
clear: both;
|
||
}
|
||
|
||
|
||
/* Top align author divs, to avoid names without organization dropping level with org names */
|
||
.author {
|
||
vertical-align: top;
|
||
}
|
||
|
||
/* Leave room in document info to show Internet-Draft on one line */
|
||
#identifiers dt {
|
||
width: 8em;
|
||
}
|
||
|
||
/* Don't waste quite as much whitespace between label and value in doc info */
|
||
#identifiers dd {
|
||
margin-left: 1em;
|
||
}
|
||
|
||
/* Give floating toc a background color (needed when it's a div inside section */
|
||
#toc {
|
||
background-color: white;
|
||
}
|
||
|
||
/* Make the collapsed ToC header render white on gray also when it's a link */
|
||
@media screen and (max-width: 1023px) {
|
||
#toc h2 a,
|
||
#toc h2 a:link,
|
||
#toc h2 a:focus,
|
||
#toc h2 a:hover,
|
||
#toc a.toplink,
|
||
#toc a.toplink:hover {
|
||
color: white;
|
||
background-color: #444;
|
||
text-decoration: none;
|
||
}
|
||
}
|
||
|
||
/* Give the bottom of the ToC some whitespace */
|
||
@media screen and (min-width: 1024px) {
|
||
#toc {
|
||
padding: 0 0 1em 1em;
|
||
}
|
||
}
|
||
|
||
/* Style section numbers with more space between number and title */
|
||
.section-number {
|
||
padding-right: 0.5em;
|
||
}
|
||
|
||
/* prevent monospace from becoming overly large */
|
||
tt, code, pre {
|
||
font-size: 95%;
|
||
}
|
||
|
||
/* Fix the height/width aspect for ascii art*/
|
||
.sourcecode pre,
|
||
.art-text pre {
|
||
line-height: 1.12;
|
||
}
|
||
|
||
|
||
/* Add styling for a link in the ToC that points to the top of the document */
|
||
a.toplink {
|
||
float: right;
|
||
margin-right: 0.5em;
|
||
}
|
||
|
||
/* Fix the dl styling to match the RFC 7992 attributes */
|
||
dl > dt,
|
||
dl.dlParallel > dt {
|
||
float: left;
|
||
margin-right: 1em;
|
||
}
|
||
dl.dlNewline > dt {
|
||
float: none;
|
||
}
|
||
|
||
/* Provide styling for table cell text alignment */
|
||
table td.text-left,
|
||
table th.text-left {
|
||
text-align: left;
|
||
}
|
||
table td.text-center,
|
||
table th.text-center {
|
||
text-align: center;
|
||
}
|
||
table td.text-right,
|
||
table th.text-right {
|
||
text-align: right;
|
||
}
|
||
|
||
/* Make the alternative author contact information look less like just another
|
||
author, and group it closer with the primary author contact information */
|
||
.alternative-contact {
|
||
margin: 0.5em 0 0.25em 0;
|
||
}
|
||
address .non-ascii {
|
||
margin: 0 0 0 2em;
|
||
}
|
||
|
||
/* With it being possible to set tables with alignment
|
||
left, center, and right, { width: 100%; } does not make sense */
|
||
table {
|
||
width: auto;
|
||
}
|
||
|
||
/* Avoid reference text that sits in a block with very wide left margin,
|
||
because of a long floating dt label.*/
|
||
.references dd {
|
||
overflow: visible;
|
||
}
|
||
|
||
/* Control caption placement */
|
||
caption {
|
||
caption-side: bottom;
|
||
}
|
||
|
||
/* Limit the width of the author address vcard, so names in right-to-left
|
||
script don't end up on the other side of the page. */
|
||
|
||
address.vcard {
|
||
max-width: 30em;
|
||
margin-right: auto;
|
||
}
|
||
|
||
/* For address alignment dependent on LTR or RTL scripts */
|
||
address div.left {
|
||
text-align: left;
|
||
}
|
||
address div.right {
|
||
text-align: right;
|
||
}
|
||
|
||
/* Provide table alignment support. We can't use the alignX classes above
|
||
since they do unwanted things with caption and other styling. */
|
||
table.right {
|
||
margin-left: auto;
|
||
margin-right: 0;
|
||
}
|
||
table.center {
|
||
margin-left: auto;
|
||
margin-right: auto;
|
||
}
|
||
table.left {
|
||
margin-left: 0;
|
||
margin-right: auto;
|
||
}
|
||
|
||
/* Give the table caption label the same styling as the figcaption */
|
||
caption a[href] {
|
||
color: #222;
|
||
}
|
||
|
||
@media print {
|
||
.toplink {
|
||
display: none;
|
||
}
|
||
|
||
/* avoid overwriting the top border line with the ToC header */
|
||
#toc {
|
||
padding-top: 1px;
|
||
}
|
||
|
||
/* Avoid page breaks inside dl and author address entries */
|
||
.vcard {
|
||
page-break-inside: avoid;
|
||
}
|
||
|
||
}
|
||
/* Tweak the bcp14 keyword presentation */
|
||
.bcp14 {
|
||
font-variant: small-caps;
|
||
font-weight: bold;
|
||
font-size: 0.9em;
|
||
}
|
||
/* Tweak the invisible space above H* in order not to overlay links in text above */
|
||
h2 {
|
||
margin-top: -18px; /* provide offset for in-page anchors */
|
||
padding-top: 31px;
|
||
}
|
||
h3 {
|
||
margin-top: -18px; /* provide offset for in-page anchors */
|
||
padding-top: 24px;
|
||
}
|
||
h4 {
|
||
margin-top: -18px; /* provide offset for in-page anchors */
|
||
padding-top: 24px;
|
||
}
|
||
/* Float artwork pilcrow to the right */
|
||
@media screen {
|
||
.artwork a.pilcrow {
|
||
display: block;
|
||
line-height: 0.7;
|
||
margin-top: 0.15em;
|
||
}
|
||
}
|
||
/* Make pilcrows on dd visible */
|
||
@media screen {
|
||
dd:hover > a.pilcrow {
|
||
visibility: visible;
|
||
}
|
||
}
|
||
/* Make the placement of figcaption match that of a table's caption
|
||
by removing the figure's added bottom margin */
|
||
.alignLeft.art-text,
|
||
.alignCenter.art-text,
|
||
.alignRight.art-text {
|
||
margin-bottom: 0;
|
||
}
|
||
.alignLeft,
|
||
.alignCenter,
|
||
.alignRight {
|
||
margin: 1em 0 0 0;
|
||
}
|
||
/* In print, the pilcrow won't show on hover, so prevent it from taking up space,
|
||
possibly even requiring a new line */
|
||
@media print {
|
||
a.pilcrow {
|
||
display: none;
|
||
}
|
||
}
|
||
/* Styling for the external metadata */
|
||
div#external-metadata {
|
||
background-color: #eee;
|
||
padding: 0.5em;
|
||
margin-bottom: 0.5em;
|
||
display: none;
|
||
}
|
||
div#internal-metadata {
|
||
padding: 0.5em; /* to match the external-metadata padding */
|
||
}
|
||
/* Styling for title RFC Number */
|
||
h1#rfcnum {
|
||
clear: both;
|
||
margin: 0 0 -1em;
|
||
padding: 1em 0 0 0;
|
||
}
|
||
/* Make .olPercent look the same as <ol><li> */
|
||
dl.olPercent > dd {
|
||
margin-bottom: 0.25em;
|
||
min-height: initial;
|
||
}
|
||
/* Give aside some styling to set it apart */
|
||
aside {
|
||
border-left: 1px solid #ddd;
|
||
margin: 1em 0 1em 2em;
|
||
padding: 0.2em 2em;
|
||
}
|
||
aside > dl,
|
||
aside > ol,
|
||
aside > ul,
|
||
aside > table,
|
||
aside > p {
|
||
margin-bottom: 0.5em;
|
||
}
|
||
/* Additional page break settings */
|
||
@media print {
|
||
figcaption, table caption {
|
||
page-break-before: avoid;
|
||
}
|
||
}
|
||
/* Font size adjustments for print */
|
||
@media print {
|
||
body { font-size: 10pt; line-height: normal; max-width: 96%; }
|
||
h1 { font-size: 1.72em; padding-top: 1.5em; } /* 1*1.2*1.2*1.2 */
|
||
h2 { font-size: 1.44em; padding-top: 1.5em; } /* 1*1.2*1.2 */
|
||
h3 { font-size: 1.2em; padding-top: 1.5em; } /* 1*1.2 */
|
||
h4 { font-size: 1em; padding-top: 1.5em; }
|
||
h5, h6 { font-size: 1em; margin: initial; padding: 0.5em 0 0.3em; }
|
||
}
|
||
/* Sourcecode margin in print, when there's no pilcrow */
|
||
@media print {
|
||
.artwork,
|
||
.artwork > pre,
|
||
.sourcecode {
|
||
margin-bottom: 1em;
|
||
}
|
||
}
|
||
/* Avoid narrow tables forcing too narrow table captions, which may render badly */
|
||
table {
|
||
min-width: 20em;
|
||
}
|
||
/* ol type a */
|
||
ol.type-a { list-style-type: lower-alpha; }
|
||
ol.type-A { list-style-type: upper-alpha; }
|
||
ol.type-i { list-style-type: lower-roman; }
|
||
ol.type-I { list-style-type: upper-roman; }
|
||
/* Apply the print table and row borders in general, on request from the RPC,
|
||
and increase the contrast between border and odd row background slightly */
|
||
table {
|
||
border: 1px solid #ddd;
|
||
}
|
||
td {
|
||
border-top: 1px solid #ddd;
|
||
}
|
||
tr {
|
||
break-inside: avoid;
|
||
}
|
||
tr:nth-child(2n+1) > td {
|
||
background-color: #f8f8f8;
|
||
}
|
||
/* Use style rules to govern display of the TOC. */
|
||
@media screen and (max-width: 1023px) {
|
||
#toc nav { display: none; }
|
||
#toc.active nav { display: block; }
|
||
}
|
||
/* Add support for keepWithNext */
|
||
.keepWithNext {
|
||
break-after: avoid-page;
|
||
break-after: avoid-page;
|
||
}
|
||
/* Add support for keepWithPrevious */
|
||
.keepWithPrevious {
|
||
break-before: avoid-page;
|
||
}
|
||
/* Change the approach to avoiding breaks inside artwork etc. */
|
||
figure, pre, table, .artwork, .sourcecode {
|
||
break-before: auto;
|
||
break-after: auto;
|
||
}
|
||
/* Avoid breaks between <dt> and <dd> */
|
||
dl {
|
||
break-before: auto;
|
||
break-inside: auto;
|
||
}
|
||
dt {
|
||
break-before: auto;
|
||
break-after: avoid-page;
|
||
}
|
||
dd {
|
||
break-before: avoid-page;
|
||
break-after: auto;
|
||
orphans: 3;
|
||
widows: 3
|
||
}
|
||
span.break, dd.break {
|
||
margin-bottom: 0;
|
||
min-height: 0;
|
||
break-before: auto;
|
||
break-inside: auto;
|
||
break-after: auto;
|
||
}
|
||
/* Undo break-before ToC */
|
||
@media print {
|
||
#toc {
|
||
break-before: auto;
|
||
}
|
||
}
|
||
/* Text in compact lists should not get extra bottom margin space,
|
||
since that would makes the list not compact */
|
||
ul.compact p, .ulCompact p,
|
||
ol.compact p, .olCompact p {
|
||
margin: 0;
|
||
}
|
||
/* But the list as a whole needs the extra space at the end */
|
||
section ul.compact,
|
||
section .ulCompact,
|
||
section ol.compact,
|
||
section .olCompact {
|
||
margin-bottom: 1em; /* same as p not within ul.compact etc. */
|
||
}
|
||
/* The tt and code background above interferes with for instance table cell
|
||
backgrounds. Changed to something a bit more selective. */
|
||
tt, code {
|
||
background-color: transparent;
|
||
}
|
||
p tt, p code, li tt, li code, dt tt, dt code {
|
||
background-color: #f8f8f8;
|
||
}
|
||
/* Tweak the pre margin -- 0px doesn't come out well */
|
||
pre {
|
||
margin-top: 0.5px;
|
||
}
|
||
/* Tweak the compact list text */
|
||
ul.compact, .ulCompact,
|
||
ol.compact, .olCompact,
|
||
dl.compact, .dlCompact {
|
||
line-height: normal;
|
||
}
|
||
/* Don't add top margin for nested lists */
|
||
li > ul, li > ol, li > dl,
|
||
dd > ul, dd > ol, dd > dl,
|
||
dl > dd > dl {
|
||
margin-top: initial;
|
||
}
|
||
/* Elements that should not be rendered on the same line as a <dt> */
|
||
/* This should match the element list in writer.text.TextWriter.render_dl() */
|
||
dd > div.artwork:first-child,
|
||
dd > aside:first-child,
|
||
dd > blockquote:first-child,
|
||
dd > figure:first-child,
|
||
dd > ol:first-child,
|
||
dd > div.sourcecode:first-child,
|
||
dd > table:first-child,
|
||
dd > ul:first-child {
|
||
clear: left;
|
||
}
|
||
/* fix for weird browser behaviour when <dd/> is empty */
|
||
dt+dd:empty::before{
|
||
content: "\00a0";
|
||
}
|
||
/* Make paragraph spacing inside <li> smaller than in body text, to fit better within the list */
|
||
li > p {
|
||
margin-bottom: 0.5em
|
||
}
|
||
/* Don't let p margin spill out from inside list items */
|
||
li > p:last-of-type:only-child {
|
||
margin-bottom: 0;
|
||
}
|
||
</style>
|
||
<link href="rfc-local.css" rel="stylesheet" type="text/css">
|
||
