c/ietf-draft-analyzer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9a0dc899a8391bd046c7f125f7072677c5405198
ietf-draft-analyzer/workspace/STRATEGY.md
Christian Nennemann 3a139dfc7e feat: ACT/ECT strategy, package restructure, draft -01/-02 prep 
Strategic work for IETF submission of draft-nennemann-act-01 and
draft-nennemann-wimse-ect-02:

Package restructure:
- move ACT and ECT refimpls to workspace/packages/{act,ect}/
- ietf-act and ietf-ect distribution names (sibling packages)
- cross-spec interop test plan (INTEROP-TEST-PLAN.md)

ACT draft -01 revisions:
- rename 'par' claim to 'pred' (align with ECT)
- rename 'Agent Compact Token' to 'Agent Context Token' (semantic
  alignment with ECT family)
- add Applicability section (MCP, OpenAI, LangGraph, A2A, CrewAI)
- add DAG vs Linear Delegation Chains section (differentiator vs
  txn-tokens-for-agents actchain, Agentic JWT, AIP/IBCTs)
- add Related Work: AIP, SentinelAgent, Agentic JWT, txn-tokens-for-agents,
  HDP, SCITT-AI-agent-execution
- pin SCITT arch to -22, note AUTH48 status

Outreach drafts:
- Emirdag liaison email (SCITT-AI coordination)
- OAuth ML response on txn-tokens-for-agents-06

Strategy document:
- STRATEGY.md with phased action plan, risk register, timeline

Submodule:
- update workspace/drafts/ietf-wimse-ect pointer to -02 commit
2026-04-12 07:33:08 +02:00

