c/ietf-wimse-ect
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Simplify spec: remove sub, move compensation and policy to ext

Browse Source 
- Remove sub claim (always equals iss, added no information)
- Move compensation_required and compensation_reason to ext keys
- Move pol, pol_decision, pol_enforcer to ext keys
- IANA JWT Claims table reduced from 11 to 6 registered claims
- Trim witness attestation section to concise guidance
- Fix remaining ledger-mandatory language in verification
  step 15 and minimal implementation guidance

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Christian Nennemann
2026-02-25 12:38:14 +01:00
parent 898b0f8747
commit bf0f94ab30
4 changed files with 1679 additions and 1773 deletions
Download Patch File Download Diff File Expand all files Collapse all files

521
draft-nennemann-wimse-execution-context-00.html
View File

@@ -1242,7 +1242,7 @@ li > p:last-of-type:only-child {
</tr></thead>
<tfoot><tr>
<td class="left">Nennemann</td>
<td class="center">Expires 28 August 2026</td>
<td class="center">Expires 29 August 2026</td>
<td class="right">[Page]</td>
</tr></tfoot>
</table>
@@ -1255,12 +1255,12 @@ li > p:last-of-type:only-child {
<dd class="internet-draft">draft-nennemann-wimse-execution-context-00</dd>
<dt class="label-published">Published:</dt>
<dd class="published">
<time datetime="2026-02-24" class="published">24 February 2026</time>
<time datetime="2026-02-25" class="published">25 February 2026</time>
</dd>
<dt class="label-intended-status">Intended Status:</dt>
<dd class="intended-status">Standards Track</dd>
<dt class="label-expires">Expires:</dt>
<dd class="expires"><time datetime="2026-08-28">28 August 2026</time></dd>
<dd class="expires"><time datetime="2026-08-29">29 August 2026</time></dd>
<dt class="label-authors">Author:</dt>
<dd class="authors">
<div class="author">
@@ -1312,7 +1312,7 @@ regulatory frameworks.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."<a href="#section-boilerplate.1-3" class="pilcrow"></a></p>
<p id="section-boilerplate.1-4">
This Internet-Draft will expire on 28 August 2026.<a href="#section-boilerplate.1-4" class="pilcrow"></a></p>
This Internet-Draft will expire on 29 August 2026.<a href="#section-boilerplate.1-4" class="pilcrow"></a></p>
</section>
</div>
<div id="copyright">
@@ -1391,7 +1391,7 @@ regulatory frameworks.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
<p id="section-toc.1-1.4.2.2.2.2.1"><a href="#section-4.2.2" class="auto internal xref">4.2.2</a>.  <a href="#name-execution-context" class="internal xref">Execution Context</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2.2.3">
<p id="section-toc.1-1.4.2.2.2.3.1"><a href="#section-4.2.3" class="auto internal xref">4.2.3</a>.  <a href="#name-policy-evaluation" class="internal xref">Policy Evaluation</a></p>
<p id="section-toc.1-1.4.2.2.2.3.1"><a href="#section-4.2.3" class="auto internal xref">4.2.3</a>.  <a href="#name-policy-evaluation-extension" class="internal xref">Policy Evaluation Extension Keys</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.4.2.2.2.4">
<p id="section-toc.1-1.4.2.2.2.4.1"><a href="#section-4.2.4" class="auto internal xref">4.2.4</a>.  <a href="#name-data-integrity" class="internal xref">Data Integrity</a></p>
@@ -1475,11 +1475,6 @@ regulatory frameworks.<a href="#section-abstract-1" class="pilcrow">¶</a></p>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10.2.2">
<p id="section-toc.1-1.10.2.2.1"><a href="#section-10.2" class="auto internal xref">10.2</a>.  <a href="#name-self-assertion-limitation" class="internal xref">Self-Assertion Limitation</a></p>
<ul class="compact toc ulBare ulEmpty">
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10.2.2.2.1">
<p id="section-toc.1-1.10.2.2.2.1.1"><a href="#section-10.2.1" class="auto internal xref">10.2.1</a>.  <a href="#name-witness-attestation-model" class="internal xref">Witness Attestation Model</a></p>
</li>
</ul>
</li>
<li class="compact toc ulBare ulEmpty" id="section-toc.1-1.10.2.3">
<p id="section-toc.1-1.10.2.3.1"><a href="#section-10.3" class="auto internal xref">10.3</a>.  <a href="#name-organizational-prerequisite" class="internal xref">Organizational Prerequisites</a></p>
@@ -1705,7 +1700,7 @@ regulatory audit scenarios.<a href="#section-1.2-3" class="pilcrow">¶</a></p>
<p id="section-1.3-2.2.1">DAG structure for task dependency ordering (<a href="#dag-validation" class="auto internal xref">Section 6</a>)<a href="#section-1.3-2.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-1.3-2.3">
<p id="section-1.3-2.3.1">Policy checkpoint recording (<a href="#policy-claims" class="auto internal xref">Section 4.2.3</a>)<a href="#section-1.3-2.3.1" class="pilcrow"></a></p>
<p id="section-1.3-2.3.1">Policy checkpoint recording via extension keys (<a href="#policy-claims" class="auto internal xref">Section 4.2.3</a>)<a href="#section-1.3-2.3.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-1.3-2.4">
<p id="section-1.3-2.4.1">Integration with the WIMSE identity framework
@@ -2068,63 +2063,55 @@ deployments <span class="bcp14">MAY</span> use other URI schemes (e.g., HTTPS UR
URN:UUID identifiers).<a href="#section-4.2.1-2.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-4.2.1-2.3">sub:</dt>
<dt id="section-4.2.1-2.3">aud:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.1-2.4">
<p id="section-4.2.1-2.4.1"><span class="bcp14">OPTIONAL</span>. StringOrURI. The subject of the ECT. When present,
<span class="bcp14">MUST</span> equal the "iss" claim. This claim is included for
compatibility with JWT libraries and frameworks that expect a
"sub" claim to be present.<a href="#section-4.2.1-2.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-4.2.1-2.5">aud:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.1-2.6">
<p id="section-4.2.1-2.6.1"><span class="bcp14">REQUIRED</span>. StringOrURI or array of StringOrURI. The intended
<p id="section-4.2.1-2.4.1"><span class="bcp14">REQUIRED</span>. StringOrURI or array of StringOrURI. The intended
recipient(s) of the ECT. Because ECTs serve as both inter-agent
messages and audit records, the "aud" claim <span class="bcp14">SHOULD</span> contain the
identifiers of all entities that will verify the ECT. In
practice this means:<a href="#section-4.2.1-2.6.1" class="pilcrow"></a></p>
practice this means:<a href="#section-4.2.1-2.4.1" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-4.2.1-2.6.2.1">