<script type="application/javascript">async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(let t=0;t<e.length;t++)if(/#identifiers/.exec(e[t].selectorText)){const a=e[t].cssText.replace("#identifiers","#external-updates");document.styleSheets[0].insertRule(a,document.styleSheets[0].cssRules.length)}}catch(e){console.log(e)}const e=document.getElementById("external-metadata");if(e)try{var t,a="",o=function(e){const t=document.getElementsByTagName("meta");for(let a=0;a<t.length;a++)if(t[a].getAttribute("name")===e)return t[a].getAttribute("content");return""}("rfc.number");if(o){t="https://www.rfc-editor.org/rfc/rfc"+o+".json";try{const e=await fetch(t);a=await e.json()}catch(e){t=document.URL.indexOf("html")>=0?document.URL.replace(/html$/,"json"):document.URL+".json";const o=await fetch(t);a=await o.json()}}if(!a)return;e.style.display="block";const s="",d="https://datatracker.ietf.org/doc",n="https://datatracker.ietf.org/ipr/search",c="https://www.rfc-editor.org/info",l=a.doc_id.toLowerCase(),i=a.doc_id.slice(0,3).toLowerCase(),f=a.doc_id.slice(3).replace(/^0+/,""),u={status:"Status",obsoletes:"Obsoletes",obsoleted_by:"Obsoleted By",updates:"Updates",updated_by:"Updated By",see_also:"See Also",errata_url:"Errata"};let h="<dl style='overflow:hidden' id='external-updates'>";["status","obsoletes","obsoleted_by","updates","updated_by","see_also","errata_url"].forEach(e=>{if("status"==e){a[e]=a[e].toLowerCase();var t=a[e].split(" "),o=t.length,w="",p=1;for(let e=0;e<o;e++)p<o?w=w+r(t[e])+" ":w+=r(t[e]),p++;a[e]=w}else if("obsoletes"==e||"obsoleted_by"==e||"updates"==e||"updated_by"==e){var g,m="",b=1;g=a[e].length;for(let t=0;t<g;t++)a[e][t]&&(a[e][t]=String(a[e][t]).toLowerCase(),m=b<g?m+"<a href='"+s+"/rfc/".concat(a[e][t])+"'>"+a[e][t].slice(3)+"</a>, ":m+"<a href='"+s+"/rfc/".concat(a[e][t])+"'>"+a[e][t].slice(3)+"</a>",b++);a[e]=m}else if("see_also"==e){var y,L="",C=1;y=a[e].length;for(let t=0;t<y;t++)if(a[e][t]){a[e][t]=String(a[e][t]);var _=a[e][t].slice(0,3),v=a[e][t].slice(3).replace(/^0+/,"");L=C<y?"RFC"!=_?L+"<a href='"+s+"/info/"+_.toLowerCase().concat(v.toLowerCase())+"'>"+_+" "+v+"</a>, ":L+"<a href='"+s+"/info/"+_.toLowerCase().concat(v.toLowerCase())+"'>"+v+"</a>, ":"RFC"!=_?L+"<a href='"+s+"/info/"+_.toLowerCase().concat(v.toLowerCase())+"'>"+_+" "+v+"</a>":L+"<a href='"+s+"/info/"+_.toLowerCase().concat(v.toLowerCase())+"'>"+v+"</a>",C++}a[e]=L}else if("errata_url"==e){var R="";R=a[e]?R+"<a href='"+a[e]+"'>Errata exist</a> | <a href='"+d+"/"+l+"'>Datatracker</a>| <a href='"+n+"/?"+i+"="+f+"&submit="+i+"'>IPR</a> | <a href='"+c+"/"+l+"'>Info page</a>":"<a href='"+d+"/"+l+"'>Datatracker</a> | <a href='"+n+"/?"+i+"="+f+"&submit="+i+"'>IPR</a> | <a href='"+c+"/"+l+"'>Info page</a>",a[e]=R}""!=a[e]?"Errata"==u[e]?h+=`<dt>More info:</dt><dd>${a[e]}</dd>`:h+=`<dt>${u[e]}:</dt><dd>${a[e]}</dd>`:"Errata"==u[e]&&(h+=`<dt>More info:</dt><dd>${a[e]}</dd>`)}),h+="</dl>",e.innerHTML=h}catch(e){console.log(e)}else console.log("Could not locate metadata <div> element");function r(e){return e.charAt(0).toUpperCase()+e.slice(1)}}window.removeEventListener("load",addMetadata),window.addEventListener("load",addMetadata);</script>
|
||
</head>
|
||
<body class="xml2rfc">
|
||
<table class="ears">
|
||
<thead><tr>
|
||
<td class="left">Internet-Draft</td>
|
||
<td class="center">Agent Federation Privacy</td>
|
||
<td class="right">March 2026</td>
|
||
</tr></thead>
|
||
<tfoot><tr>
|
||
<td class="left">Nennemann</td>
|
||
<td class="center">Expires 7 September 2026</td>
|
||
<td class="right">[Page]</td>
|
||
</tr></tfoot>
|
||
</table>
|
||
<div id="external-metadata" class="document-information"></div>
|
||
<div id="internal-metadata" class="document-information">
|
||
<dl id="identifiers">
|
||
<dt class="label-workgroup">Workgroup:</dt>
|
||
<dd class="workgroup">NMOP</dd>
|
||
<dt class="label-internet-draft">Internet-Draft:</dt>
|
||
<dd class="internet-draft">draft-nennemann-agent-federation-privacy-00</dd>
|
||
<dt class="label-published">Published:</dt>
|
||
<dd class="published">
|
||
<time datetime="2026-03-06" class="published">6 March 2026</time>
|
||
</dd>
|
||
<dt class="label-intended-status">Intended Status:</dt>
|
||
<dd class="intended-status">Standards Track</dd>
|
||
<dt class="label-expires">Expires:</dt>
|
||
<dd class="expires"><time datetime="2026-09-07">7 September 2026</time></dd>
|
||
<dt class="label-authors">Author:</dt>
|
||
<dd class="authors">
|
||
<div class="author">
|
||
<div class="author-name">C. Nennemann</div>
|
||
<div class="org">Independent Researcher</div>
|
||
</div>
|
||
</dd>
|
||
</dl>
|
||
</div>
|
||
<h1 id="title">Federated Agent Learning Privacy and Cross-Protocol Migration</h1>
|
||
<section id="section-abstract">
|
||
<h2 id="abstract"><a href="#abstract" class="selfRef">Abstract</a></h2>
|
||
<p id="section-abstract-1">This document defines privacy-preserving protocols for federated
|
||
agent learning across organizational boundaries and standardized
|
||
mechanisms for agent migration between protocols, domains, and
|
||
infrastructure providers while maintaining state and identity
|
||
continuity. Federated learning enables multiple agent deployments
|
||
to collaboratively improve without sharing raw data, but requires
|
||
formal privacy guarantees to prevent data leakage between
|
||
participants. Cross-protocol migration enables agents to move
|
||
between environments while preserving operational state and
|
||
cryptographic identity through Execution Context Tokens (ECTs).<a href="#section-abstract-1" class="pilcrow">¶</a></p>
|
||
</section>
|
||
<div id="status-of-memo">
|
||
<section id="section-boilerplate.1">
|
||
<h2 id="name-status-of-this-memo">
|
||
<a href="#name-status-of-this-memo" class="section-name selfRef">Status of This Memo</a>
|
||
</h2>
|
||
<p id="section-boilerplate.1-1">
|
||
This Internet-Draft is submitted in full conformance with the
|
||
provisions of BCP 78 and BCP 79.<a href="#section-boilerplate.1-1" class="pilcrow">¶</a></p>
|
||
<p id="section-boilerplate.1-2">
|
||
Internet-Drafts are working documents of the Internet Engineering Task
|
||
Force (IETF). Note that other groups may also distribute working
|
||
documents as Internet-Drafts. The list of current Internet-Drafts is
|
||
at <span><a href="https://datatracker.ietf.org/drafts/current/">https://datatracker.ietf.org/drafts/current/</a></span>.<a href="#section-boilerplate.1-2" class="pilcrow">¶</a></p>
|
||
<p id="section-boilerplate.1-3">
|
||
Internet-Drafts are draft documents valid for a maximum of six months
|
||
and may be updated, replaced, or obsoleted by other documents at any
|
||
time. It is inappropriate to use Internet-Drafts as reference
|
||
material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow">¶</a></p>
|
||
<p id="section-boilerplate.1-4">
|
||
This Internet-Draft will expire on 7 September 2026.<a href="#section-boilerplate.1-4" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
<div id="copyright">
|
||
<section id="section-boilerplate.2">
|
||
<h2 id="name-copyright-notice">
|
||
<a href="#name-copyright-notice" class="section-name selfRef">Copyright Notice</a>
|
||
</h2>
|
||
<p id="section-boilerplate.2-1">
|
||
Copyright (c) 2026 IETF Trust and the persons identified as the
|
||
document authors. All rights reserved.<a href="#section-boilerplate.2-1" class="pilcrow">¶</a></p>
|
||
<p id="section-boilerplate.2-2">
|
||
This document is subject to BCP 78 and the IETF Trust's Legal
|
||
Provisions Relating to IETF Documents
|
||
(<span><a href="https://trustee.ietf.org/license-info">https://trustee.ietf.org/license-info</a></span>) in effect on the date of
|
||
publication of this document. Please review these documents
|
||
carefully, as they describe your rights and restrictions with
|
||
respect to this document. Code Components extracted from this
|
||
document must include Revised BSD License text as described in
|
||
Section 4.e of the Trust Legal Provisions and are provided without
|
||
warranty as described in the Revised BSD License.<a href="#section-boilerplate.2-2" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
<div id="toc">
|
||
<section id="section-toc.1">
|
||
<a href="#" onclick="scroll(0,0)" class="toplink">▲</a><h2 id="name-table-of-contents">
|
||
<a href="#name-table-of-contents" class="section-name selfRef">Table of Contents</a>
|
||
</h2>
|
||
<nav class="toc"><ul class="compact toc ulBare ulEmpty">
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1">
|
||
<p id="section-toc.1-1.1.1" class="keepWithNext"><a href="#section-1" class="auto internal xref">1</a>. <a href="#name-introduction" class="internal xref">Introduction</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.2">
|
||
<p id="section-toc.1-1.2.1" class="keepWithNext"><a href="#section-2" class="auto internal xref">2</a>. <a href="#name-terminology" class="internal xref">Terminology</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3">
|
||
<p id="section-toc.1-1.3.1"><a href="#section-3" class="auto internal xref">3</a>. <a href="#name-federated-agent-learning-pr" class="internal xref">Federated Agent Learning Privacy</a></p>
|
||
<ul class="compact toc ulBare ulEmpty">
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.1">
|
||
<p id="section-toc.1-1.3.2.1.1" class="keepWithNext"><a href="#section-3.1" class="auto internal xref">3.1</a>. <a href="#name-federated-learning-architec" class="internal xref">Federated Learning Architecture for Agents</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.2">
|
||
<p id="section-toc.1-1.3.2.2.1"><a href="#section-3.2" class="auto internal xref">3.2</a>. <a href="#name-privacy-mechanisms" class="internal xref">Privacy Mechanisms</a></p>
|
||
<ul class="compact toc ulBare ulEmpty">
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.2.2.1">
|
||
<p id="section-toc.1-1.3.2.2.2.1.1"><a href="#section-3.2.1" class="auto internal xref">3.2.1</a>. <a href="#name-differential-privacy-for-mo" class="internal xref">Differential Privacy for Model Updates</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.2.2.2">
|
||
<p id="section-toc.1-1.3.2.2.2.2.1"><a href="#section-3.2.2" class="auto internal xref">3.2.2</a>. <a href="#name-secure-aggregation-protocol" class="internal xref">Secure Aggregation Protocol</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.2.2.3">
|
||
<p id="section-toc.1-1.3.2.2.2.3.1"><a href="#section-3.2.3" class="auto internal xref">3.2.3</a>. <a href="#name-privacy-budget-tracking-and" class="internal xref">Privacy Budget Tracking and Enforcement</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.2.2.4">
|
||
<p id="section-toc.1-1.3.2.2.2.4.1"><a href="#section-3.2.4" class="auto internal xref">3.2.4</a>. <a href="#name-gradient-compression-with-p" class="internal xref">Gradient Compression with Privacy Preservation</a></p>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.3">
|
||
<p id="section-toc.1-1.3.2.3.1"><a href="#section-3.3" class="auto internal xref">3.3</a>. <a href="#name-data-leakage-prevention" class="internal xref">Data Leakage Prevention</a></p>
|
||
<ul class="compact toc ulBare ulEmpty">
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.3.2.1">
|
||
<p id="section-toc.1-1.3.2.3.2.1.1"><a href="#section-3.3.1" class="auto internal xref">3.3.1</a>. <a href="#name-membership-inference-attack" class="internal xref">Membership Inference Attack Mitigation</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.3.2.2">
|
||
<p id="section-toc.1-1.3.2.3.2.2.1"><a href="#section-3.3.2" class="auto internal xref">3.3.2</a>. <a href="#name-model-inversion-attack-prev" class="internal xref">Model Inversion Attack Prevention</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.3.2.3">
|
||
<p id="section-toc.1-1.3.2.3.2.3.1"><a href="#section-3.3.3" class="auto internal xref">3.3.3</a>. <a href="#name-update-poisoning-detection" class="internal xref">Update Poisoning Detection</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.3.2.4">
|
||
<p id="section-toc.1-1.3.2.3.2.4.1"><a href="#section-3.3.4" class="auto internal xref">3.3.4</a>. <a href="#name-privacy-attestation-via-ect" class="internal xref">Privacy Attestation via ECT</a></p>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.4">
|
||
<p id="section-toc.1-1.3.2.4.1"><a href="#section-3.4" class="auto internal xref">3.4</a>. <a href="#name-privacy-policy-format" class="internal xref">Privacy Policy Format</a></p>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4">
