c/ietf-draft-analyzer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
45cb13fbe865d47d21e1c65c8d41a2d237a8ed28
ietf-draft-analyzer/workspace/drafts/gap-analysis/draft-nennemann-agent-gap-analysis-00.html
Christian Nennemann 2506b6325a
Some checks failed
CI / test (3.11) (push) Failing after 1m37s
Details
CI / test (3.12) (push) Failing after 57s
Details
feat: add draft data, gap analysis report, and workspace config
2026-04-06 18:47:15 +02:00

2650 lines
109 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html lang="en" class="Internet-Draft">
<head>
<meta charset="utf-8">
<meta content="Common,Latin" name="scripts">
<meta content="initial-scale=1.0" name="viewport">
<title>Gap Analysis for Autonomous Agent Protocols</title>
<meta content="Christian Nennemann" name="author">
<meta content="
This document maps the IETF autonomous agent landscape,
identifies eleven gap areas where standardization is absent
or insufficient, and introduces six companion drafts that
address the most critical gaps. Over 260 IETF drafts touch
on agent communication, identity, safety, and operations,
yet no single reference architecture ties them together.
This gap analysis provides a structured roadmap for the
standards work needed to enable safe, interoperable, and
auditable autonomous agent ecosystems.
" name="description">
<meta content="xml2rfc 3.31.0" name="generator">
<meta content="draft-nennemann-agent-gap-analysis-00" name="ietf.draft">
<!-- Generator version information:
xml2rfc 3.31.0
Python 3.14.3
ConfigArgParse 1.7.1
google-i18n-address 3.1.1
intervaltree 3.2.1
Jinja2 3.1.6
lxml 6.0.2
platformdirs 4.9.2
pycountry 26.2.16
PyYAML 6.0.3
requests 2.32.5
wcwidth 0.6.0
-->
<link href="draft-nennemann-agent-gap-analysis-00.xml" rel="alternate" type="application/rfc+xml">
<link href="#copyright" rel="license">
<style type="text/css">/*
NOTE: Changes at the bottom of this file overrides some earlier settings.
Once the style has stabilized and has been adopted as an official RFC style,
this can be consolidated so that style settings occur only in one place, but
for now the contents of this file consists first of the initial CSS work as
provided to the RFC Formatter (xml2rfc) work, followed by itemized and
commented changes found necessary during the development of the v3
formatters.
*/
/* fonts */
@import url('https://static.ietf.org/fonts/noto-sans/import.css'); /* Sans-serif */
@import url('https://static.ietf.org/fonts/noto-serif/import.css'); /* Serif (print) */
@import url('https://static.ietf.org/fonts/roboto-mono/import.css'); /* Monospace */
:root {
--font-sans: 'Noto Sans', Arial, Helvetica, sans-serif;
--font-serif: 'Noto Serif', 'Times', 'Times New Roman', serif;
--font-mono: 'Roboto Mono', Courier, 'Courier New', monospace;
}
@viewport {
zoom: 1.0;
}
@-ms-viewport {
width: extend-to-zoom;
zoom: 1.0;
}
/* general and mobile first */
html {
}
body {
max-width: 90%;
margin: 1.5em auto;
color: #222;
background-color: #fff;
font-size: 14px;
font-family: var(--font-sans);
line-height: 1.6;
scroll-behavior: smooth;
overflow-wrap: break-word;
}
.ears {
display: none;
}
/* headings */
#title, h1, h2, h3, h4, h5, h6 {
margin: 1em 0 0.5em;
font-weight: bold;
line-height: 1.3;
}
#title {
clear: both;
border-bottom: 1px solid #ddd;
margin: 0 0 0.5em 0;
padding: 1em 0 0.5em;
}
.author {
padding-bottom: 4px;
}
h1 {
font-size: 26px;
margin: 1em 0;
}
h2 {
font-size: 22px;
margin-top: -20px; /* provide offset for in-page anchors */
padding-top: 33px;
}
h3 {
font-size: 18px;
margin-top: -36px; /* provide offset for in-page anchors */
padding-top: 42px;
}
h4 {
font-size: 16px;
margin-top: -36px; /* provide offset for in-page anchors */
padding-top: 42px;
}
h5, h6 {
font-size: 14px;
}
#n-copyright-notice {
border-bottom: 1px solid #ddd;
padding-bottom: 1em;
margin-bottom: 1em;
}
/* general structure */
p {
padding: 0;
margin: 0 0 1em 0;
text-align: left;
}
div, span {
position: relative;
}
div {
margin: 0;
}
.alignRight.art-text {
background-color: #f9f9f9;
border: 1px solid #eee;
border-radius: 3px;
padding: 1em 1em 0;
margin-bottom: 1.5em;
}
.alignRight.art-text pre {
padding: 0;
}
.alignRight {
margin: 1em 0;
}
.alignRight > *:first-child {
border: none;
margin: 0;
float: right;
clear: both;
}
.alignRight > *:nth-child(2) {
clear: both;
display: block;
border: none;
}
svg {
display: block;
}
@media print {
svg {
max-height: 850px;
max-width: 660px;
}
}
svg[font-family~="serif" i], svg [font-family~="serif" i] {
font-family: var(--font-serif);
}
svg[font-family~="sans-serif" i], svg [font-family~="sans-serif" i] {
font-family: var(--font-sans);
}
svg[font-family~="monospace" i], svg [font-family~="monospace" i] {
font-family: var(--font-mono);
}
.alignCenter.art-text {
background-color: #f9f9f9;
border: 1px solid #eee;
border-radius: 3px;
padding: 1em 1em 0;
margin-bottom: 1.5em;
}
.alignCenter.art-text pre {
padding: 0;
}
.alignCenter {
margin: 1em 0;
}
.alignCenter > *:first-child {
display: table;
border: none;
margin: 0 auto;
}
/* lists */
ol, ul {
padding: 0;
margin: 0 0 1em 2em;
}
ol ol, ul ul, ol ul, ul ol {
margin-left: 1em;
}
li {
margin: 0 0 0.25em 0;
}
.ulCompact li {
margin: 0;
}
ul.empty, .ulEmpty {
list-style-type: none;
}
ul.empty li, .ulEmpty li {
margin-top: 0.5em;
}
ul.ulBare, li.ulBare {
margin-left: 0em !important;
}
ul.compact, .ulCompact,
ol.compact, .olCompact {
line-height: 100%;
margin: 0 0 0 2em;
}
/* definition lists */
dl {
}
dl > dt {
float: left;
margin-right: 1em;
}
/*
dl.nohang > dt {
float: none;
}
*/
dl > dd {
margin-bottom: .8em;
min-height: 1.3em;
}
dl.compact > dd, .dlCompact > dd {
margin-bottom: 0em;
}
dl > dd > dl {
margin-top: 0.5em;
margin-bottom: 0em;
}
/* links */
a {
text-decoration: none;
}
a[href] {
color: #22e; /* Arlen: WCAG 2019 */
}
a[href]:hover {
background-color: #f2f2f2;
}
figcaption a[href],
a[href].selfRef {
color: #222;
}
/* XXX probably not this:
a.selfRef:hover {
background-color: transparent;
cursor: default;
} */
/* Figures */
tt, code, pre {
background-color: #f9f9f9;
font-family: var(--font-mono);
}
pre {
border: 1px solid #eee;
margin: 0;
padding: 1em;
}
img {
max-width: 100%;
}
figure {
margin: 0;
}
figure blockquote {
margin: 0.8em 0.4em 0.4em;
}
figcaption {
font-style: italic;
margin: 0 0 1em 0;
}
@media screen {
pre {
overflow-x: auto;
max-width: 100%;
max-width: calc(100% - 22px);
}
}
/* aside, blockquote */
aside, blockquote {
margin-left: 0;
padding: 1.2em 2em;
}
blockquote {
background-color: #f9f9f9;
color: #111; /* Arlen: WCAG 2019 */
border: 1px solid #ddd;
border-radius: 3px;
margin: 1em 0;
}
blockquote > *:last-child {
margin-bottom: 0;
}
cite {
display: block;
text-align: right;
font-style: italic;
}
.xref {
overflow-wrap: normal;
}
/* tables */
table {
width: 100%;
margin: 0 0 1em;
border-collapse: collapse;
border: 1px solid #eee;
}
th, td {
text-align: left;
vertical-align: top;
padding: 0.5em 0.75em;
}
th {
text-align: left;
background-color: #e9e9e9;
}
tr:nth-child(2n+1) > td {
background-color: #f5f5f5;
}
table caption {
font-style: italic;
margin: 0;
padding: 0;
text-align: left;
}
table p {
/* XXX to avoid bottom margin on table row signifiers. If paragraphs should
be allowed within tables more generally, it would be far better to select on a class. */
margin: 0;
}
/* pilcrow */
a.pilcrow {
color: #666; /* Arlen: AHDJ 2019 */
text-decoration: none;
visibility: hidden;
user-select: none;
-ms-user-select: none;
-o-user-select:none;
-moz-user-select: none;
-khtml-user-select: none;
-webkit-user-select: none;
-webkit-touch-callout: none;
}
@media screen {
aside:hover > a.pilcrow,
p:hover > a.pilcrow,
blockquote:hover > a.pilcrow,
div:hover > a.pilcrow,
li:hover > a.pilcrow,
pre:hover > a.pilcrow {
visibility: visible;
}
a.pilcrow:hover {
background-color: transparent;
}
}
/* misc */
hr {
border: 0;
border-top: 1px solid #eee;
}
.bcp14 {
font-variant: small-caps;
}
.role {
font-variant: all-small-caps;
}
/* info block */
#identifiers {
margin: 0;
font-size: 0.9em;
}
#identifiers dt {
width: 3em;
clear: left;
}
#identifiers dd {
float: left;
margin-bottom: 0;
}
/* Fix PDF info block run off issue */
@media print {
#identifiers dd {
max-width: 100%;
}
}
#identifiers .authors .author {
display: inline-block;
margin-right: 1.5em;
}
#identifiers .authors .org {
font-style: italic;
}
/* The prepared/rendered info at the very bottom of the page */
.docInfo {
color: #666; /* Arlen: WCAG 2019 */
font-size: 0.9em;
font-style: italic;
margin-top: 2em;
}
.docInfo .prepared {
float: left;
}
.docInfo .prepared {
float: right;
}
/* table of contents */
#toc {
padding: 0.75em 0 2em 0;
margin-bottom: 1em;
}
nav.toc ul {
margin: 0 0.5em 0 0;
padding: 0;
list-style: none;
}
nav.toc li {
line-height: 1.3em;
margin: 0.75em 0;
padding-left: 1.2em;
text-indent: -1.2em;
}
/* references */
.references dt {
text-align: right;
font-weight: bold;
min-width: 7em;
}
.references dd {
margin-left: 8em;
overflow: auto;
}
.refInstance {
margin-bottom: 1.25em;
}
.refSubseries {
margin-bottom: 1.25em;
}
.references .ascii {
margin-bottom: 0.25em;
}
/* index */
.index ul {
margin: 0 0 0 1em;
padding: 0;
list-style: none;
}
.index ul ul {
margin: 0;
}
.index li {
margin: 0;
text-indent: -2em;
padding-left: 2em;
padding-bottom: 5px;
}
.indexIndex {
margin: 0.5em 0 1em;
}
.index a {
font-weight: 700;
}
/* make the index two-column on all but the smallest screens */
@media (min-width: 600px) {
.index ul {
-moz-column-count: 2;
-moz-column-gap: 20px;
}
.index ul ul {
-moz-column-count: 1;
-moz-column-gap: 0;
}
}
/* authors */
address.vcard {
font-style: normal;
margin: 1em 0;
}
address.vcard .nameRole {
font-weight: 700;
margin-left: 0;
}
address.vcard .label {
font-family: var(--font-sans);
margin: 0.5em 0;
}
address.vcard .type {
display: none;
}
.alternative-contact {
margin: 1.5em 0 1em;
}
hr.addr {
border-top: 1px dashed;
margin: 0;
color: #ddd;
max-width: calc(100% - 16px);
}
/* temporary notes */
.rfcEditorRemove::before {
position: absolute;
top: 0.2em;
right: 0.2em;
padding: 0.2em;
content: "The RFC Editor will remove this note";
color: #9e2a00; /* Arlen: WCAG 2019 */
background-color: #ffd; /* Arlen: WCAG 2019 */
}
.rfcEditorRemove {
position: relative;
padding-top: 1.8em;
background-color: #ffd; /* Arlen: WCAG 2019 */
border-radius: 3px;
}
.cref {
background-color: #ffd; /* Arlen: WCAG 2019 */
padding: 2px 4px;
}
.crefSource {
font-style: italic;
}
/* alternative layout for smaller screens */
@media screen and (max-width: 1023px) {
body {
padding-top: 2em;
}
#title {
padding: 1em 0;
}
h1 {
font-size: 24px;
}
h2 {
font-size: 20px;
margin-top: -18px; /* provide offset for in-page anchors */
padding-top: 38px;
}
#identifiers dd {
max-width: 60%;
}
#toc {
position: fixed;
z-index: 2;
top: 0;
right: 0;
padding: 0;
margin: 0;
background-color: inherit;
border-bottom: 1px solid #ccc;
}
#toc h2 {
margin: -1px 0 0 0;
padding: 4px 0 4px 6px;
padding-right: 1em;
min-width: 190px;
font-size: 1.1em;
text-align: right;
background-color: #444;
color: white;
cursor: pointer;
}
#toc h2::before { /* css hamburger */
float: right;
position: relative;
width: 1em;
height: 1px;
left: -164px;
margin: 6px 0 0 0;
background: white none repeat scroll 0 0;
box-shadow: 0 4px 0 0 white, 0 8px 0 0 white;
content: "";
}
#toc nav {
display: none;
padding: 0.5em 1em 1em;
overflow: auto;
height: calc(100vh - 48px);
border-left: 1px solid #ddd;
}
}
/* alternative layout for wide screens */
@media screen and (min-width: 1024px) {
body {
max-width: 724px;
margin: 42px auto;
padding-left: 1.5em;
padding-right: 29em;
}
#toc {
position: fixed;
top: 42px;
right: 42px;
width: 25%;
margin: 0;
padding: 0 1em;
z-index: 1;
}
#toc h2 {
border-top: none;
border-bottom: 1px solid #ddd;
font-size: 1em;
font-weight: normal;
margin: 0;
padding: 0.25em 1em 1em 0;
}
#toc nav {
display: block;
height: calc(90vh - 84px);
bottom: 0;
padding: 0.5em 0 0;
overflow: auto;
}
img { /* future proofing */
max-width: 100%;
height: auto;
}
}
/* pagination */
@media print {
body {
width: 100%;
}
p {
orphans: 3;
widows: 3;
}
#n-copyright-notice {
border-bottom: none;
}
#toc, #n-introduction {
page-break-before: always;
}
#toc {
border-top: none;
padding-top: 0;
}
figure, pre {
page-break-inside: avoid;
}
figure {
overflow: scroll;
}
.breakable pre {
break-inside: auto;
}
h1, h2, h3, h4, h5, h6 {
page-break-after: avoid;