<p id="section-4.2.1-2.6.2.1.1"><strong>Point-to-point delivery</strong>: when an ECT is sent from one
<li class="normal" id="section-4.2.1-2.4.2.1">
<p id="section-4.2.1-2.4.2.1.1"><strong>Point-to-point delivery</strong>: when an ECT is sent from one
agent to a single next agent, "aud" contains that agent's
workload identity. The receiving agent verifies the ECT and
forwards it to the ledger on behalf of the issuer.<a href="#section-4.2.1-2.6.2.1.1" class="pilcrow"></a></p>
forwards it to the ledger on behalf of the issuer.<a href="#section-4.2.1-2.4.2.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.1-2.6.2.2">
<p id="section-4.2.1-2.6.2.2.1"><strong>Direct-to-ledger submission</strong>: when an ECT is submitted
<li class="normal" id="section-4.2.1-2.4.2.2">
<p id="section-4.2.1-2.4.2.2.1"><strong>Direct-to-ledger submission</strong>: when an ECT is submitted
directly to the audit ledger (e.g., after a join or at
workflow completion), "aud" contains the ledger's identity.<a href="#section-4.2.1-2.6.2.2.1" class="pilcrow"></a></p>
workflow completion), "aud" contains the ledger's identity.<a href="#section-4.2.1-2.4.2.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.1-2.6.2.3">
<p id="section-4.2.1-2.6.2.3.1"><strong>Multi-audience</strong>: when an ECT must be verified by both the
<li class="normal" id="section-4.2.1-2.4.2.3">
<p id="section-4.2.1-2.4.2.3.1"><strong>Multi-audience</strong>: when an ECT must be verified by both the
next agent and the ledger independently, "aud" <span class="bcp14">MUST</span> be an
array containing both identifiers (e.g.,
["spiffe://example.com/agent/next",
"spiffe://example.com/system/ledger"]). Each verifier checks
that its own identity appears in the array.<a href="#section-4.2.1-2.6.2.3.1" class="pilcrow"></a></p>
that its own identity appears in the array.<a href="#section-4.2.1-2.4.2.3.1" class="pilcrow"></a></p>
</li>
</ul>
<p id="section-4.2.1-2.6.3">In multi-parent (join) scenarios where a task depends on ECTs
<p id="section-4.2.1-2.4.3">In multi-parent (join) scenarios where a task depends on ECTs
from multiple parent agents, the joining agent creates a new ECT
with the parent task IDs in "par". The "aud" of this new ECT
is set according to the rules above based on where the ECT will
be delivered — it is independent of the "aud" values in the
parent ECTs.<a href="#section-4.2.1-2.6.3" class="pilcrow"></a></p>
parent ECTs.<a href="#section-4.2.1-2.4.3" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-4.2.1-2.7">iat:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.1-2.8">
<p id="section-4.2.1-2.8.1"><span class="bcp14">REQUIRED</span>. NumericDate. The time at which the ECT was issued.
<dt id="section-4.2.1-2.5">iat:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.1-2.6">
<p id="section-4.2.1-2.6.1"><span class="bcp14">REQUIRED</span>. NumericDate. The time at which the ECT was issued.
The ECT records a completed action, so the "iat" value reflects
when the record was created, not when task execution began.<a href="#section-4.2.1-2.8.1" class="pilcrow"></a></p>
when the record was created, not when task execution began.<a href="#section-4.2.1-2.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-4.2.1-2.9">exp:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.1-2.10">
<p id="section-4.2.1-2.10.1"><span class="bcp14">REQUIRED</span>. NumericDate. The expiration time of the ECT.
<dt id="section-4.2.1-2.7">exp:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.1-2.8">
<p id="section-4.2.1-2.8.1"><span class="bcp14">REQUIRED</span>. NumericDate. The expiration time of the ECT.
Implementations <span class="bcp14">SHOULD</span> set this to 5 to 15 minutes after "iat"
to limit the replay window while allowing for reasonable clock
skew and processing time.<a href="#section-4.2.1-2.10.1" class="pilcrow"></a></p>
skew and processing time.<a href="#section-4.2.1-2.8.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
@@ -2186,70 +2173,73 @@ multiple root tasks.<a href="#section-4.2.2-2.6.1" class="pilcrow">¶</a></p>
</div>
<div id="policy-claims">
<section id="section-4.2.3">
<h4 id="name-policy-evaluation">
<a href="#section-4.2.3" class="section-number selfRef">4.2.3. </a><a href="#name-policy-evaluation" class="section-name selfRef">Policy Evaluation</a>
<h4 id="name-policy-evaluation-extension">
<a href="#section-4.2.3" class="section-number selfRef">4.2.3. </a><a href="#name-policy-evaluation-extension" class="section-name selfRef">Policy Evaluation Extension Keys</a>
</h4>
<p id="section-4.2.3-1">The following claims record policy evaluation outcomes:<a href="#section-4.2.3-1" class="pilcrow"></a></p>
<span class="break"></span><dl class="dlParallel" id="section-4.2.3-2">
<dt id="section-4.2.3-2.1">pol:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.3-2.2">
<p id="section-4.2.3-2.2.1"><span class="bcp14">OPTIONAL</span>. String. The identifier of the policy rule that was
evaluated for this task (e.g.,
"clinical_data_access_policy_v1"). <span class="bcp14">MUST</span> be present when
"pol_decision" is present.<a href="#section-4.2.3-2.2.1" class="pilcrow"></a></p>
<p id="section-4.2.3-1">Policy evaluation outcomes are recorded as extension keys within
the "ext" object (<a href="#extension-claims" class="auto internal xref">Section 4.2.6</a>). This keeps the core
registered claims focused on DAG structure and execution context,
while allowing deployments to add policy recording as needed.<a href="#section-4.2.3-1" class="pilcrow"></a></p>
<p id="section-4.2.3-2">The following extension keys are defined for policy evaluation:<a href="#section-4.2.3-2" class="pilcrow"></a></p>
<span class="break"></span><dl class="dlParallel" id="section-4.2.3-3">
<dt id="section-4.2.3-3.1">"pol":</dt>
<dd style="margin-left: 1.5em" id="section-4.2.3-3.2">
<p id="section-4.2.3-3.2.1">String. The identifier of the policy rule that was evaluated
for this task (e.g., "clinical_data_access_policy_v1"). <span class="bcp14">MUST</span>
be present when "pol_decision" is present.<a href="#section-4.2.3-3.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-4.2.3-2.3">pol_decision:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.3-2.4">
<p id="section-4.2.3-2.4.1"><span class="bcp14">OPTIONAL</span>. String. The result of the policy evaluation. When