|
||
<p id="section-toc.1-1.4.1"><a href="#section-4" class="auto internal xref">4</a>. <a href="#name-cross-protocol-agent-migrat" class="internal xref">Cross-Protocol Agent Migration</a></p>
|
||
<ul class="compact toc ulBare ulEmpty">
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.1">
|
||
<p id="section-toc.1-1.4.2.1.1"><a href="#section-4.1" class="auto internal xref">4.1</a>. <a href="#name-migration-model" class="internal xref">Migration Model</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2">
|
||
<p id="section-toc.1-1.4.2.2.1"><a href="#section-4.2" class="auto internal xref">4.2</a>. <a href="#name-migration-protocol" class="internal xref">Migration Protocol</a></p>
|
||
<ul class="compact toc ulBare ulEmpty">
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2.2.1">
|
||
<p id="section-toc.1-1.4.2.2.2.1.1"><a href="#section-4.2.1" class="auto internal xref">4.2.1</a>. <a href="#name-migration-trigger-events-an" class="internal xref">Migration Trigger Events and Conditions</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2.2.2">
|
||
<p id="section-toc.1-1.4.2.2.2.2.1"><a href="#section-4.2.2" class="auto internal xref">4.2.2</a>. <a href="#name-pre-migration-capability-ch" class="internal xref">Pre-Migration Capability Check</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2.2.3">
|
||
<p id="section-toc.1-1.4.2.2.2.3.1"><a href="#section-4.2.3" class="auto internal xref">4.2.3</a>. <a href="#name-state-serialization-format" class="internal xref">State Serialization Format</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2.2.4">
|
||
<p id="section-toc.1-1.4.2.2.2.4.1"><a href="#section-4.2.4" class="auto internal xref">4.2.4</a>. <a href="#name-identity-transfer-and-re-at" class="internal xref">Identity Transfer and Re-Attestation</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2.2.5">
|
||
<p id="section-toc.1-1.4.2.2.2.5.1"><a href="#section-4.2.5" class="auto internal xref">4.2.5</a>. <a href="#name-post-migration-verification" class="internal xref">Post-Migration Verification</a></p>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.3">
|
||
<p id="section-toc.1-1.4.2.3.1"><a href="#section-4.3" class="auto internal xref">4.3</a>. <a href="#name-state-transfer" class="internal xref">State Transfer</a></p>
|
||
<ul class="compact toc ulBare ulEmpty">
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.3.2.1">
|
||
<p id="section-toc.1-1.4.2.3.2.1.1"><a href="#section-4.3.1" class="auto internal xref">4.3.1</a>. <a href="#name-agent-state-components" class="internal xref">Agent State Components</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.3.2.2">
|
||
<p id="section-toc.1-1.4.2.3.2.2.1"><a href="#section-4.3.2" class="auto internal xref">4.3.2</a>. <a href="#name-incremental-state-transfer-" class="internal xref">Incremental State Transfer for Large State</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.3.2.3">
|
||
<p id="section-toc.1-1.4.2.3.2.3.1"><a href="#section-4.3.3" class="auto internal xref">4.3.3</a>. <a href="#name-state-integrity-verificatio" class="internal xref">State Integrity Verification</a></p>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.4">
|
||
<p id="section-toc.1-1.4.2.4.1"><a href="#section-4.4" class="auto internal xref">4.4</a>. <a href="#name-protocol-bridges" class="internal xref">Protocol Bridges</a></p>
|
||
<ul class="compact toc ulBare ulEmpty">
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.4.2.1">
|
||
<p id="section-toc.1-1.4.2.4.2.1.1"><a href="#section-4.4.1" class="auto internal xref">4.4.1</a>. <a href="#name-bridge-architecture-for-com" class="internal xref">Bridge Architecture for Common Protocols</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.4.2.2">
|
||
<p id="section-toc.1-1.4.2.4.2.2.1"><a href="#section-4.4.2" class="auto internal xref">4.4.2</a>. <a href="#name-context-translation-rules" class="internal xref">Context Translation Rules</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.4.2.3">
|
||
<p id="section-toc.1-1.4.2.4.2.3.1"><a href="#section-4.4.3" class="auto internal xref">4.4.3</a>. <a href="#name-capability-re-mapping" class="internal xref">Capability Re-Mapping</a></p>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.5">
|
||
<p id="section-toc.1-1.4.2.5.1"><a href="#section-4.5" class="auto internal xref">4.5</a>. <a href="#name-privacy-during-migration" class="internal xref">Privacy During Migration</a></p>
|
||
<ul class="compact toc ulBare ulEmpty">
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.5.2.1">
|
||
<p id="section-toc.1-1.4.2.5.2.1.1"><a href="#section-4.5.1" class="auto internal xref">4.5.1</a>. <a href="#name-context-sanitization-before" class="internal xref">Context Sanitization Before Transfer</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.5.2.2">
|
||
<p id="section-toc.1-1.4.2.5.2.2.1"><a href="#section-4.5.2" class="auto internal xref">4.5.2</a>. <a href="#name-selective-state-disclosure" class="internal xref">Selective State Disclosure</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.5.2.3">
|
||
<p id="section-toc.1-1.4.2.5.2.3.1"><a href="#section-4.5.3" class="auto internal xref">4.5.3</a>. <a href="#name-no-context-leakage-guarante" class="internal xref">No-Context-Leakage Guarantees to New Host</a></p>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5">
|
||
<p id="section-toc.1-1.5.1"><a href="#section-5" class="auto internal xref">5</a>. <a href="#name-ect-integration" class="internal xref">ECT Integration</a></p>
|
||
<ul class="compact toc ulBare ulEmpty">
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.1">
|
||
<p id="section-toc.1-1.5.2.1.1"><a href="#section-5.1" class="auto internal xref">5.1</a>. <a href="#name-privacy-attestation-claims" class="internal xref">Privacy Attestation Claims</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.2">
|
||
<p id="section-toc.1-1.5.2.2.1"><a href="#section-5.2" class="auto internal xref">5.2</a>. <a href="#name-migration-evidence-chain" class="internal xref">Migration Evidence Chain</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.3">
|
||
<p id="section-toc.1-1.5.2.3.1"><a href="#section-5.3" class="auto internal xref">5.3</a>. <a href="#name-federation-participation-re" class="internal xref">Federation Participation Records</a></p>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6">
|
||
<p id="section-toc.1-1.6.1"><a href="#section-6" class="auto internal xref">6</a>. <a href="#name-security-considerations" class="internal xref">Security Considerations</a></p>
|
||
<ul class="compact toc ulBare ulEmpty">
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6.2.1">
|
||
<p id="section-toc.1-1.6.2.1.1"><a href="#section-6.1" class="auto internal xref">6.1</a>. <a href="#name-privacy-budget-exhaustion-a" class="internal xref">Privacy Budget Exhaustion Attacks</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6.2.2">
|
||
<p id="section-toc.1-1.6.2.2.1"><a href="#section-6.2" class="auto internal xref">6.2</a>. <a href="#name-migration-hijacking" class="internal xref">Migration Hijacking</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6.2.3">
|
||
<p id="section-toc.1-1.6.2.3.1"><a href="#section-6.3" class="auto internal xref">6.3</a>. <a href="#name-state-tampering-during-tran" class="internal xref">State Tampering During Transfer</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6.2.4">
|
||
<p id="section-toc.1-1.6.2.4.1"><a href="#section-6.4" class="auto internal xref">6.4</a>. <a href="#name-protocol-bridge-vulnerabili" class="internal xref">Protocol Bridge Vulnerabilities</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6.2.5">
|
||
<p id="section-toc.1-1.6.2.5.1"><a href="#section-6.5" class="auto internal xref">6.5</a>. <a href="#name-federation-participant-comp" class="internal xref">Federation Participant Compromise</a></p>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.7">
|
||
<p id="section-toc.1-1.7.1"><a href="#section-7" class="auto internal xref">7</a>. <a href="#name-iana-considerations" class="internal xref">IANA Considerations</a></p>
|
||
<ul class="compact toc ulBare ulEmpty">
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.7.2.1">
|
||
<p id="section-toc.1-1.7.2.1.1"><a href="#section-7.1" class="auto internal xref">7.1</a>. <a href="#name-ect-action-type-registry" class="internal xref">ECT Action Type Registry</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.7.2.2">
|
||
<p id="section-toc.1-1.7.2.2.1"><a href="#section-7.2" class="auto internal xref">7.2</a>. <a href="#name-ect-extension-claims-regist" class="internal xref">ECT Extension Claims Registry</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.7.2.3">
|
||
<p id="section-toc.1-1.7.2.3.1"><a href="#section-7.3" class="auto internal xref">7.3</a>. <a href="#name-media-type-registration" class="internal xref">Media Type Registration</a></p>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8">
|
||
<p id="section-toc.1-1.8.1"><a href="#section-8" class="auto internal xref">8</a>. <a href="#name-references" class="internal xref">References</a></p>
|
||
<ul class="compact toc ulBare ulEmpty">
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8.2.1">
|
||
<p id="section-toc.1-1.8.2.1.1"><a href="#section-8.1" class="auto internal xref">8.1</a>. <a href="#name-normative-references" class="internal xref">Normative References</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8.2.2">
|
||
<p id="section-toc.1-1.8.2.2.1"><a href="#section-8.2" class="auto internal xref">8.2</a>. <a href="#name-informative-references" class="internal xref">Informative References</a></p>
|
||
</li>
|
||
</ul>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.9">
|
||
<p id="section-toc.1-1.9.1"><a href="#appendix-A" class="auto internal xref"></a><a href="#name-acknowledgments" class="internal xref">Acknowledgments</a></p>
|
||
</li>
|
||
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10">
|
||
<p id="section-toc.1-1.10.1"><a href="#appendix-B" class="auto internal xref"></a><a href="#name-authors-address" class="internal xref">Author's Address</a></p>
|
||
</li>
|
||
</ul>
|
||
</nav>
|
||
</section>
|
||
</div>
|
||
<div id="introduction">
|
||
<section id="section-1">
|
||
<h2 id="name-introduction">
|
||
<a href="#section-1" class="section-number selfRef">1. </a><a href="#name-introduction" class="section-name selfRef">Introduction</a>
|
||
</h2>
|
||
<p id="section-1-1">As AI agents become integral to enterprise workflows, two
|
||
capabilities emerge as critical yet underspecified: collaborative
|
||
learning across organizational boundaries and seamless migration
|
||
between protocol environments.<a href="#section-1-1" class="pilcrow">¶</a></p>
|
||
<p id="section-1-2">This document addresses Gap 5 (Federated Learning Privacy) and
|
||
Gap 8 (Cross-Protocol Migration) as identified in
|
||
<span>[<a href="#I-D.nennemann-agent-gap-analysis" class="cite xref">I-D.nennemann-agent-gap-analysis</a>]</span>.<a href="#section-1-2" class="pilcrow">¶</a></p>
|
||
<p id="section-1-3">Gap 5 concerns the absence of privacy-preserving protocols for
|
||
federated agent learning. As agents learn and improve through
|
||
federation, data leakage between participants must be prevented.
|
||
Current federated learning research provides theoretical
|
||
foundations, but no IETF-standard protocol exists that integrates
|
||
differential privacy, secure aggregation, and privacy budget
|
||
enforcement into agent communication frameworks.<a href="#section-1-3" class="pilcrow">¶</a></p>
|
||
<p id="section-1-4">Gap 8 concerns the lack of standardized mechanisms for agent
|
||
migration between protocols, domains, and infrastructure providers.