}
h2+*, h3+*, h4+*, h5+*, h6+* {
page-break-before: avoid;
}
pre {
white-space: pre-wrap;
word-wrap: break-word;
font-size: 10pt;
}
table {
border: 1px solid #ddd;
}
td {
border-top: 1px solid #ddd;
}
}
/* This is commented out here, as the string-set: doesn't
pass W3C validation currently */
/*
.ears thead .left {
string-set: ears-top-left content();
}
.ears thead .center {
string-set: ears-top-center content();
}
.ears thead .right {
string-set: ears-top-right content();
}
.ears tfoot .left {
string-set: ears-bottom-left content();
}
.ears tfoot .center {
string-set: ears-bottom-center content();
}
.ears tfoot .right {
string-set: ears-bottom-right content();
}
*/
@page :first {
padding-top: 0;
@top-left {
content: normal;
border: none;
}
@top-center {
content: normal;
border: none;
}
@top-right {
content: normal;
border: none;
}
}
@page {
size: A4;
margin-bottom: 45mm;
padding-top: 20px;
/* The following is commented out here, but set appropriately by in code, as
the content depends on the document */
/*
@top-left {
content: 'Internet-Draft';
vertical-align: bottom;
border-bottom: solid 1px #ccc;
}
@top-left {
content: string(ears-top-left);
vertical-align: bottom;
border-bottom: solid 1px #ccc;
}
@top-center {
content: string(ears-top-center);
vertical-align: bottom;
border-bottom: solid 1px #ccc;
}
@top-right {
content: string(ears-top-right);
vertical-align: bottom;
border-bottom: solid 1px #ccc;
}
@bottom-left {
content: string(ears-bottom-left);
vertical-align: top;
border-top: solid 1px #ccc;
}
@bottom-center {
content: string(ears-bottom-center);
vertical-align: top;
border-top: solid 1px #ccc;
}
@bottom-right {
content: '[Page ' counter(page) ']';
vertical-align: top;
border-top: solid 1px #ccc;
}
*/
}
/* Changes introduced to fix issues found during implementation */
/* Make sure links are clickable even if overlapped by following H* */
a {
z-index: 2;
}
/* Separate body from document info even without intervening H1 */
section {
clear: both;
}
/* Top align author divs, to avoid names without organization dropping level with org names */
.author {
vertical-align: top;
}
/* Leave room in document info to show Internet-Draft on one line */
#identifiers dt {
width: 8em;
}
/* Don't waste quite as much whitespace between label and value in doc info */
#identifiers dd {
margin-left: 1em;
}
/* Give floating toc a background color (needed when it's a div inside section */
#toc {
background-color: white;
}
/* Make the collapsed ToC header render white on gray also when it's a link */
@media screen and (max-width: 1023px) {
#toc h2 a,
#toc h2 a:link,
#toc h2 a:focus,
#toc h2 a:hover,
#toc a.toplink,
#toc a.toplink:hover {
color: white;
background-color: #444;
text-decoration: none;
}
}
/* Give the bottom of the ToC some whitespace */
@media screen and (min-width: 1024px) {
#toc {
padding: 0 0 1em 1em;
}
}
/* Style section numbers with more space between number and title */
.section-number {
padding-right: 0.5em;
}
/* prevent monospace from becoming overly large */
tt, code, pre {
font-size: 95%;
}
/* Fix the height/width aspect for ascii art*/
.sourcecode pre,
.art-text pre {
line-height: 1.12;
}
/* Add styling for a link in the ToC that points to the top of the document */
a.toplink {
float: right;
margin-right: 0.5em;
}
/* Fix the dl styling to match the RFC 7992 attributes */
dl > dt,
dl.dlParallel > dt {
float: left;
margin-right: 1em;
}
dl.dlNewline > dt {
float: none;
}
/* Provide styling for table cell text alignment */
table td.text-left,
table th.text-left {
text-align: left;
}
table td.text-center,
table th.text-center {
text-align: center;
}
table td.text-right,
table th.text-right {
text-align: right;
}
/* Make the alternative author contact information look less like just another
author, and group it closer with the primary author contact information */
.alternative-contact {
margin: 0.5em 0 0.25em 0;
}
address .non-ascii {
margin: 0 0 0 2em;
}
/* With it being possible to set tables with alignment
left, center, and right, { width: 100%; } does not make sense */
table {
width: auto;
}
/* Avoid reference text that sits in a block with very wide left margin,
because of a long floating dt label.*/
.references dd {
overflow: visible;
}
/* Control caption placement */
caption {
caption-side: bottom;
}
/* Limit the width of the author address vcard, so names in right-to-left
script don't end up on the other side of the page. */
address.vcard {
max-width: 30em;
margin-right: auto;
}
/* For address alignment dependent on LTR or RTL scripts */
address div.left {
text-align: left;
}
address div.right {
text-align: right;
}
/* Provide table alignment support. We can't use the alignX classes above
since they do unwanted things with caption and other styling. */
table.right {
margin-left: auto;
margin-right: 0;
}
table.center {
margin-left: auto;
margin-right: auto;
}
table.left {
margin-left: 0;
margin-right: auto;
}
/* Give the table caption label the same styling as the figcaption */
caption a[href] {
color: #222;
}
@media print {
.toplink {
display: none;
}
/* avoid overwriting the top border line with the ToC header */
#toc {
padding-top: 1px;
}
/* Avoid page breaks inside dl and author address entries */
.vcard {
page-break-inside: avoid;
}
}
/* Tweak the bcp14 keyword presentation */
.bcp14 {
font-variant: small-caps;
font-weight: bold;
font-size: 0.9em;
}
/* Tweak the invisible space above H* in order not to overlay links in text above */
h2 {
margin-top: -18px; /* provide offset for in-page anchors */
padding-top: 31px;
}
h3 {
margin-top: -18px; /* provide offset for in-page anchors */
padding-top: 24px;
}
h4 {
margin-top: -18px; /* provide offset for in-page anchors */
padding-top: 24px;
}
/* Float artwork pilcrow to the right */
@media screen {
.artwork a.pilcrow {
display: block;
line-height: 0.7;
margin-top: 0.15em;
}
}
/* Make pilcrows on dd visible */
@media screen {
dd:hover > a.pilcrow {
visibility: visible;
}
}
/* Make the placement of figcaption match that of a table's caption
by removing the figure's added bottom margin */
.alignLeft.art-text,
.alignCenter.art-text,
.alignRight.art-text {
margin-bottom: 0;
}
.alignLeft,
.alignCenter,
.alignRight {
margin: 1em 0 0 0;
}
/* In print, the pilcrow won't show on hover, so prevent it from taking up space,
possibly even requiring a new line */
@media print {
a.pilcrow {
display: none;
}
}
/* Styling for the external metadata */
div#external-metadata {
background-color: #eee;
padding: 0.5em;
margin-bottom: 0.5em;
display: none;
}
div#internal-metadata {
padding: 0.5em; /* to match the external-metadata padding */
}
/* Styling for title RFC Number */
h1#rfcnum {
clear: both;
margin: 0 0 -1em;
padding: 1em 0 0 0;
}
/* Make .olPercent look the same as <ol><li> */
dl.olPercent > dd {
margin-bottom: 0.25em;
min-height: initial;
}
/* Give aside some styling to set it apart */
aside {
border-left: 1px solid #ddd;
margin: 1em 0 1em 2em;
padding: 0.2em 2em;
}
aside > dl,
aside > ol,
aside > ul,
aside > table,
aside > p {
margin-bottom: 0.5em;
}
/* Additional page break settings */
@media print {
figcaption, table caption {
page-break-before: avoid;
}
}
/* Font size adjustments for print */
@media print {
body { font-size: 10pt; line-height: normal; max-width: 96%; }
h1 { font-size: 1.72em; padding-top: 1.5em; } /* 1*1.2*1.2*1.2 */
h2 { font-size: 1.44em; padding-top: 1.5em; } /* 1*1.2*1.2 */
h3 { font-size: 1.2em; padding-top: 1.5em; } /* 1*1.2 */
h4 { font-size: 1em; padding-top: 1.5em; }
h5, h6 { font-size: 1em; margin: initial; padding: 0.5em 0 0.3em; }
}
/* Sourcecode margin in print, when there's no pilcrow */
@media print {
.artwork,
.artwork > pre,
.sourcecode {
margin-bottom: 1em;
}
}
/* Avoid narrow tables forcing too narrow table captions, which may render badly */
table {
min-width: 20em;
}
/* ol type a */
ol.type-a { list-style-type: lower-alpha; }
ol.type-A { list-style-type: upper-alpha; }
ol.type-i { list-style-type: lower-roman; }
ol.type-I { list-style-type: upper-roman; }
/* Apply the print table and row borders in general, on request from the RPC,
and increase the contrast between border and odd row background slightly */
table {
border: 1px solid #ddd;
}
td {
border-top: 1px solid #ddd;
}
tr {
break-inside: avoid;
}
tr:nth-child(2n+1) > td {
background-color: #f8f8f8;
}
/* Use style rules to govern display of the TOC. */
@media screen and (max-width: 1023px) {
#toc nav { display: none; }
#toc.active nav { display: block; }
}
/* Add support for keepWithNext */
.keepWithNext {
break-after: avoid-page;
break-after: avoid-page;
}
/* Add support for keepWithPrevious */
.keepWithPrevious {
break-before: avoid-page;
}
/* Change the approach to avoiding breaks inside artwork etc. */
figure, pre, table, .artwork, .sourcecode {
break-before: auto;
break-after: auto;
}
/* Avoid breaks between <dt> and <dd> */
dl {
break-before: auto;
break-inside: auto;
}
dt {
break-before: auto;
break-after: avoid-page;
}
dd {
break-before: avoid-page;
break-after: auto;
orphans: 3;
widows: 3
}
span.break, dd.break {
margin-bottom: 0;
min-height: 0;
break-before: auto;
break-inside: auto;
break-after: auto;
}
/* Undo break-before ToC */
@media print {
#toc {
break-before: auto;
}
}
/* Text in compact lists should not get extra bottom margin space,
since that would makes the list not compact */
ul.compact p, .ulCompact p,
ol.compact p, .olCompact p {
margin: 0;
}
/* But the list as a whole needs the extra space at the end */
section ul.compact,
section .ulCompact,
section ol.compact,
section .olCompact {
margin-bottom: 1em; /* same as p not within ul.compact etc. */
}
/* The tt and code background above interferes with for instance table cell
backgrounds. Changed to something a bit more selective. */
tt, code {
background-color: transparent;
}
p tt, p code, li tt, li code, dt tt, dt code {
background-color: #f8f8f8;
}
/* Tweak the pre margin -- 0px doesn't come out well */
pre {
margin-top: 0.5px;
}
/* Tweak the compact list text */
ul.compact, .ulCompact,
ol.compact, .olCompact,
dl.compact, .dlCompact {
line-height: normal;
}
/* Don't add top margin for nested lists */
li > ul, li > ol, li > dl,
dd > ul, dd > ol, dd > dl,
dl > dd > dl {
margin-top: initial;
}
/* Elements that should not be rendered on the same line as a <dt> */
/* This should match the element list in writer.text.TextWriter.render_dl() */
dd > div.artwork:first-child,
dd > aside:first-child,
dd > blockquote:first-child,
dd > figure:first-child,
dd > ol:first-child,
dd > div.sourcecode:first-child,
dd > table:first-child,
dd > ul:first-child {
clear: left;
}
/* fix for weird browser behaviour when <dd/> is empty */
dt+dd:empty::before{
content: "\00a0";
}
/* Make paragraph spacing inside <li> smaller than in body text, to fit better within the list */
li > p {
margin-bottom: 0.5em
}
/* Don't let p margin spill out from inside list items */
li > p:last-of-type:only-child {
margin-bottom: 0;
}
</style>
<link href="rfc-local.css" rel="stylesheet" type="text/css">
