c/ietf-wimse-ect
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix extension key prefix: io.wimse -> org.ietf.wimse

Browse Source 
Use correct IETF reverse domain notation for spec-defined
extension keys within the ext object.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Christian Nennemann
2026-02-24 23:21:24 +01:00
parent ed8a3f17c2
commit a6d2a955ee
4 changed files with 1061 additions and 1366 deletions
Download Patch File Download Diff File Expand all files Collapse all files

351
draft-nennemann-wimse-execution-context-00.html
View File

@@ -1397,13 +1397,10 @@ regulatory frameworks.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
<p id="section-toc.1-1.4.2.2.2.4.1"><a href="#section-4.2.4" class="auto internal xref">4.2.4</a>.  <a href="#name-data-integrity" class="internal xref">Data Integrity</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2.2.5">
<p id="section-toc.1-1.4.2.2.2.5.1"><a href="#section-4.2.5" class="auto internal xref">4.2.5</a>.  <a href="#name-task-metadata" class="internal xref">Task Metadata</a></p>
<p id="section-toc.1-1.4.2.2.2.5.1"><a href="#section-4.2.5" class="auto internal xref">4.2.5</a>.  <a href="#name-compensation-and-rollback" class="internal xref">Compensation and Rollback</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2.2.6">
<p id="section-toc.1-1.4.2.2.2.6.1"><a href="#section-4.2.6" class="auto internal xref">4.2.6</a>.  <a href="#name-compensation-and-rollback" class="internal xref">Compensation and Rollback</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2.2.7">
<p id="section-toc.1-1.4.2.2.2.7.1"><a href="#section-4.2.7" class="auto internal xref">4.2.7</a>.  <a href="#name-extensions" class="internal xref">Extensions</a></p>
<p id="section-toc.1-1.4.2.2.2.6.1"><a href="#section-4.2.6" class="auto internal xref">4.2.6</a>.  <a href="#name-extensions" class="internal xref">Extensions</a></p>
</li>
</ul>
</li>
@@ -1544,9 +1541,6 @@ regulatory frameworks.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.12.2.4">
<p id="section-toc.1-1.12.2.4.1"><a href="#section-12.4" class="auto internal xref">12.4</a>.  <a href="#name-ect-policy-decision-values-" class="internal xref">ECT Policy Decision Values Registry</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.12.2.5">
<p id="section-toc.1-1.12.2.5.1"><a href="#section-12.5" class="auto internal xref">12.5</a>.  <a href="#name-ect-regulated-domain-values" class="internal xref">ECT Regulated Domain Values Registry</a></p>
</li>
</ul>
</li>
@@ -1656,7 +1650,7 @@ requirements were evaluated at each decision point.<a href="#section-1.1-2" clas
coordinate across organizational boundaries. Multiple regulatory
frameworks — including <span>[<a href="#EU-AI-ACT" class="cite xref">EU-AI-ACT</a>]</span>, <span>[<a href="#FDA-21CFR11" class="cite xref">FDA-21CFR11</a>]</span>, <span>[<a href="#MIFID-II" class="cite xref">MIFID-II</a>]</span>,
and <span>[<a href="#DORA" class="cite xref">DORA</a>]</span> — require structured, auditable records of automated
decision-making and execution (see <a href="#_table-regulatory" class="auto internal xref">Table 4</a> for a
decision-making and execution (see <a href="#_table-regulatory" class="auto internal xref">Table 3</a> for a
detailed mapping).<a href="#section-1.1-3" class="pilcrow"></a></p>
<p id="section-1.1-4">This document defines an extension to the WIMSE architecture that
addresses the gap between workload identity and execution
@@ -2241,13 +2235,6 @@ audit trails.<a href="#section-4.2.3-2.4.3" class="pilcrow">¶</a></p>