|
||
As agents need to move between environments -- whether for load
|
||
balancing, disaster recovery, or organizational restructuring --
|
||
state and identity must transfer safely. Without a migration
|
||
protocol, agents lose context, learned parameters, and
|
||
cryptographic identity when changing environments.<a href="#section-1-4" class="pilcrow">¶</a></p>
|
||
<p id="section-1-5">This document builds on the Execution Context Token (ECT)
|
||
framework <span>[<a href="#I-D.nennemann-wimse-ect" class="cite xref">I-D.nennemann-wimse-ect</a>]</span> to provide cryptographic
|
||
audit trails for both federated learning rounds and migration
|
||
events, and on the Agent Context Policy Token
|
||
<span>[<a href="#I-D.nennemann-agent-dag-hitl-safety" class="cite xref">I-D.nennemann-agent-dag-hitl-safety</a>]</span> to enforce privacy and
|
||
migration policies within delegation DAGs.<a href="#section-1-5" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
<div id="terminology">
|
||
<section id="section-2">
|
||
<h2 id="name-terminology">
|
||
<a href="#section-2" class="section-number selfRef">2. </a><a href="#name-terminology" class="section-name selfRef">Terminology</a>
|
||
</h2>
|
||
<p id="section-2-1">The key words "<span class="bcp14">MUST</span>", "<span class="bcp14">MUST NOT</span>", "<span class="bcp14">REQUIRED</span>", "<span class="bcp14">SHALL</span>", "<span class="bcp14">SHALL NOT</span>", "<span class="bcp14">SHOULD</span>", "<span class="bcp14">SHOULD NOT</span>", "<span class="bcp14">RECOMMENDED</span>", "<span class="bcp14">NOT RECOMMENDED</span>",
|
||
"<span class="bcp14">MAY</span>", and "<span class="bcp14">OPTIONAL</span>" in this document are to be interpreted as
|
||
described in BCP 14 <span>[<a href="#RFC2119" class="cite xref">RFC2119</a>]</span> <span>[<a href="#RFC8174" class="cite xref">RFC8174</a>]</span> when, and only when, they
|
||
appear in all capitals, as shown here.<a href="#section-2-1" class="pilcrow">¶</a></p>
|
||
<p id="section-2-2">The following terms are used in this document:<a href="#section-2-2" class="pilcrow">¶</a></p>
|
||
<span class="break"></span><dl class="dlParallel" id="section-2-3">
|
||
<dt id="section-2-3.1">Federated Learning:</dt>
|
||
<dd style="margin-left: 1.5em" id="section-2-3.2">
|
||
<p id="section-2-3.2.1">A machine learning approach where multiple participants
|
||
collaboratively train a model without sharing raw data, instead
|
||
exchanging model updates (gradients or parameters).<a href="#section-2-3.2.1" class="pilcrow">¶</a></p>
|
||
</dd>
|
||
<dd class="break"></dd>
|
||
<dt id="section-2-3.3">Differential Privacy:</dt>
|
||
<dd style="margin-left: 1.5em" id="section-2-3.4">
|
||
<p id="section-2-3.4.1">A mathematical framework providing formal guarantees that the
|
||
output of a computation does not reveal whether any individual
|
||
data point was included in the input, parameterized by epsilon
|
||
and delta.<a href="#section-2-3.4.1" class="pilcrow">¶</a></p>
|
||
</dd>
|
||
<dd class="break"></dd>
|
||
<dt id="section-2-3.5">Secure Aggregation:</dt>
|
||
<dd style="margin-left: 1.5em" id="section-2-3.6">
|
||
<p id="section-2-3.6.1">A cryptographic protocol enabling a server to compute the sum
|
||
of participant updates without learning any individual update.<a href="#section-2-3.6.1" class="pilcrow">¶</a></p>
|
||
</dd>
|
||
<dd class="break"></dd>
|
||
<dt id="section-2-3.7">Privacy Budget:</dt>
|
||
<dd style="margin-left: 1.5em" id="section-2-3.8">
|
||
<p id="section-2-3.8.1">A cumulative bound (epsilon) on the total privacy loss incurred
|
||
across multiple rounds of federated learning, enforced to prevent
|
||
gradual information leakage.<a href="#section-2-3.8.1" class="pilcrow">¶</a></p>
|
||
</dd>
|
||
<dd class="break"></dd>
|
||
<dt id="section-2-3.9">Data Leakage:</dt>
|
||
<dd style="margin-left: 1.5em" id="section-2-3.10">
|
||
<p id="section-2-3.10.1">The unintended exposure of private training data through model
|
||
updates, inference attacks, or side channels during federated
|
||
learning.<a href="#section-2-3.10.1" class="pilcrow">¶</a></p>
|
||
</dd>
|
||
<dd class="break"></dd>
|
||
<dt id="section-2-3.11">Agent Migration:</dt>
|
||
<dd style="margin-left: 1.5em" id="section-2-3.12">
|
||
<p id="section-2-3.12.1">The process of transferring an agent's operational state,
|
||
identity, and capabilities from one protocol environment, domain,
|
||
or infrastructure provider to another.<a href="#section-2-3.12.1" class="pilcrow">¶</a></p>
|
||
</dd>
|
||
<dd class="break"></dd>
|
||
<dt id="section-2-3.13">State Transfer:</dt>
|
||
<dd style="margin-left: 1.5em" id="section-2-3.14">
|
||
<p id="section-2-3.14.1">The serialization, transmission, and deserialization of an
|
||
agent's internal state during migration, including context,
|
||
memory, learned parameters, and active tasks.<a href="#section-2-3.14.1" class="pilcrow">¶</a></p>
|
||
</dd>
|
||
<dd class="break"></dd>
|
||
<dt id="section-2-3.15">Identity Continuity:</dt>
|
||
<dd style="margin-left: 1.5em" id="section-2-3.16">
|
||
<p id="section-2-3.16.1">The property that an agent's cryptographic identity (e.g., SPIFFE
|
||
ID and associated ECT chain) remains verifiable across migration
|
||
boundaries.<a href="#section-2-3.16.1" class="pilcrow">¶</a></p>
|
||
</dd>
|
||
<dd class="break"></dd>
|
||
<dt id="section-2-3.17">Protocol Bridge:</dt>
|
||
<dd style="margin-left: 1.5em" id="section-2-3.18">
|
||
<p id="section-2-3.18.1">A component that translates agent communication between different
|
||
protocols (e.g., A2A to MCP), maintaining semantic equivalence
|
||
of messages and state.<a href="#section-2-3.18.1" class="pilcrow">¶</a></p>
|
||
</dd>
|
||
<dd class="break"></dd>
|
||
<dt id="section-2-3.19">Migration Handoff:</dt>
|
||
<dd style="margin-left: 1.5em" id="section-2-3.20">
|
||
<p id="section-2-3.20.1">The coordinated process by which the source environment transfers
|
||
responsibility for an agent to the destination environment,
|
||
including state transfer and identity re-attestation.<a href="#section-2-3.20.1" class="pilcrow">¶</a></p>
|
||
</dd>
|
||
<dd class="break"></dd>
|
||
</dl>
|
||
</section>
|
||
</div>
|
||
<div id="federated-agent-learning-privacy">
|
||
<section id="section-3">
|
||
<h2 id="name-federated-agent-learning-pr">
|
||
<a href="#section-3" class="section-number selfRef">3. </a><a href="#name-federated-agent-learning-pr" class="section-name selfRef">Federated Agent Learning Privacy</a>
|
||
</h2>
|
||
<div id="federated-learning-architecture-for-agents">
|
||
<section id="section-3.1">
|
||
<h3 id="name-federated-learning-architec">
|
||
<a href="#section-3.1" class="section-number selfRef">3.1. </a><a href="#name-federated-learning-architec" class="section-name selfRef">Federated Learning Architecture for Agents</a>
|
||
</h3>
|
||
<p id="section-3.1-1">Federated learning for agents follows a topology where participant
|
||
agents contribute model updates to an aggregation function without
|
||
exposing their local training data.<a href="#section-3.1-1" class="pilcrow">¶</a></p>
|
||
<span id="name-federated-learning-topologi"></span><div id="fig-federation-arch">
|
||
<figure id="figure-1">
|
||
<div class="alignLeft art-text artwork" id="section-3.1-2.1">
|
||
<pre>
|
||
+---------------------------------------------------+
|
||
| Federation Topology |
|
||
| |
|
||
| Star: Ring: Hierarchical: |
|
||
| |
|
||
| [Agg] A1--A2 [Root Agg] |
|
||
| / | \ | | / \ |
|
||
| A1 A2 A3 A3--A4 [Sub-Agg] [Sub-Agg] |
|
||
| / \ / \ |
|
||
| A1 A2 A3 A4 |
|
||
| |
|
||
+---------------------------------------------------+
|
||
|
||
[Agg] = Aggregation Server
|
||
A1..A4 = Participant Agents
|
||
|
||
Data flow (Star topology):
|
||
|
||
A1 ---local_update---> [Agg]
|
||
A2 ---local_update---> [Agg]
|
||
A3 ---local_update---> [Agg]
|
||
[Agg] computes aggregate
|
||
A1 <--global_model--- [Agg]
|
||
A2 <--global_model--- [Agg]
|
||
A3 <--global_model--- [Agg]
|
||
</pre>
|
||
</div>
|
||
<figcaption><a href="#figure-1" class="selfRef">Figure 1</a>:
|
||
<a href="#name-federated-learning-topologi" class="selfRef">Federated Learning Topologies for Agents</a>
|
||
</figcaption></figure>
|
||
</div>
|
||
<p id="section-3.1-3">Three topologies are defined:<a href="#section-3.1-3" class="pilcrow">¶</a></p>
|
||
<span class="break"></span><dl class="dlParallel" id="section-3.1-4">
|
||
<dt id="section-3.1-4.1">Star Topology:</dt>
|
||
<dd style="margin-left: 1.5em" id="section-3.1-4.2">
|
||
<p id="section-3.1-4.2.1">A central aggregation server receives updates from all
|
||
participant agents and distributes the aggregated model. This
|
||
is the simplest topology but creates a single point of trust.<a href="#section-3.1-4.2.1" class="pilcrow">¶</a></p>
|
||
</dd>
|
||
<dd class="break"></dd>
|
||
<dt id="section-3.1-4.3">Ring Topology:</dt>
|
||
<dd style="margin-left: 1.5em" id="section-3.1-4.4">
|
||
<p id="section-3.1-4.4.1">Participant agents pass updates around a ring, each adding its
|
||
own contribution before forwarding. This eliminates the central
|
||
server but increases latency.<a href="#section-3.1-4.4.1" class="pilcrow">¶</a></p>
|
||
</dd>
|
||
<dd class="break"></dd>
|
||
<dt id="section-3.1-4.5">Hierarchical Topology:</dt>
|
||
<dd style="margin-left: 1.5em" id="section-3.1-4.6">
|
||
<p id="section-3.1-4.6.1">Sub-aggregation servers collect updates from subsets of agents
|
||
before forwarding to a root aggregator. This scales to large
|
||
federations while limiting exposure at each level.<a href="#section-3.1-4.6.1" class="pilcrow">¶</a></p>
|
||
</dd>
|
||
<dd class="break"></dd>
|
||
</dl>
|
||
<p id="section-3.1-5">The aggregation server (or function, in ring topology) <span class="bcp14">MUST NOT</span>
|
||
have access to individual agent updates in plaintext when secure
|
||
aggregation is enabled.<a href="#section-3.1-5" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
<div id="privacy-mechanisms">
|
||
<section id="section-3.2">
|
||
<h3 id="name-privacy-mechanisms">
|
||
<a href="#section-3.2" class="section-number selfRef">3.2. </a><a href="#name-privacy-mechanisms" class="section-name selfRef">Privacy Mechanisms</a>
|
||
</h3>
|
||
<div id="differential-privacy-for-model-updates">
|
||
<section id="section-3.2.1">
|
||
<h4 id="name-differential-privacy-for-mo">
|
||
<a href="#section-3.2.1" class="section-number selfRef">3.2.1. </a><a href="#name-differential-privacy-for-mo" class="section-name selfRef">Differential Privacy for Model Updates</a>
|
||
</h4>
|
||
<p id="section-3.2.1-1">Participant agents <span class="bcp14">MUST</span> apply differential privacy to model
|
||
updates before transmission. Each update is clipped to a maximum
|
||
L2 norm S and perturbed with calibrated Gaussian noise:<a href="#section-3.2.1-1" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-3.2.1-2.1">
|
||
<p id="section-3.2.1-2.1.1">Clipping bound S: limits the influence of any single data point<a href="#section-3.2.1-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-3.2.1-2.2">
|
||
<p id="section-3.2.1-2.2.1">Noise scale sigma: calibrated to achieve (epsilon, delta)-
|
||
differential privacy for each round<a href="#section-3.2.1-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-3.2.1-2.3">
|
||
<p id="section-3.2.1-2.3.1">Composition: total privacy loss across T rounds is tracked using
|
||
the moments accountant or Renyi differential privacy<a href="#section-3.2.1-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
<p id="section-3.2.1-3">The privacy parameters <span class="bcp14">MUST</span> be declared in the federation
|
||
configuration and enforced by each participant agent.<a href="#section-3.2.1-3" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
<div id="secure-aggregation-protocol">
|
||
<section id="section-3.2.2">
|
||
<h4 id="name-secure-aggregation-protocol">
|
||
<a href="#section-3.2.2" class="section-number selfRef">3.2.2. </a><a href="#name-secure-aggregation-protocol" class="section-name selfRef">Secure Aggregation Protocol</a>
|
||
</h4>
|
||
<p id="section-3.2.2-1">The aggregation server <span class="bcp14">MUST</span> implement a secure aggregation protocol
|
||
such that:<a href="#section-3.2.2-1" class="pilcrow">¶</a></p>
|
||
<ol start="1" type="1" class="normal type-1" id="section-3.2.2-2">
|
||
<li id="section-3.2.2-2.1">
|
||
<p id="section-3.2.2-2.1.1">Each participant agent secret-shares its update using pairwise
|
||
keys established with other participants.<a href="#section-3.2.2-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li id="section-3.2.2-2.2">
|
||
<p id="section-3.2.2-2.2.1">The aggregation server collects masked updates from all
|
||
participants.<a href="#section-3.2.2-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li id="section-3.2.2-2.3">
|
||
<p id="section-3.2.2-2.3.1">After a configurable threshold of participants have submitted
|
||
updates, the server reconstructs only the aggregate sum.<a href="#section-3.2.2-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li id="section-3.2.2-2.4">
|
||
<p id="section-3.2.2-2.4.1">Individual updates are never available to the server in
|
||
plaintext.<a href="#section-3.2.2-2.4.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ol>
|
||
<p id="section-3.2.2-3">Dropped participants are handled by reconstructing their masking
|
||
contributions from the shares held by surviving participants.<a href="#section-3.2.2-3" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
<div id="privacy-budget-tracking-and-enforcement">
|
||
<section id="section-3.2.3">
|
||
<h4 id="name-privacy-budget-tracking-and">
|
||
<a href="#section-3.2.3" class="section-number selfRef">3.2.3. </a><a href="#name-privacy-budget-tracking-and" class="section-name selfRef">Privacy Budget Tracking and Enforcement</a>
|
||
</h4>
|
||
<p id="section-3.2.3-1">Each federation <span class="bcp14">MUST</span> maintain a privacy budget tracker that records
|
||
cumulative epsilon expenditure per participant. The tracker <span class="bcp14">MUST</span>:<a href="#section-3.2.3-1" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-3.2.3-2.1">
|
||