<script type="application/javascript">async function addMetadata(){try{const e=document.styleSheets[0].cssRules;for(let t=0;t<e.length;t++)if(/#identifiers/.exec(e[t].selectorText)){const a=e[t].cssText.replace("#identifiers","#external-updates");document.styleSheets[0].insertRule(a,document.styleSheets[0].cssRules.length)}}catch(e){console.log(e)}const e=document.getElementById("external-metadata");if(e)try{var t,a="",o=function(e){const t=document.getElementsByTagName("meta");for(let a=0;a<t.length;a++)if(t[a].getAttribute("name")===e)return t[a].getAttribute("content");return""}("rfc.number");if(o){t="https://www.rfc-editor.org/rfc/rfc"+o+".json";try{const e=await fetch(t);a=await e.json()}catch(e){t=document.URL.indexOf("html")>=0?document.URL.replace(/html$/,"json"):document.URL+".json";const o=await fetch(t);a=await o.json()}}if(!a)return;e.style.display="block";const s="",d="https://datatracker.ietf.org/doc",n="https://datatracker.ietf.org/ipr/search",c="https://www.rfc-editor.org/info",l=a.doc_id.toLowerCase(),i=a.doc_id.slice(0,3).toLowerCase(),f=a.doc_id.slice(3).replace(/^0+/,""),u={status:"Status",obsoletes:"Obsoletes",obsoleted_by:"Obsoleted By",updates:"Updates",updated_by:"Updated By",see_also:"See Also",errata_url:"Errata"};let h="<dl style='overflow:hidden' id='external-updates'>";["status","obsoletes","obsoleted_by","updates","updated_by","see_also","errata_url"].forEach(e=>{if("status"==e){a[e]=a[e].toLowerCase();var t=a[e].split(" "),o=t.length,w="",p=1;for(let e=0;e<o;e++)p<o?w=w+r(t[e])+" ":w+=r(t[e]),p++;a[e]=w}else if("obsoletes"==e||"obsoleted_by"==e||"updates"==e||"updated_by"==e){var g,m="",b=1;g=a[e].length;for(let t=0;t<g;t++)a[e][t]&&(a[e][t]=String(a[e][t]).toLowerCase(),m=b<g?m+"<a href='"+s+"/rfc/".concat(a[e][t])+"'>"+a[e][t].slice(3)+"</a>, ":m+"<a href='"+s+"/rfc/".concat(a[e][t])+"'>"+a[e][t].slice(3)+"</a>",b++);a[e]=m}else if("see_also"==e){var y,L="",C=1;y=a[e].length;for(let t=0;t<y;t++)if(a[e][t]){a[e][t]=String(a[e][t]);var _=a[e][t].slice(0,3),v=a[e][t].slice(3).replace(/^0+/,"");L=C<y?"RFC"!=_?L+"<a href='"+s+"/info/"+_.toLowerCase().concat(v.toLowerCase())+"'>"+_+" "+v+"</a>, ":L+"<a href='"+s+"/info/"+_.toLowerCase().concat(v.toLowerCase())+"'>"+v+"</a>, ":"RFC"!=_?L+"<a href='"+s+"/info/"+_.toLowerCase().concat(v.toLowerCase())+"'>"+_+" "+v+"</a>":L+"<a href='"+s+"/info/"+_.toLowerCase().concat(v.toLowerCase())+"'>"+v+"</a>",C++}a[e]=L}else if("errata_url"==e){var R="";R=a[e]?R+"<a href='"+a[e]+"'>Errata exist</a> | <a href='"+d+"/"+l+"'>Datatracker</a>| <a href='"+n+"/?"+i+"="+f+"&submit="+i+"'>IPR</a> | <a href='"+c+"/"+l+"'>Info page</a>":"<a href='"+d+"/"+l+"'>Datatracker</a> | <a href='"+n+"/?"+i+"="+f+"&submit="+i+"'>IPR</a> | <a href='"+c+"/"+l+"'>Info page</a>",a[e]=R}""!=a[e]?"Errata"==u[e]?h+=`<dt>More info:</dt><dd>${a[e]}</dd>`:h+=`<dt>${u[e]}:</dt><dd>${a[e]}</dd>`:"Errata"==u[e]&&(h+=`<dt>More info:</dt><dd>${a[e]}</dd>`)}),h+="</dl>",e.innerHTML=h}catch(e){console.log(e)}else console.log("Could not locate metadata <div> element");function r(e){return e.charAt(0).toUpperCase()+e.slice(1)}}window.removeEventListener("load",addMetadata),window.addEventListener("load",addMetadata);</script>
</head>
<body class="xml2rfc">
<table class="ears">
<thead><tr>
<td class="left">Internet-Draft</td>
<td class="center">Agent Gap Analysis</td>
<td class="right">March 2026</td>
</tr></thead>
<tfoot><tr>
<td class="left">Nennemann</td>
<td class="center">Expires 7 September 2026</td>
<td class="right">[Page]</td>
</tr></tfoot>
</table>
<div id="external-metadata" class="document-information"></div>
<div id="internal-metadata" class="document-information">
<dl id="identifiers">
<dt class="label-workgroup">Workgroup:</dt>
<dd class="workgroup">NMOP</dd>
<dt class="label-internet-draft">Internet-Draft:</dt>
<dd class="internet-draft">draft-nennemann-agent-gap-analysis-00</dd>
<dt class="label-published">Published:</dt>
<dd class="published">
<time datetime="2026-03-06" class="published">6 March 2026</time>
</dd>
<dt class="label-intended-status">Intended Status:</dt>
<dd class="intended-status">Informational</dd>
<dt class="label-expires">Expires:</dt>
<dd class="expires"><time datetime="2026-09-07">7 September 2026</time></dd>
<dt class="label-authors">Author:</dt>
<dd class="authors">
<div class="author">
<div class="author-name">C. Nennemann</div>
<div class="org">Independent Researcher</div>
</div>
</dd>
</dl>
</div>
<h1 id="title">Gap Analysis for Autonomous Agent Protocols</h1>
<section id="section-abstract">
<h2 id="abstract"><a href="#abstract" class="selfRef">Abstract</a></h2>
<p id="section-abstract-1">This document maps the IETF autonomous agent landscape,
identifies eleven gap areas where standardization is absent
or insufficient, and introduces six companion drafts that
address the most critical gaps. Over 260 IETF drafts touch
on agent communication, identity, safety, and operations,
yet no single reference architecture ties them together.
This gap analysis provides a structured roadmap for the
standards work needed to enable safe, interoperable, and
auditable autonomous agent ecosystems.<a href="#section-abstract-1" class="pilcrow"></a></p>
</section>
<div id="status-of-memo">
<section id="section-boilerplate.1">
<h2 id="name-status-of-this-memo">
<a href="#name-status-of-this-memo" class="section-name selfRef">Status of This Memo</a>
</h2>
<p id="section-boilerplate.1-1">
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.<a href="#section-boilerplate.1-1" class="pilcrow"></a></p>
<p id="section-boilerplate.1-2">
Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF). Note that other groups may also distribute working
documents as Internet-Drafts. The list of current Internet-Drafts is
at <span><a href="https://datatracker.ietf.org/drafts/current/">https://datatracker.ietf.org/drafts/current/</a></span>.<a href="#section-boilerplate.1-2" class="pilcrow"></a></p>
<p id="section-boilerplate.1-3">
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow"></a></p>
<p id="section-boilerplate.1-4">
This Internet-Draft will expire on 7 September 2026.<a href="#section-boilerplate.1-4" class="pilcrow"></a></p>
</section>
</div>
<div id="copyright">
<section id="section-boilerplate.2">
<h2 id="name-copyright-notice">
<a href="#name-copyright-notice" class="section-name selfRef">Copyright Notice</a>
</h2>
<p id="section-boilerplate.2-1">
Copyright (c) 2026 IETF Trust and the persons identified as the
document authors. All rights reserved.<a href="#section-boilerplate.2-1" class="pilcrow"></a></p>
<p id="section-boilerplate.2-2">
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(<span><a href="https://trustee.ietf.org/license-info">https://trustee.ietf.org/license-info</a></span>) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with
respect to this document. Code Components extracted from this
document must include Revised BSD License text as described in
Section 4.e of the Trust Legal Provisions and are provided without
warranty as described in the Revised BSD License.<a href="#section-boilerplate.2-2" class="pilcrow"></a></p>
</section>
</div>
<div id="toc">
<section id="section-toc.1">
<a href="#" onclick="scroll(0,0)" class="toplink"></a><h2 id="name-table-of-contents">
<a href="#name-table-of-contents" class="section-name selfRef">Table of Contents</a>
</h2>
<nav class="toc"><ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.1">
<p id="section-toc.1-1.1.1" class="keepWithNext"><a href="#section-1" class="auto internal xref">1</a>.  <a href="#name-introduction" class="internal xref">Introduction</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.2">
<p id="section-toc.1-1.2.1" class="keepWithNext"><a href="#section-2" class="auto internal xref">2</a>.  <a href="#name-terminology" class="internal xref">Terminology</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3">
<p id="section-toc.1-1.3.1" class="keepWithNext"><a href="#section-3" class="auto internal xref">3</a>.  <a href="#name-reference-architecture" class="internal xref">Reference Architecture</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4">
<p id="section-toc.1-1.4.1"><a href="#section-4" class="auto internal xref">4</a>.  <a href="#name-existing-ietf-work" class="internal xref">Existing IETF Work</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.1">
<p id="section-toc.1-1.4.2.1.1"><a href="#section-4.1" class="auto internal xref">4.1</a>.  <a href="#name-wimse-workload-identity-in-" class="internal xref">WIMSE (Workload Identity in Multi-System Environments)</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2">
<p id="section-toc.1-1.4.2.2.1"><a href="#section-4.2" class="auto internal xref">4.2</a>.  <a href="#name-rats-remote-attestation-pro" class="internal xref">RATS (Remote ATtestation procedureS)</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.3">
<p id="section-toc.1-1.4.2.3.1"><a href="#section-4.3" class="auto internal xref">4.3</a>.  <a href="#name-oauth-and-gnap" class="internal xref">OAuth and GNAP</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.4">
<p id="section-toc.1-1.4.2.4.1"><a href="#section-4.4" class="auto internal xref">4.4</a>.  <a href="#name-scitt-supply-chain-integrit" class="internal xref">SCITT (Supply Chain Integrity, Transparency, and Trust)</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.5">
<p id="section-toc.1-1.4.2.5.1"><a href="#section-4.5" class="auto internal xref">4.5</a>.  <a href="#name-nmop-network-management-ope" class="internal xref">NMOP (Network Management Operations)</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.6">
<p id="section-toc.1-1.4.2.6.1"><a href="#section-4.6" class="auto internal xref">4.6</a>.  <a href="#name-industry-protocols-a2a-and-" class="internal xref">Industry Protocols: A2A and MCP</a></p>
</li>
</ul>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5">
<p id="section-toc.1-1.5.1"><a href="#section-5" class="auto internal xref">5</a>.  <a href="#name-gap-analysis" class="internal xref">Gap Analysis</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.1">
<p id="section-toc.1-1.5.2.1.1"><a href="#section-5.1" class="auto internal xref">5.1</a>.  <a href="#name-gap-1-agent-behavioral-veri" class="internal xref">Gap 1: Agent Behavioral Verification</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.2">
<p id="section-toc.1-1.5.2.2.1"><a href="#section-5.2" class="auto internal xref">5.2</a>.  <a href="#name-gap-2-agent-failure-cascade" class="internal xref">Gap 2: Agent Failure Cascade Prevention</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.3">
<p id="section-toc.1-1.5.2.3.1"><a href="#section-5.3" class="auto internal xref">5.3</a>.  <a href="#name-gap-3-multi-agent-consensus" class="internal xref">Gap 3: Multi-Agent Consensus Protocols</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.4">
<p id="section-toc.1-1.5.2.4.1"><a href="#section-5.4" class="auto internal xref">5.4</a>.  <a href="#name-gap-4-real-time-agent-rollb" class="internal xref">Gap 4: Real-Time Agent Rollback Mechanisms</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.5">
<p id="section-toc.1-1.5.2.5.1"><a href="#section-5.5" class="auto internal xref">5.5</a>.  <a href="#name-gap-5-federated-agent-learn" class="internal xref">Gap 5: Federated Agent Learning Privacy</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.6">
<p id="section-toc.1-1.5.2.6.1"><a href="#section-5.6" class="auto internal xref">5.6</a>.  <a href="#name-gap-6-cross-domain-agent-au" class="internal xref">Gap 6: Cross-Domain Agent Audit Trails</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.7">
<p id="section-toc.1-1.5.2.7.1"><a href="#section-5.7" class="auto internal xref">5.7</a>.  <a href="#name-gap-7-human-override-standa" class="internal xref">Gap 7: Human Override Standardization</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.8">
<p id="section-toc.1-1.5.2.8.1"><a href="#section-5.8" class="auto internal xref">5.8</a>.  <a href="#name-gap-8-cross-protocol-agent-" class="internal xref">Gap 8: Cross-Protocol Agent Migration</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.9">
<p id="section-toc.1-1.5.2.9.1"><a href="#section-5.9" class="auto internal xref">5.9</a>.  <a href="#name-gap-9-agent-resource-accoun" class="internal xref">Gap 9: Agent Resource Accounting and Billing</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.10">
<p id="section-toc.1-1.5.2.10.1"><a href="#section-5.10" class="auto internal xref">5.10</a>. <a href="#name-gap-10-agent-capability-neg" class="internal xref">Gap 10: Agent Capability Negotiation</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.5.2.11">
<p id="section-toc.1-1.5.2.11.1"><a href="#section-5.11" class="auto internal xref">5.11</a>. <a href="#name-gap-11-agent-performance-be" class="internal xref">Gap 11: Agent Performance Benchmarking</a></p>
</li>
</ul>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.6">
<p id="section-toc.1-1.6.1"><a href="#section-6" class="auto internal xref">6</a>.  <a href="#name-companion-draft-roadmap" class="internal xref">Companion Draft Roadmap</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.7">
<p id="section-toc.1-1.7.1"><a href="#section-7" class="auto internal xref">7</a>.  <a href="#name-security-considerations" class="internal xref">Security Considerations</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.8">
<p id="section-toc.1-1.8.1"><a href="#section-8" class="auto internal xref">8</a>.  <a href="#name-iana-considerations" class="internal xref">IANA Considerations</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.9">
