Christian Nennemann
8cf0d8aade
Draft improvements: - Rename ext -> ect_ext, clarify iss/aud requirements per level - Add algorithm agility guidance and RFC 8725 reference - Add HTTP header size constraints and body transport fallback - Add cross-level parent reference semantics - Add emerging agent protocols (A2A, MCP) to Related Work - Fix HTTP error handling (403 not 401), IANA +jwt suffix note - Add workflow consistency check to DAG validation - Add defense-in-depth note for acyclicity check Supporting files: - Fix blog post outdated claim names (par -> pred, ext -> ect_ext) - Update refimpl README with -00 vs -01 migration mapping - Add refimpl IMPROVEMENTS.md section 6 with -01 migration tasks
Execution Context Tokens for Distributed Agentic Workflows
This repository contains draft-nennemann-wimse-execution-context-00, an IETF Internet-Draft proposing Execution Context Tokens (ECTs) as an extension to the WIMSE (Workload Identity in Multi System Environments) architecture.
What are ECTs?
ECTs are signed JWT tokens that record what agents did, in what order, and under what policy -- complementing WIMSE's existing answer to who an agent is.
They provide:
- DAG-structured execution proofs -- task dependencies form a directed acyclic graph with cryptographic ordering guarantees
- Policy checkpoint recording -- each decision point records which policy was evaluated and the outcome
- Immutable audit trails -- ECTs are appended to a storage-agnostic audit ledger
- WIMSE integration -- same signing keys, algorithms, and SPIFFE-based identifiers as WIT/WPT
Target environments include medtech (FDA audit trails), finance (transaction record-keeping), logistics, and other regulated agentic systems.
Repository contents
| File | Description |
|---|---|
draft-nennemann-wimse-execution-context-00.md |
The Internet-Draft in kramdown-rfc markdown format |
master-prompt.md |
Design rationale, iteration plan, and reference material |
refimpl/ |
Reference implementation (Go): ECT create/verify, DAG validation, in-memory ledger, and a two-agent demo. See refimpl/README.md. |
Building the draft
The draft is authored in kramdown-rfc markdown and compiled via the standard IETF toolchain.
Prerequisites
# Ruby (kramdown-rfc is a Ruby gem)
# On macOS with Homebrew:
brew install ruby
# kramdown-rfc
gem install kramdown-rfc
# xml2rfc (Python tool for rendering)
pip install xml2rfc
Compile
# One-step build (markdown -> XML -> text + HTML)
kdrfc draft-nennemann-wimse-execution-context-00.md
# Or step by step:
kramdown-rfc2629 draft-nennemann-wimse-execution-context-00.md \
> draft-nennemann-wimse-execution-context-00.xml
xml2rfc draft-nennemann-wimse-execution-context-00.xml --text
xml2rfc draft-nennemann-wimse-execution-context-00.xml --html
Output files
After building, you will have:
draft-nennemann-wimse-execution-context-00.xml-- canonical XML (for IETF datatracker submission)draft-nennemann-wimse-execution-context-00.txt-- plain text renderingdraft-nennemann-wimse-execution-context-00.html-- HTML rendering
Submitting to the IETF
Upload the generated .xml file at https://datatracker.ietf.org/submit/
Author
Christian Nennemann Independent Researcher ietf@nennemann.de
License
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.