<p id="section-3.2.3-2.1.1">Record the epsilon cost of each federated learning round<a href="#section-3.2.3-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-3.2.3-2.2">
|
||
<p id="section-3.2.3-2.2.1">Refuse to include a participant whose cumulative epsilon would
|
||
exceed the configured maximum budget<a href="#section-3.2.3-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-3.2.3-2.3">
|
||
<p id="section-3.2.3-2.3.1">Support budget refresh after a configurable cooldown period<a href="#section-3.2.3-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-3.2.3-2.4">
|
||
<p id="section-3.2.3-2.4.1">Report remaining budget to participants upon request<a href="#section-3.2.3-2.4.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
<p id="section-3.2.3-3">Privacy budget state <span class="bcp14">MUST</span> be recorded in ECTs (see <a href="#ect-integration" class="auto internal xref">Section 5</a>)
|
||
to provide a cryptographic audit trail of privacy expenditure.<a href="#section-3.2.3-3" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
<div id="gradient-compression-with-privacy-preservation">
|
||
<section id="section-3.2.4">
|
||
<h4 id="name-gradient-compression-with-p">
|
||
<a href="#section-3.2.4" class="section-number selfRef">3.2.4. </a><a href="#name-gradient-compression-with-p" class="section-name selfRef">Gradient Compression with Privacy Preservation</a>
|
||
</h4>
|
||
<p id="section-3.2.4-1">To reduce communication overhead, participants <span class="bcp14">MAY</span> compress model
|
||
updates using techniques such as top-k sparsification or random
|
||
sparsification. Compression <span class="bcp14">MUST NOT</span> reduce the effective privacy
|
||
guarantee below the declared epsilon -- noise <span class="bcp14">MUST</span> be added after
|
||
compression, calibrated to the compressed update's sensitivity.<a href="#section-3.2.4-1" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
</section>
|
||
</div>
|
||
<div id="data-leakage-prevention">
|
||
<section id="section-3.3">
|
||
<h3 id="name-data-leakage-prevention">
|
||
<a href="#section-3.3" class="section-number selfRef">3.3. </a><a href="#name-data-leakage-prevention" class="section-name selfRef">Data Leakage Prevention</a>
|
||
</h3>
|
||
<div id="membership-inference-attack-mitigation">
|
||
<section id="section-3.3.1">
|
||
<h4 id="name-membership-inference-attack">
|
||
<a href="#section-3.3.1" class="section-number selfRef">3.3.1. </a><a href="#name-membership-inference-attack" class="section-name selfRef">Membership Inference Attack Mitigation</a>
|
||
</h4>
|
||
<p id="section-3.3.1-1">Federation participants <span class="bcp14">MUST</span> apply differential privacy at
|
||
sufficient epsilon levels to bound the success rate of membership
|
||
inference attacks. The aggregation server <span class="bcp14">SHOULD</span> monitor update
|
||
distributions for anomalous patterns indicative of membership
|
||
inference attempts.<a href="#section-3.3.1-1" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
<div id="model-inversion-attack-prevention">
|
||
<section id="section-3.3.2">
|
||
<h4 id="name-model-inversion-attack-prev">
|
||
<a href="#section-3.3.2" class="section-number selfRef">3.3.2. </a><a href="#name-model-inversion-attack-prev" class="section-name selfRef">Model Inversion Attack Prevention</a>
|
||
</h4>
|
||
<p id="section-3.3.2-1">To prevent reconstruction of training data from model updates:<a href="#section-3.3.2-1" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-3.3.2-2.1">
|
||
<p id="section-3.3.2-2.1.1">Updates <span class="bcp14">MUST</span> be clipped and noised per the differential privacy
|
||
mechanism defined above.<a href="#section-3.3.2-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-3.3.2-2.2">
|
||
<p id="section-3.3.2-2.2.1">The aggregation server <span class="bcp14">MUST NOT</span> release per-participant update
|
||
statistics.<a href="#section-3.3.2-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-3.3.2-2.3">
|
||
<p id="section-3.3.2-2.3.1">Participants <span class="bcp14">SHOULD</span> limit the number of rounds in which they
|
||
participate with unchanged local data.<a href="#section-3.3.2-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
</section>
|
||
</div>
|
||
<div id="update-poisoning-detection">
|
||
<section id="section-3.3.3">
|
||
<h4 id="name-update-poisoning-detection">
|
||
<a href="#section-3.3.3" class="section-number selfRef">3.3.3. </a><a href="#name-update-poisoning-detection" class="section-name selfRef">Update Poisoning Detection</a>
|
||
</h4>
|
||
<p id="section-3.3.3-1">The aggregation server <span class="bcp14">MUST</span> implement poisoning detection to
|
||
identify malicious updates that attempt to corrupt the global
|
||
model:<a href="#section-3.3.3-1" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-3.3.3-2.1">
|
||
<p id="section-3.3.3-2.1.1">Statistical outlier detection on update norms and directions<a href="#section-3.3.3-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-3.3.3-2.2">
|
||
<p id="section-3.3.3-2.2.1">Byzantine-robust aggregation (e.g., coordinate-wise median or
|
||
trimmed mean) as an alternative to simple averaging<a href="#section-3.3.3-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-3.3.3-2.3">
|
||
<p id="section-3.3.3-2.3.1">Participants submitting suspected poisoned updates <span class="bcp14">SHOULD</span> be
|
||
flagged and excluded from subsequent rounds pending review<a href="#section-3.3.3-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
</section>
|
||
</div>
|
||
<div id="privacy-attestation-via-ect">
|
||
<section id="section-3.3.4">
|
||
<h4 id="name-privacy-attestation-via-ect">
|
||
<a href="#section-3.3.4" class="section-number selfRef">3.3.4. </a><a href="#name-privacy-attestation-via-ect" class="section-name selfRef">Privacy Attestation via ECT</a>
|
||
</h4>
|
||
<p id="section-3.3.4-1">Each federated learning round <span class="bcp14">MUST</span> produce an ECT
|
||
<span>[<a href="#I-D.nennemann-wimse-ect" class="cite xref">I-D.nennemann-wimse-ect</a>]</span> attesting to the privacy mechanisms
|
||
applied. The ECT <code>ext</code> claim <span class="bcp14">MUST</span> include:<a href="#section-3.3.4-1" class="pilcrow">¶</a></p>
|
||
<span id="name-privacy-attestation-in-ect-"></span><div id="fig-privacy-attestation">
|
||
<figure id="figure-2">
|
||
<div class="lang-json sourcecode" id="section-3.3.4-2.1">
|
||
<pre>
|
||
{
|
||
"ext": {
|
||
"fed.round_id": "round-42",
|
||
"fed.epsilon": 1.5,
|
||
"fed.delta": 1e-5,
|
||
"fed.participants": 12,
|
||
"fed.aggregation": "secure_aggregation",
|
||
"fed.poisoning_detected": false
|
||
}
|
||
}
|
||
</pre>
|
||
</div>
|
||
<figcaption><a href="#figure-2" class="selfRef">Figure 2</a>:
|
||
<a href="#name-privacy-attestation-in-ect-" class="selfRef">Privacy Attestation in ECT Extension Claims</a>
|
||
</figcaption></figure>
|
||
</div>
|
||
</section>
|
||
</div>
|
||
</section>
|
||
</div>
|
||
<div id="privacy-policy-format">
|
||
<section id="section-3.4">
|
||
<h3 id="name-privacy-policy-format">
|
||
<a href="#section-3.4" class="section-number selfRef">3.4. </a><a href="#name-privacy-policy-format" class="section-name selfRef">Privacy Policy Format</a>
|
||
</h3>
|
||
<p id="section-3.4-1">Federation participants <span class="bcp14">MUST</span> publish a machine-readable privacy
|
||
policy document describing their federation parameters. The policy
|
||
is a JSON object:<a href="#section-3.4-1" class="pilcrow">¶</a></p>
|
||
<span id="name-machine-readable-privacy-po"></span><div id="fig-privacy-policy">
|
||
<figure id="figure-3">
|
||
<div class="lang-json sourcecode" id="section-3.4-2.1">
|
||
<pre>
|
||
{
|
||
"federation_policy_version": "1.0",
|
||
"max_epsilon_per_round": 2.0,
|
||
"max_total_epsilon": 10.0,
|
||
"delta": 1e-5,
|
||
"secure_aggregation_required": true,
|
||
"min_participants": 3,
|
||
"budget_refresh_seconds": 86400,
|
||
"allowed_topologies": ["star", "hierarchical"],
|
||
"data_categories_excluded": ["PII", "PHI"]
|
||
}
|
||
</pre>
|
||
</div>
|
||
<figcaption><a href="#figure-3" class="selfRef">Figure 3</a>:
|
||
<a href="#name-machine-readable-privacy-po" class="selfRef">Machine-Readable Privacy Policy</a>
|
||
</figcaption></figure>
|
||
</div>
|
||
<p id="section-3.4-3">Privacy level claims <span class="bcp14">SHOULD</span> be included in the ECT <code>ext</code> field
|
||
as <code>fed.policy_hash</code>, containing the SHA-256 hash of the
|
||
federation privacy policy document, enabling verifiers to confirm
|
||
that a specific policy was in effect during a learning round.<a href="#section-3.4-3" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
</section>
|
||
</div>
|
||
<div id="cross-protocol-agent-migration">
|
||
<section id="section-4">
|
||
<h2 id="name-cross-protocol-agent-migrat">
|
||
<a href="#section-4" class="section-number selfRef">4. </a><a href="#name-cross-protocol-agent-migrat" class="section-name selfRef">Cross-Protocol Agent Migration</a>
|
||
</h2>
|
||
<div id="migration-model">
|
||
<section id="section-4.1">
|
||
<h3 id="name-migration-model">
|
||
<a href="#section-4.1" class="section-number selfRef">4.1. </a><a href="#name-migration-model" class="section-name selfRef">Migration Model</a>
|
||
</h3>
|
||
<span id="name-agent-migration-between-dom"></span><div id="fig-migration-model">
|
||
<figure id="figure-4">
|
||
<div class="alignLeft art-text artwork" id="section-4.1-1.1">
|
||
<pre>
|
||
+-----------------------------------------------------------+
|
||
| Migration Flow |
|
||
| |
|
||
| Source Domain (Protocol A) Dest Domain (Protocol B) |
|
||
| +---------------------+ +---------------------+ |
|
||
| | | | | |
|
||
| | [Agent] | | [Agent] | |
|
||
| | | | | ^ | |
|
||
| | | 1.trigger | | | | |
|
||
| | v | | 5.resume | |
|
||
| | [Serialize State] | | | | |
|
||
| | | | | [Deserialize State]| |
|
||
| | | 2.package | | ^ | | |
|
||
| | v | | |4.recv| | |
|
||
| | [Migration Msg]----|--3.transfer--|------+ | |
|
||
| | | | | |
|
||
| +---------------------+ +---------------------+ |
|
||
| |
|
||
| ECT Chain: migration_start -> migration_transfer |
|
||
| -> migration_complete |
|
||
+-----------------------------------------------------------+
|
||
</pre>
|
||
</div>
|
||
<figcaption><a href="#figure-4" class="selfRef">Figure 4</a>:
|
||
<a href="#name-agent-migration-between-dom" class="selfRef">Agent Migration Between Domains</a>
|
||
</figcaption></figure>
|
||
</div>
|
||
</section>
|
||
</div>
|
||
<div id="migration-protocol">
|
||
<section id="section-4.2">
|
||
<h3 id="name-migration-protocol">
|
||
<a href="#section-4.2" class="section-number selfRef">4.2. </a><a href="#name-migration-protocol" class="section-name selfRef">Migration Protocol</a>
|
||
</h3>
|
||
<div id="migration-trigger-events-and-conditions">
|
||
<section id="section-4.2.1">
|
||
<h4 id="name-migration-trigger-events-an">
|
||
<a href="#section-4.2.1" class="section-number selfRef">4.2.1. </a><a href="#name-migration-trigger-events-an" class="section-name selfRef">Migration Trigger Events and Conditions</a>
|
||
</h4>
|
||
<p id="section-4.2.1-1">A migration <span class="bcp14">MAY</span> be triggered by any of the following events:<a href="#section-4.2.1-1" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-4.2.1-2.1">
|
||
<p id="section-4.2.1-2.1.1">Operator-initiated domain transfer<a href="#section-4.2.1-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-4.2.1-2.2">
|
||
<p id="section-4.2.1-2.2.1">Load balancing across infrastructure providers<a href="#section-4.2.1-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-4.2.1-2.3">
|
||
<p id="section-4.2.1-2.3.1">Disaster recovery failover<a href="#section-4.2.1-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-4.2.1-2.4">
|
||
<p id="section-4.2.1-2.4.1">Protocol deprecation requiring protocol change<a href="#section-4.2.1-2.4.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-4.2.1-2.5">
|
||
<p id="section-4.2.1-2.5.1">Policy-driven relocation (e.g., data sovereignty requirements)<a href="#section-4.2.1-2.5.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
<p id="section-4.2.1-3">The migration trigger <span class="bcp14">MUST</span> be recorded in an ECT with
|
||
<code>exec_act</code> set to <code>"migration_start"</code>.<a href="#section-4.2.1-3" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
<div id="pre-migration-capability-check">
|
||
<section id="section-4.2.2">
|
||
<h4 id="name-pre-migration-capability-ch">
|
||
<a href="#section-4.2.2" class="section-number selfRef">4.2.2. </a><a href="#name-pre-migration-capability-ch" class="section-name selfRef">Pre-Migration Capability Check</a>
|
||
</h4>
|
||
<p id="section-4.2.2-1">Before initiating migration, the source environment <span class="bcp14">MUST</span> verify
|
||
that the destination environment supports the agent's required
|
||
capabilities:<a href="#section-4.2.2-1" class="pilcrow">¶</a></p>
|
||
<ol start="1" type="1" class="normal type-1" id="section-4.2.2-2">
|
||
<li id="section-4.2.2-2.1">
|
||
<p id="section-4.2.2-2.1.1">Query the destination's capability advertisement endpoint.<a href="#section-4.2.2-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li id="section-4.2.2-2.2">
|
||
<p id="section-4.2.2-2.2.1">Verify that all required agent capabilities can be mapped to
|
||
the destination protocol.<a href="#section-4.2.2-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li id="section-4.2.2-2.3">
|
||
<p id="section-4.2.2-2.3.1">Verify that the destination accepts the agent's identity
|
||
format (e.g., SPIFFE ID).<a href="#section-4.2.2-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li id="section-4.2.2-2.4">
|
||
<p id="section-4.2.2-2.4.1">Confirm sufficient resources at the destination for the
|
||
agent's state size.<a href="#section-4.2.2-2.4.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ol>
|
||
<p id="section-4.2.2-3">If any check fails, the migration <span class="bcp14">MUST</span> be aborted and an error
|
||
reported to the triggering entity.<a href="#section-4.2.2-3" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