225 lines
10 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# ACT + ECT IETF Strategy
**Author**: Christian Nennemann
**Date**: 2026-04-12
**Status**: Active
---
## 1. Executive Summary
Two Internet-Drafts, one strategy: **ACT** (general) + **ECT** (WIMSE profile) as a complementary spec family for AI agent authorization and execution accountability.
**The window**: In the last 8 weeks, 14+ competing IETF individual drafts and 7+ high-relevance arXiv papers appeared. The space is crowding fast. **Ship -01/-02 within 2 weeks**; establish IETF 123 (July 2026) as the landing point.
**The position**: ACT is the only spec combining (a) two-phase JWT lifecycle, (b) DAG-based DAG predecessor structure, and (c) standards-track independence from proprietary agent frameworks. ECT is the only WIMSE-aligned execution-context spec.
---
## 2. Current State (What We Have)
### Artifacts in place
| Artifact | Location | Status |
|---|---|---|
| ACT draft | `packages/act/draft-nennemann-act-01.md` | -01, ready to review |
| ECT draft | `drafts/ietf-wimse-ect/draft-nennemann-wimse-ect.md` | -02, needs HTTP header update |
| ACT refimpl | `packages/act/` (ietf-act) | 103 tests pass, `pred` + Context rename done |
| ECT refimpl | `packages/ect/` (ietf-ect) | 56 tests pass, `inp_hash` bug fixed |
| ACT applicability section | In draft §1.5 | MCP, OpenAI, LangGraph, A2A, CrewAI, WIMSE-ECT |
| Diff doc vs Txn-Agents | `drafts/ietf-wimse-ect/DIFF-vs-txn-tokens-for-agents.md` | Done, ~1235 words |
| WIMSE mailing list email | `drafts/ietf-wimse-ect/wimse-intro-email.md` | Done, ~390 words |
### Recent completed work
- `par``pred` rename across ACT (spec alignment with ECT)
- "Agent Compact Token" → "Agent Context Token" rename (semantic alignment with ECT)
- Package restructure to `workspace/packages/{act,ect}/`
- ECT `inp_hash` format bug fix (removed `sha-256:` prefix)
---
## 3. Landscape (What Just Happened)
### Critical drafts published April 711, 2026
| Draft | Impact | Response |
|---|---|---|
| `draft-emirdag-scitt-ai-agent-execution-00` | SCITT profile for AgentInteractionRecord (AIR) | **Propose liaison**: ACT = lifecycle, AIR = anchor payload |
| `draft-oauth-transaction-tokens-for-agents-06` | Amazon's `actchain` competes with ACT's DAG | **Differentiate**: linear chain vs DAG (fork/join) |
| `draft-ietf-wimse-http-signature-03` | `Wimse-Audience` header **removed**`wimse-aud` param | **Breaking change — fix ECT immediately** |
| `draft-ietf-oauth-transaction-tokens-08` | In WG Last Call → RFC imminent | Lock references before publication |
| `draft-ietf-scitt-architecture-22` | In AUTH48 → RFC imminent | Update SCITT refs to RFC number |
### Competitive arXiv papers (MarApr 2026)
- **2603.24775 (AIP/IBCTs)** — closest technical competitor, JWT + Biscuit/Datalog, zero auth on ~2000 MCP servers
- **2604.02767 (SentinelAgent)** — formal Delegation Chain Calculus
- **2509.13597 (Agentic JWT)** — prior linear chain JWT
- **2603.23801 (AgentRFC — Composition Safety)** — theoretical grounding for DAG-level tracking
### Strategic openings
- `draft-ietf-wimse-arch-07 §3.3.9` — WG arch doc **already names AI/ML intermediaries as workloads**; ECT fills this gap
- **DAWN potential new WG** (`draft-king-dawn-requirements-00`, 2026-04-11) — agent discovery; ACT identity claims are natural payload
- **NIST/NCCoE Concept Paper** — US government validation of standards-first agent identity approach
---
## 4. Positioning Strategy
### The three-sentence pitch
> ACT is a two-phase JWT lifecycle — the authorization mandate transitions to a tamper-evident execution record, producing a cryptographically verifiable DAG of agent invocations. ECT is the WIMSE profile that binds ACT-style execution records to workload identity with assurance levels. Together they close the agent accountability gap that OAuth/WIMSE/SCITT leave partially open.
### Differentiation matrix
| Against | How ACT/ECT differ |
|---|---|
| `draft-oauth-transaction-tokens-for-agents` | Two-phase lifecycle (authorization → proof-of-execution), DAG (not linear `actchain`), works without AuthZ server |
| `draft-emirdag-scitt-ai-agent-execution` | Lifecycle layer complement, not competitor; ACT produces what AIR anchors |
| AIP/IBCTs (arXiv 2603.24775) | Standards-track IETF home; JWT-only (no Biscuit/Datalog complexity) |
| `draft-helixar-hdp-agentic-delegation` | JWT/JOSE-standard (vs raw JSON), DAG (vs linear), IETF path |
| SentinelAgent (arXiv 2604.02767) | Standards deployability (vs formal calculus) |
| Agentic JWT (arXiv 2509.13597) | Two-phase lifecycle; DAG vs linear chain |
### Non-goals (say this explicitly)
- ACT does not replace WIMSE WIT/WPT — it sits above
- ACT does not replace OAuth/Txn-Tokens — it profiles for agent semantics
- ACT does not require SCITT — but integrates cleanly with it
- ECT does not carry identity — it carries execution context
---
## 5. Action Plan
### Phase A — Urgent technical updates (this week)
- [ ] **A1**: Update ECT HTTP header section — replace `Wimse-Audience` with `wimse-aud` signature metadata parameter per `draft-ietf-wimse-http-signature-03`
- [ ] **A2**: Update SCITT references in ACT — point to `draft-ietf-scitt-architecture-22` (AUTH48); note RFC-to-be
- [ ] **A3**: Update Txn-Tokens references in ACT/ECT — lock to `draft-ietf-oauth-transaction-tokens-08`