<p id="section-toc.1-1.9.1"><a href="#section-9" class="auto internal xref">9</a>.  <a href="#name-references" class="internal xref">References</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.9.2.1">
<p id="section-toc.1-1.9.2.1.1"><a href="#section-9.1" class="auto internal xref">9.1</a>.  <a href="#name-normative-references" class="internal xref">Normative References</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.9.2.2">
<p id="section-toc.1-1.9.2.2.1"><a href="#section-9.2" class="auto internal xref">9.2</a>.  <a href="#name-informative-references" class="internal xref">Informative References</a></p>
</li>
</ul>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10">
<p id="section-toc.1-1.10.1"><a href="#appendix-A" class="auto internal xref">Appendix A</a>.  <a href="#name-acknowledgments" class="internal xref">Acknowledgments</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.11">
<p id="section-toc.1-1.11.1"><a href="#appendix-B" class="auto internal xref"></a><a href="#name-authors-address" class="internal xref">Author's Address</a></p>
</li>
</ul>
</nav>
</section>
</div>
<div id="introduction">
<section id="section-1">
<h2 id="name-introduction">
<a href="#section-1" class="section-number selfRef">1. </a><a href="#name-introduction" class="section-name selfRef">Introduction</a>
</h2>
<p id="section-1-1">Autonomous software agents are increasingly deployed in
network management, cloud orchestration, supply-chain
logistics, and AI-driven workflows. Over 260 IETF drafts
touch on aspects of agent communication, identity, safety,
and operations. However, these efforts remain fragmented:
no single reference architecture ties them together, and
several critical capabilities lack any standardization at
all.<a href="#section-1-1" class="pilcrow"></a></p>
<p id="section-1-2">This document provides three contributions:<a href="#section-1-2" class="pilcrow"></a></p>
<ol start="1" type="1" class="normal type-1" id="section-1-3">
<li id="section-1-3.1">
<p id="section-1-3.1.1">A reference architecture that organizes agent
capabilities into layers (Section 3).<a href="#section-1-3.1.1" class="pilcrow"></a></p>
</li>
<li id="section-1-3.2">
<p id="section-1-3.2.1">A survey of existing IETF work relevant to autonomous
agents (Section 4).<a href="#section-1-3.2.1" class="pilcrow"></a></p>
</li>
<li id="section-1-3.3">
<p id="section-1-3.3.1">A gap analysis identifying eleven areas where new or
extended standards are needed, together with a roadmap
of six companion drafts that address the most critical
gaps (Sections 5 and 6).<a href="#section-1-3.3.1" class="pilcrow"></a></p>
</li>
</ol>
<p id="section-1-4">The intended audience includes working group chairs,
area directors, and protocol designers evaluating where
autonomous-agent standardization efforts should focus.<a href="#section-1-4" class="pilcrow"></a></p>
</section>
</div>
<div id="terminology">
<section id="section-2">
<h2 id="name-terminology">
<a href="#section-2" class="section-number selfRef">2. </a><a href="#name-terminology" class="section-name selfRef">Terminology</a>
</h2>
<p id="section-2-1">The key words "<span class="bcp14">MUST</span>", "<span class="bcp14">MUST NOT</span>", "<span class="bcp14">REQUIRED</span>", "<span class="bcp14">SHALL</span>",
"<span class="bcp14">SHALL NOT</span>", "<span class="bcp14">SHOULD</span>", "<span class="bcp14">SHOULD NOT</span>", "<span class="bcp14">RECOMMENDED</span>",
"<span class="bcp14">NOT RECOMMENDED</span>", "<span class="bcp14">MAY</span>", and "<span class="bcp14">OPTIONAL</span>" in this document
are to be interpreted as described in BCP 14 <span>[<a href="#RFC2119" class="cite xref">RFC2119</a>]</span>
<span>[<a href="#RFC8174" class="cite xref">RFC8174</a>]</span> when, and only when, they appear in all
capitals, as shown here.<a href="#section-2-1" class="pilcrow"></a></p>
<p id="section-2-2">The key words "<span class="bcp14">MUST</span>", "<span class="bcp14">MUST NOT</span>", "<span class="bcp14">REQUIRED</span>", "<span class="bcp14">SHALL</span>", "<span class="bcp14">SHALL NOT</span>", "<span class="bcp14">SHOULD</span>", "<span class="bcp14">SHOULD NOT</span>", "<span class="bcp14">RECOMMENDED</span>", "<span class="bcp14">NOT RECOMMENDED</span>",
"<span class="bcp14">MAY</span>", and "<span class="bcp14">OPTIONAL</span>" in this document are to be interpreted as
described in BCP 14 <span>[<a href="#RFC2119" class="cite xref">RFC2119</a>]</span> <span>[<a href="#RFC8174" class="cite xref">RFC8174</a>]</span> when, and only when, they
appear in all capitals, as shown here.<a href="#section-2-2" class="pilcrow"></a></p>
<p id="section-2-3">The following terms are used throughout this document:<a href="#section-2-3" class="pilcrow"></a></p>
<span class="break"></span><dl class="dlParallel" id="section-2-4">
<dt id="section-2-4.1">Agent:</dt>
<dd style="margin-left: 1.5em" id="section-2-4.2">
<p id="section-2-4.2.1">A software component that acts on behalf of a principal
(human or organizational) to perform tasks, communicate
with other agents, or interact with external systems.<a href="#section-2-4.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-4.3">Autonomous Agent:</dt>
<dd style="margin-left: 1.5em" id="section-2-4.4">
<p id="section-2-4.4.1">An agent capable of executing multi-step tasks without
continuous human supervision, including making decisions
based on policy, context, and environmental state.<a href="#section-2-4.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-4.5">Agent Ecosystem:</dt>
<dd style="margin-left: 1.5em" id="section-2-4.6">
<p id="section-2-4.6.1">The set of agents, their principals, the policies that
govern them, and the infrastructure services (identity,
discovery, audit) they rely on.<a href="#section-2-4.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-4.7">DAG (Directed Acyclic Graph):</dt>
<dd style="margin-left: 1.5em" id="section-2-4.8">
<p id="section-2-4.8.1">A graph structure used to represent multi-step agent
execution plans where tasks have dependency ordering
but no circular dependencies.<a href="#section-2-4.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-4.9">HITL (Human-in-the-Loop):</dt>
<dd style="margin-left: 1.5em" id="section-2-4.10">
<p id="section-2-4.10.1">A control pattern in which a human operator must
approve, modify, or reject an agent action before
it takes effect.<a href="#section-2-4.10.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-4.11">ECT (Execution Context Token):</dt>
<dd style="margin-left: 1.5em" id="section-2-4.12">
<p id="section-2-4.12.1">A cryptographically signed token that carries the
execution context (task identity, delegated authority,
constraints) for an agent action. See
<span>[<a href="#I-D.nennemann-wimse-ect" class="cite xref">I-D.nennemann-wimse-ect</a>]</span>.<a href="#section-2-4.12.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-4.13">ACP (Agent Context Policy):</dt>
<dd style="margin-left: 1.5em" id="section-2-4.14">
<p id="section-2-4.14.1">A policy document that specifies permitted behaviors,
resource limits, and escalation rules for an agent
within a given execution context. See
<span>[<a href="#I-D.nennemann-agent-dag-hitl-safety" class="cite xref">I-D.nennemann-agent-dag-hitl-safety</a>]</span>.<a href="#section-2-4.14.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-4.15">Behavioral Attestation:</dt>
<dd style="margin-left: 1.5em" id="section-2-4.16">
<p id="section-2-4.16.1">A verifiable claim that an agent's runtime behavior
conforms to a declared policy or behavioral profile.<a href="#section-2-4.16.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-4.17">Cascade Failure:</dt>
<dd style="margin-left: 1.5em" id="section-2-4.18">
<p id="section-2-4.18.1">A failure mode in which an error in one agent
propagates through a multi-agent workflow, causing
successive agents to fail or produce incorrect
results.<a href="#section-2-4.18.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-4.19">Consensus Protocol:</dt>
<dd style="margin-left: 1.5em" id="section-2-4.20">
<p id="section-2-4.20.1">A protocol by which multiple agents reach agreement
on a shared decision, state, or action plan.<a href="#section-2-4.20.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-2-4.21">Override Signal:</dt>
<dd style="margin-left: 1.5em" id="section-2-4.22">
<p id="section-2-4.22.1">A message from a human operator or supervisory system
that instructs an agent to halt, modify, or roll back
its current action.<a href="#section-2-4.22.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="reference-architecture">
<section id="section-3">
<h2 id="name-reference-architecture">
<a href="#section-3" class="section-number selfRef">3. </a><a href="#name-reference-architecture" class="section-name selfRef">Reference Architecture</a>
</h2>
<p id="section-3-1">The following diagram presents a layered reference
architecture for autonomous agent ecosystems. Each layer
identifies the relevant gap areas addressed by this
analysis.<a href="#section-3-1" class="pilcrow"></a></p>
<span id="name-agent-ecosystem-reference-a"></span><div id="fig-arch">
<figure id="figure-1">
<div class="alignLeft art-ascii-art art-text artwork" id="section-3-2.1">
<pre>
+-------------------------------------------------------------+
| HUMAN OPERATORS |
| [Override &amp; HITL Layer -- GAP 7] |
+-------------------------------------------------------------+
| AGENT INTERACTION LAYER |
| +---------+ +---------+ +---------+ +---------+ |
| | Agent A |&lt;&gt;| Agent B |&lt;&gt;| Agent C |&lt;&gt;| Agent D | |
| +----+----+ +----+----+ +----+----+ +----+----+ |
| | GAP 3: | GAP 10: | GAP 1: | |
| | Consensus | Cap.Neg. | Behav. | |
| | | | Verif. | |
+-------+------------+------------+------------+--------------+
| EXECUTION LAYER (ECT) |
| DAG Execution | Checkpoints | Rollback | Circuit Breakers |
| [GAP 2: Cascade Prevention] [GAP 4: Rollback] |
+-------------------------------------------------------------+
| POLICY &amp; GOVERNANCE LAYER |
| ACP-DAG-HITL | Trust Scoring | Assurance Profiles |
| [GAP 5: Federated Privacy] [GAP 6: Cross-Domain Audit] |
+-------------------------------------------------------------+
| INFRASTRUCTURE LAYER |
| Identity | Discovery | Registration | Protocol Bridges |
| [GAP 8: Cross-Protocol] [GAP 9: Resource Accounting] |
| [GAP 11: Performance Benchmarking] |
+-------------------------------------------------------------+
</pre>
</div>
<figcaption><a href="#figure-1" class="selfRef">Figure 1</a>:
<a href="#name-agent-ecosystem-reference-a" class="selfRef">Agent Ecosystem Reference Architecture</a>
</figcaption></figure>
</div>
<p id="section-3-3">The Human Operators layer provides override and
human-in-the-loop controls (Gap 7). The Agent Interaction
layer is where agents communicate, negotiate capabilities
(Gap 10), reach consensus (Gap 3), and undergo behavioral
verification (Gap 1). The Execution layer manages DAG-based
workflows with cascade prevention (Gap 2) and rollback
(Gap 4). The Policy and Governance layer enforces privacy
in federated learning (Gap 5) and cross-domain audit trails
(Gap 6). The Infrastructure layer handles identity,
discovery, cross-protocol migration (Gap 8), resource
accounting (Gap 9), and performance benchmarking (Gap 11).<a href="#section-3-3" class="pilcrow"></a></p>
</section>
</div>
<div id="existing-ietf-work">
<section id="section-4">
<h2 id="name-existing-ietf-work">
<a href="#section-4" class="section-number selfRef">4. </a><a href="#name-existing-ietf-work" class="section-name selfRef">Existing IETF Work</a>
</h2>
<p id="section-4-1">This section briefly surveys existing IETF efforts relevant
to autonomous agent protocols.<a href="#section-4-1" class="pilcrow"></a></p>
<div id="wimse-workload-identity-in-multi-system-environments">
<section id="section-4.1">
<h3 id="name-wimse-workload-identity-in-">
<a href="#section-4.1" class="section-number selfRef">4.1. </a><a href="#name-wimse-workload-identity-in-" class="section-name selfRef">WIMSE (Workload Identity in Multi-System Environments)</a>
</h3>
<p id="section-4.1-1">The WIMSE working group addresses workload identity and
Execution Context Tokens (ECTs) <span>[<a href="#I-D.nennemann-wimse-ect" class="cite xref">I-D.nennemann-wimse-ect</a>]</span>.