<p id="section-4.2.3-2.6.1"><span class="bcp14">OPTIONAL</span>. StringOrURI. The identity of the entity (system or
person) that evaluated the policy decision. When present,
<span class="bcp14">SHOULD</span> use SPIFFE ID format.<a href="#section-4.2.3-2.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-4.2.3-2.7">pol_timestamp:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.3-2.8">
<p id="section-4.2.3-2.8.1"><span class="bcp14">OPTIONAL</span>. NumericDate. The time at which the policy decision
was made. When present, <span class="bcp14">MUST</span> be equal to or earlier than the
"iat" claim.<a href="#section-4.2.3-2.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
@@ -2288,110 +2275,58 @@ computed over the raw octets of the input data.<a href="#section-4.2.4-2.2.1" cl
<dd style="margin-left: 1.5em" id="section-4.2.4-2.4">
<p id="section-4.2.4-2.4.1"><span class="bcp14">OPTIONAL</span>. String. A cryptographic hash of the output data,
using the same format and algorithm requirements as "inp_hash".<a href="#section-4.2.4-2.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-4.2.4-2.5">inp_classification:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.4-2.6">
<p id="section-4.2.4-2.6.1"><span class="bcp14">OPTIONAL</span>. String. The data sensitivity classification of the
input (e.g., "public", "confidential", "restricted").<a href="#section-4.2.4-2.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="operational-claims">
<section id="section-4.2.5">
<h4 id="name-task-metadata">
<a href="#section-4.2.5" class="section-number selfRef">4.2.5. </a><a href="#name-task-metadata" class="section-name selfRef">Task Metadata</a>
</h4>
<p id="section-4.2.5-1">The following claims provide additional context about task
execution:<a href="#section-4.2.5-1" class="pilcrow"></a></p>
<span class="break"></span><dl class="dlParallel" id="section-4.2.5-2">
<dt id="section-4.2.5-2.1">exec_time_ms:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.5-2.2">
<p id="section-4.2.5-2.2.1"><span class="bcp14">OPTIONAL</span>. Integer. The execution duration of the task in
milliseconds. <span class="bcp14">MUST</span> be a non-negative integer.<a href="#section-4.2.5-2.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-4.2.5-2.3">regulated_domain:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.5-2.4">
<p id="section-4.2.5-2.4.1"><span class="bcp14">OPTIONAL</span>. String. The regulatory domain applicable to this
task. Values <span class="bcp14">MUST</span> be registered in the ECT Regulated Domain
Values registry (<a href="#regulated-domain-registry" class="auto internal xref">Section 12.5</a>).<a href="#section-4.2.5-2.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-4.2.5-2.5">model_version:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.5-2.6">
<p id="section-4.2.5-2.6.1"><span class="bcp14">OPTIONAL</span>. String. The version identifier of the AI or ML model
used to perform the task, if applicable.<a href="#section-4.2.5-2.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-4.2.5-2.7">witnessed_by:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.5-2.8">
<p id="section-4.2.5-2.8.1"><span class="bcp14">OPTIONAL</span>. Array of StringOrURI. Identifiers of third-party
entities that the issuing agent claims observed or attested to
the execution of this task. When present, each element <span class="bcp14">SHOULD</span>
use SPIFFE ID format. Note that this claim is self-asserted by
the ECT issuer; witnesses listed here do not co-sign this ECT.