present, <span class="bcp14">MUST</span> be one of the values registered in the ECT Policy
Decision Values registry (<a href="#pol-decision-registry" class="auto internal xref">Section 12.4</a>). <span class="bcp14">MUST</span> be
present when "pol" is present. Initial values are:<a href="#section-4.2.3-2.4.1" class="pilcrow"></a></p>
<dt id="section-4.2.3-3.3">"pol_decision":</dt>
<dd style="margin-left: 1.5em" id="section-4.2.3-3.4">
<p id="section-4.2.3-3.4.1">String. The result of the policy evaluation. When present,
<span class="bcp14">MUST</span> be one of the values registered in the ECT Policy Decision
Values registry (<a href="#pol-decision-registry" class="auto internal xref">Section 12.4</a>). <span class="bcp14">MUST</span> be present
when "pol" is present. Initial values are:<a href="#section-4.2.3-3.4.1" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-4.2.3-2.4.2.1">
<p id="section-4.2.3-2.4.2.1.1">"approved": The policy evaluation succeeded and the task
was authorized to proceed.<a href="#section-4.2.3-2.4.2.1.1" class="pilcrow"></a></p>
<li class="normal" id="section-4.2.3-3.4.2.1">
<p id="section-4.2.3-3.4.2.1.1">"approved": The policy evaluation succeeded and the task
was authorized to proceed.<a href="#section-4.2.3-3.4.2.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.3-2.4.2.2">
<p id="section-4.2.3-2.4.2.2.1">"rejected": The policy evaluation failed. A "rejected" ECT
<li class="normal" id="section-4.2.3-3.4.2.2">
<p id="section-4.2.3-3.4.2.2.1">"rejected": The policy evaluation failed. A "rejected" ECT
<span class="bcp14">MUST</span> still be recorded for accountability. An ECT with
"pol_decision" of "rejected" <span class="bcp14">MAY</span> appear as a parent in the
"par" array of a subsequent ECT, but only for compensation,
rollback, or remediation tasks. Agents <span class="bcp14">MUST NOT</span> proceed
with normal workflow execution based on a parent ECT whose
"pol_decision" is "rejected".<a href="#section-4.2.3-2.4.2.2.1" class="pilcrow"></a></p>
"pol_decision" is "rejected".<a href="#section-4.2.3-3.4.2.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.3-2.4.2.3">
<p id="section-4.2.3-2.4.2.3.1">"pending_human_review": The policy evaluation requires human
<li class="normal" id="section-4.2.3-3.4.2.3">
<p id="section-4.2.3-3.4.2.3.1">"pending_human_review": The policy evaluation requires human
judgment before proceeding. Agents <span class="bcp14">MUST NOT</span> proceed with
dependent tasks until a subsequent ECT from a human reviewer
records an "approved" decision referencing this task as a
parent.<a href="#section-4.2.3-2.4.2.3.1" class="pilcrow"></a></p>
parent.<a href="#section-4.2.3-3.4.2.3.1" class="pilcrow"></a></p>
</li>
</ul>
<p id="section-4.2.3-2.4.3">When "pol" and "pol_decision" are absent, the ECT records task
execution without a policy checkpoint. Regulated deployments
<span class="bcp14">SHOULD</span> include policy claims on all ECTs to maintain complete
audit trails.<a href="#section-4.2.3-2.4.3" class="pilcrow"></a></p>
<p id="section-4.2.3-3.4.3">When "pol" and "pol_decision" are absent from "ext", the ECT
records task execution without a policy checkpoint. Regulated
deployments <span class="bcp14">SHOULD</span> include policy keys on all ECTs to maintain
complete audit trails.<a href="#section-4.2.3-3.4.3" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-4.2.3-2.5">pol_enforcer:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.3-2.6">
<p id="section-4.2.3-2.6.1"><span class="bcp14">OPTIONAL</span>. StringOrURI. The identity of the entity (system or
person) that evaluated the policy decision. When present,
<span class="bcp14">SHOULD</span> use SPIFFE ID format.<a href="#section-4.2.3-2.6.1" class="pilcrow"></a></p>
<dt id="section-4.2.3-3.5">"pol_enforcer":</dt>
<dd style="margin-left: 1.5em" id="section-4.2.3-3.6">
<p id="section-4.2.3-3.6.1">StringOrURI. The identity of the entity (system or person)
that evaluated the policy decision. When present, <span class="bcp14">SHOULD</span> use
SPIFFE ID format.<a href="#section-4.2.3-3.6.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
<p id="section-4.2.3-3">This specification intentionally defines only the recording of
<p id="section-4.2.3-4">This specification intentionally defines only the recording of
policy evaluation outcomes. The mechanisms by which policies are
defined, distributed to agents, and evaluated are out of scope.
The "pol" claim is an opaque identifier referencing an external
The "pol" key is an opaque identifier referencing an external
policy; the semantics and enforcement of that policy are
determined by the deployment environment. Implementations may
use any policy engine or framework (e.g., OPA/Rego, Cedar, XACML,
or custom solutions) provided that the evaluation outcome is
faithfully recorded in the ECT claims defined above.<a href="#section-4.2.3-3" class="pilcrow"></a></p>
faithfully recorded in the "ext" keys defined above.<a href="#section-4.2.3-4" class="pilcrow"></a></p>
</section>
</div>
<div id="data-integrity-claims">
@@ -2288,31 +2278,12 @@ using the same format and algorithm requirements as "inp_hash".<a href="#section
<h4 id="name-compensation-and-rollback">
<a href="#section-4.2.5" class="section-number selfRef">4.2.5. </a><a href="#name-compensation-and-rollback" class="section-name selfRef">Compensation and Rollback</a>
</h4>
<span class="break"></span><dl class="dlParallel" id="section-4.2.5-1">
<dt id="section-4.2.5-1.1">compensation_required:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.5-1.2">
<p id="section-4.2.5-1.2.1"><span class="bcp14">OPTIONAL</span>. Boolean. Indicates whether this task is a
compensation or rollback action for a previous task.<a href="#section-4.2.5-1.2.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
<dt id="section-4.2.5-1.3">compensation_reason:</dt>
<dd style="margin-left: 1.5em" id="section-4.2.5-1.4">
<p id="section-4.2.5-1.4.1"><span class="bcp14">OPTIONAL</span>. String. A human-readable reason for the compensation
action. <span class="bcp14">MUST</span> be present if "compensation_required" is true.
Values <span class="bcp14">SHOULD</span> use structured identifiers (e.g.,
"policy_violation_in_parent_trade") rather than free-form text
to minimize the risk of embedding sensitive information. See
<a href="#data-minimization" class="auto internal xref">Section 11.2</a> for privacy guidance.
