Allow any URI scheme for the iss claim (SPIFFE, HTTPS, URN:UUID)
to support non-WIMSE deployments that want DAG tracing without
SPIFFE infrastructure. SPIFFE format remains SHOULD for WIMSE
deployments.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use correct IETF reverse domain notation for spec-defined
extension keys within the ext object.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove Operational Modes section (point-to-point, deferred,
full ledger) to reduce surface area for a -00 submission
- Trim Ledger Interface to essential properties only, remove
ledger entry JSON example
- Condense regulatory motivation in Introduction to 2 sentences
with forward reference to compliance mapping table
- Reframe "cryptographic proof" to "signed, structured records"
in abstract and introduction to accurately reflect self-assertion
- Make WPT co-presence RECOMMENDED rather than assumed, hedging
against s2s-protocol evolution; ECT is independently verifiable
via WIT public key
- Fix broken reference: draft-oauth-transaction-tokens-for-agents
(not an ietf- WG draft)
- Add jti to all JSON examples (required claim was missing from 9
of 10 examples)
- Clean up dangling cross-references to removed sections
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Eliminate the "tid" claim; "jti" now serves as both token ID (for
replay detection) and task ID (for DAG parent references in "par")
- Make "pol" and "pol_decision" OPTIONAL (must be paired when present)
- Regulated deployments SHOULD still include policy claims
- Reduces required ECT-specific claims to just "exec_act" and "par"
- Remove "tid" from IANA JWT Claims registration
- Update all examples, pseudocode, and DAG validation rules
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ECTs can now be deployed without a centralized ledger. Three modes
are defined: point-to-point (agents pass parent ECTs inline via HTTP
headers), deferred ledger (collect ECTs in-flight, submit later), and
full ledger (immediate append, RECOMMENDED for regulated environments).
DAG validation is generalized to work against an "ECT store" which
can be either a ledger or the set of inline parent ECTs received in
the request.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add paragraph in Policy Claims section explicitly stating that
policy definition, distribution, and evaluation are out of scope.
The pol claim is an opaque identifier; any policy engine may be
used provided outcomes are faithfully recorded.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove RFC 2119 and RFC 8174 from normative YAML block since the
BCP 14 boilerplate directive adds them automatically, causing
duplicate reference warnings. Rebuild draft with zero warnings.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Remove RFC 3339 from normative references (not cited in text;
timestamps use NumericDate per RFC 7519). Change bank.com to
bank.example in compensation use case per RFC 2606.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The ECT workflow identifier (wid) can serve as a correlation point
in SCITT Signed Statements, bridging per-step execution accountability
with end-to-end supply chain transparency.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace the clinical treatment recommendation workflow with a
software development lifecycle (SDLC) workflow covering spec
review, code generation, autonomous testing, build validation,
and HITL release approval. Add FDA audit subsection showing DAG
reconstruction for regulatory evidence review. Update Example 2
in appendix with matching detailed JSON examples for all 5 SDLC
phases.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Initial submission of draft-nennemann-wimse-execution-context-00,
defining Execution Context Tokens (ECTs) as a WIMSE extension for
distributed agentic workflows in regulated environments.
ECTs provide cryptographic proof of task execution order, policy
enforcement decisions, and compliance state using JWT/JWS format
with DAG-structured task dependencies.
Key features:
- 17 new JWT claims for execution context tracing
- Execution-Context HTTP header for token transport
- DAG validation with cycle detection and temporal ordering
- Audit ledger interface specification
- Integration with WIMSE WIT/WPT signing model
- Use cases: medtech, finance, logistics, compensation/rollback
Includes master-prompt.md with design rationale and iteration plan.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