<div id="state-serialization-format">
|
||
<section id="section-4.2.3">
|
||
<h4 id="name-state-serialization-format">
|
||
<a href="#section-4.2.3" class="section-number selfRef">4.2.3. </a><a href="#name-state-serialization-format" class="section-name selfRef">State Serialization Format</a>
|
||
</h4>
|
||
<p id="section-4.2.3-1">Agent state <span class="bcp14">MUST</span> be serialized using CBOR (Concise Binary Object
|
||
Representation) with the following top-level structure:<a href="#section-4.2.3-1" class="pilcrow">¶</a></p>
|
||
<span id="name-cbor-migration-state-struct"></span><div id="fig-state-format">
|
||
<figure id="figure-5">
|
||
<div class="alignLeft art-text artwork" id="section-4.2.3-2.1">
|
||
<pre>
|
||
migration_state = {
|
||
"version": uint, ; serialization format version
|
||
"agent_id": tstr, ; agent SPIFFE ID
|
||
"source_protocol": tstr, ; source protocol identifier
|
||
"dest_protocol": tstr, ; destination protocol identifier
|
||
"timestamp": uint, ; Unix timestamp of serialization
|
||
"state": {
|
||
"context": bstr, ; conversation/task context
|
||
"memory": bstr, ; long-term memory store
|
||
"learned_params": bstr, ; model parameters or embeddings
|
||
"active_tasks": [* task] ; in-progress task descriptors
|
||
},
|
||
"ect_chain": [* tstr], ; ECT JWS chain for identity
|
||
"integrity": tstr ; HMAC-SHA256 of state fields
|
||
}
|
||
</pre>
|
||
</div>
|
||
<figcaption><a href="#figure-5" class="selfRef">Figure 5</a>:
|
||
<a href="#name-cbor-migration-state-struct" class="selfRef">CBOR Migration State Structure</a>
|
||
</figcaption></figure>
|
||
</div>
|
||
</section>
|
||
</div>
|
||
<div id="identity-transfer-and-re-attestation">
|
||
<section id="section-4.2.4">
|
||
<h4 id="name-identity-transfer-and-re-at">
|
||
<a href="#section-4.2.4" class="section-number selfRef">4.2.4. </a><a href="#name-identity-transfer-and-re-at" class="section-name selfRef">Identity Transfer and Re-Attestation</a>
|
||
</h4>
|
||
<p id="section-4.2.4-1">During migration, the agent's identity <span class="bcp14">MUST</span> be preserved through
|
||
the ECT chain:<a href="#section-4.2.4-1" class="pilcrow">¶</a></p>
|
||
<ol start="1" type="1" class="normal type-1" id="section-4.2.4-2">
|
||
<li id="section-4.2.4-2.1">
|
||
<p id="section-4.2.4-2.1.1">The source environment issues a migration ECT with the full
|
||
ECT chain as the <code>par</code> claim.<a href="#section-4.2.4-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li id="section-4.2.4-2.2">
|
||
<p id="section-4.2.4-2.2.1">The destination environment verifies the ECT chain back to a
|
||
trusted root.<a href="#section-4.2.4-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li id="section-4.2.4-2.3">
|
||
<p id="section-4.2.4-2.3.1">The destination environment issues a new ECT for the agent with
|
||
<code>exec_act</code> set to <code>"migration_complete"</code> and <code>par</code> referencing
|
||
the migration transfer ECT.<a href="#section-4.2.4-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li id="section-4.2.4-2.4">
|
||
<p id="section-4.2.4-2.4.1">The agent's SPIFFE ID remains unchanged; only the issuing
|
||
authority for new ECTs changes.<a href="#section-4.2.4-2.4.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ol>
|
||
</section>
|
||
</div>
|
||
<div id="post-migration-verification">
|
||
<section id="section-4.2.5">
|
||
<h4 id="name-post-migration-verification">
|
||
<a href="#section-4.2.5" class="section-number selfRef">4.2.5. </a><a href="#name-post-migration-verification" class="section-name selfRef">Post-Migration Verification</a>
|
||
</h4>
|
||
<p id="section-4.2.5-1">After migration completes, the destination environment <span class="bcp14">MUST</span>:<a href="#section-4.2.5-1" class="pilcrow">¶</a></p>
|
||
<ol start="1" type="1" class="normal type-1" id="section-4.2.5-2">
|
||
<li id="section-4.2.5-2.1">
|
||
<p id="section-4.2.5-2.1.1">Verify state integrity using the HMAC in the migration payload.<a href="#section-4.2.5-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li id="section-4.2.5-2.2">
|
||
<p id="section-4.2.5-2.2.1">Deserialize and load the agent state.<a href="#section-4.2.5-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li id="section-4.2.5-2.3">
|
||
<p id="section-4.2.5-2.3.1">Execute a capability self-test to confirm operational readiness.<a href="#section-4.2.5-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li id="section-4.2.5-2.4">
|
||
<p id="section-4.2.5-2.4.1">Issue the <code>"migration_complete"</code> ECT.<a href="#section-4.2.5-2.4.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li id="section-4.2.5-2.5">
|
||
<p id="section-4.2.5-2.5.1">Notify the source environment of successful migration so it
|
||
can release resources.<a href="#section-4.2.5-2.5.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ol>
|
||
<p id="section-4.2.5-3">If verification fails, the destination <span class="bcp14">MUST</span> notify the source
|
||
environment, which <span class="bcp14">SHOULD</span> retain the agent in its original state
|
||
for retry or rollback.<a href="#section-4.2.5-3" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
</section>
|
||
</div>
|
||
<div id="state-transfer">
|
||
<section id="section-4.3">
|
||
<h3 id="name-state-transfer">
|
||
<a href="#section-4.3" class="section-number selfRef">4.3. </a><a href="#name-state-transfer" class="section-name selfRef">State Transfer</a>
|
||
</h3>
|
||
<div id="agent-state-components">
|
||
<section id="section-4.3.1">
|
||
<h4 id="name-agent-state-components">
|
||
<a href="#section-4.3.1" class="section-number selfRef">4.3.1. </a><a href="#name-agent-state-components" class="section-name selfRef">Agent State Components</a>
|
||
</h4>
|
||
<p id="section-4.3.1-1">An agent's transferable state consists of four components:<a href="#section-4.3.1-1" class="pilcrow">¶</a></p>
|
||
<span class="break"></span><dl class="dlParallel" id="section-4.3.1-2">
|
||
<dt id="section-4.3.1-2.1">Context:</dt>
|
||
<dd style="margin-left: 1.5em" id="section-4.3.1-2.2">
|
||
<p id="section-4.3.1-2.2.1">The current conversation or task execution context, including
|
||
recent message history and active reasoning chains.<a href="#section-4.3.1-2.2.1" class="pilcrow">¶</a></p>
|
||
</dd>
|
||
<dd class="break"></dd>
|
||
<dt id="section-4.3.1-2.3">Memory:</dt>
|
||
<dd style="margin-left: 1.5em" id="section-4.3.1-2.4">
|
||
<p id="section-4.3.1-2.4.1">Long-term memory stores such as retrieval-augmented generation
|
||
(RAG) indices, episodic memory, or key-value caches.<a href="#section-4.3.1-2.4.1" class="pilcrow">¶</a></p>
|
||
</dd>
|
||
<dd class="break"></dd>
|
||
<dt id="section-4.3.1-2.5">Learned Parameters:</dt>
|
||
<dd style="margin-left: 1.5em" id="section-4.3.1-2.6">
|
||
<p id="section-4.3.1-2.6.1">Fine-tuned model weights, adapter layers, embeddings, or
|
||
reinforcement learning policies specific to the agent's role.<a href="#section-4.3.1-2.6.1" class="pilcrow">¶</a></p>
|
||
</dd>
|
||
<dd class="break"></dd>
|
||
<dt id="section-4.3.1-2.7">Active Tasks:</dt>
|
||
<dd style="margin-left: 1.5em" id="section-4.3.1-2.8">
|
||
<p id="section-4.3.1-2.8.1">In-progress task descriptors including task ID, current step,
|
||
dependencies, and expected outputs.<a href="#section-4.3.1-2.8.1" class="pilcrow">¶</a></p>
|
||
</dd>
|
||
<dd class="break"></dd>
|
||
</dl>
|
||
</section>
|
||
</div>
|
||
<div id="incremental-state-transfer-for-large-state">
|
||
<section id="section-4.3.2">
|
||
<h4 id="name-incremental-state-transfer-">
|
||
<a href="#section-4.3.2" class="section-number selfRef">4.3.2. </a><a href="#name-incremental-state-transfer-" class="section-name selfRef">Incremental State Transfer for Large State</a>
|
||
</h4>
|
||
<p id="section-4.3.2-1">For agents with state exceeding 10 MB, incremental transfer
|
||
<span class="bcp14">MUST</span> be supported:<a href="#section-4.3.2-1" class="pilcrow">¶</a></p>
|
||
<ol start="1" type="1" class="normal type-1" id="section-4.3.2-2">
|
||
<li id="section-4.3.2-2.1">
|
||
<p id="section-4.3.2-2.1.1">The source environment transmits a state manifest listing all
|
||
state chunks with their SHA-256 hashes.<a href="#section-4.3.2-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li id="section-4.3.2-2.2">
|
||
<p id="section-4.3.2-2.2.1">The destination environment requests only chunks it does not
|
||
already possess (delta transfer).<a href="#section-4.3.2-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li id="section-4.3.2-2.3">
|
||
<p id="section-4.3.2-2.3.1">Each chunk transfer is individually acknowledged.<a href="#section-4.3.2-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li id="section-4.3.2-2.4">
|
||
<p id="section-4.3.2-2.4.1">After all chunks are received, the destination assembles the
|
||
complete state and verifies the root hash.<a href="#section-4.3.2-2.4.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ol>
|
||
</section>
|
||
</div>
|
||
<div id="state-integrity-verification">
|
||
<section id="section-4.3.3">
|
||
<h4 id="name-state-integrity-verificatio">
|
||
<a href="#section-4.3.3" class="section-number selfRef">4.3.3. </a><a href="#name-state-integrity-verificatio" class="section-name selfRef">State Integrity Verification</a>
|
||
</h4>
|
||
<p id="section-4.3.3-1">State integrity <span class="bcp14">MUST</span> be verified at each stage:<a href="#section-4.3.3-1" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-4.3.3-2.1">
|
||
<p id="section-4.3.3-2.1.1">Before transmission: source computes HMAC-SHA256 over the
|
||
serialized state using a key derived from the migration ECT.<a href="#section-4.3.3-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-4.3.3-2.2">
|
||
<p id="section-4.3.3-2.2.1">During transmission: TLS provides transport integrity.<a href="#section-4.3.3-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-4.3.3-2.3">
|
||
<p id="section-4.3.3-2.3.1">After reception: destination recomputes and verifies the HMAC.<a href="#section-4.3.3-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-4.3.3-2.4">
|
||
<p id="section-4.3.3-2.4.1">After deserialization: destination runs a state consistency
|
||
check (e.g., verifying that active task references resolve).<a href="#section-4.3.3-2.4.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
</section>
|
||
</div>
|
||
</section>
|
||
</div>
|
||
<div id="protocol-bridges">
|
||
<section id="section-4.4">
|
||
<h3 id="name-protocol-bridges">
|
||
<a href="#section-4.4" class="section-number selfRef">4.4. </a><a href="#name-protocol-bridges" class="section-name selfRef">Protocol Bridges</a>
|
||
</h3>
|
||
<div id="bridge-architecture-for-common-protocols">
|
||
<section id="section-4.4.1">
|
||
<h4 id="name-bridge-architecture-for-com">
|
||
<a href="#section-4.4.1" class="section-number selfRef">4.4.1. </a><a href="#name-bridge-architecture-for-com" class="section-name selfRef">Bridge Architecture for Common Protocols</a>
|
||
</h4>
|
||
<p id="section-4.4.1-1">Protocol bridges translate agent communication between protocols
|
||
while preserving semantic equivalence. A bridge <span class="bcp14">MUST</span> support
|
||
bidirectional translation for each protocol pair it advertises.<a href="#section-4.4.1-1" class="pilcrow">¶</a></p>
|
||
<span id="name-protocol-bridge-architectur"></span><div id="fig-bridge-arch">
|
||
<figure id="figure-6">
|
||
<div class="alignLeft art-text artwork" id="section-4.4.1-2.1">
|
||
<pre>
|
||
[Agent (A2A)] <--A2A--> [Bridge] <--MCP--> [Agent (MCP)]
|
||
|
|
||
[ECT Logger]
|
||
</pre>
|
||
</div>
|
||
<figcaption><a href="#figure-6" class="selfRef">Figure 6</a>:
|
||
<a href="#name-protocol-bridge-architectur" class="selfRef">Protocol Bridge Architecture</a>
|
||
</figcaption></figure>
|
||
</div>
|
||
<p id="section-4.4.1-3">Each bridge instance <span class="bcp14">MUST</span>:<a href="#section-4.4.1-3" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-4.4.1-4.1">
|
||
<p id="section-4.4.1-4.1.1">Maintain a mapping table for message types between protocols.<a href="#section-4.4.1-4.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-4.4.1-4.2">
|
||
<p id="section-4.4.1-4.2.1">Preserve task identifiers across protocol boundaries.<a href="#section-4.4.1-4.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-4.4.1-4.3">
|
||
<p id="section-4.4.1-4.3.1">Record each translation as an ECT with <code>exec_act</code> set to
|
||
<code>"bridge_translate"</code>.<a href="#section-4.4.1-4.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
</section>
|
||
</div>
|
||
<div id="context-translation-rules">
|
||
<section id="section-4.4.2">
|
||
<h4 id="name-context-translation-rules">
|
||
<a href="#section-4.4.2" class="section-number selfRef">4.4.2. </a><a href="#name-context-translation-rules" class="section-name selfRef">Context Translation Rules</a>
|
||
</h4>
|
||
<p id="section-4.4.2-1">When translating context between protocols, bridges <span class="bcp14">MUST</span>:<a href="#section-4.4.2-1" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-4.4.2-2.1">
|
||
<p id="section-4.4.2-2.1.1">Map equivalent fields (e.g., A2A "task" to MCP "resource").<a href="#section-4.4.2-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-4.4.2-2.2">
|
||
<p id="section-4.4.2-2.2.1">Preserve all metadata as extension fields where direct mapping
|
||
is not available.<a href="#section-4.4.2-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-4.4.2-2.3">
|
||
<p id="section-4.4.2-2.3.1">Flag semantic mismatches in the translation ECT's <code>ext</code> claim
|
||
under <code>bridge.warnings</code>.<a href="#section-4.4.2-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
</section>
|
||
</div>
|
||
<div id="capability-re-mapping">
|
||
<section id="section-4.4.3">
|
||
<h4 id="name-capability-re-mapping">
|
||
<a href="#section-4.4.3" class="section-number selfRef">4.4.3. </a><a href="#name-capability-re-mapping" class="section-name selfRef">Capability Re-Mapping</a>
|
||
</h4>
|
||
<p id="section-4.4.3-1">Agent capabilities expressed in the source protocol <span class="bcp14">MUST</span> be
|
||
re-mapped to the closest equivalent in the destination protocol.