If "compensation_reason" is present, "compensation_required"
<span class="bcp14">MUST</span> be true.<a href="#section-4.2.5-1.4.1" class="pilcrow"></a></p>
</dd>
<dd class="break"></dd>
</dl>
<p id="section-4.2.5-2">Note: compensation ECTs reference historical parent tasks via the
"par" claim. The referenced parent ECTs may have passed their own
"exp" time; ECT expiration applies to the verification window of
the ECT itself, not to its validity as a parent reference in the
ledger.<a href="#section-4.2.5-2" class="pilcrow"></a></p>
<p id="section-4.2.5-1">Compensation and rollback actions are recorded using the "par"
claim to reference the original task and the "exec_act" claim to
describe the remediation action. The referenced parent ECTs may
have passed their own "exp" time; ECT expiration applies to the
verification window of the ECT itself, not to its validity as a
parent reference in the ECT store.<a href="#section-4.2.5-1" class="pilcrow"></a></p>
</section>
</div>
<div id="extension-claims">
@@ -2340,31 +2311,57 @@ levels. Implementations <span class="bcp14">SHOULD</span> reject ECTs whose "ex
exceeds these limits.<a href="#section-4.2.6-2" class="pilcrow"></a></p>
<p id="section-4.2.6-3">The following extension keys are defined by this specification
for common use cases. Because these keys are documented here,
they use short names without reverse domain prefixes:<a href="#section-4.2.6-3" class="pilcrow"></a></p>
they use short names without reverse domain prefixes.<a href="#section-4.2.6-3" class="pilcrow"></a></p>
<p id="section-4.2.6-4">Policy evaluation keys (see <a href="#policy-claims" class="auto internal xref">Section 4.2.3</a> for full
definitions and decision value semantics):<a href="#section-4.2.6-4" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-4.2.6-4.1">
<p id="section-4.2.6-4.1.1">"exec_time_ms": Integer. Execution duration in milliseconds.<a href="#section-4.2.6-4.1.1" class="pilcrow"></a></p>
<li class="normal" id="section-4.2.6-5.1">
<p id="section-4.2.6-5.1.1">"pol": String. Policy rule identifier.<a href="#section-4.2.6-5.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.6-4.2">
<p id="section-4.2.6-4.2.1">"regulated_domain": String. Regulatory domain (e.g.,
"medtech", "finance", "military").<a href="#section-4.2.6-4.2.1" class="pilcrow"></a></p>
<li class="normal" id="section-4.2.6-5.2">
<p id="section-4.2.6-5.2.1">"pol_decision": String. Policy evaluation outcome
("approved", "rejected", or "pending_human_review").<a href="#section-4.2.6-5.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.6-4.3">
<p id="section-4.2.6-4.3.1">"model_version": String. AI/ML model version.<a href="#section-4.2.6-4.3.1" class="pilcrow"></a></p>
<li class="normal" id="section-4.2.6-5.3">
<p id="section-4.2.6-5.3.1">"pol_enforcer": StringOrURI. Identity of the policy
evaluator.<a href="#section-4.2.6-5.3.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.6-4.4">
<p id="section-4.2.6-4.4.1">"witnessed_by": Array of StringOrURI. Identifiers of
<li class="normal" id="section-4.2.6-5.4">
<p id="section-4.2.6-5.4.1">"pol_timestamp": NumericDate. Time at which the policy
decision was made, if distinct from "iat".<a href="#section-4.2.6-5.4.1" class="pilcrow"></a></p>
</li>
</ul>
<p id="section-4.2.6-6">Operational metadata keys:<a href="#section-4.2.6-6" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-4.2.6-7.1">
<p id="section-4.2.6-7.1.1">"exec_time_ms": Integer. Execution duration in milliseconds.<a href="#section-4.2.6-7.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.6-7.2">
<p id="section-4.2.6-7.2.1">"regulated_domain": String. Regulatory domain (e.g.,
"medtech", "finance", "military").<a href="#section-4.2.6-7.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.6-7.3">
<p id="section-4.2.6-7.3.1">"model_version": String. AI/ML model version.<a href="#section-4.2.6-7.3.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.6-7.4">
<p id="section-4.2.6-7.4.1">"witnessed_by": Array of StringOrURI. Identifiers of
third-party entities that the issuer claims observed the
task. Note: this is self-asserted; for verifiable witness
attestation, witnesses should submit independent signed ECTs.<a href="#section-4.2.6-4.4.1" class="pilcrow"></a></p>
attestation, witnesses should submit independent signed ECTs.<a href="#section-4.2.6-7.4.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.6-4.5">
<p id="section-4.2.6-4.5.1">"inp_classification": String. Data sensitivity classification
(e.g., "public", "confidential", "restricted").<a href="#section-4.2.6-4.5.1" class="pilcrow"></a></p>
<li class="normal" id="section-4.2.6-7.5">
<p id="section-4.2.6-7.5.1">"inp_classification": String. Data sensitivity classification
(e.g., "public", "confidential", "restricted").<a href="#section-4.2.6-7.5.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.6-4.6">
<p id="section-4.2.6-4.6.1">"pol_timestamp": NumericDate. Time at which the policy
decision was made, if distinct from "iat".<a href="#section-4.2.6-4.6.1" class="pilcrow"></a></p>
<li class="normal" id="section-4.2.6-7.6">
<p id="section-4.2.6-7.6.1">"compensation_required": Boolean. Indicates whether this task
is a compensation or rollback action.<a href="#section-4.2.6-7.6.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-4.2.6-7.7">
<p id="section-4.2.6-7.7.1">"compensation_reason": String. Structured reason code for the
compensation action (e.g., "policy_violation_in_parent_trade").
<span class="bcp14">SHOULD</span> use structured identifiers rather than free-form text
to minimize information leakage (see <a href="#data-minimization" class="auto internal xref">Section 11.2</a>).<a href="#section-4.2.6-7.7.1" class="pilcrow"></a></p>
</li>
</ul>
</section>
@@ -2383,7 +2380,6 @@ decision was made, if distinct from "iat".<a href="#section-4.2.6-4.6.1" class="
<pre>
{
"iss": "spiffe://example.com/agent/clinical",
"sub": "spiffe://example.com/agent/clinical",
"aud": "spiffe://example.com/agent/safety",
"iat": 1772064150,
"exp": 1772064750,
@@ -2393,14 +2389,13 @@ decision was made, if distinct from "iat".<a href="#section-4.2.6-4.6.1" class="
"exec_act": "recommend_treatment",
"par": [],
"pol": "clinical_reasoning_policy_v2",
"pol_decision": "approved",
"pol_enforcer": "spiffe://example.com/policy/clinical-engine",
"inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
"out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
"ext": {
"pol": "clinical_reasoning_policy_v2",
"pol_decision": "approved",
"pol_enforcer": "spiffe://example.com/policy/clinical-engine",
"pol_timestamp": 1772064145,
"exec_time_ms": 245,
"regulated_domain": "medtech",
@@ -2521,15 +2516,14 @@ lead back to the current ECT's "jti". If a cycle is detected,
the ECT <span class="bcp14">MUST</span> be rejected.<a href="#section-6.2-2.4.1" class="pilcrow"></a></p>
</li>
<li id="section-6.2-2.5">
<p id="section-6.2-2.5.1">Parent Policy Decision: If any parent ECT contains a
"pol_decision" of "rejected" or "pending_human_review", the
current ECT's "exec_act" <span class="bcp14">MUST</span> indicate a compensation,
rollback, remediation, or human review action.