For stronger assurance, witnesses <span class="bcp14">SHOULD</span> submit independent
signed ECTs to the ledger attesting to their observation (see
<a href="#witness-attestation-model" class="auto internal xref">Section 10.2.1</a>). In regulated environments,
implementations <span class="bcp14">SHOULD</span> use witness attestation for critical
decision points to mitigate the risk of single-agent false
claims. See also <a href="#self-assertion-limitation" class="auto internal xref">Section 10.2</a> for the security
implications of self-asserted witness claims.<a href="#section-4.2.5-2.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
</section>
</div>
<div id="compensation-claims">
<section id="section-4.2.6">
<section id="section-4.2.5">
<h4 id="name-compensation-and-rollback">
<a href="#section-4.2.6" class="section-number selfRef">4.2.6. </a><a href="#name-compensation-and-rollback" class="section-name selfRef">Compensation and Rollback</a>
<a href="#section-4.2.5" class="section-number selfRef">4.2.5. </a><a href="#name-compensation-and-rollback" class="section-name selfRef">Compensation and Rollback</a>
</h4>
<span class="break"></span><dl class="dlParallel" id="section-4.2.6-1">
<dt id="section-4.2.6-1.1">compensation_required:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.6-1.2">
<p id="section-4.2.6-1.2.1"><span class="bcp14">OPTIONAL</span>. Boolean. Indicates whether this task is a
compensation or rollback action for a previous task.<a href="#section-4.2.6-1.2.1" class="pilcrow"></a></p>
<span class="break"></span><dl class="dlParallel" id="section-4.2.5-1">
<dt id="section-4.2.5-1.1">compensation_required:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.5-1.2">
<p id="section-4.2.5-1.2.1"><span class="bcp14">OPTIONAL</span>. Boolean. Indicates whether this task is a
compensation or rollback action for a previous task.<a href="#section-4.2.5-1.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-4.2.6-1.3">compensation_reason:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.6-1.4">
<p id="section-4.2.6-1.4.1"><span class="bcp14">OPTIONAL</span>. String. A human-readable reason for the compensation
<dt id="section-4.2.5-1.3">compensation_reason:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.5-1.4">
<p id="section-4.2.5-1.4.1"><span class="bcp14">OPTIONAL</span>. String. A human-readable reason for the compensation
action. <span class="bcp14">MUST</span> be present if "compensation_required" is true.
Values <span class="bcp14">SHOULD</span> use structured identifiers (e.g.,
"policy_violation_in_parent_trade") rather than free-form text
to minimize the risk of embedding sensitive information. See
<a href="#data-minimization" class="auto internal xref">Section 11.2</a> for privacy guidance.
If "compensation_reason" is present, "compensation_required"
<span class="bcp14">MUST</span> be true.<a href="#section-4.2.6-1.4.1" class="pilcrow"></a></p>
<span class="bcp14">MUST</span> be true.<a href="#section-4.2.5-1.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
<p id="section-4.2.6-2">Note: compensation ECTs reference historical parent tasks via the
<p id="section-4.2.5-2">Note: compensation ECTs reference historical parent tasks via the
"par" claim. The referenced parent ECTs may have passed their own
"exp" time; ECT expiration applies to the verification window of
the ECT itself, not to its validity as a parent reference in the
ledger.<a href="#section-4.2.6-2" class="pilcrow"></a></p>
ledger.<a href="#section-4.2.5-2" class="pilcrow"></a></p>
</section>
</div>
<div id="extension-claims">
<section id="section-4.2.7">
<section id="section-4.2.6">
<h4 id="name-extensions">
<a href="#section-4.2.7" class="section-number selfRef">4.2.7. </a><a href="#name-extensions" class="section-name selfRef">Extensions</a>
<a href="#section-4.2.6" class="section-number selfRef">4.2.6. </a><a href="#name-extensions" class="section-name selfRef">Extensions</a>
</h4>
<span class="break"></span><dl class="dlParallel" id="section-4.2.7-1">
<dt id="section-4.2.7-1.1">ext:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.7-1.2">
<p id="section-4.2.7-1.2.1"><span class="bcp14">OPTIONAL</span>. Object. An extension object for domain-specific
<span class="break"></span><dl class="dlParallel" id="section-4.2.6-1">
<dt id="section-4.2.6-1.1">ext:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.6-1.2">
<p id="section-4.2.6-1.2.1"><span class="bcp14">OPTIONAL</span>. Object. An extension object for domain-specific
claims not defined by this specification. Implementations
that do not understand extension claims <span class="bcp14">MUST</span> ignore them.<a href="#section-4.2.7-1.2.1" class="pilcrow"></a></p>
that do not understand extension claims <span class="bcp14">MUST</span> ignore them.<a href="#section-4.2.6-1.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
<p id="section-4.2.7-2">To avoid key collisions between different domains, extension
<p id="section-4.2.6-2">To avoid key collisions between different domains, extension
key names <span class="bcp14">MUST</span> use reverse domain notation (e.g.,
"com.example.custom_field"). Implementations <span class="bcp14">MUST NOT</span> use
unqualified key names within the "ext" object. To prevent
@@ -2399,7 +2334,37 @@ abuse and excessive token size, the serialized JSON
representation of the "ext" object <span class="bcp14">SHOULD NOT</span> exceed 4096
bytes, and the JSON nesting depth within the "ext" object
<span class="bcp14">SHOULD NOT</span> exceed 5 levels. Implementations <span class="bcp14">SHOULD</span> reject
ECTs whose "ext" claim exceeds these limits.<a href="#section-4.2.7-2" class="pilcrow"></a></p>
ECTs whose "ext" claim exceeds these limits.<a href="#section-4.2.6-2" class="pilcrow"></a></p>
<p id="section-4.2.6-3">The following extension keys are <span class="bcp14">RECOMMENDED</span> for common use
cases. These are not registered claims; they are carried
within the "ext" object:<a href="#section-4.2.6-3" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-4.2.6-4.1">
<p id="section-4.2.6-4.1.1">"org.ietf.wimse.exec_time_ms": Integer. Execution duration in
milliseconds.<a href="#section-4.2.6-4.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.6-4.2">
<p id="section-4.2.6-4.2.1">"org.ietf.wimse.regulated_domain": String. Regulatory domain
(e.g., "medtech", "finance", "military").<a href="#section-4.2.6-4.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.6-4.3">
<p id="section-4.2.6-4.3.1">"org.ietf.wimse.model_version": String. AI/ML model version.<a href="#section-4.2.6-4.3.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.6-4.4">
<p id="section-4.2.6-4.4.1">"org.ietf.wimse.witnessed_by": Array of StringOrURI. Identifiers
of third-party entities that the issuer claims observed the
task. Note: this is self-asserted; for verifiable witness
attestation, witnesses should submit independent signed ECTs.<a href="#section-4.2.6-4.4.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.6-4.5">
<p id="section-4.2.6-4.5.1">"org.ietf.wimse.inp_classification": String. Data sensitivity
classification (e.g., "public", "confidential", "restricted").<a href="#section-4.2.6-4.5.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.6-4.6">
<p id="section-4.2.6-4.6.1">"org.ietf.wimse.pol_timestamp": NumericDate. Time at which the
policy decision was made, if distinct from "iat".<a href="#section-4.2.6-4.6.1" class="pilcrow"></a></p>
</li>
</ul>
</section>
</div>
</section>
@@ -2429,18 +2394,16 @@ ECTs whose "ext" claim exceeds these limits.<a href="#section-4.2.7-2" class="pi
"pol": "clinical_reasoning_policy_v2",
"pol_decision": "approved",
"pol_enforcer": "spiffe://example.com/policy/clinical-engine",
"pol_timestamp": 1772064145,
"inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
"out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
"inp_classification": "confidential",
"exec_time_ms": 245,
"regulated_domain": "medtech",
"model_version": "clinical-reasoning-v4.2",
"witnessed_by": [
"spiffe://example.com/audit/observer-1"
]
"ext": {
"org.ietf.wimse.pol_timestamp": 1772064145,
"org.ietf.wimse.exec_time_ms": 245,
"org.ietf.wimse.regulated_domain": "medtech",
"org.ietf.wimse.model_version": "clinical-reasoning-v4.2"
}
}
</pre>
</div>
@@ -2918,7 +2881,7 @@ Human Release Manager:
exec_act: approve_release
pol: release_approval_policy pol_decision: approved
pol_enforcer: spiffe://meddev.example/human/release-mgr-42
witnessed_by: [spiffe://meddev.example/audit/qa-observer-1]
ext: {org.ietf.wimse.witnessed_by: [...]} (extension metadata)
</pre>
</div>
<figcaption><a href="#figure-8" class="selfRef">Figure 8</a>:
@@ -3202,22 +3165,23 @@ evaluating the policy).<a href="#section-10.2-1" class="pilcrow">¶</a></p>
</ul>
<p id="section-10.2-4">The trustworthiness of ECT claims depends on the trustworthiness
of the signing agent. To mitigate single-agent false claims,
regulated environments <span class="bcp14">SHOULD</span> use the "witnessed_by" mechanism
to include independent third-party observers at critical decision
points. However, the "witnessed_by" claim is self-asserted by
the ECT issuer: the listed witnesses do not co-sign the ECT and
there is no cryptographic evidence within a single ECT that the
witnesses actually observed the task. An issuing agent could
list witnesses that did not participate.<a href="#section-10.2-4" class="pilcrow"></a></p>
regulated environments <span class="bcp14">SHOULD</span> use the "org.ietf.wimse.witnessed_by"
extension key (carried in "ext") to include independent
third-party observers at critical decision points. However,
this value is self-asserted by the ECT issuer: the listed
witnesses do not co-sign the ECT and there is no cryptographic
evidence within a single ECT that the witnesses actually
observed the task. An issuing agent could list witnesses that
did not participate.<a href="#section-10.2-4" class="pilcrow"></a></p>
<div id="witness-attestation-model">
<section id="section-10.2.1">
<h4 id="name-witness-attestation-model">
<a href="#section-10.2.1" class="section-number selfRef">10.2.1. </a><a href="#name-witness-attestation-model" class="section-name selfRef">Witness Attestation Model</a>
</h4>
<p id="section-10.2.1-1">To address the self-assertion limitation of the "witnessed_by"
claim, witnesses <span class="bcp14">SHOULD</span> submit their own independent signed ECTs
to the audit ledger attesting to the observed task. A witness
attestation ECT:<a href="#section-10.2.1-1" class="pilcrow"></a></p>
<p id="section-10.2.1-1">To address the self-assertion limitation of the
"org.ietf.wimse.witnessed_by" extension, witnesses <span class="bcp14">SHOULD</span> submit their
own independent signed ECTs to the audit ledger attesting to the
observed task. A witness attestation ECT:<a href="#section-10.2.1-1" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-10.2.1-2.1">
<p id="section-10.2.1-2.1.1"><span class="bcp14">MUST</span> set "iss" to the witness's own workload identity.<a href="#section-10.2.1-2.1.1" class="pilcrow"></a></p>
@@ -3235,11 +3199,11 @@ linking the attestation to the original task.<a href="#section-10.2.1-2.3.1" cla
confirms the observation.<a href="#section-10.2.1-2.4.1" class="pilcrow"></a></p>
</li>
</ul>
<p id="section-10.2.1-3">When a task's "witnessed_by" claim lists one or more witnesses,
auditors <span class="bcp14">SHOULD</span> verify that corresponding witness attestation
ECTs exist in the ledger for each listed witness. A mismatch
between the "witnessed_by" list and the set of independent witness
ECTs in the ledger <span class="bcp14">SHOULD</span> be flagged during audit review.<a href="#section-10.2.1-3" class="pilcrow"></a></p>
<p id="section-10.2.1-3">When a task's "org.ietf.wimse.witnessed_by" extension lists one or more
witnesses, auditors <span class="bcp14">SHOULD</span> verify that corresponding witness
attestation ECTs exist in the ledger for each listed witness. A
mismatch between the extension value and the set of independent
witness ECTs in the ledger <span class="bcp14">SHOULD</span> be flagged during audit review.<a href="#section-10.2.1-3" class="pilcrow"></a></p>
<p id="section-10.2.1-4">This model converts witness attestation from a self-asserted claim
to a cryptographically verifiable property of the ledger: the
witness independently signs their own ECT using their own key,
@@ -3387,8 +3351,8 @@ create a false execution history if they control the ledger.<a href="#section-10
by an entity independent of the workflow agents.<a href="#section-10.8-3.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-10.8-3.2">
<p id="section-10.8-3.2.1">Witness attestation: Using the "witnessed_by" claim to include
independent third-party observers.<a href="#section-10.8-3.2.1" class="pilcrow"></a></p>
<p id="section-10.8-3.2.1">Witness attestation: Using the "org.ietf.wimse.witnessed_by" extension
key in "ext" to include independent third-party observers.<a href="#section-10.8-3.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-10.8-3.3">
<p id="section-10.8-3.3.1">Cross-verification: Multiple independent ledger replicas can be
@@ -3448,7 +3412,7 @@ array to a maximum of 256 entries. Workflows requiring more
parent references <span class="bcp14">SHOULD</span> introduce intermediate aggregation
tasks. The "ext" object <span class="bcp14">SHOULD NOT</span> exceed 4096 bytes when
serialized as JSON and <span class="bcp14">SHOULD NOT</span> exceed a nesting depth of
5 levels (see also <a href="#extension-claims" class="auto internal xref">Section 4.2.7</a>).<a href="#section-10.11-1" class="pilcrow"></a></p>
5 levels (see also <a href="#extension-claims" class="auto internal xref">Section 4.2.6</a>).<a href="#section-10.11-1" class="pilcrow"></a></p>
</section>
</div>
</section>
@@ -3507,7 +3471,7 @@ The "exec_act" claim <span class="bcp14">SHOULD</span> use structured identifier
"process_payment") rather than natural language descriptions.
The "pol" claim <span class="bcp14">SHOULD</span> reference policy identifiers rather than
embedding policy content.<a href="#section-11.2-1" class="pilcrow"></a></p>
<p id="section-11.2-2">The "compensation_reason" claim (<a href="#compensation-claims" class="auto internal xref">Section 4.2.6</a>)
<p id="section-11.2-2">The "compensation_reason" claim (<a href="#compensation-claims" class="auto internal xref">Section 4.2.5</a>)
deserves particular attention: because it is human-readable and
may describe the circumstances of a failure or policy violation,
it risks exposing sensitive operational details. Implementations
@@ -3737,14 +3701,6 @@ the "JSON Web Token Claims" registry maintained by IANA:<a href="#section-12.3-1
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#policy-claims" class="auto internal xref">Section 4.2.3</a>
</td>
</tr>
<tr>
<td class="text-center" rowspan="1" colspan="1">pol_timestamp</td>
<td class="text-left" rowspan="1" colspan="1">Policy Decision Timestamp</td>
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#policy-claims" class="auto internal xref">Section 4.2.3</a>
</td>
</tr>
<tr>
@@ -3761,46 +3717,6 @@ the "JSON Web Token Claims" registry maintained by IANA:<a href="#section-12.3-1
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#data-integrity-claims" class="auto internal xref">Section 4.2.4</a>
</td>
</tr>
<tr>
<td class="text-center" rowspan="1" colspan="1">inp_classification</td>
<td class="text-left" rowspan="1" colspan="1">Input Data Classification</td>
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#data-integrity-claims" class="auto internal xref">Section 4.2.4</a>
</td>
</tr>
<tr>
<td class="text-center" rowspan="1" colspan="1">exec_time_ms</td>
<td class="text-left" rowspan="1" colspan="1">Execution Time (ms)</td>
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#operational-claims" class="auto internal xref">Section 4.2.5</a>
</td>
</tr>
<tr>
<td class="text-center" rowspan="1" colspan="1">witnessed_by</td>
<td class="text-left" rowspan="1" colspan="1">Witness Identities</td>
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#operational-claims" class="auto internal xref">Section 4.2.5</a>
</td>
</tr>
<tr>
<td class="text-center" rowspan="1" colspan="1">regulated_domain</td>
<td class="text-left" rowspan="1" colspan="1">Regulatory Domain</td>
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#operational-claims" class="auto internal xref">Section 4.2.5</a>
</td>
</tr>
<tr>
<td class="text-center" rowspan="1" colspan="1">model_version</td>
<td class="text-left" rowspan="1" colspan="1">AI/ML Model Version</td>
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#operational-claims" class="auto internal xref">Section 4.2.5</a>
</td>
</tr>
<tr>
@@ -3808,7 +3724,7 @@ the "JSON Web Token Claims" registry maintained by IANA:<a href="#section-12.3-1
<td class="text-left" rowspan="1" colspan="1">Compensation Flag</td>
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#compensation-claims" class="auto internal xref">Section 4.2.6</a>
<a href="#compensation-claims" class="auto internal xref">Section 4.2.5</a>
</td>
</tr>
<tr>
@@ -3816,7 +3732,7 @@ the "JSON Web Token Claims" registry maintained by IANA:<a href="#section-12.3-1
<td class="text-left" rowspan="1" colspan="1">Compensation Reason</td>
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#compensation-claims" class="auto internal xref">Section 4.2.6</a>
<a href="#compensation-claims" class="auto internal xref">Section 4.2.5</a>
</td>
</tr>
<tr>
@@ -3824,7 +3740,7 @@ the "JSON Web Token Claims" registry maintained by IANA:<a href="#section-12.3-1
<td class="text-left" rowspan="1" colspan="1">Extension Object</td>
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#extension-claims" class="auto internal xref">Section 4.2.7</a>
<a href="#extension-claims" class="auto internal xref">Section 4.2.6</a>
</td>
</tr>
</tbody>
@@ -3885,59 +3801,6 @@ policy is Specification Required per <span>[<a href="#RFC8126" class="cite xref"
</div>
</section>
</div>
<div id="regulated-domain-registry">
<section id="section-12.5">
<h3 id="name-ect-regulated-domain-values">
<a href="#section-12.5" class="section-number selfRef">12.5. </a><a href="#name-ect-regulated-domain-values" class="section-name selfRef">ECT Regulated Domain Values Registry</a>
</h3>
<p id="section-12.5-1">This document establishes the "ECT Regulated Domain Values"
registry under the "JSON Web Token (JWT)" group. Registration
policy is Specification Required per <span>[<a href="#RFC8126" class="cite xref">RFC8126</a>]</span>.<a href="#section-12.5-1" class="pilcrow"></a></p>
<p id="section-12.5-2">The initial contents of the registry are:<a href="#section-12.5-2" class="pilcrow"></a></p>
<span id="name-ect-regulated-domain-values-2"></span><div id="_table-regulated-domain">
<table class="center" id="table-3">
<caption>
<a href="#table-3" class="selfRef">Table 3</a>:
<a href="#name-ect-regulated-domain-values-2" class="selfRef">ECT Regulated Domain Values</a>
</caption>
<thead>
<tr>
<th class="text-center" rowspan="1" colspan="1">Value</th>
<th class="text-left" rowspan="1" colspan="1">Description</th>
<th class="text-center" rowspan="1" colspan="1">Change Controller</th>
<th class="text-center" rowspan="1" colspan="1">Reference</th>
</tr>
</thead>
<tbody>
<tr>
<td class="text-center" rowspan="1" colspan="1">medtech</td>
<td class="text-left" rowspan="1" colspan="1">Medical technology and devices</td>
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#operational-claims" class="auto internal xref">Section 4.2.5</a>
</td>
</tr>
<tr>
<td class="text-center" rowspan="1" colspan="1">finance</td>
<td class="text-left" rowspan="1" colspan="1">Financial services and trading</td>
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#operational-claims" class="auto internal xref">Section 4.2.5</a>
</td>
</tr>
<tr>
<td class="text-center" rowspan="1" colspan="1">military</td>
<td class="text-left" rowspan="1" colspan="1">Military and defense</td>
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#operational-claims" class="auto internal xref">Section 4.2.5</a>
</td>
</tr>
</tbody>
</table>
</div>
</section>
</div>
</section>
</div>
<div id="sec-combined-references">
@@ -4328,9 +4191,9 @@ compliance with various regulatory frameworks. ECTs are a
technical building block; achieving compliance requires
additional organizational measures beyond this specification.<a href="#appendix-C-1" class="pilcrow"></a></p>
<span id="name-regulatory-compliance-mappin"></span><div id="_table-regulatory">
<table class="center" id="table-4">
<table class="center" id="table-3">
<caption>
<a href="#table-4" class="selfRef">Table 4</a>:
<a href="#table-3" class="selfRef">Table 3</a>:
<a href="#name-regulatory-compliance-mappin" class="selfRef">Regulatory Compliance Mapping</a>
</caption>
<thead>
@@ -4414,9 +4277,7 @@ Agent B:<a href="#appendix-D.1-1" class="pilcrow">¶</a></p>
"pol": "clinical_data_access_policy_v1",
"pol_decision": "approved",
"inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
"out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
"exec_time_ms": 142,
"regulated_domain": "medtech"
"out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564"
}
</pre><a href="#appendix-D.1-5" class="pilcrow"></a>
</div>
@@ -4435,9 +4296,7 @@ task, and creates its own ECT:<a href="#appendix-D.1-6" class="pilcrow">¶</a></
"exec_act": "validate_safety",
"par": ["550e8400-e29b-41d4-a716-446655440001"],
"pol": "safety_validation_policy_v2",
"pol_decision": "approved",
"exec_time_ms": 89,
"regulated_domain": "medtech"
"pol_decision": "approved"
}
</pre><a href="#appendix-D.1-7" class="pilcrow"></a>
</div>
@@ -4474,8 +4333,6 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
"par": [],
"pol": "spec_review_policy_v2",
"pol_decision": "approved",
"regulated_domain": "medtech",
"model_version": "spec-review-v3.1",
"inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
"out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564"
}
@@ -4495,9 +4352,7 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
"exec_act": "implement_module",
"par": ["a1b2c3d4-0001-0000-0000-000000000001"],
"pol": "coding_standards_v3",
"pol_decision": "approved",
"regulated_domain": "medtech",
"model_version": "codegen-v2.4"
"pol_decision": "approved"
}
</pre><a href="#appendix-D.2-5" class="pilcrow"></a>
</div>
@@ -4515,9 +4370,7 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
"exec_act": "execute_test_suite",
"par": ["a1b2c3d4-0001-0000-0000-000000000002"],
"pol": "test_coverage_policy_v1",
"pol_decision": "approved",
"regulated_domain": "medtech",
"exec_time_ms": 4523
"pol_decision": "approved"
}
</pre><a href="#appendix-D.2-7" class="pilcrow"></a>
</div>
@@ -4536,7 +4389,6 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
"par": ["a1b2c3d4-0001-0000-0000-000000000003"],
"pol": "build_validation_v2",
"pol_decision": "approved",
"regulated_domain": "medtech",
"out_hash": "sha-256:Ry1YfOoW2XpC5Mq8HkGzNx3dL9vBa4sUjE7iKt0wPZc"
}
</pre><a href="#appendix-D.2-9" class="pilcrow"></a>
@@ -4557,17 +4409,19 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
"pol": "release_approval_policy",
"pol_decision": "approved",
"pol_enforcer": "spiffe://meddev.example/human/release-mgr-42",
"witnessed_by": [
"spiffe://meddev.example/audit/qa-observer-1"
],
"regulated_domain": "medtech"
"ext": {
"org.ietf.wimse.witnessed_by": [
"spiffe://meddev.example/audit/qa-observer-1"
]
}
}
</pre><a href="#appendix-D.2-11" class="pilcrow"></a>
</div>
<p id="appendix-D.2-12">The resulting DAG records the complete SDLC: spec review preceded
implementation, implementation preceded testing, testing preceded
build, and a human release manager approved the final release
with independent witness attestation.<a href="#appendix-D.2-12" class="pilcrow"></a></p>
build, and a human release manager approved the final release.
The "ext" object in task 5 carries witness metadata via
the "org.ietf.wimse.witnessed_by" extension key.<a href="#appendix-D.2-12" class="pilcrow"></a></p>
<div class="alignLeft art-text artwork" id="appendix-D.2-13">
<pre>
task-...-0001 (review_requirements_spec)
@@ -4582,7 +4436,7 @@ task-...-0003 (execute_test_suite)
task-...-0004 (build_release_artifact)
|
v
task-...-0005 (approve_release) [human, witnessed]
task-...-0005 (approve_release) [human]
</pre><a href="#appendix-D.2-13" class="pilcrow"></a>
</div>
<p id="appendix-D.2-14">An FDA auditor reconstructs this DAG by querying the audit ledger
@@ -4629,8 +4483,7 @@ task-...-0004 (execute_trade)
"f1e2d3c4-0003-0000-0000-000000000003"
],
"pol": "trade_execution_policy_v3",
"pol_decision": "approved",
"regulated_domain": "finance"
"pol_decision": "approved"
}
</pre><a href="#appendix-D.3-4" class="pilcrow"></a>
</div>