ECTs provide the foundation for carrying delegated authority
and task context across agent boundaries.<a href="#section-4.1-1" class="pilcrow"></a></p>
</section>
</div>
<div id="rats-remote-attestation-procedures">
<section id="section-4.2">
<h3 id="name-rats-remote-attestation-pro">
<a href="#section-4.2" class="section-number selfRef">4.2. </a><a href="#name-rats-remote-attestation-pro" class="section-name selfRef">RATS (Remote ATtestation procedureS)</a>
</h3>
<p id="section-4.2-1">RATS defines architectures and protocols for remote
attestation <span>[<a href="#RFC9334" class="cite xref">RFC9334</a>]</span>. Attestation evidence and
appraisal are directly applicable to verifying agent
behavioral claims.<a href="#section-4.2-1" class="pilcrow"></a></p>
</section>
</div>
<div id="oauth-and-gnap">
<section id="section-4.3">
<h3 id="name-oauth-and-gnap">
<a href="#section-4.3" class="section-number selfRef">4.3. </a><a href="#name-oauth-and-gnap" class="section-name selfRef">OAuth and GNAP</a>
</h3>
<p id="section-4.3-1">OAuth 2.0 and the Grant Negotiation and Authorization
Protocol (GNAP) provide authorization frameworks.
Transaction tokens and token exchange mechanisms are
relevant to agent-to-agent delegation chains.<a href="#section-4.3-1" class="pilcrow"></a></p>
</section>
</div>
<div id="scitt-supply-chain-integrity-transparency-and-trust">
<section id="section-4.4">
<h3 id="name-scitt-supply-chain-integrit">
<a href="#section-4.4" class="section-number selfRef">4.4. </a><a href="#name-scitt-supply-chain-integrit" class="section-name selfRef">SCITT (Supply Chain Integrity, Transparency, and Trust)</a>
</h3>
<p id="section-4.4-1">SCITT defines transparency services for supply chain
artifacts. Its append-only log model is relevant to
agent audit trails and provenance tracking.<a href="#section-4.4-1" class="pilcrow"></a></p>
</section>
</div>
<div id="nmop-network-management-operations">
<section id="section-4.5">
<h3 id="name-nmop-network-management-ope">
<a href="#section-4.5" class="section-number selfRef">4.5. </a><a href="#name-nmop-network-management-ope" class="section-name selfRef">NMOP (Network Management Operations)</a>
</h3>
<p id="section-4.5-1">The NMOP working group focuses on network management
operations including intent-based management and
autonomous network functions. Agent-driven network
management is a primary use case for the gaps identified
in this document.<a href="#section-4.5-1" class="pilcrow"></a></p>
</section>
</div>
<div id="industry-protocols-a2a-and-mcp">
<section id="section-4.6">
<h3 id="name-industry-protocols-a2a-and-">
<a href="#section-4.6" class="section-number selfRef">4.6. </a><a href="#name-industry-protocols-a2a-and-" class="section-name selfRef">Industry Protocols: A2A and MCP</a>
</h3>
<p id="section-4.6-1">The Agent-to-Agent (A2A) protocol and Model Context
Protocol (MCP) are emerging industry standards for agent
communication. While not IETF specifications, they
inform the gap analysis by highlighting capabilities
that lack standardized, interoperable definitions.<a href="#section-4.6-1" class="pilcrow"></a></p>
</section>
</div>
</section>
</div>
<div id="gap-analysis">
<section id="section-5">
<h2 id="name-gap-analysis">
<a href="#section-5" class="section-number selfRef">5. </a><a href="#name-gap-analysis" class="section-name selfRef">Gap Analysis</a>
</h2>
<p id="section-5-1">This section identifies eleven gaps in the current
standards landscape for autonomous agent protocols.
Gaps are classified by severity:<a href="#section-5-1" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-5-2.1">
<p id="section-5-2.1.1">CRITICAL: No existing standard addresses the problem;
failure to standardize poses immediate safety or
interoperability risks.<a href="#section-5-2.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-5-2.2">
<p id="section-5-2.2.1">HIGH: Partial coverage exists but is insufficient for
production autonomous agent deployments.<a href="#section-5-2.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-5-2.3">
<p id="section-5-2.3.1">MEDIUM: The gap affects efficiency or completeness but
does not pose immediate safety risks.<a href="#section-5-2.3.1" class="pilcrow"></a></p>
</li>
</ul>
<div id="gap-1">
<section id="section-5.1">
<h3 id="name-gap-1-agent-behavioral-veri">
<a href="#section-5.1" class="section-number selfRef">5.1. </a><a href="#name-gap-1-agent-behavioral-veri" class="section-name selfRef">Gap 1: Agent Behavioral Verification</a>
</h3>
<span class="break"></span><dl class="dlParallel" id="section-5.1-1">
<dt id="section-5.1-1.1">Severity:</dt>
<dd style="margin-left: 1.5em" id="section-5.1-1.2">
<p id="section-5.1-1.2.1">CRITICAL<a href="#section-5.1-1.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.1-1.3">Category:</dt>
<dd style="margin-left: 1.5em" id="section-5.1-1.4">
<p id="section-5.1-1.4.1">AI Safety<a href="#section-5.1-1.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.1-1.5">Problem Statement:</dt>
<dd style="margin-left: 1.5em" id="section-5.1-1.6">
<p id="section-5.1-1.6.1">Autonomous agents operating in production environments
currently lack any standardized mechanism for runtime
verification of policy compliance. While RATS
<span>[<a href="#RFC9334" class="cite xref">RFC9334</a>]</span> provides attestation for platform integrity,
no equivalent exists for verifying that an agent's
observed behavior conforms to its declared behavioral
profile or policy constraints.<a href="#section-5.1-1.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.1-1.7"></dt>
<dd style="margin-left: 1.5em" id="section-5.1-1.8">
<p id="section-5.1-1.8.1">Without behavioral verification, operators cannot
distinguish between an agent that faithfully executes
its policy and one that has drifted, been compromised,
or is operating outside its intended parameters. This
is especially dangerous in multi-agent workflows where
one misbehaving agent can corrupt downstream results.<a href="#section-5.1-1.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.1-1.9"></dt>
<dd style="margin-left: 1.5em" id="section-5.1-1.10">
<p id="section-5.1-1.10.1">The gap extends to the absence of standardized
behavioral profiles, verification evidence formats,
and appraisal procedures specific to agent conduct.<a href="#section-5.1-1.10.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.1-1.11">Impact if Unaddressed:</dt>
<dd style="margin-left: 1.5em" id="section-5.1-1.12">
<p id="section-5.1-1.12.1">Undetected policy violations in autonomous agents
could cause safety incidents, data breaches, or
cascading failures in critical infrastructure.<a href="#section-5.1-1.12.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.1-1.13">Existing Partial Coverage:</dt>
<dd style="margin-left: 1.5em" id="section-5.1-1.14">
<p id="section-5.1-1.14.1">RATS <span>[<a href="#RFC9334" class="cite xref">RFC9334</a>]</span> covers platform attestation but not
behavioral compliance. ACP-DAG-HITL
<span>[<a href="#I-D.nennemann-agent-dag-hitl-safety" class="cite xref">I-D.nennemann-agent-dag-hitl-safety</a>]</span> defines
policies but not verification mechanisms.<a href="#section-5.1-1.14.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.1-1.15">Companion Draft:</dt>
<dd style="margin-left: 1.5em" id="section-5.1-1.16">
<p id="section-5.1-1.16.1"><span>[<a href="#I-D.nennemann-agent-behavioral-verification" class="cite xref">I-D.nennemann-agent-behavioral-verification</a>]</span><a href="#section-5.1-1.16.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="gap-2">
<section id="section-5.2">
<h3 id="name-gap-2-agent-failure-cascade">
<a href="#section-5.2" class="section-number selfRef">5.2. </a><a href="#name-gap-2-agent-failure-cascade" class="section-name selfRef">Gap 2: Agent Failure Cascade Prevention</a>
</h3>
<span class="break"></span><dl class="dlParallel" id="section-5.2-1">
<dt id="section-5.2-1.1">Severity:</dt>
<dd style="margin-left: 1.5em" id="section-5.2-1.2">
<p id="section-5.2-1.2.1">CRITICAL<a href="#section-5.2-1.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.2-1.3">Category:</dt>
<dd style="margin-left: 1.5em" id="section-5.2-1.4">
<p id="section-5.2-1.4.1">AI Safety, Resilience<a href="#section-5.2-1.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.2-1.5">Problem Statement:</dt>
<dd style="margin-left: 1.5em" id="section-5.2-1.6">
<p id="section-5.2-1.6.1">Multi-agent workflows create dependency chains where a
failure in one agent can propagate to downstream agents,
causing cascade failures. No standardized mechanism
exists for circuit breakers, failure isolation, or
cascade containment in agent-to-agent interactions.<a href="#section-5.2-1.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.2-1.7"></dt>
<dd style="margin-left: 1.5em" id="section-5.2-1.8">
<p id="section-5.2-1.8.1">Current practice relies on ad-hoc timeout and retry
logic that is neither interoperable nor sufficient for
complex DAG-structured workflows. Agents from
different vendors or administrative domains have no
common way to signal failure states or trigger
containment procedures.<a href="#section-5.2-1.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.2-1.9"></dt>
<dd style="margin-left: 1.5em" id="section-5.2-1.10">
<p id="section-5.2-1.10.1">The absence of cascade prevention is especially
critical in network management scenarios where agent
failures could propagate to affect live network
operations.<a href="#section-5.2-1.10.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.2-1.11">Impact if Unaddressed:</dt>
<dd style="margin-left: 1.5em" id="section-5.2-1.12">
<p id="section-5.2-1.12.1">A single agent failure could cascade through an entire
multi-agent deployment, causing widespread service
disruption with no automated containment.<a href="#section-5.2-1.12.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.2-1.13">Existing Partial Coverage:</dt>
<dd style="margin-left: 1.5em" id="section-5.2-1.14">
<p id="section-5.2-1.14.1">ECT <span>[<a href="#I-D.nennemann-wimse-ect" class="cite xref">I-D.nennemann-wimse-ect</a>]</span> provides execution
context but no failure containment semantics.<a href="#section-5.2-1.14.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.2-1.15">Companion Draft:</dt>
<dd style="margin-left: 1.5em" id="section-5.2-1.16">
<p id="section-5.2-1.16.1"><span>[<a href="#I-D.nennemann-agent-cascade-prevention" class="cite xref">I-D.nennemann-agent-cascade-prevention</a>]</span><a href="#section-5.2-1.16.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="gap-3">
<section id="section-5.3">
<h3 id="name-gap-3-multi-agent-consensus">
<a href="#section-5.3" class="section-number selfRef">5.3. </a><a href="#name-gap-3-multi-agent-consensus" class="section-name selfRef">Gap 3: Multi-Agent Consensus Protocols</a>
</h3>
<span class="break"></span><dl class="dlParallel" id="section-5.3-1">
<dt id="section-5.3-1.1">Severity:</dt>
<dd style="margin-left: 1.5em" id="section-5.3-1.2">
<p id="section-5.3-1.2.1">HIGH<a href="#section-5.3-1.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.3-1.3">Category:</dt>
<dd style="margin-left: 1.5em" id="section-5.3-1.4">
<p id="section-5.3-1.4.1">A2A Protocols<a href="#section-5.3-1.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.3-1.5">Problem Statement:</dt>
<dd style="margin-left: 1.5em" id="section-5.3-1.6">
<p id="section-5.3-1.6.1">When multiple agents must agree on a shared decision
(e.g., a network configuration change, a resource
allocation plan, or a coordinated response to an
incident), no standardized consensus protocol exists
for agent-to-agent agreement.<a href="#section-5.3-1.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.3-1.7"></dt>