|
||
Capabilities with no equivalent <span class="bcp14">MUST</span> be listed in the migration
|
||
state as <code>unmapped_capabilities</code> so the destination environment
|
||
can handle them appropriately (e.g., by loading additional
|
||
tooling or reporting reduced functionality).<a href="#section-4.4.3-1" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
</section>
|
||
</div>
|
||
<div id="privacy-during-migration">
|
||
<section id="section-4.5">
|
||
<h3 id="name-privacy-during-migration">
|
||
<a href="#section-4.5" class="section-number selfRef">4.5. </a><a href="#name-privacy-during-migration" class="section-name selfRef">Privacy During Migration</a>
|
||
</h3>
|
||
<div id="context-sanitization-before-transfer">
|
||
<section id="section-4.5.1">
|
||
<h4 id="name-context-sanitization-before">
|
||
<a href="#section-4.5.1" class="section-number selfRef">4.5.1. </a><a href="#name-context-sanitization-before" class="section-name selfRef">Context Sanitization Before Transfer</a>
|
||
</h4>
|
||
<p id="section-4.5.1-1">Before state serialization, the source environment <span class="bcp14">MUST</span> sanitize
|
||
the agent's context by:<a href="#section-4.5.1-1" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-4.5.1-2.1">
|
||
<p id="section-4.5.1-2.1.1">Removing credentials, API keys, and session tokens.<a href="#section-4.5.1-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-4.5.1-2.2">
|
||
<p id="section-4.5.1-2.2.1">Redacting PII unless the destination is authorized to receive
|
||
it per the agent's privacy policy.<a href="#section-4.5.1-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-4.5.1-2.3">
|
||
<p id="section-4.5.1-2.3.1">Stripping environment-specific configuration (e.g., internal
|
||
hostnames, file paths).<a href="#section-4.5.1-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
</section>
|
||
</div>
|
||
<div id="selective-state-disclosure">
|
||
<section id="section-4.5.2">
|
||
<h4 id="name-selective-state-disclosure">
|
||
<a href="#section-4.5.2" class="section-number selfRef">4.5.2. </a><a href="#name-selective-state-disclosure" class="section-name selfRef">Selective State Disclosure</a>
|
||
</h4>
|
||
<p id="section-4.5.2-1">The migration protocol supports selective state disclosure:
|
||
the source environment <span class="bcp14">MAY</span> omit state components that the
|
||
destination is not authorized to receive. The migration state
|
||
manifest indicates which components are included and which are
|
||
withheld, allowing the destination to request missing components
|
||
through an authorized channel if needed.<a href="#section-4.5.2-1" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
<div id="no-context-leakage-guarantees-to-new-host">
|
||
<section id="section-4.5.3">
|
||
<h4 id="name-no-context-leakage-guarante">
|
||
<a href="#section-4.5.3" class="section-number selfRef">4.5.3. </a><a href="#name-no-context-leakage-guarante" class="section-name selfRef">No-Context-Leakage Guarantees to New Host</a>
|
||
</h4>
|
||
<p id="section-4.5.3-1">The destination environment <span class="bcp14">MUST NOT</span> have access to state
|
||
components that were excluded during selective disclosure. The
|
||
migration protocol provides the following guarantees:<a href="#section-4.5.3-1" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-4.5.3-2.1">
|
||
<p id="section-4.5.3-2.1.1">State components are individually encrypted with component-
|
||
specific keys.<a href="#section-4.5.3-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-4.5.3-2.2">
|
||
<p id="section-4.5.3-2.2.1">Only authorized components have their keys transmitted to the
|
||
destination.<a href="#section-4.5.3-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-4.5.3-2.3">
|
||
<p id="section-4.5.3-2.3.1">The destination cannot derive keys for withheld components
|
||
from the keys it receives.<a href="#section-4.5.3-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-4.5.3-2.4">
|
||
<p id="section-4.5.3-2.4.1">The migration ECT records which components were transferred,
|
||
enabling audit of information flow.<a href="#section-4.5.3-2.4.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
</section>
|
||
</div>
|
||
</section>
|
||
</div>
|
||
</section>
|
||
</div>
|
||
<div id="ect-integration">
|
||
<section id="section-5">
|
||
<h2 id="name-ect-integration">
|
||
<a href="#section-5" class="section-number selfRef">5. </a><a href="#name-ect-integration" class="section-name selfRef">ECT Integration</a>
|
||
</h2>
|
||
<div id="privacy-attestation-claims">
|
||
<section id="section-5.1">
|
||
<h3 id="name-privacy-attestation-claims">
|
||
<a href="#section-5.1" class="section-number selfRef">5.1. </a><a href="#name-privacy-attestation-claims" class="section-name selfRef">Privacy Attestation Claims</a>
|
||
</h3>
|
||
<p id="section-5.1-1">ECTs produced during federated learning rounds <span class="bcp14">MUST</span> include
|
||
privacy attestation claims in the <code>ext</code> field as defined in
|
||
<a href="#privacy-attestation-via-ect" class="auto internal xref">Section 3.3.4</a>. These claims enable any
|
||
verifier in the ECT chain to confirm that appropriate privacy
|
||
mechanisms were applied without accessing the underlying data.<a href="#section-5.1-1" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
<div id="migration-evidence-chain">
|
||
<section id="section-5.2">
|
||
<h3 id="name-migration-evidence-chain">
|
||
<a href="#section-5.2" class="section-number selfRef">5.2. </a><a href="#name-migration-evidence-chain" class="section-name selfRef">Migration Evidence Chain</a>
|
||
</h3>
|
||
<p id="section-5.2-1">Migration events produce a chain of three ECTs that together
|
||
provide a complete cryptographic record of the migration:<a href="#section-5.2-1" class="pilcrow">¶</a></p>
|
||
<span id="name-migration-ect-evidence-chai"></span><div id="fig-migration-ect-chain">
|
||
<figure id="figure-7">
|
||
<div class="alignLeft art-text artwork" id="section-5.2-2.1">
|
||
<pre>
|
||
ECT 1: exec_act = "migration_start"
|
||
- Records: trigger reason, source domain, agent ID
|
||
- par: references the agent's most recent operational ECT
|
||
|
||
ECT 2: exec_act = "migration_transfer"
|
||
- Records: state hash, components transferred, dest domain
|
||
- par: references ECT 1
|
||
- inp_hash: SHA-256 of serialized migration state
|
||
|
||
ECT 3: exec_act = "migration_complete"
|
||
- Records: verification result, new domain, resumed capabilities
|
||
- par: references ECT 2
|
||
- Issued by: destination environment
|
||
</pre>
|
||
</div>
|
||
<figcaption><a href="#figure-7" class="selfRef">Figure 7</a>:
|
||
<a href="#name-migration-ect-evidence-chai" class="selfRef">Migration ECT Evidence Chain</a>
|
||
</figcaption></figure>
|
||
</div>
|
||
<p id="section-5.2-3">This three-ECT chain ensures that migration events are
|
||
non-repudiable and auditable. Any party with access to the
|
||
ECT chain can verify that a migration occurred, what state was
|
||
transferred, and whether it completed successfully.<a href="#section-5.2-3" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
<div id="federation-participation-records">
|
||
<section id="section-5.3">
|
||
<h3 id="name-federation-participation-re">
|
||
<a href="#section-5.3" class="section-number selfRef">5.3. </a><a href="#name-federation-participation-re" class="section-name selfRef">Federation Participation Records</a>
|
||
</h3>
|
||
<p id="section-5.3-1">Each agent's participation in federated learning <span class="bcp14">MUST</span> be
|
||
recorded in the ECT DAG. The aggregation server issues a
|
||
per-round ECT with <code>exec_act</code> set to <code>"fed_aggregate"</code> and
|
||
<code>par</code> referencing the ECTs of all participating agents for
|
||
that round. This creates a verifiable record of federation
|
||
participation without revealing the content of individual
|
||
updates.<a href="#section-5.3-1" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
</section>
|
||
</div>
|
||
<div id="security-considerations">
|
||
<section id="section-6">
|
||
<h2 id="name-security-considerations">
|
||
<a href="#section-6" class="section-number selfRef">6. </a><a href="#name-security-considerations" class="section-name selfRef">Security Considerations</a>
|
||
</h2>
|
||
<div id="privacy-budget-exhaustion-attacks">
|
||
<section id="section-6.1">
|
||
<h3 id="name-privacy-budget-exhaustion-a">
|
||
<a href="#section-6.1" class="section-number selfRef">6.1. </a><a href="#name-privacy-budget-exhaustion-a" class="section-name selfRef">Privacy Budget Exhaustion Attacks</a>
|
||
</h3>
|
||
<p id="section-6.1-1">An attacker controlling the aggregation server or a quorum of
|
||
participants could attempt to exhaust a victim participant's
|
||
privacy budget by triggering excessive learning rounds.
|
||
Mitigations include:<a href="#section-6.1-1" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-6.1-2.1">
|
||
<p id="section-6.1-2.1.1">Participant-side rate limiting on round participation.<a href="#section-6.1-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-6.1-2.2">
|
||
<p id="section-6.1-2.2.1">Privacy budget enforcement at the participant, not solely
|
||
at the aggregation server.<a href="#section-6.1-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-6.1-2.3">
|
||
<p id="section-6.1-2.3.1">ECT-based audit trails enabling detection of abnormal round
|
||
frequency.<a href="#section-6.1-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
</section>
|
||
</div>
|
||
<div id="migration-hijacking">
|
||
<section id="section-6.2">
|
||
<h3 id="name-migration-hijacking">
|
||
<a href="#section-6.2" class="section-number selfRef">6.2. </a><a href="#name-migration-hijacking" class="section-name selfRef">Migration Hijacking</a>
|
||
</h3>
|
||
<p id="section-6.2-1">An attacker could attempt to redirect a migration to a
|
||
malicious destination. Mitigations include:<a href="#section-6.2-1" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-6.2-2.1">
|
||
<p id="section-6.2-2.1.1">Mutual TLS authentication between source and destination.<a href="#section-6.2-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-6.2-2.2">
|
||
<p id="section-6.2-2.2.1">Destination identity verification via SPIFFE ID in the
|
||
migration ECT.<a href="#section-6.2-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-6.2-2.3">
|
||
<p id="section-6.2-2.3.1">Operator confirmation for migrations to previously unknown
|
||
destinations.<a href="#section-6.2-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
</section>
|
||
</div>
|
||
<div id="state-tampering-during-transfer">
|
||
<section id="section-6.3">
|
||
<h3 id="name-state-tampering-during-tran">
|
||
<a href="#section-6.3" class="section-number selfRef">6.3. </a><a href="#name-state-tampering-during-tran" class="section-name selfRef">State Tampering During Transfer</a>
|
||
</h3>
|
||
<p id="section-6.3-1">An attacker with access to the network path could attempt to
|
||
modify the migration state in transit. Mitigations include:<a href="#section-6.3-1" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-6.3-2.1">
|
||
<p id="section-6.3-2.1.1">HMAC-SHA256 integrity protection of the serialized state.<a href="#section-6.3-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-6.3-2.2">
|
||
<p id="section-6.3-2.2.1">TLS 1.3 for transport security.<a href="#section-6.3-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-6.3-2.3">
|
||
<p id="section-6.3-2.3.1">Post-migration state verification at the destination.<a href="#section-6.3-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-6.3-2.4">
|
||
<p id="section-6.3-2.4.1">ECT <code>inp_hash</code> recording the expected state hash.<a href="#section-6.3-2.4.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
</section>
|
||
</div>
|
||
<div id="protocol-bridge-vulnerabilities">
|
||
<section id="section-6.4">
|
||
<h3 id="name-protocol-bridge-vulnerabili">
|
||
<a href="#section-6.4" class="section-number selfRef">6.4. </a><a href="#name-protocol-bridge-vulnerabili" class="section-name selfRef">Protocol Bridge Vulnerabilities</a>
|
||
</h3>
|
||
<p id="section-6.4-1">Protocol bridges are trusted intermediaries that could be
|
||
compromised to:<a href="#section-6.4-1" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-6.4-2.1">
|
||
<p id="section-6.4-2.1.1">Modify messages during translation.<a href="#section-6.4-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-6.4-2.2">
|
||
<p id="section-6.4-2.2.1">Exfiltrate sensitive data from translated messages.<a href="#section-6.4-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-6.4-2.3">
|
||
<p id="section-6.4-2.3.1">Inject malicious content into translated messages.<a href="#section-6.4-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
<p id="section-6.4-3">Mitigations include:<a href="#section-6.4-3" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-6.4-4.1">
|
||
<p id="section-6.4-4.1.1">ECT audit trails for all bridge translations.<a href="#section-6.4-4.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-6.4-4.2">
|
||
<p id="section-6.4-4.2.1">Input/output hash verification via <code>inp_hash</code>/<code>out_hash</code>.<a href="#section-6.4-4.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-6.4-4.3">
|
||
<p id="section-6.4-4.3.1">Bridge attestation using hardware security modules where
|
||
available.<a href="#section-6.4-4.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
</section>
|
||
</div>
|
||
<div id="federation-participant-compromise">
|
||
<section id="section-6.5">
|
||
<h3 id="name-federation-participant-comp">
|
||
<a href="#section-6.5" class="section-number selfRef">6.5. </a><a href="#name-federation-participant-comp" class="section-name selfRef">Federation Participant Compromise</a>
|
||
</h3>
|
||
<p id="section-6.5-1">A compromised participant could attempt to:<a href="#section-6.5-1" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-6.5-2.1">
|
||
<p id="section-6.5-2.1.1">Submit poisoned updates to corrupt the global model.<a href="#section-6.5-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-6.5-2.2">
|
||
<p id="section-6.5-2.2.1">Conduct inference attacks on other participants' updates
|
||
observed during ring topology forwarding.<a href="#section-6.5-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-6.5-2.3">
|
||
<p id="section-6.5-2.3.1">Collude with the aggregation server to bypass secure
|
||
aggregation.<a href="#section-6.5-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
<p id="section-6.5-3">Mitigations include:<a href="#section-6.5-3" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-6.5-4.1">
|
||
<p id="section-6.5-4.1.1">Byzantine-robust aggregation algorithms.<a href="#section-6.5-4.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-6.5-4.2">
|
||
<p id="section-6.5-4.2.1">Secure aggregation preventing server access to individual
|
||
updates.<a href="#section-6.5-4.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-6.5-4.3">
|
||
<p id="section-6.5-4.3.1">Anomaly detection on update distributions.<a href="#section-6.5-4.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-6.5-4.4">
|
||
<p id="section-6.5-4.4.1">ECT-based participation records enabling forensic analysis.<a href="#section-6.5-4.4.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
</section>
|
||
</div>
|
||
</section>
|
||
</div>
|
||
<div id="iana-considerations">
|
||
<section id="section-7">
|
||
<h2 id="name-iana-considerations">
|
||
<a href="#section-7" class="section-number selfRef">7. </a><a href="#name-iana-considerations" class="section-name selfRef">IANA Considerations</a>
|
||
</h2>
|
||
<p id="section-7-1">This document requests the following IANA registrations:<a href="#section-7-1" class="pilcrow">¶</a></p>
|
||
<div id="ect-action-type-registry">
|
||
<section id="section-7.1">
|
||
<h3 id="name-ect-action-type-registry">
|
||
<a href="#section-7.1" class="section-number selfRef">7.1. </a><a href="#name-ect-action-type-registry" class="section-name selfRef">ECT Action Type Registry</a>
|
||
</h3>
|
||
<p id="section-7.1-1">Registration of the following <code>exec_act</code> values in a future ECT
|
||
action type registry:<a href="#section-7.1-1" class="pilcrow">¶</a></p>
|
||
<table class="center" id="table-1">
|
||
<caption><a href="#table-1" class="selfRef">Table 1</a></caption>
|
||
<thead>
|
||
<tr>
|
||
<th class="text-left" rowspan="1" colspan="1">Value</th>
|
||
<th class="text-left" rowspan="1" colspan="1">Description</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="text-left" rowspan="1" colspan="1">migration_start</td>
|
||
<td class="text-left" rowspan="1" colspan="1">Agent migration initiated</td>
|
||
</tr>
|
||
<tr>
|
||
<td class="text-left" rowspan="1" colspan="1">migration_transfer</td>
|
||
<td class="text-left" rowspan="1" colspan="1">Agent state transferred</td>
|
||
</tr>
|
||
<tr>
|
||
<td class="text-left" rowspan="1" colspan="1">migration_complete</td>
|
||
<td class="text-left" rowspan="1" colspan="1">Agent migration completed</td>
|
||
</tr>
|
||
<tr>
|
||
<td class="text-left" rowspan="1" colspan="1">fed_aggregate</td>
|
||
<td class="text-left" rowspan="1" colspan="1">Federated learning round aggregated</td>
|
||
</tr>
|
||
<tr>
|
||
<td class="text-left" rowspan="1" colspan="1">bridge_translate</td>
|
||
<td class="text-left" rowspan="1" colspan="1">Protocol bridge translation</td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</section>
|
||
</div>
|
||
<div id="ect-extension-claims-registry">
|
||
<section id="section-7.2">
|
||
<h3 id="name-ect-extension-claims-regist">
|
||
<a href="#section-7.2" class="section-number selfRef">7.2. </a><a href="#name-ect-extension-claims-regist" class="section-name selfRef">ECT Extension Claims Registry</a>
|
||
</h3>
|
||
<p id="section-7.2-1">Registration of the following <code>ext</code> claim prefixes:<a href="#section-7.2-1" class="pilcrow">¶</a></p>
|
||
<table class="center" id="table-2">
|
||
<caption><a href="#table-2" class="selfRef">Table 2</a></caption>
|
||
<thead>
|
||
<tr>
|
||
<th class="text-left" rowspan="1" colspan="1">Prefix</th>
|
||
<th class="text-left" rowspan="1" colspan="1">Description</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td class="text-left" rowspan="1" colspan="1">fed.</td>
|
||
<td class="text-left" rowspan="1" colspan="1">Federated learning privacy claims</td>
|
||
</tr>
|
||
<tr>
|
||
<td class="text-left" rowspan="1" colspan="1">mig.</td>
|
||
<td class="text-left" rowspan="1" colspan="1">Migration-related claims</td>
|
||
</tr>
|
||
<tr>
|
||
<td class="text-left" rowspan="1" colspan="1">bridge.</td>
|
||
<td class="text-left" rowspan="1" colspan="1">Protocol bridge claims</td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
</section>
|
||
</div>
|
||
<div id="media-type-registration">
|
||
<section id="section-7.3">
|
||
<h3 id="name-media-type-registration">
|
||
<a href="#section-7.3" class="section-number selfRef">7.3. </a><a href="#name-media-type-registration" class="section-name selfRef">Media Type Registration</a>
|
||
</h3>
|
||
<p id="section-7.3-1">Registration of the following media type:<a href="#section-7.3-1" class="pilcrow">¶</a></p>
|
||
<ul class="normal">
|
||
<li class="normal" id="section-7.3-2.1">
|
||
<p id="section-7.3-2.1.1">Type name: application<a href="#section-7.3-2.1.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-7.3-2.2">
|
||
<p id="section-7.3-2.2.1">Subtype name: agent-migration-state+cbor<a href="#section-7.3-2.2.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-7.3-2.3">
|
||
<p id="section-7.3-2.3.1">Required parameters: none<a href="#section-7.3-2.3.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-7.3-2.4">
|
||
<p id="section-7.3-2.4.1">Optional parameters: version<a href="#section-7.3-2.4.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-7.3-2.5">
|
||
<p id="section-7.3-2.5.1">Encoding: binary (CBOR)<a href="#section-7.3-2.5.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
<li class="normal" id="section-7.3-2.6">
|
||
<p id="section-7.3-2.6.1">Purpose: Serialized agent migration state for cross-protocol
|
||
agent migration as defined in this document.<a href="#section-7.3-2.6.1" class="pilcrow">¶</a></p>
|
||
</li>
|
||
</ul>
|
||
</section>
|
||
</div>
|
||
</section>
|
||
</div>
|
||
<div id="sec-combined-references">
|
||
<section id="section-8">
|
||
<h2 id="name-references">
|
||
<a href="#section-8" class="section-number selfRef">8. </a><a href="#name-references" class="section-name selfRef">References</a>
|
||
</h2>
|
||
<div id="sec-normative-references">
|
||
<section id="section-8.1">
|
||
<h3 id="name-normative-references">
|
||
<a href="#section-8.1" class="section-number selfRef">8.1. </a><a href="#name-normative-references" class="section-name selfRef">Normative References</a>
|
||
</h3>
|
||
<dl class="references">
|
||
<dt id="I-D.nennemann-agent-dag-hitl-safety">[I-D.nennemann-agent-dag-hitl-safety]</dt>
|
||
<dd>
|
||
<span class="refTitle">"Agent Context Policy Token: DAG Delegation with Human Override"</span>, <span>n.d.</span>, <span><<a href="https://datatracker.ietf.org/doc/draft-nennemann-agent-dag-hitl-safety/">https://datatracker.ietf.org/doc/draft-nennemann-agent-dag-hitl-safety/</a>></span>. </dd>
|
||
<dd class="break"></dd>
|
||
<dt id="I-D.nennemann-wimse-ect">[I-D.nennemann-wimse-ect]</dt>
|
||
<dd>
|
||
<span class="refTitle">"Execution Context Tokens for Distributed Agentic Workflows"</span>, <span>n.d.</span>, <span><<a href="https://datatracker.ietf.org/doc/draft-nennemann-wimse-ect/">https://datatracker.ietf.org/doc/draft-nennemann-wimse-ect/</a>></span>. </dd>
|
||
<dd class="break"></dd>
|
||
<dt id="RFC2119">[RFC2119]</dt>
|
||
<dd>
|
||
<span class="refAuthor">Bradner, S.</span>, <span class="refTitle">"Key words for use in RFCs to Indicate Requirement Levels"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 2119</span>, <span class="seriesInfo">DOI 10.17487/RFC2119</span>, <time datetime="1997-03" class="refDate">March 1997</time>, <span><<a href="https://www.rfc-editor.org/rfc/rfc2119">https://www.rfc-editor.org/rfc/rfc2119</a>></span>. </dd>
|
||
<dd class="break"></dd>
|
||
<dt id="RFC7515">[RFC7515]</dt>
|
||
<dd>
|
||
<span class="refAuthor">Jones, M.</span>, <span class="refAuthor">Bradley, J.</span>, and <span class="refAuthor">N. Sakimura</span>, <span class="refTitle">"JSON Web Signature (JWS)"</span>, <span class="seriesInfo">RFC 7515</span>, <span class="seriesInfo">DOI 10.17487/RFC7515</span>, <time datetime="2015-05" class="refDate">May 2015</time>, <span><<a href="https://www.rfc-editor.org/rfc/rfc7515">https://www.rfc-editor.org/rfc/rfc7515</a>></span>. </dd>
|
||
<dd class="break"></dd>
|
||
<dt id="RFC7519">[RFC7519]</dt>
|
||
<dd>
|
||
<span class="refAuthor">Jones, M.</span>, <span class="refAuthor">Bradley, J.</span>, and <span class="refAuthor">N. Sakimura</span>, <span class="refTitle">"JSON Web Token (JWT)"</span>, <span class="seriesInfo">RFC 7519</span>, <span class="seriesInfo">DOI 10.17487/RFC7519</span>, <time datetime="2015-05" class="refDate">May 2015</time>, <span><<a href="https://www.rfc-editor.org/rfc/rfc7519">https://www.rfc-editor.org/rfc/rfc7519</a>></span>. </dd>
|
||
<dd class="break"></dd>
|
||
<dt id="RFC8174">[RFC8174]</dt>
|
||
<dd>
|
||
<span class="refAuthor">Leiba, B.</span>, <span class="refTitle">"Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 8174</span>, <span class="seriesInfo">DOI 10.17487/RFC8174</span>, <time datetime="2017-05" class="refDate">May 2017</time>, <span><<a href="https://www.rfc-editor.org/rfc/rfc8174">https://www.rfc-editor.org/rfc/rfc8174</a>></span>. </dd>
|
||
<dd class="break"></dd>
|
||
<dt id="RFC9110">[RFC9110]</dt>
|
||
<dd>
|
||
<span class="refAuthor">Fielding, R., Ed.</span>, <span class="refAuthor">Nottingham, M., Ed.</span>, and <span class="refAuthor">J. Reschke, Ed.</span>, <span class="refTitle">"HTTP Semantics"</span>, <span class="seriesInfo">STD 97</span>, <span class="seriesInfo">RFC 9110</span>, <span class="seriesInfo">DOI 10.17487/RFC9110</span>, <time datetime="2022-06" class="refDate">June 2022</time>, <span><<a href="https://www.rfc-editor.org/rfc/rfc9110">https://www.rfc-editor.org/rfc/rfc9110</a>></span>. </dd>
|
||
<dd class="break"></dd>
|
||
</dl>
|
||
</section>
|
||
</div>
|
||
<div id="sec-informative-references">
|
||
<section id="section-8.2">
|
||
<h3 id="name-informative-references">
|
||
<a href="#section-8.2" class="section-number selfRef">8.2. </a><a href="#name-informative-references" class="section-name selfRef">Informative References</a>
|
||
</h3>
|
||
<dl class="references">
|
||
<dt id="I-D.nennemann-agent-gap-analysis">[I-D.nennemann-agent-gap-analysis]</dt>
|
||
<dd>
|
||
<span class="refTitle">"Gap Analysis of IETF Agent-Related Drafts"</span>, <span>n.d.</span>, <span><<a href="https://datatracker.ietf.org/doc/draft-nennemann-agent-gap-analysis/">https://datatracker.ietf.org/doc/draft-nennemann-agent-gap-analysis/</a>></span>. </dd>
|
||
<dd class="break"></dd>
|
||
</dl>
|
||
</section>
|
||
</div>
|
||
</section>
|
||
</div>
|
||
<div id="acknowledgments">
|
||
<section id="appendix-A">
|
||
<h2 id="name-acknowledgments">
|
||
<a href="#name-acknowledgments" class="section-name selfRef">Acknowledgments</a>
|
||
</h2>
|
||
<p id="appendix-A-1">This document builds on the Execution Context Token specification
|
||
<span>[<a href="#I-D.nennemann-wimse-ect" class="cite xref">I-D.nennemann-wimse-ect</a>]</span> and the Agent Context Policy Token
|
||
<span>[<a href="#I-D.nennemann-agent-dag-hitl-safety" class="cite xref">I-D.nennemann-agent-dag-hitl-safety</a>]</span>. The gap analysis
|
||
<span>[<a href="#I-D.nennemann-agent-gap-analysis" class="cite xref">I-D.nennemann-agent-gap-analysis</a>]</span> identified the requirements
|
||
addressed by this document.<a href="#appendix-A-1" class="pilcrow">¶</a></p>
|
||
</section>
|
||
</div>
|
||
<div id="authors-addresses">
|
||
<section id="appendix-B">
|
||
<h2 id="name-authors-address">
|
||
<a href="#name-authors-address" class="section-name selfRef">Author's Address</a>
|
||
</h2>
|
||
<address class="vcard">
|
||
<div dir="auto" class="left"><span class="fn nameRole">Christian Nennemann</span></div>
|
||
<div dir="auto" class="left"><span class="org">Independent Researcher</span></div>
|
||
<div class="email">
|
||
<span>Email:</span>
|
||
<a href="mailto:ietf@nennemann.de" class="email">ietf@nennemann.de</a>
|
||
</div>
|
||
</address>
|
||
</section>
|
||
</div>
|
||
<script>const toc = document.getElementById("toc");
|
||
toc.querySelector("h2").addEventListener("click", e => {
|
||
toc.classList.toggle("active");
|
||
});
|
||
toc.querySelector("nav").addEventListener("click", e => {
|
||
toc.classList.remove("active");
|
||
});
|
||
</script>
|
||
</body>
|
||
</html>
|