Implementations <span class="bcp14">MUST NOT</span> accept an ECT representing normal
workflow continuation when a parent's "pol_decision" is not
"approved", unless the current ECT has "compensation_required"
set to true. This rule only applies when the parent ECT
contains policy claims.<a href="#section-6.2-2.5.1" class="pilcrow"></a></p>
<p id="section-6.2-2.5.1">Parent Policy Decision: If any parent ECT's "ext" object
contains a "pol_decision" of "rejected" or
"pending_human_review", the current ECT's "exec_act" <span class="bcp14">MUST</span>
indicate a compensation, rollback, remediation, or human
review action. Implementations <span class="bcp14">MUST NOT</span> accept an ECT
representing normal workflow continuation when a parent's
"pol_decision" is not "approved". This rule only applies
when the parent ECT's "ext" contains policy keys.<a href="#section-6.2-2.5.1" class="pilcrow"></a></p>
</li>
<li id="section-6.2-2.6">
<p id="section-6.2-2.6.1">Trust Domain Consistency: Parent tasks <span class="bcp14">SHOULD</span> belong to the
@@ -2678,22 +2672,22 @@ verifier's current time, to account for clock skew).<a href="#section-7.1-2.11.1
present and well-formed.<a href="#section-7.1-2.12.1" class="pilcrow"></a></p>
</li>
<li id="section-7.1-2.13">
<p id="section-7.1-2.13.1">If "pol" or "pol_decision" is present, verify that both are
present and that "pol_decision" is one of "approved",
"rejected", or "pending_human_review".<a href="#section-7.1-2.13.1" class="pilcrow"></a></p>
<p id="section-7.1-2.13.1">If "ext" is present and contains "pol" or "pol_decision",
verify that both are present and that "pol_decision" is one
of "approved", "rejected", or "pending_human_review".<a href="#section-7.1-2.13.1" class="pilcrow"></a></p>
</li>
<li id="section-7.1-2.14">
<p id="section-7.1-2.14.1">Perform DAG validation per <a href="#dag-validation" class="auto internal xref">Section 6</a>.<a href="#section-7.1-2.14.1" class="pilcrow"></a></p>
</li>
<li id="section-7.1-2.15">
<p id="section-7.1-2.15.1">If all checks pass, the ECT <span class="bcp14">MUST</span> be appended to the audit
ledger.<a href="#section-7.1-2.15.1" class="pilcrow"></a></p>
<p id="section-7.1-2.15.1">If all checks pass and an audit ledger is deployed, the ECT
<span class="bcp14">SHOULD</span> be appended to the ledger.<a href="#section-7.1-2.15.1" class="pilcrow"></a></p>
</li>
</ol>
<p id="section-7.1-3">If any verification step fails, the ECT <span class="bcp14">MUST</span> be rejected and the
failure <span class="bcp14">MUST</span> be logged for audit purposes. Error messages
<span class="bcp14">SHOULD NOT</span> reveal whether specific parent task IDs exist in the
ledger, to prevent information disclosure.<a href="#section-7.1-3" class="pilcrow"></a></p>
ECT store, to prevent information disclosure.<a href="#section-7.1-3" class="pilcrow"></a></p>
<p id="section-7.1-4">When ECT verification fails during HTTP request processing, the
receiving agent <span class="bcp14">SHOULD</span> respond with HTTP 403 (Forbidden) if the
WIT is valid but the ECT is invalid, and HTTP 401
@@ -2767,11 +2761,12 @@ function verify_ect(ect_jws, verifier_id,
if claim not in payload:
return reject("Missing required claim: " + claim)
// Validate policy claims (optional, but must be paired)
if "pol" in payload or "pol_decision" in payload:
if "pol" not in payload or "pol_decision" not in payload:
// Validate policy extension keys (optional, but must be paired)
ext = payload.ext or {}
if "pol" in ext or "pol_decision" in ext:
if "pol" not in ext or "pol_decision" not in ext:
return reject("pol and pol_decision must both be present")
if payload.pol_decision not in
if ext.pol_decision not in
["approved", "rejected", "pending_human_review"]:
return reject("Invalid pol_decision value")
@@ -2862,29 +2857,34 @@ software used in medical devices.<a href="#section-9.1-1" class="pilcrow">¶</a>
Agent A (Spec Reviewer):
jti: task-001 par: []
exec_act: review_requirements_spec
pol: spec_review_policy_v2 pol_decision: approved
ext.pol: spec_review_policy_v2
ext.pol_decision: approved
Agent B (Code Generator):
jti: task-002 par: [task-001]
exec_act: implement_module
pol: coding_standards_v3 pol_decision: approved
ext.pol: coding_standards_v3
ext.pol_decision: approved
Agent C (Test Agent):
jti: task-003 par: [task-002]
exec_act: execute_test_suite
pol: test_coverage_policy_v1 pol_decision: approved
ext.pol: test_coverage_policy_v1
ext.pol_decision: approved
Agent D (Build Agent):
jti: task-004 par: [task-003]
exec_act: build_release_artifact
pol: build_validation_v2 pol_decision: approved
ext.pol: build_validation_v2
ext.pol_decision: approved
Human Release Manager:
jti: task-005 par: [task-004]
exec_act: approve_release
pol: release_approval_policy pol_decision: approved
pol_enforcer: spiffe://meddev.example/human/release-mgr-42
ext: {witnessed_by: [...]} (extension metadata)
ext.pol: release_approval_policy
ext.pol_decision: approved
ext.pol_enforcer: spiffe://meddev.example/human/release-mgr-42
ext.witnessed_by: [...]
</pre>
</div>
<figcaption><a href="#figure-8" class="selfRef">Figure 8</a>:
@@ -2987,17 +2987,20 @@ execution.<a href="#section-9.2-1" class="pilcrow">¶</a></p>
Agent A (Risk Assessment):
jti: task-001 par: []
exec_act: calculate_risk_exposure
pol: risk_limits_policy_v2 pol_decision: approved
ext.pol: risk_limits_policy_v2
ext.pol_decision: approved
Agent B (Compliance):
jti: task-002 par: [task-001]
exec_act: verify_compliance
pol: compliance_check_v1 pol_decision: approved
ext.pol: compliance_check_v1
ext.pol_decision: approved
Agent C (Execution):
jti: task-003 par: [task-002]
exec_act: execute_trade
pol: execution_policy_v3 pol_decision: approved
ext.pol: execution_policy_v3
ext.pol_decision: approved
</pre>
</div>
<figcaption><a href="#figure-10" class="selfRef">Figure 10</a>:
@@ -3034,7 +3037,6 @@ a cryptographic link to the original task:<a href="#section-9.3-1" class="pilcro
<pre>
{
"iss": "spiffe://bank.example/agent/operations",
"sub": "spiffe://bank.example/agent/operations",
"aud": "spiffe://bank.example/system/ledger",
"iat": 1772150550,
"exp": 1772151150,
@@ -3042,11 +3044,13 @@ a cryptographic link to the original task:<a href="#section-9.3-1" class="pilcro
"wid": "d3e4f5a6-b7c8-9012-def0-123456789012",
"exec_act": "initiate_trade_rollback",
"par": ["550e8400-e29b-41d4-a716-446655440003"],
"pol": "compensation_policy_v1",
"pol_decision": "approved",
"pol_enforcer": "spiffe://bank.example/human/compliance-officer",
"compensation_required": true,
"compensation_reason": "policy_violation_in_parent_trade"
"ext": {
"pol": "compensation_policy_v1",
"pol_decision": "approved",
"pol_enforcer": "spiffe://bank.example/human/compliance-officer",
"compensation_required": true,
"compensation_reason": "policy_violation_in_parent_trade"
}
}
</pre>
</div>
@@ -3074,27 +3078,32 @@ required checks were completed:<a href="#section-9.4-1" class="pilcrow">¶</a></
Agent A (Route Planning):
jti: task-001 par: []
exec_act: plan_route
pol: route_policy_v1 pol_decision: approved
ext.pol: route_policy_v1
ext.pol_decision: approved
Agent B (Customs):
jti: task-002 par: [task-001]
exec_act: validate_customs
pol: customs_policy_v2 pol_decision: approved
ext.pol: customs_policy_v2
ext.pol_decision: approved
Agent C (Safety):
jti: task-003 par: [task-001]
exec_act: verify_cargo_safety
pol: safety_policy_v1 pol_decision: approved
ext.pol: safety_policy_v1
ext.pol_decision: approved
Agent D (Payment):
jti: task-004 par: [task-002, task-003]
exec_act: authorize_payment
pol: payment_policy_v3 pol_decision: approved
ext.pol: payment_policy_v3
ext.pol_decision: approved
System (Commitment):
jti: task-005 par: [task-004]
exec_act: commit_shipment
pol: commitment_policy_v1 pol_decision: approved
ext.pol: commitment_policy_v1
ext.pol_decision: approved
</pre>
</div>
<figcaption><a href="#figure-12" class="selfRef">Figure 12</a>:
@@ -3149,8 +3158,8 @@ to alter perceived execution ordering.<a href="#section-10.1-2.4.1" class="pilcr
<p id="section-10.2-1">ECTs are self-asserted by the executing agent. The agent claims
what it did, and this claim is signed with its private key. A
compromised or malicious agent could create ECTs with false claims
(e.g., setting "pol_decision" to "approved" without actually
evaluating the policy).<a href="#section-10.2-1" class="pilcrow"></a></p>
(e.g., setting "pol_decision" in "ext" to "approved" without
actually evaluating the policy).<a href="#section-10.2-1" class="pilcrow"></a></p>
<p id="section-10.2-2">ECTs do not independently verify that:<a href="#section-10.2-2" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-10.2-3.1">
@@ -3176,44 +3185,11 @@ witnesses do not co-sign the ECT and there is no cryptographic
evidence within a single ECT that the witnesses actually
observed the task. An issuing agent could list witnesses that
did not participate.<a href="#section-10.2-4" class="pilcrow"></a></p>
<div id="witness-attestation-model">
<section id="section-10.2.1">
<h4 id="name-witness-attestation-model">
<a href="#section-10.2.1" class="section-number selfRef">10.2.1. </a><a href="#name-witness-attestation-model" class="section-name selfRef">Witness Attestation Model</a>
</h4>
<p id="section-10.2.1-1">To address the self-assertion limitation of the
"witnessed_by" extension, witnesses <span class="bcp14">SHOULD</span> submit their
own independent signed ECTs to the audit ledger attesting to the
observed task. A witness attestation ECT:<a href="#section-10.2.1-1" class="pilcrow"></a></p>
<ul class="normal">
<li class="normal" id="section-10.2.1-2.1">
<p id="section-10.2.1-2.1.1"><span class="bcp14">MUST</span> set "iss" to the witness's own workload identity.<a href="#section-10.2.1-2.1.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-10.2.1-2.2">
<p id="section-10.2.1-2.2.1"><span class="bcp14">MUST</span> set "exec_act" to "witness_attestation" (or a domain-
specific equivalent).<a href="#section-10.2.1-2.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-10.2.1-2.3">
<p id="section-10.2.1-2.3.1"><span class="bcp14">MUST</span> include the observed task's "jti" in the "par" array,
linking the attestation to the original task.<a href="#section-10.2.1-2.3.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-10.2.1-2.4">
<p id="section-10.2.1-2.4.1"><span class="bcp14">MUST</span> set "pol_decision" to "approved" to indicate the witness
confirms the observation.<a href="#section-10.2.1-2.4.1" class="pilcrow"></a></p>
</li>
</ul>
<p id="section-10.2.1-3">When a task's "witnessed_by" extension lists one or more
witnesses, auditors <span class="bcp14">SHOULD</span> verify that corresponding witness
attestation ECTs exist in the ledger for each listed witness. A
mismatch between the extension value and the set of independent
witness ECTs in the ledger <span class="bcp14">SHOULD</span> be flagged during audit review.<a href="#section-10.2.1-3" class="pilcrow"></a></p>
<p id="section-10.2.1-4">This model converts witness attestation from a self-asserted claim
to a cryptographically verifiable property of the ledger: the
witness independently signs their own ECT using their own key,
and the ledger records both the original task ECT and the witness
attestation ECTs.<a href="#section-10.2.1-4" class="pilcrow"></a></p>
</section>
</div>
<p id="section-10.2-5">To strengthen witness attestation beyond self-assertion, witnesses
<span class="bcp14">SHOULD</span> submit their own independent signed ECTs referencing the
observed task's "jti" in the "par" array. Auditors can then
cross-check the "witnessed_by" extension against independent
witness ECTs in the ECT store.<a href="#section-10.2-5" class="pilcrow"></a></p>
</section>
</div>
<div id="organizational-prerequisites">
@@ -3439,8 +3415,8 @@ serialized as JSON and <span class="bcp14">SHOULD NOT</span> exceed a nesting de
<p id="section-11.1-2.2.1">Action descriptions ("exec_act") for audit trail completeness<a href="#section-11.1-2.2.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-11.1-2.3">
<p id="section-11.1-2.3.1">Policy evaluation outcomes ("pol", "pol_decision") for
compliance verification<a href="#section-11.1-2.3.1" class="pilcrow"></a></p>
<p id="section-11.1-2.3.1">Policy evaluation outcomes (via "ext" keys "pol",
"pol_decision") when present, for compliance verification<a href="#section-11.1-2.3.1" class="pilcrow"></a></p>
</li>
<li class="normal" id="section-11.1-2.4">
<p id="section-11.1-2.4.1">Timestamps ("iat", "exp") for temporal ordering<a href="#section-11.1-2.4.1" class="pilcrow"></a></p>
@@ -3472,17 +3448,13 @@ hashes via "inp_hash" and "out_hash")<a href="#section-11.1-4.1.1" class="pilcro
<p id="section-11.2-1">Implementations <span class="bcp14">SHOULD</span> minimize the information included in ECTs.
The "exec_act" claim <span class="bcp14">SHOULD</span> use structured identifiers (e.g.,
"process_payment") rather than natural language descriptions.
The "pol" claim <span class="bcp14">SHOULD</span> reference policy identifiers rather than
embedding policy content.<a href="#section-11.2-1" class="pilcrow"></a></p>
<p id="section-11.2-2">The "compensation_reason" claim (<a href="#compensation-claims" class="auto internal xref">Section 4.2.5</a>)
deserves particular attention: because it is human-readable and
may describe the circumstances of a failure or policy violation,
it risks exposing sensitive operational details. Implementations
<span class="bcp14">SHOULD</span> use short, structured reason codes (e.g.,
"policy_violation_in_parent_trade") rather than free-form
natural language explanations. Implementers <span class="bcp14">SHOULD</span> review
"compensation_reason" values for potential information leakage
before deploying to production.<a href="#section-11.2-2" class="pilcrow"></a></p>
The "pol" extension key <span class="bcp14">SHOULD</span> reference policy identifiers
rather than embedding policy content.<a href="#section-11.2-1" class="pilcrow"></a></p>
<p id="section-11.2-2">The "compensation_reason" extension key in "ext"
(<a href="#compensation-claims" class="auto internal xref">Section 4.2.5</a>) deserves particular attention: because
it is human-readable, it risks exposing sensitive operational
details. See <a href="#extension-claims" class="auto internal xref">Section 4.2.6</a> for guidance on using
structured identifiers.<a href="#section-11.2-2" class="pilcrow"></a></p>
</section>
</div>
<div id="storage-and-access-control">
@@ -3680,30 +3652,6 @@ the "JSON Web Token Claims" registry maintained by IANA:<a href="#section-12.3-1
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#exec-claims" class="auto internal xref">Section 4.2.2</a>
</td>
</tr>
<tr>
<td class="text-center" rowspan="1" colspan="1">pol</td>
<td class="text-left" rowspan="1" colspan="1">Policy Rule Identifier</td>
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#policy-claims" class="auto internal xref">Section 4.2.3</a>
</td>
</tr>
<tr>
<td class="text-center" rowspan="1" colspan="1">pol_decision</td>
<td class="text-left" rowspan="1" colspan="1">Policy Decision Result</td>
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#policy-claims" class="auto internal xref">Section 4.2.3</a>
</td>
</tr>
<tr>
<td class="text-center" rowspan="1" colspan="1">pol_enforcer</td>
<td class="text-left" rowspan="1" colspan="1">Policy Enforcer Identity</td>
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#policy-claims" class="auto internal xref">Section 4.2.3</a>
</td>
</tr>
<tr>
@@ -3720,22 +3668,6 @@ the "JSON Web Token Claims" registry maintained by IANA:<a href="#section-12.3-1
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#data-integrity-claims" class="auto internal xref">Section 4.2.4</a>
</td>
</tr>
<tr>
<td class="text-center" rowspan="1" colspan="1">compensation_required</td>
<td class="text-left" rowspan="1" colspan="1">Compensation Flag</td>
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#compensation-claims" class="auto internal xref">Section 4.2.5</a>
</td>
</tr>
<tr>
<td class="text-center" rowspan="1" colspan="1">compensation_reason</td>
<td class="text-left" rowspan="1" colspan="1">Compensation Reason</td>
<td class="text-center" rowspan="1" colspan="1">IETF</td>
<td class="text-center" rowspan="1" colspan="1">
<a href="#compensation-claims" class="auto internal xref">Section 4.2.5</a>
</td>
</tr>
<tr>
@@ -3749,6 +3681,10 @@ the "JSON Web Token Claims" registry maintained by IANA:<a href="#section-12.3-1
</tbody>
</table>
</div>
<p id="section-12.3-3">Note: Policy evaluation keys ("pol", "pol_decision",
"pol_enforcer") are carried within the "ext" object as
spec-defined extension keys (<a href="#policy-claims" class="auto internal xref">Section 4.2.3</a>) and do not
require separate JWT Claims registration.<a href="#section-12.3-3" class="pilcrow"></a></p>
</section>
</div>
<div id="pol-decision-registry">
@@ -4101,8 +4037,9 @@ use cases are distinct.<a href="#appendix-A.7-1" class="pilcrow">¶</a></p>
<ol start="1" type="1" class="normal type-1" id="appendix-B.1-2">
<li id="appendix-B.1-2.1">
<p id="appendix-B.1-2.1.1">Create JWTs with all required claims ("iss", "aud", "iat",
"exp", "jti", "exec_act", "par") and policy claims ("pol",
"pol_decision") when policy evaluation was performed.<a href="#appendix-B.1-2.1.1" class="pilcrow"></a></p>
"exp", "jti", "exec_act", "par") and policy extension keys
("ext.pol", "ext.pol_decision") when policy evaluation was
performed.<a href="#appendix-B.1-2.1.1" class="pilcrow"></a></p>
</li>
<li id="appendix-B.1-2.2">
<p id="appendix-B.1-2.2.1">Sign ECTs with the agent's private key using an algorithm
@@ -4116,7 +4053,7 @@ matching the WIT (ES256 recommended).<a href="#appendix-B.1-2.2.1" class="pilcro
cycle detection).<a href="#appendix-B.1-2.4.1" class="pilcrow"></a></p>
</li>
<li id="appendix-B.1-2.5">
<p id="appendix-B.1-2.5.1">Append verified ECTs to the audit ledger.<a href="#appendix-B.1-2.5.1" class="pilcrow"></a></p>
<p id="appendix-B.1-2.5.1">If an audit ledger is deployed, append verified ECTs to it.<a href="#appendix-B.1-2.5.1" class="pilcrow"></a></p>
</li>
</ol>
</section>
@@ -4269,7 +4206,6 @@ Agent B:<a href="#appendix-D.1-1" class="pilcrow">¶</a></p>
<pre>
{
"iss": "spiffe://example.com/agent/data-retrieval",
"sub": "spiffe://example.com/agent/data-retrieval",
"aud": "spiffe://example.com/agent/validator",
"iat": 1772064150,
"exp": 1772064750,
@@ -4277,10 +4213,12 @@ Agent B:<a href="#appendix-D.1-1" class="pilcrow">¶</a></p>
"wid": "b1c2d3e4-f5a6-7890-bcde-f01234567890",
"exec_act": "fetch_patient_data",
"par": [],
"pol": "clinical_data_access_policy_v1",
"pol_decision": "approved",
"inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
"out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564"
"out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
"ext": {
"pol": "clinical_data_access_policy_v1",
"pol_decision": "approved"
}
}
</pre><a href="#appendix-D.1-5" class="pilcrow"></a>
</div>
@@ -4290,7 +4228,6 @@ task, and creates its own ECT:<a href="#appendix-D.1-6" class="pilcrow">¶</a></
<pre>
{
"iss": "spiffe://example.com/agent/validator",
"sub": "spiffe://example.com/agent/validator",
"aud": "spiffe://example.com/system/ledger",
"iat": 1772064160,
"exp": 1772064760,
@@ -4298,8 +4235,10 @@ task, and creates its own ECT:<a href="#appendix-D.1-6" class="pilcrow">¶</a></
"wid": "b1c2d3e4-f5a6-7890-bcde-f01234567890",
"exec_act": "validate_safety",
"par": ["550e8400-e29b-41d4-a716-446655440001"],
"pol": "safety_validation_policy_v2",
"pol_decision": "approved"
"ext": {
"pol": "safety_validation_policy_v2",
"pol_decision": "approved"
}
}
</pre><a href="#appendix-D.1-7" class="pilcrow"></a>
</div>
@@ -4326,7 +4265,6 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
<pre>
{
"iss": "spiffe://meddev.example/agent/spec-reviewer",
"sub": "spiffe://meddev.example/agent/spec-reviewer",
"aud": "spiffe://meddev.example/agent/code-gen",
"iat": 1772064150,
"exp": 1772064750,
@@ -4334,10 +4272,12 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
"wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
"exec_act": "review_requirements_spec",
"par": [],
"pol": "spec_review_policy_v2",
"pol_decision": "approved",
"inp_hash": "sha-256:n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg",
"out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564"
"out_hash": "sha-256:LCa0a2j_xo_5m0U8HTBBNBNCLXBkg7-g-YpeiGJm564",
"ext": {
"pol": "spec_review_policy_v2",
"pol_decision": "approved"
}
}
</pre><a href="#appendix-D.2-3" class="pilcrow"></a>
</div>
@@ -4346,7 +4286,6 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
<pre>
{
"iss": "spiffe://meddev.example/agent/code-gen",
"sub": "spiffe://meddev.example/agent/code-gen",
"aud": "spiffe://meddev.example/agent/test-runner",
"iat": 1772064200,
"exp": 1772064800,
@@ -4354,8 +4293,10 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
"wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
"exec_act": "implement_module",
"par": ["a1b2c3d4-0001-0000-0000-000000000001"],
"pol": "coding_standards_v3",
"pol_decision": "approved"
"ext": {
"pol": "coding_standards_v3",
"pol_decision": "approved"
}
}
</pre><a href="#appendix-D.2-5" class="pilcrow"></a>
</div>
@@ -4364,7 +4305,6 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
<pre>
{
"iss": "spiffe://meddev.example/agent/test-runner",
"sub": "spiffe://meddev.example/agent/test-runner",
"aud": "spiffe://meddev.example/agent/build",
"iat": 1772064260,
"exp": 1772064860,
@@ -4372,8 +4312,10 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
"wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
"exec_act": "execute_test_suite",
"par": ["a1b2c3d4-0001-0000-0000-000000000002"],
"pol": "test_coverage_policy_v1",
"pol_decision": "approved"
"ext": {
"pol": "test_coverage_policy_v1",
"pol_decision": "approved"
}
}
</pre><a href="#appendix-D.2-7" class="pilcrow"></a>
</div>
@@ -4382,7 +4324,6 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
<pre>
{
"iss": "spiffe://meddev.example/agent/build",
"sub": "spiffe://meddev.example/agent/build",
"aud": "spiffe://meddev.example/human/release-mgr-42",
"iat": 1772064310,
"exp": 1772064910,
@@ -4390,9 +4331,11 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
"wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
"exec_act": "build_release_artifact",
"par": ["a1b2c3d4-0001-0000-0000-000000000003"],
"pol": "build_validation_v2",
"pol_decision": "approved",
"out_hash": "sha-256:Ry1YfOoW2XpC5Mq8HkGzNx3dL9vBa4sUjE7iKt0wPZc"
"out_hash": "sha-256:Ry1YfOoW2XpC5Mq8HkGzNx3dL9vBa4sUjE7iKt0wPZc",
"ext": {
"pol": "build_validation_v2",
"pol_decision": "approved"
}
}
</pre><a href="#appendix-D.2-9" class="pilcrow"></a>
</div>
@@ -4401,7 +4344,6 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
<pre>
{
"iss": "spiffe://meddev.example/human/release-mgr-42",
"sub": "spiffe://meddev.example/human/release-mgr-42",
"aud": "spiffe://meddev.example/system/ledger",
"iat": 1772064510,
"exp": 1772065110,
@@ -4409,10 +4351,10 @@ autonomous agents and human release approval:<a href="#appendix-D.2-1" class="pi
"wid": "c2d3e4f5-a6b7-8901-cdef-012345678901",
"exec_act": "approve_release",
"par": ["a1b2c3d4-0001-0000-0000-000000000004"],
"pol": "release_approval_policy",
"pol_decision": "approved",
"pol_enforcer": "spiffe://meddev.example/human/release-mgr-42",
"ext": {
"pol": "release_approval_policy",
"pol_decision": "approved",
"pol_enforcer": "spiffe://meddev.example/human/release-mgr-42",
"witnessed_by": [
"spiffe://meddev.example/audit/qa-observer-1"
]
@@ -4474,7 +4416,6 @@ task-...-0004 (execute_trade)
<pre>
{
"iss": "spiffe://bank.example/agent/execution",
"sub": "spiffe://bank.example/agent/execution",
"aud": "spiffe://bank.example/system/ledger",
"iat": 1772064250,
"exp": 1772064850,
@@ -4485,8 +4426,10 @@ task-...-0004 (execute_trade)
"f1e2d3c4-0002-0000-0000-000000000002",
"f1e2d3c4-0003-0000-0000-000000000003"
],
"pol": "trade_execution_policy_v3",
"pol_decision": "approved"
"ext": {
"pol": "trade_execution_policy_v3",
"pol_decision": "approved"
}
}
</pre><a href="#appendix-D.3-4" class="pilcrow"></a>
</div>