<dd style="margin-left: 1.5em" id="section-5.3-1.8">
<p id="section-5.3-1.8.1">Distributed systems consensus protocols (Raft, Paxos)
are designed for replicated state machines, not for
heterogeneous agents with different capabilities,
trust levels, and policy constraints. Agent consensus
requires additional semantics such as weighted voting,
capability-based participation, and policy-constrained
proposals.<a href="#section-5.3-1.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.3-1.9"></dt>
<dd style="margin-left: 1.5em" id="section-5.3-1.10">
<p id="section-5.3-1.10.1">Without a standard protocol, multi-agent coordination
relies on proprietary mechanisms that are not
interoperable across vendors or administrative domains.<a href="#section-5.3-1.10.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.3-1.11">Impact if Unaddressed:</dt>
<dd style="margin-left: 1.5em" id="section-5.3-1.12">
<p id="section-5.3-1.12.1">Multi-vendor agent deployments cannot coordinate
decisions, limiting autonomous agents to single-vendor
silos.<a href="#section-5.3-1.12.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.3-1.13">Existing Partial Coverage:</dt>
<dd style="margin-left: 1.5em" id="section-5.3-1.14">
<p id="section-5.3-1.14.1">No existing IETF work directly addresses multi-agent
consensus.<a href="#section-5.3-1.14.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.3-1.15">Companion Draft:</dt>
<dd style="margin-left: 1.5em" id="section-5.3-1.16">
<p id="section-5.3-1.16.1"><span>[<a href="#I-D.nennemann-agent-consensus" class="cite xref">I-D.nennemann-agent-consensus</a>]</span><a href="#section-5.3-1.16.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="gap-4">
<section id="section-5.4">
<h3 id="name-gap-4-real-time-agent-rollb">
<a href="#section-5.4" class="section-number selfRef">5.4. </a><a href="#name-gap-4-real-time-agent-rollb" class="section-name selfRef">Gap 4: Real-Time Agent Rollback Mechanisms</a>
</h3>
<span class="break"></span><dl class="dlParallel" id="section-5.4-1">
<dt id="section-5.4-1.1">Severity:</dt>
<dd style="margin-left: 1.5em" id="section-5.4-1.2">
<p id="section-5.4-1.2.1">HIGH<a href="#section-5.4-1.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.4-1.3">Category:</dt>
<dd style="margin-left: 1.5em" id="section-5.4-1.4">
<p id="section-5.4-1.4.1">Resilience, Operations<a href="#section-5.4-1.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.4-1.5">Problem Statement:</dt>
<dd style="margin-left: 1.5em" id="section-5.4-1.6">
<p id="section-5.4-1.6.1">When an autonomous agent takes an action that produces
unintended consequences, no standardized mechanism
exists for rolling back the action and restoring
the previous state. This is particularly important
for network management agents that modify device
configurations.<a href="#section-5.4-1.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.4-1.7"></dt>
<dd style="margin-left: 1.5em" id="section-5.4-1.8">
<p id="section-5.4-1.8.1">Rollback requires standardized checkpointing, state
snapshots, and undo semantics that work across agent
boundaries and administrative domains. Current
rollback mechanisms (e.g., NETCONF confirmed-commit)
are protocol-specific and do not generalize to
arbitrary agent actions.<a href="#section-5.4-1.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.4-1.9"></dt>
<dd style="margin-left: 1.5em" id="section-5.4-1.10">
<p id="section-5.4-1.10.1">The lack of rollback is compounded in multi-agent
workflows where multiple agents may have taken
coordinated actions that must be reversed as a unit.<a href="#section-5.4-1.10.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.4-1.11">Impact if Unaddressed:</dt>
<dd style="margin-left: 1.5em" id="section-5.4-1.12">
<p id="section-5.4-1.12.1">Operators cannot safely deploy autonomous agents for
critical operations without manual intervention
capability for every action.<a href="#section-5.4-1.12.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.4-1.13">Existing Partial Coverage:</dt>
<dd style="margin-left: 1.5em" id="section-5.4-1.14">
<p id="section-5.4-1.14.1">NETCONF confirmed-commit provides rollback for
configuration changes only.<a href="#section-5.4-1.14.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.4-1.15">Companion Draft:</dt>
<dd style="margin-left: 1.5em" id="section-5.4-1.16">
<p id="section-5.4-1.16.1"><span>[<a href="#I-D.nennemann-agent-cascade-prevention" class="cite xref">I-D.nennemann-agent-cascade-prevention</a>]</span><a href="#section-5.4-1.16.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="gap-5">
<section id="section-5.5">
<h3 id="name-gap-5-federated-agent-learn">
<a href="#section-5.5" class="section-number selfRef">5.5. </a><a href="#name-gap-5-federated-agent-learn" class="section-name selfRef">Gap 5: Federated Agent Learning Privacy</a>
</h3>
<span class="break"></span><dl class="dlParallel" id="section-5.5-1">
<dt id="section-5.5-1.1">Severity:</dt>
<dd style="margin-left: 1.5em" id="section-5.5-1.2">
<p id="section-5.5-1.2.1">HIGH<a href="#section-5.5-1.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.5-1.3">Category:</dt>
<dd style="margin-left: 1.5em" id="section-5.5-1.4">
<p id="section-5.5-1.4.1">Privacy, Federated Systems<a href="#section-5.5-1.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.5-1.5">Problem Statement:</dt>
<dd style="margin-left: 1.5em" id="section-5.5-1.6">
<p id="section-5.5-1.6.1">Agents that participate in federated learning or
share operational data across administrative domains
require privacy guarantees that go beyond transport
encryption. No IETF specification addresses the
privacy requirements of federated agent learning,
including differential privacy parameters, data
minimization for shared agent telemetry, and
consent management for cross-domain data sharing.<a href="#section-5.5-1.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.5-1.7"></dt>
<dd style="margin-left: 1.5em" id="section-5.5-1.8">
<p id="section-5.5-1.8.1">As agents are deployed across organizational
boundaries, the data they generate and share can
reveal sensitive information about network topology,
operational patterns, and business logic. Privacy-
preserving mechanisms specific to agent interactions
are needed.<a href="#section-5.5-1.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.5-1.9">Impact if Unaddressed:</dt>
<dd style="margin-left: 1.5em" id="section-5.5-1.10">
<p id="section-5.5-1.10.1">Organizations will be unable to participate in
federated agent ecosystems without unacceptable
privacy risks, limiting the value of multi-domain
agent deployments.<a href="#section-5.5-1.10.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.5-1.11">Existing Partial Coverage:</dt>
<dd style="margin-left: 1.5em" id="section-5.5-1.12">
<p id="section-5.5-1.12.1">General privacy frameworks exist but none address
agent-specific federated learning scenarios.<a href="#section-5.5-1.12.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.5-1.13">Companion Draft:</dt>
<dd style="margin-left: 1.5em" id="section-5.5-1.14">
<p id="section-5.5-1.14.1"><span>[<a href="#I-D.nennemann-agent-federation-privacy" class="cite xref">I-D.nennemann-agent-federation-privacy</a>]</span><a href="#section-5.5-1.14.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="gap-6">
<section id="section-5.6">
<h3 id="name-gap-6-cross-domain-agent-au">
<a href="#section-5.6" class="section-number selfRef">5.6. </a><a href="#name-gap-6-cross-domain-agent-au" class="section-name selfRef">Gap 6: Cross-Domain Agent Audit Trails</a>
</h3>
<span class="break"></span><dl class="dlParallel" id="section-5.6-1">
<dt id="section-5.6-1.1">Severity:</dt>
<dd style="margin-left: 1.5em" id="section-5.6-1.2">
<p id="section-5.6-1.2.1">HIGH<a href="#section-5.6-1.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.6-1.3">Category:</dt>
<dd style="margin-left: 1.5em" id="section-5.6-1.4">
<p id="section-5.6-1.4.1">Audit, Compliance<a href="#section-5.6-1.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.6-1.5">Problem Statement:</dt>
<dd style="margin-left: 1.5em" id="section-5.6-1.6">
<p id="section-5.6-1.6.1">When agents operate across multiple administrative
domains, their actions must be auditable end-to-end.
No standardized format exists for cross-domain agent
audit trails that preserves causal ordering, links
related actions across domain boundaries, and provides
tamper-evident logging.<a href="#section-5.6-1.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.6-1.7"></dt>
<dd style="margin-left: 1.5em" id="section-5.6-1.8">
<p id="section-5.6-1.8.1">Execution Audit Tokens <span>[<a href="#I-D.nennemann-exec-audit" class="cite xref">I-D.nennemann-exec-audit</a>]</span>
provide per-action audit records, but no standard
defines how these records are aggregated, correlated,
and queried across domains. SCITT provides
transparency log primitives but does not define
agent-specific audit semantics.<a href="#section-5.6-1.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.6-1.9"></dt>
<dd style="margin-left: 1.5em" id="section-5.6-1.10">
<p id="section-5.6-1.10.1">Regulatory and compliance requirements increasingly
demand end-to-end audit trails for automated
decision-making, making this gap urgent for
enterprise deployments.<a href="#section-5.6-1.10.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.6-1.11">Impact if Unaddressed:</dt>
<dd style="margin-left: 1.5em" id="section-5.6-1.12">
<p id="section-5.6-1.12.1">Organizations cannot demonstrate compliance for
cross-domain agent operations, blocking adoption
in regulated industries.<a href="#section-5.6-1.12.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.6-1.13">Existing Partial Coverage:</dt>
<dd style="margin-left: 1.5em" id="section-5.6-1.14">
<p id="section-5.6-1.14.1">SCITT provides transparency log primitives.
<span>[<a href="#I-D.nennemann-exec-audit" class="cite xref">I-D.nennemann-exec-audit</a>]</span> defines per-action
audit tokens.<a href="#section-5.6-1.14.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.6-1.15">Companion Draft:</dt>
<dd style="margin-left: 1.5em" id="section-5.6-1.16">
<p id="section-5.6-1.16.1"><span>[<a href="#I-D.nennemann-agent-cross-domain-audit" class="cite xref">I-D.nennemann-agent-cross-domain-audit</a>]</span><a href="#section-5.6-1.16.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="gap-7">
<section id="section-5.7">
<h3 id="name-gap-7-human-override-standa">
<a href="#section-5.7" class="section-number selfRef">5.7. </a><a href="#name-gap-7-human-override-standa" class="section-name selfRef">Gap 7: Human Override Standardization</a>
</h3>
<span class="break"></span><dl class="dlParallel" id="section-5.7-1">
<dt id="section-5.7-1.1">Severity:</dt>
<dd style="margin-left: 1.5em" id="section-5.7-1.2">
<p id="section-5.7-1.2.1">HIGH<a href="#section-5.7-1.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.7-1.3">Category:</dt>
<dd style="margin-left: 1.5em" id="section-5.7-1.4">
<p id="section-5.7-1.4.1">AI Safety, Human Control<a href="#section-5.7-1.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.7-1.5">Problem Statement:</dt>
<dd style="margin-left: 1.5em" id="section-5.7-1.6">
<p id="section-5.7-1.6.1">Autonomous agents must always be subject to human
override, but no cross-vendor protocol exists for
sending override signals to agents. Override
requirements include emergency stop, graceful pause,
parameter modification, and forced rollback.<a href="#section-5.7-1.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.7-1.7"></dt>
<dd style="margin-left: 1.5em" id="section-5.7-1.8">
<p id="section-5.7-1.8.1">Current override mechanisms are vendor-specific and
cannot be used in multi-vendor agent deployments.