- [ ] **A4**: Add "DAG vs linear chain" section to ACT — key technical differentiator
- [ ] **A5**: Add Related Work additions to ACT:
- AIP/IBCTs (arXiv 2603.24775)
- SentinelAgent (arXiv 2604.02767)
- Agentic JWT (arXiv 2509.13597)
- Txn-Tokens-for-Agents-06
- HDP (`draft-helixar-hdp-agentic-delegation`)
- [ ] **A6**: Add Related Work additions to ECT:
- WIMSE arch §3.3.9 (explicit)
- Composition Safety (arXiv 2603.23801)
- MIGT taxonomy (arXiv 2604.06148)
- NIST/NCCoE Concept Paper
- [ ] **A7**: Commit all current work to git (workspace + research.ietf subrepo)
### Phase B — External engagement (next 12 weeks)
- [ ] **B1**: Email Emirdag (VERIDIC) — propose SCITT-AI + ACT liaison; coordinate AIR payload format with ACT execution-phase claims
- [ ] **B2**: Submit ACT -01 to datatracker
- [ ] **B3**: Submit ECT -02 to datatracker
- [ ] **B4**: Post ECT intro email to wimse@ietf.org with diff doc link
- [ ] **B5**: Post short response to OAuth WG on Txn-Tokens-for-Agents-06 — compare `actchain` (linear) vs ACT `pred` (DAG), offer as complementary not competitive
- [ ] **B6**: Request 10-min slot at IETF 123 WIMSE session (July 2026)
- [ ] **B7**: Track DAWN WG charter formation — if charters, submit positioning comment on how ACT identity claims serve discovery
### Phase C — IETF 123 preparation (MayJune 2026)
- [ ] **C1**: Iterate ACT/ECT based on mailing list feedback
- [ ] **C2**: Prepare 10-min WIMSE slides (focus on: gap filled, relationship to adopted drafts, ECT's role in execution context propagation)
- [ ] **C3**: Prepare 5-min OAuth slot request if Txn-Tokens-for-Agents discussion opens
- [ ] **C4**: Reference implementation hardening: test vectors, interop with at least one other implementation
### Phase D — Post-IETF 123 (August 2026+)
- [ ] **D1**: Based on WIMSE reception: either iterate toward WG adoption or pivot to BoF-style workshop
- [ ] **D2**: If SCITT-AI liaison forms: draft joint implementation report
- [ ] **D3**: If DAWN charters: submit ACT positioning statement
---
## 6. Timeline
```
2026-04-12 Strategy finalized (today)
2026-04-12 Phase A starts
2026-04-19 Phase A complete, ACT-01 + ECT-02 submitted
2026-04-20 Phase B starts (WIMSE ML post + Emirdag outreach)
2026-05-01 All external engagement initiated
2026-07-xx IETF 123 (target: WIMSE 10-min slot)
2026-08-xx Post-IETF 123 review, decide WG adoption strategy
```
---
## 7. Risk Register
| Risk | Likelihood | Impact | Mitigation |
|---|---|---|---|
| WIMSE WG rejects ECT as out-of-charter | Medium | High | Cite arch §3.3.9 explicitly; frame as charter-aligned |
| Amazon Txn-Tokens-for-Agents gets OAuth WG adoption first | High | Medium | Differentiate at DAG/lifecycle level; position as complementary layer |
| SCITT-AI (Emirdag) adopted, ACT seen as redundant | Medium | High | Proactive liaison; position as lifecycle vs anchoring |
| DAWN charters without ACT positioning | Medium | Medium | Submit positioning statement during charter review |
| 14+ competing drafts fragment the space | High | Medium | Focus on ACT's unique two-phase lifecycle; cite competitors as related work |
| Independent-submission path stalls for ACT | Medium | Medium | Keep ECT on WG-adoption path; ACT can stay independent longer if needed |
---
## 8. Success Criteria
### 30-day criteria
- ACT-01 + ECT-02 on datatracker
- WIMSE mailing list engagement (≥3 replies from chairs/contributors)
- Emirdag liaison conversation started
### 90-day criteria (IETF 123 timing)
- 10-minute WIMSE agenda slot secured
- ≥1 independent implementation of ACT or ECT outside our refimpl
- Referenced by at least 2 other drafts
### 180-day criteria
- WIMSE WG adoption call for ECT (or clear path to it)
- SCITT-AI joint profile or explicit coordination
- ACT independent submission moving toward RFC Editor queue
---
## 9. Dependencies and Open Decisions
### External dependencies
- `draft-ietf-scitt-architecture` → RFC (timing unknown, AUTH48 now)
- `draft-ietf-oauth-transaction-tokens-08` → RFC (WG Last Call now)
- `draft-ietf-wimse-http-signature` → needs breaking change propagated
- WIMSE WG charter interpretation (chairs' call)
### Open decisions (need user input)
- Approach to Emirdag: liaison email, co-authorship offer, or just citation?
- Publish refimpls to PyPI? (currently package names `ietf-act`/`ietf-ect` reserved but not published — **no publishing without explicit user approval**)
- Repo strategy: single monorepo, or split ACT/ECT into separate Git repos for separate draft homes?
- IETF 123 travel: attend in person or remote?
---
## 10. References
### Our work
- `packages/act/draft-nennemann-act-01.md`
- `drafts/ietf-wimse-ect/draft-nennemann-wimse-ect.md` (docname -02)
- `drafts/ietf-wimse-ect/DIFF-vs-txn-tokens-for-agents.md`
- `drafts/ietf-wimse-ect/wimse-intro-email.md`
### Key competing/complementary drafts
- draft-oauth-transaction-tokens-for-agents-06 (Raut/Amazon)
- draft-emirdag-scitt-ai-agent-execution-00 (VERIDIC)
- draft-helixar-hdp-agentic-delegation-00
- draft-king-dawn-requirements-00 (potential new WG)
- draft-ietf-wimse-arch-07 (cite §3.3.9)
- draft-ietf-wimse-http-signature-03 (breaking change)
### Key arXiv references
- 2603.24775 — AIP / IBCTs
- 2604.02767 — SentinelAgent
- 2603.23801 — AgentRFC (Composition Safety)
- 2509.13597 — Agentic JWT
- 2604.06148 — MIGT taxonomy
Reference in New Issue View Git Blame Copy Permalink