- Eliminate the "tid" claim; "jti" now serves as both token ID (for
replay detection) and task ID (for DAG parent references in "par")
- Make "pol" and "pol_decision" OPTIONAL (must be paired when present)
- Regulated deployments SHOULD still include policy claims
- Reduces required ECT-specific claims to just "exec_act" and "par"
- Remove "tid" from IANA JWT Claims registration
- Update all examples, pseudocode, and DAG validation rules
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ECTs can now be deployed without a centralized ledger. Three modes
are defined: point-to-point (agents pass parent ECTs inline via HTTP
headers), deferred ledger (collect ECTs in-flight, submit later), and
full ledger (immediate append, RECOMMENDED for regulated environments).
DAG validation is generalized to work against an "ECT store" which
can be either a ledger or the set of inline parent ECTs received in
the request.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add paragraph in Policy Claims section explicitly stating that
policy definition, distribution, and evaluation are out of scope.
The pol claim is an opaque identifier; any policy engine may be
used provided outcomes are faithfully recorded.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove RFC 2119 and RFC 8174 from normative YAML block since the
BCP 14 boilerplate directive adds them automatically, causing
duplicate reference warnings. Rebuild draft with zero warnings.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The ECT workflow identifier (wid) can serve as a correlation point
in SCITT Signed Statements, bridging per-step execution accountability
with end-to-end supply chain transparency.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