ACP-DAG-HITL <span>[<a href="#I-D.nennemann-agent-dag-hitl-safety" class="cite xref">I-D.nennemann-agent-dag-hitl-safety</a>]</span>
defines when human approval is required but does not
specify the protocol for delivering override signals
to running agents.<a href="#section-5.7-1.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.7-1.9"></dt>
<dd style="margin-left: 1.5em" id="section-5.7-1.10">
<p id="section-5.7-1.10.1">The absence of a standard override protocol creates
a significant safety risk: if an agent misbehaves,
the operator may not have a reliable way to stop it
if the agent comes from a different vendor than the
management platform.<a href="#section-5.7-1.10.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.7-1.11">Impact if Unaddressed:</dt>
<dd style="margin-left: 1.5em" id="section-5.7-1.12">
<p id="section-5.7-1.12.1">Operators lose the ability to control autonomous
agents in emergency situations, creating unacceptable
safety risks.<a href="#section-5.7-1.12.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.7-1.13">Existing Partial Coverage:</dt>
<dd style="margin-left: 1.5em" id="section-5.7-1.14">
<p id="section-5.7-1.14.1">ACP-DAG-HITL <span>[<a href="#I-D.nennemann-agent-dag-hitl-safety" class="cite xref">I-D.nennemann-agent-dag-hitl-safety</a>]</span>
defines HITL policies but not override delivery.<a href="#section-5.7-1.14.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.7-1.15">Companion Draft:</dt>
<dd style="margin-left: 1.5em" id="section-5.7-1.16">
<p id="section-5.7-1.16.1"><span>[<a href="#I-D.nennemann-agent-override-protocol" class="cite xref">I-D.nennemann-agent-override-protocol</a>]</span><a href="#section-5.7-1.16.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="gap-8">
<section id="section-5.8">
<h3 id="name-gap-8-cross-protocol-agent-">
<a href="#section-5.8" class="section-number selfRef">5.8. </a><a href="#name-gap-8-cross-protocol-agent-" class="section-name selfRef">Gap 8: Cross-Protocol Agent Migration</a>
</h3>
<span class="break"></span><dl class="dlParallel" id="section-5.8-1">
<dt id="section-5.8-1.1">Severity:</dt>
<dd style="margin-left: 1.5em" id="section-5.8-1.2">
<p id="section-5.8-1.2.1">MEDIUM<a href="#section-5.8-1.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.8-1.3">Category:</dt>
<dd style="margin-left: 1.5em" id="section-5.8-1.4">
<p id="section-5.8-1.4.1">Interoperability<a href="#section-5.8-1.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.8-1.5">Problem Statement:</dt>
<dd style="margin-left: 1.5em" id="section-5.8-1.6">
<p id="section-5.8-1.6.1">Agents may need to migrate between protocol
environments (e.g., from an A2A-based system to an
MCP-based system) while preserving execution context,
identity, and accumulated state. No standard defines
how agent context is translated or preserved across
protocol boundaries.<a href="#section-5.8-1.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.8-1.7"></dt>
<dd style="margin-left: 1.5em" id="section-5.8-1.8">
<p id="section-5.8-1.8.1">As the agent ecosystem matures, agents will
increasingly operate in heterogeneous protocol
environments. Without migration standards, agents
are locked into specific protocol ecosystems.<a href="#section-5.8-1.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.8-1.9">Impact if Unaddressed:</dt>
<dd style="margin-left: 1.5em" id="section-5.8-1.10">
<p id="section-5.8-1.10.1">Agent deployments become fragmented across protocol
silos, reducing interoperability and increasing
operational complexity.<a href="#section-5.8-1.10.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.8-1.11">Existing Partial Coverage:</dt>
<dd style="margin-left: 1.5em" id="section-5.8-1.12">
<p id="section-5.8-1.12.1">ECT <span>[<a href="#I-D.nennemann-wimse-ect" class="cite xref">I-D.nennemann-wimse-ect</a>]</span> provides a
protocol-neutral context token but does not define
migration procedures.<a href="#section-5.8-1.12.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.8-1.13">Companion Draft:</dt>
<dd style="margin-left: 1.5em" id="section-5.8-1.14">
<p id="section-5.8-1.14.1"><span>[<a href="#I-D.nennemann-agent-federation-privacy" class="cite xref">I-D.nennemann-agent-federation-privacy</a>]</span><a href="#section-5.8-1.14.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="gap-9">
<section id="section-5.9">
<h3 id="name-gap-9-agent-resource-accoun">
<a href="#section-5.9" class="section-number selfRef">5.9. </a><a href="#name-gap-9-agent-resource-accoun" class="section-name selfRef">Gap 9: Agent Resource Accounting and Billing</a>
</h3>
<span class="break"></span><dl class="dlParallel" id="section-5.9-1">
<dt id="section-5.9-1.1">Severity:</dt>
<dd style="margin-left: 1.5em" id="section-5.9-1.2">
<p id="section-5.9-1.2.1">MEDIUM<a href="#section-5.9-1.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.9-1.3">Category:</dt>
<dd style="margin-left: 1.5em" id="section-5.9-1.4">
<p id="section-5.9-1.4.1">Operations, Economics<a href="#section-5.9-1.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.9-1.5">Problem Statement:</dt>
<dd style="margin-left: 1.5em" id="section-5.9-1.6">
<p id="section-5.9-1.6.1">Autonomous agents consume computational, network, and
API resources across administrative domains. No
standardized mechanism exists for tracking, reporting,
and reconciling resource consumption by agents,
especially in multi-domain scenarios where an agent's
actions incur costs in domains other than its own.<a href="#section-5.9-1.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.9-1.7"></dt>
<dd style="margin-left: 1.5em" id="section-5.9-1.8">
<p id="section-5.9-1.8.1">Resource accounting is a prerequisite for sustainable
multi-domain agent ecosystems where organizations
need to track and charge for agent resource usage.<a href="#section-5.9-1.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.9-1.9">Impact if Unaddressed:</dt>
<dd style="margin-left: 1.5em" id="section-5.9-1.10">
<p id="section-5.9-1.10.1">Organizations cannot accurately track or bill for
agent resource consumption, hindering commercial
multi-domain agent deployments.<a href="#section-5.9-1.10.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.9-1.11">Existing Partial Coverage:</dt>
<dd style="margin-left: 1.5em" id="section-5.9-1.12">
<p id="section-5.9-1.12.1">No existing IETF work addresses agent-specific
resource accounting.<a href="#section-5.9-1.12.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.9-1.13">Companion Draft:</dt>
<dd style="margin-left: 1.5em" id="section-5.9-1.14">
<p id="section-5.9-1.14.1"><span>[<a href="#I-D.nennemann-agent-cross-domain-audit" class="cite xref">I-D.nennemann-agent-cross-domain-audit</a>]</span><a href="#section-5.9-1.14.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="gap-10">
<section id="section-5.10">
<h3 id="name-gap-10-agent-capability-neg">
<a href="#section-5.10" class="section-number selfRef">5.10. </a><a href="#name-gap-10-agent-capability-neg" class="section-name selfRef">Gap 10: Agent Capability Negotiation</a>
</h3>
<span class="break"></span><dl class="dlParallel" id="section-5.10-1">
<dt id="section-5.10-1.1">Severity:</dt>
<dd style="margin-left: 1.5em" id="section-5.10-1.2">
<p id="section-5.10-1.2.1">MEDIUM<a href="#section-5.10-1.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.10-1.3">Category:</dt>
<dd style="margin-left: 1.5em" id="section-5.10-1.4">
<p id="section-5.10-1.4.1">A2A Protocols<a href="#section-5.10-1.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.10-1.5">Problem Statement:</dt>
<dd style="margin-left: 1.5em" id="section-5.10-1.6">
<p id="section-5.10-1.6.1">When agents interact, they need to discover and
negotiate each other's capabilities dynamically.
No standardized capability negotiation protocol
exists for agents to advertise their functions,
agree on interaction protocols, and establish
compatible communication parameters.<a href="#section-5.10-1.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.10-1.7"></dt>
<dd style="margin-left: 1.5em" id="section-5.10-1.8">
<p id="section-5.10-1.8.1">Well-known URI <span>[<a href="#RFC8615" class="cite xref">RFC8615</a>]</span> and HTTP <span>[<a href="#RFC9110" class="cite xref">RFC9110</a>]</span>
provide discovery primitives, but agent capability
negotiation requires richer semantics including
versioning, conditional capabilities, and policy-
constrained capability advertisement.<a href="#section-5.10-1.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.10-1.9">Impact if Unaddressed:</dt>
<dd style="margin-left: 1.5em" id="section-5.10-1.10">
<p id="section-5.10-1.10.1">Agent interactions require pre-configured knowledge
of peer capabilities, limiting dynamic composition
and ad-hoc agent collaboration.<a href="#section-5.10-1.10.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.10-1.11">Existing Partial Coverage:</dt>
<dd style="margin-left: 1.5em" id="section-5.10-1.12">
<p id="section-5.10-1.12.1">HTTP content negotiation and well-known URIs provide
basic discovery but not agent-specific capability
negotiation.<a href="#section-5.10-1.12.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.10-1.13">Companion Draft:</dt>
<dd style="margin-left: 1.5em" id="section-5.10-1.14">
<p id="section-5.10-1.14.1"><span>[<a href="#I-D.nennemann-agent-consensus" class="cite xref">I-D.nennemann-agent-consensus</a>]</span><a href="#section-5.10-1.14.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="gap-11">
<section id="section-5.11">
<h3 id="name-gap-11-agent-performance-be">
<a href="#section-5.11" class="section-number selfRef">5.11. </a><a href="#name-gap-11-agent-performance-be" class="section-name selfRef">Gap 11: Agent Performance Benchmarking</a>
</h3>
<span class="break"></span><dl class="dlParallel" id="section-5.11-1">
<dt id="section-5.11-1.1">Severity:</dt>
<dd style="margin-left: 1.5em" id="section-5.11-1.2">
<p id="section-5.11-1.2.1">MEDIUM<a href="#section-5.11-1.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.11-1.3">Category:</dt>
<dd style="margin-left: 1.5em" id="section-5.11-1.4">
<p id="section-5.11-1.4.1">Operations, Metrics<a href="#section-5.11-1.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.11-1.5">Problem Statement:</dt>
<dd style="margin-left: 1.5em" id="section-5.11-1.6">
<p id="section-5.11-1.6.1">No standardized metrics or benchmarking methodology
exists for evaluating autonomous agent performance.
Without common metrics, operators cannot compare
agent implementations, set performance baselines,
or detect performance degradation.<a href="#section-5.11-1.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.11-1.7"></dt>
<dd style="margin-left: 1.5em" id="section-5.11-1.8">
<p id="section-5.11-1.8.1">Agent performance encompasses multiple dimensions:
task completion accuracy, latency, resource
efficiency, safety compliance rate, and behavioral
consistency. Standardized metrics and measurement
procedures are needed for each dimension.<a href="#section-5.11-1.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.11-1.9">Impact if Unaddressed:</dt>
<dd style="margin-left: 1.5em" id="section-5.11-1.10">
<p id="section-5.11-1.10.1">Operators cannot objectively evaluate or compare
autonomous agent implementations, hindering
procurement and deployment decisions.<a href="#section-5.11-1.10.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.11-1.11">Existing Partial Coverage:</dt>
<dd style="margin-left: 1.5em" id="section-5.11-1.12">
<p id="section-5.11-1.12.1">No existing IETF work addresses agent performance
benchmarking.<a href="#section-5.11-1.12.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-5.11-1.13">Companion Draft:</dt>
<dd style="margin-left: 1.5em" id="section-5.11-1.14">
<p id="section-5.11-1.14.1"><span>[<a href="#I-D.nennemann-agent-behavioral-verification" class="cite xref">I-D.nennemann-agent-behavioral-verification</a>]</span><a href="#section-5.11-1.14.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
</section>
</div>
<div id="companion-draft-roadmap">
<section id="section-6">
<h2 id="name-companion-draft-roadmap">
<a href="#section-6" class="section-number selfRef">6. </a><a href="#name-companion-draft-roadmap" class="section-name selfRef">Companion Draft Roadmap</a>
</h2>
<p id="section-6-1">The following table maps each companion draft to the
gaps it addresses and its priority level:<a href="#section-6-1" class="pilcrow"></a></p>
<span id="name-companion-draft-roadmap-2"></span><div id="tab-roadmap">
<table class="center" id="table-1">
<caption>
<a href="#table-1" class="selfRef">Table 1</a>:
<a href="#name-companion-draft-roadmap-2" class="selfRef">Companion Draft Roadmap</a>
</caption>
<thead>
<tr>
<th class="text-left" rowspan="1" colspan="1">Companion Draft</th>
<th class="text-center" rowspan="1" colspan="1">Gaps</th>
<th class="text-center" rowspan="1" colspan="1">Priority</th>
</tr>
</thead>
<tbody>
<tr>
<td class="text-left" rowspan="1" colspan="1">draft-nennemann-agent-behavioral-verification</td>
<td class="text-center" rowspan="1" colspan="1">1, 11</td>
<td class="text-center" rowspan="1" colspan="1">CRITICAL</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">draft-nennemann-agent-cascade-prevention</td>
<td class="text-center" rowspan="1" colspan="1">2, 4</td>
<td class="text-center" rowspan="1" colspan="1">CRITICAL</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">draft-nennemann-agent-consensus</td>
<td class="text-center" rowspan="1" colspan="1">3, 10</td>
<td class="text-center" rowspan="1" colspan="1">HIGH</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">draft-nennemann-agent-cross-domain-audit</td>
