Fix extension key prefix: io.wimse -> org.ietf.wimse

Use correct IETF reverse domain notation for spec-defined
extension keys within the ext object.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

draft-nennemann-wimse-execution-context-00.md

@@ -529,11 +529,6 @@ pol_enforcer:
   person) that evaluated the policy decision.  When present,
   SHOULD use SPIFFE ID format.
 
-pol_timestamp:
-: OPTIONAL.  NumericDate.  The time at which the policy decision
-  was made.  When present, MUST be equal to or earlier than the
-  "iat" claim.
-
 This specification intentionally defines only the recording of
 policy evaluation outcomes.  The mechanisms by which policies are
 defined, distributed to agents, and evaluated are out of scope.
@@ -565,42 +560,6 @@ out_hash:
 : OPTIONAL.  String.  A cryptographic hash of the output data,
   using the same format and algorithm requirements as "inp_hash".
 
-inp_classification:
-: OPTIONAL.  String.  The data sensitivity classification of the
-  input (e.g., "public", "confidential", "restricted").
-
-### Task Metadata {#operational-claims}
-
-The following claims provide additional context about task
-execution:
-
-exec_time_ms:
-: OPTIONAL.  Integer.  The execution duration of the task in
-  milliseconds.  MUST be a non-negative integer.
-
-regulated_domain:
-: OPTIONAL.  String.  The regulatory domain applicable to this
-  task.  Values MUST be registered in the ECT Regulated Domain
-  Values registry ({{regulated-domain-registry}}).
-
-model_version:
-: OPTIONAL.  String.  The version identifier of the AI or ML model
-  used to perform the task, if applicable.
-
-witnessed_by:
-: OPTIONAL.  Array of StringOrURI.  Identifiers of third-party
-  entities that the issuing agent claims observed or attested to
-  the execution of this task.  When present, each element SHOULD
-  use SPIFFE ID format.  Note that this claim is self-asserted by
-  the ECT issuer; witnesses listed here do not co-sign this ECT.
-  For stronger assurance, witnesses SHOULD submit independent
-  signed ECTs to the ledger attesting to their observation (see
-  {{witness-attestation-model}}).  In regulated environments,
-  implementations SHOULD use witness attestation for critical
-  decision points to mitigate the risk of single-agent false
-  claims.  See also {{self-assertion-limitation}} for the security
-  implications of self-asserted witness claims.
-
 ### Compensation and Rollback {#compensation-claims}
 
 compensation_required:
@@ -640,6 +599,24 @@ bytes, and the JSON nesting depth within the "ext" object
 SHOULD NOT exceed 5 levels.  Implementations SHOULD reject
 ECTs whose "ext" claim exceeds these limits.
 
+The following extension keys are RECOMMENDED for common use
+cases.  These are not registered claims; they are carried
+within the "ext" object:
+
+- "org.ietf.wimse.exec\_time\_ms": Integer.  Execution duration in
+  milliseconds.
+- "org.ietf.wimse.regulated\_domain": String.  Regulatory domain
+  (e.g., "medtech", "finance", "military").
+- "org.ietf.wimse.model\_version": String.  AI/ML model version.
+- "org.ietf.wimse.witnessed\_by": Array of StringOrURI.  Identifiers
+  of third-party entities that the issuer claims observed the
+  task.  Note: this is self-asserted; for verifiable witness
+  attestation, witnesses should submit independent signed ECTs.
+- "org.ietf.wimse.inp\_classification": String.  Data sensitivity
+  classification (e.g., "public", "confidential", "restricted").
+- "org.ietf.wimse.pol\_timestamp": NumericDate.  Time at which the
+  policy decision was made, if distinct from "iat".
+
 ## Complete ECT Example
 
 The following is a complete ECT payload example:
@@ -660,18 +637,16 @@ The following is a complete ECT payload example:
   "pol": "clinical_reasoning_policy_v2",
   "pol_decision": "approved",
   "pol_enforcer": "spiffe://example.com/policy/clinical-engine",
-  "pol_timestamp": 1772064145,
 
   "inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
   "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
-  "inp_classification": "confidential",
-  "exec_time_ms": 245,
-  "regulated_domain": "medtech",
-  "model_version": "clinical-reasoning-v4.2",
 
-  "witnessed_by": [
-    "spiffe://example.com/audit/observer-1"
-  ]
+  "ext": {
+    "org.ietf.wimse.pol_timestamp": 1772064145,
+    "org.ietf.wimse.exec_time_ms": 245,
+    "org.ietf.wimse.regulated_domain": "medtech",
+    "org.ietf.wimse.model_version": "clinical-reasoning-v4.2"
+  }
 }
 ~~~
 {: #fig-full-ect title="Complete ECT Payload Example"}
@@ -1054,7 +1029,7 @@ Human Release Manager:
   exec_act: approve_release
   pol: release_approval_policy   pol_decision: approved
   pol_enforcer: spiffe://meddev.example/human/release-mgr-42
-  witnessed_by: [spiffe://meddev.example/audit/qa-observer-1]
+  ext: {org.ietf.wimse.witnessed_by: [...]}  (extension metadata)
 ~~~
 {: #fig-medtech-sdlc title="Medical Device SDLC Workflow"}
 
@@ -1245,20 +1220,21 @@ ECTs do not independently verify that:
 
 The trustworthiness of ECT claims depends on the trustworthiness
 of the signing agent.  To mitigate single-agent false claims,
-regulated environments SHOULD use the "witnessed_by" mechanism
-to include independent third-party observers at critical decision
-points.  However, the "witnessed_by" claim is self-asserted by
-the ECT issuer: the listed witnesses do not co-sign the ECT and
-there is no cryptographic evidence within a single ECT that the
-witnesses actually observed the task.  An issuing agent could
-list witnesses that did not participate.
+regulated environments SHOULD use the "org.ietf.wimse.witnessed_by"
+extension key (carried in "ext") to include independent
+third-party observers at critical decision points.  However,
+this value is self-asserted by the ECT issuer: the listed
+witnesses do not co-sign the ECT and there is no cryptographic
+evidence within a single ECT that the witnesses actually
+observed the task.  An issuing agent could list witnesses that
+did not participate.
 
 ### Witness Attestation Model {#witness-attestation-model}
 
-To address the self-assertion limitation of the "witnessed_by"
-claim, witnesses SHOULD submit their own independent signed ECTs
-to the audit ledger attesting to the observed task.  A witness
-attestation ECT:
+To address the self-assertion limitation of the
+"org.ietf.wimse.witnessed_by" extension, witnesses SHOULD submit their
+own independent signed ECTs to the audit ledger attesting to the
+observed task.  A witness attestation ECT:
 
 - MUST set "iss" to the witness's own workload identity.
 - MUST set "exec_act" to "witness_attestation" (or a domain-
@@ -1268,11 +1244,11 @@ attestation ECT:
 - MUST set "pol_decision" to "approved" to indicate the witness
   confirms the observation.
 
-When a task's "witnessed_by" claim lists one or more witnesses,
-auditors SHOULD verify that corresponding witness attestation
-ECTs exist in the ledger for each listed witness.  A mismatch
-between the "witnessed_by" list and the set of independent witness
-ECTs in the ledger SHOULD be flagged during audit review.
+When a task's "org.ietf.wimse.witnessed_by" extension lists one or more
+witnesses, auditors SHOULD verify that corresponding witness
+attestation ECTs exist in the ledger for each listed witness.  A
+mismatch between the extension value and the set of independent
+witness ECTs in the ledger SHOULD be flagged during audit review.
 
 This model converts witness attestation from a self-asserted claim
 to a cryptographically verifiable property of the ledger: the
@@ -1374,8 +1350,8 @@ Mitigations include:
 
 - Independent ledger maintenance: The ledger SHOULD be maintained
   by an entity independent of the workflow agents.
-- Witness attestation: Using the "witnessed_by" claim to include
-  independent third-party observers.
+- Witness attestation: Using the "org.ietf.wimse.witnessed_by" extension
+  key in "ext" to include independent third-party observers.
 - Cross-verification: Multiple independent ledger replicas can be
   compared for consistency.
 - Out-of-band audit: External auditors periodically verify ledger
@@ -1564,14 +1540,8 @@ the "JSON Web Token Claims" registry maintained by IANA:
 | pol | Policy Rule Identifier | IETF | {{policy-claims}} |
 | pol_decision | Policy Decision Result | IETF | {{policy-claims}} |
 | pol_enforcer | Policy Enforcer Identity | IETF | {{policy-claims}} |
-| pol_timestamp | Policy Decision Timestamp | IETF | {{policy-claims}} |
 | inp_hash | Input Data Hash | IETF | {{data-integrity-claims}} |
 | out_hash | Output Data Hash | IETF | {{data-integrity-claims}} |
-| inp_classification | Input Data Classification | IETF | {{data-integrity-claims}} |
-| exec_time_ms | Execution Time (ms) | IETF | {{operational-claims}} |
-| witnessed_by | Witness Identities | IETF | {{operational-claims}} |
-| regulated_domain | Regulatory Domain | IETF | {{operational-claims}} |
-| model_version | AI/ML Model Version | IETF | {{operational-claims}} |
 | compensation_required | Compensation Flag | IETF | {{compensation-claims}} |
 | compensation_reason | Compensation Reason | IETF | {{compensation-claims}} |
 | ext | Extension Object | IETF | {{extension-claims}} |
@@ -1592,21 +1562,6 @@ The initial contents of the registry are:
 | pending_human_review | Awaiting human judgment | IETF | {{policy-claims}} |
 {: #table-pol-decision title="ECT Policy Decision Values"}
 
-## ECT Regulated Domain Values Registry {#regulated-domain-registry}
-
-This document establishes the "ECT Regulated Domain Values"
-registry under the "JSON Web Token (JWT)" group.  Registration
-policy is Specification Required per {{!RFC8126}}.
-
-The initial contents of the registry are:
-
-| Value | Description | Change Controller | Reference |
-|:---:|:---|:---:|:---:|
-| medtech | Medical technology and devices | IETF | {{operational-claims}} |
-| finance | Financial services and trading | IETF | {{operational-claims}} |
-| military | Military and defense | IETF | {{operational-claims}} |
-{: #table-regulated-domain title="ECT Regulated Domain Values"}
-
 --- back
 
 # Related Work
@@ -1840,9 +1795,7 @@ ECT Payload:
   "pol": "clinical_data_access_policy_v1",
   "pol_decision": "approved",
   "inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
-  "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
-  "exec_time_ms": 142,
-  "regulated_domain": "medtech"
+  "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564"
 }
 ~~~
 
@@ -1861,9 +1814,7 @@ task, and creates its own ECT:
   "exec_act": "validate_safety",
   "par": ["550e8400-e29b-41d4-a716-446655440001"],
   "pol": "safety_validation_policy_v2",
-  "pol_decision": "approved",
-  "exec_time_ms": 89,
-  "regulated_domain": "medtech"
+  "pol_decision": "approved"
 }
 ~~~
 
@@ -1897,8 +1848,6 @@ Task 1 (Spec Review Agent):
   "par": [],
   "pol": "spec_review_policy_v2",
   "pol_decision": "approved",
-  "regulated_domain": "medtech",
-  "model_version": "spec-review-v3.1",
   "inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
   "out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564"
 }
@@ -1918,9 +1867,7 @@ Task 2 (Code Generation Agent):
   "exec_act": "implement_module",
   "par": ["a1b2c3d4-0001-0000-0000-000000000001"],
   "pol": "coding_standards_v3",
-  "pol_decision": "approved",
-  "regulated_domain": "medtech",
-  "model_version": "codegen-v2.4"
+  "pol_decision": "approved"
 }
 ~~~
 
@@ -1938,9 +1885,7 @@ Task 3 (Autonomous Test Agent):
   "exec_act": "execute_test_suite",
   "par": ["a1b2c3d4-0001-0000-0000-000000000002"],
   "pol": "test_coverage_policy_v1",
-  "pol_decision": "approved",
-  "regulated_domain": "medtech",
-  "exec_time_ms": 4523
+  "pol_decision": "approved"
 }
 ~~~
 
@@ -1959,7 +1904,6 @@ Task 4 (Build Agent):
   "par": ["a1b2c3d4-0001-0000-0000-000000000003"],
   "pol": "build_validation_v2",
   "pol_decision": "approved",
-  "regulated_domain": "medtech",
   "out_hash": "sha-256:Ry1YfOoW2XpC5Mq8HkGzNx3dL9vBa4sUjE7iKt0wPZc"
 }
 ~~~
@@ -1980,17 +1924,19 @@ Task 5 (Human Release Manager Approval):
   "pol": "release_approval_policy",
   "pol_decision": "approved",
   "pol_enforcer": "spiffe://meddev.example/human/release-mgr-42",
-  "witnessed_by": [
-    "spiffe://meddev.example/audit/qa-observer-1"
-  ],
-  "regulated_domain": "medtech"
+  "ext": {
+    "org.ietf.wimse.witnessed_by": [
+      "spiffe://meddev.example/audit/qa-observer-1"
+    ]
+  }
 }
 ~~~
 
 The resulting DAG records the complete SDLC: spec review preceded
 implementation, implementation preceded testing, testing preceded
-build, and a human release manager approved the final release
-with independent witness attestation.
+build, and a human release manager approved the final release.
+The "ext" object in task 5 carries witness metadata via
+the "org.ietf.wimse.witnessed_by" extension key.
 
 ~~~
 task-...-0001 (review_requirements_spec)
@@ -2005,7 +1951,7 @@ task-...-0003 (execute_test_suite)
 task-...-0004 (build_release_artifact)
   |
   v
-task-...-0005 (approve_release) [human, witnessed]
+task-...-0005 (approve_release) [human]
 ~~~
 
 An FDA auditor reconstructs this DAG by querying the audit ledger
@@ -2049,8 +1995,7 @@ Task 004 ECT payload:
     "f1e2d3c4-0003-0000-0000-000000000003"
   ],
   "pol": "trade_execution_policy_v3",
-  "pol_decision": "approved",
-  "regulated_domain": "finance"
+  "pol_decision": "approved"
 }
 ~~~