<td class="text-center" rowspan="1" colspan="1">6, 9</td>
<td class="text-center" rowspan="1" colspan="1">HIGH</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">draft-nennemann-agent-override-protocol</td>
<td class="text-center" rowspan="1" colspan="1">7</td>
<td class="text-center" rowspan="1" colspan="1">HIGH</td>
</tr>
<tr>
<td class="text-left" rowspan="1" colspan="1">draft-nennemann-agent-federation-privacy</td>
<td class="text-center" rowspan="1" colspan="1">5, 8</td>
<td class="text-center" rowspan="1" colspan="1">HIGH</td>
</tr>
</tbody>
</table>
</div>
<p id="section-6-3">The dependency relationships between companion drafts
are shown below:<a href="#section-6-3" class="pilcrow"></a></p>
<span id="name-companion-draft-dependencie"></span><div id="fig-deps">
<figure id="figure-2">
<div class="alignLeft art-ascii-art art-text artwork" id="section-6-4.1">
<pre>
behavioral-verification ---+
| |
v |
cascade-prevention |
| |
v v
override-protocol cross-domain-audit
| |
v v
consensus federation-privacy
</pre>
</div>
<figcaption><a href="#figure-2" class="selfRef">Figure 2</a>:
<a href="#name-companion-draft-dependencie" class="selfRef">Companion Draft Dependencies</a>
</figcaption></figure>
</div>
<p id="section-6-5">The behavioral-verification draft (Companion A) is
foundational because its behavioral attestation format
is used by the cascade-prevention and cross-domain-audit
drafts. The cascade-prevention draft (Companion B)
defines failure containment that the override-protocol
(Companion E) builds upon. The consensus draft
(Companion C) extends behavioral verification with
multi-agent agreement. The cross-domain-audit draft
(Companion D) provides the audit infrastructure that
federation-privacy (Companion F) adds privacy controls
to.<a href="#section-6-5" class="pilcrow"></a></p>
</section>
</div>
<div id="security-considerations">
<section id="section-7">
<h2 id="name-security-considerations">
<a href="#section-7" class="section-number selfRef">7. </a><a href="#name-security-considerations" class="section-name selfRef">Security Considerations</a>
</h2>
<p id="section-7-1">The gaps identified in this document have direct security
implications:<a href="#section-7-1" class="pilcrow"></a></p>
<span class="break"></span><dl class="dlParallel" id="section-7-2">
<dt id="section-7-2.1">Behavioral Verification (Gap 1):</dt>
<dd style="margin-left: 1.5em" id="section-7-2.2">
<p id="section-7-2.2.1">Without runtime behavioral verification, compromised
or malfunctioning agents cannot be detected, creating
opportunities for attacks that exploit trusted agent
identities to perform unauthorized actions.<a href="#section-7-2.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-7-2.3">Cascade Prevention (Gap 2):</dt>
<dd style="margin-left: 1.5em" id="section-7-2.4">
<p id="section-7-2.4.1">The absence of cascade containment creates a denial-
of-service vector where an attacker can compromise a
single agent to disrupt an entire multi-agent workflow.<a href="#section-7-2.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-7-2.5">Human Override (Gap 7):</dt>
<dd style="margin-left: 1.5em" id="section-7-2.6">
<p id="section-7-2.6.1">Without standardized override protocols, safety-
critical agent actions may not be stoppable, creating
an unacceptable risk profile for autonomous
deployments.<a href="#section-7-2.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-7-2.7">Cross-Domain Audit (Gap 6):</dt>
<dd style="margin-left: 1.5em" id="section-7-2.8">
<p id="section-7-2.8.1">Gaps in audit trails across domain boundaries create
opportunities for agents to take actions that evade
detection and accountability.<a href="#section-7-2.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-7-2.9">Federated Privacy (Gap 5):</dt>
<dd style="margin-left: 1.5em" id="section-7-2.10">
<p id="section-7-2.10.1">Sharing agent operational data across domains without
adequate privacy controls can expose sensitive
organizational information, network topology, and
business logic.<a href="#section-7-2.10.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
<p id="section-7-3">Implementers of autonomous agent systems <span class="bcp14">SHOULD</span> treat the
CRITICAL and HIGH severity gaps as security requirements
and prioritize their resolution.<a href="#section-7-3" class="pilcrow"></a></p>
</section>
</div>
<div id="iana-considerations">
<section id="section-8">
<h2 id="name-iana-considerations">
<a href="#section-8" class="section-number selfRef">8. </a><a href="#name-iana-considerations" class="section-name selfRef">IANA Considerations</a>
</h2>
<p id="section-8-1">This document has no IANA actions.<a href="#section-8-1" class="pilcrow"></a></p>
</section>
</div>
<div id="sec-combined-references">
<section id="section-9">
<h2 id="name-references">
<a href="#section-9" class="section-number selfRef">9. </a><a href="#name-references" class="section-name selfRef">References</a>
</h2>
<div id="sec-normative-references">
<section id="section-9.1">
<h3 id="name-normative-references">
<a href="#section-9.1" class="section-number selfRef">9.1. </a><a href="#name-normative-references" class="section-name selfRef">Normative References</a>
</h3>
<dl class="references">
<dt id="RFC2119">[RFC2119]</dt>
<dd>
<span class="refAuthor">Bradner, S.</span>, <span class="refTitle">"Key words for use in RFCs to Indicate Requirement Levels"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 2119</span>, <span class="seriesInfo">DOI 10.17487/RFC2119</span>, <time datetime="1997-03" class="refDate">March 1997</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc2119">https://www.rfc-editor.org/rfc/rfc2119</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC8174">[RFC8174]</dt>
<dd>
<span class="refAuthor">Leiba, B.</span>, <span class="refTitle">"Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words"</span>, <span class="seriesInfo">BCP 14</span>, <span class="seriesInfo">RFC 8174</span>, <span class="seriesInfo">DOI 10.17487/RFC8174</span>, <time datetime="2017-05" class="refDate">May 2017</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc8174">https://www.rfc-editor.org/rfc/rfc8174</a>&gt;</span>. </dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="sec-informative-references">
<section id="section-9.2">
<h3 id="name-informative-references">
<a href="#section-9.2" class="section-number selfRef">9.2. </a><a href="#name-informative-references" class="section-name selfRef">Informative References</a>
</h3>
<dl class="references">
<dt id="I-D.nennemann-agent-behavioral-verification">[I-D.nennemann-agent-behavioral-verification]</dt>
<dd>
<span class="refTitle">"Agent Behavioral Verification and Performance Benchmarking"</span>, <span>n.d.</span>, <span>&lt;<a href="https://datatracker.ietf.org/doc/draft-nennemann-agent-behavioral-verification/">https://datatracker.ietf.org/doc/draft-nennemann-agent-behavioral-verification/</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="I-D.nennemann-agent-cascade-prevention">[I-D.nennemann-agent-cascade-prevention]</dt>
<dd>
<span class="refTitle">"Agent Failure Cascade Prevention and Rollback"</span>, <span>n.d.</span>, <span>&lt;<a href="https://datatracker.ietf.org/doc/draft-nennemann-agent-cascade-prevention/">https://datatracker.ietf.org/doc/draft-nennemann-agent-cascade-prevention/</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="I-D.nennemann-agent-consensus">[I-D.nennemann-agent-consensus]</dt>
<dd>
<span class="refTitle">"Multi-Agent Consensus and Capability Negotiation Protocols"</span>, <span>n.d.</span>, <span>&lt;<a href="https://datatracker.ietf.org/doc/draft-nennemann-agent-consensus/">https://datatracker.ietf.org/doc/draft-nennemann-agent-consensus/</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="I-D.nennemann-agent-cross-domain-audit">[I-D.nennemann-agent-cross-domain-audit]</dt>
<dd>
<span class="refTitle">"Cross-Domain Agent Audit Trails and Resource Accounting"</span>, <span>n.d.</span>, <span>&lt;<a href="https://datatracker.ietf.org/doc/draft-nennemann-agent-cross-domain-audit/">https://datatracker.ietf.org/doc/draft-nennemann-agent-cross-domain-audit/</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="I-D.nennemann-agent-dag-hitl-safety">[I-D.nennemann-agent-dag-hitl-safety]</dt>
<dd>
<span class="refTitle">"Agent Context Policy Token: DAG Delegation with Human Override"</span>, <span>n.d.</span>, <span>&lt;<a href="https://datatracker.ietf.org/doc/draft-nennemann-agent-dag-hitl-safety/">https://datatracker.ietf.org/doc/draft-nennemann-agent-dag-hitl-safety/</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="I-D.nennemann-agent-federation-privacy">[I-D.nennemann-agent-federation-privacy]</dt>
<dd>
<span class="refTitle">"Federated Agent Learning Privacy and Cross-Protocol Migration"</span>, <span>n.d.</span>, <span>&lt;<a href="https://datatracker.ietf.org/doc/draft-nennemann-agent-federation-privacy/">https://datatracker.ietf.org/doc/draft-nennemann-agent-federation-privacy/</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="I-D.nennemann-agent-override-protocol">[I-D.nennemann-agent-override-protocol]</dt>
<dd>
<span class="refTitle">"Standardized Human Override Protocol for Autonomous Agents"</span>, <span>n.d.</span>, <span>&lt;<a href="https://datatracker.ietf.org/doc/draft-nennemann-agent-override-protocol/">https://datatracker.ietf.org/doc/draft-nennemann-agent-override-protocol/</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="I-D.nennemann-exec-audit">[I-D.nennemann-exec-audit]</dt>
<dd>
<span class="refTitle">"Cross-Domain Execution Audit Tokens"</span>, <span>n.d.</span>, <span>&lt;<a href="https://datatracker.ietf.org/doc/draft-nennemann-exec-audit/">https://datatracker.ietf.org/doc/draft-nennemann-exec-audit/</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="I-D.nennemann-wimse-ect">[I-D.nennemann-wimse-ect]</dt>
<dd>
<span class="refTitle">"Execution Context Tokens for Distributed Agentic Workflows"</span>, <span>n.d.</span>, <span>&lt;<a href="https://datatracker.ietf.org/doc/draft-nennemann-wimse-ect/">https://datatracker.ietf.org/doc/draft-nennemann-wimse-ect/</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC7519">[RFC7519]</dt>
<dd>
<span class="refAuthor">Jones, M.</span>, <span class="refAuthor">Bradley, J.</span>, and <span class="refAuthor">N. Sakimura</span>, <span class="refTitle">"JSON Web Token (JWT)"</span>, <span class="seriesInfo">RFC 7519</span>, <span class="seriesInfo">DOI 10.17487/RFC7519</span>, <time datetime="2015-05" class="refDate">May 2015</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc7519">https://www.rfc-editor.org/rfc/rfc7519</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC8615">[RFC8615]</dt>
<dd>
<span class="refAuthor">Nottingham, M.</span>, <span class="refTitle">"Well-Known Uniform Resource Identifiers (URIs)"</span>, <span class="seriesInfo">RFC 8615</span>, <span class="seriesInfo">DOI 10.17487/RFC8615</span>, <time datetime="2019-05" class="refDate">May 2019</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc8615">https://www.rfc-editor.org/rfc/rfc8615</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC9110">[RFC9110]</dt>
<dd>
<span class="refAuthor">Fielding, R., Ed.</span>, <span class="refAuthor">Nottingham, M., Ed.</span>, and <span class="refAuthor">J. Reschke, Ed.</span>, <span class="refTitle">"HTTP Semantics"</span>, <span class="seriesInfo">STD 97</span>, <span class="seriesInfo">RFC 9110</span>, <span class="seriesInfo">DOI 10.17487/RFC9110</span>, <time datetime="2022-06" class="refDate">June 2022</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc9110">https://www.rfc-editor.org/rfc/rfc9110</a>&gt;</span>. </dd>
<dd class="break"></dd>
<dt id="RFC9334">[RFC9334]</dt>
<dd>
<span class="refAuthor">Birkholz, H.</span>, <span class="refAuthor">Thaler, D.</span>, <span class="refAuthor">Richardson, M.</span>, <span class="refAuthor">Smith, N.</span>, and <span class="refAuthor">W. Pan</span>, <span class="refTitle">"Remote ATtestation procedureS (RATS) Architecture"</span>, <span class="seriesInfo">RFC 9334</span>, <span class="seriesInfo">DOI 10.17487/RFC9334</span>, <time datetime="2023-01" class="refDate">January 2023</time>, <span>&lt;<a href="https://www.rfc-editor.org/rfc/rfc9334">https://www.rfc-editor.org/rfc/rfc9334</a>&gt;</span>. </dd>
<dd class="break"></dd>
</dl>
</section>
</div>
</section>
</div>
<div id="acknowledgments">
<section id="appendix-A">
<h2 id="name-acknowledgments">
<a href="#appendix-A" class="section-number selfRef">Appendix A. </a><a href="#name-acknowledgments" class="section-name selfRef">Acknowledgments</a>
</h2>
<p id="appendix-A-1">The author thanks the participants of the WIMSE, RATS,
and NMOP working groups for discussions that informed
this analysis.<a href="#appendix-A-1" class="pilcrow"></a></p>
</section>
</div>
<div id="authors-addresses">
<section id="appendix-B">
<h2 id="name-authors-address">
<a href="#name-authors-address" class="section-name selfRef">Author's Address</a>
</h2>
<address class="vcard">
<div dir="auto" class="left"><span class="fn nameRole">Christian Nennemann</span></div>
<div dir="auto" class="left"><span class="org">Independent Researcher</span></div>
<div class="email">
<span>Email:</span>
<a href="mailto:ietf@nennemann.de" class="email">ietf@nennemann.de</a>
</div>
</address>
</section>
</div>
<script>const toc = document.getElementById("toc");
toc.querySelector("h2").addEventListener("click", e => {
toc.classList.toggle("active");
});
toc.querySelector("nav").addEventListener("click", e => {
toc.classList.remove("active");
});
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink