Christian Nennemann
ff795c72e6
Address 11 items from peer review: - Fix area designation from Security to ART (WIMSE is in ART area) - Switch inp_hash/out_hash to fixed SHA-256 without algorithm prefix, matching DPoP (RFC 9449) and WIMSE WPT tth claim patterns - Add partial DAG verification guidance for unavailable parents - Add DAG integrity attacks subsection (false parents, pruning, shadow DAGs) - Add privilege escalation subsection (ECTs are not authorization) - Add revocation propagation semantics through the DAG - Add W3C PROV Data Model to Related Work - Strengthen Txn-Token differentiation with fan-in/convergence bullet - Add explicit token binding paragraph to replay prevention - Switch verification step 3 to algorithm allowlist model - Add par/ext claim naming justification notes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Execution Context Tokens for Distributed Agentic Workflows
This repository contains draft-nennemann-wimse-execution-context-00, an IETF Internet-Draft proposing Execution Context Tokens (ECTs) as an extension to the WIMSE (Workload Identity in Multi System Environments) architecture.
What are ECTs?
ECTs are signed JWT tokens that record what agents did, in what order, and under what policy -- complementing WIMSE's existing answer to who an agent is.
They provide:
- DAG-structured execution proofs -- task dependencies form a directed acyclic graph with cryptographic ordering guarantees
- Policy checkpoint recording -- each decision point records which policy was evaluated and the outcome
- Immutable audit trails -- ECTs are appended to a storage-agnostic audit ledger
- WIMSE integration -- same signing keys, algorithms, and SPIFFE-based identifiers as WIT/WPT
Target environments include medtech (FDA audit trails), finance (transaction record-keeping), logistics, and other regulated agentic systems.
Repository contents
| File | Description |
|---|---|
draft-nennemann-wimse-execution-context-00.md |
The Internet-Draft in kramdown-rfc markdown format |
master-prompt.md |
Design rationale, iteration plan, and reference material |
refimpl/ |
Reference implementation (Go): ECT create/verify, DAG validation, in-memory ledger, and a two-agent demo. See refimpl/README.md. |
Building the draft
The draft is authored in kramdown-rfc markdown and compiled via the standard IETF toolchain.
Prerequisites
# Ruby (kramdown-rfc is a Ruby gem)
# On macOS with Homebrew:
brew install ruby
# kramdown-rfc
gem install kramdown-rfc
# xml2rfc (Python tool for rendering)
pip install xml2rfc
Compile
# One-step build (markdown -> XML -> text + HTML)
kdrfc draft-nennemann-wimse-execution-context-00.md
# Or step by step:
kramdown-rfc2629 draft-nennemann-wimse-execution-context-00.md \
> draft-nennemann-wimse-execution-context-00.xml
xml2rfc draft-nennemann-wimse-execution-context-00.xml --text
xml2rfc draft-nennemann-wimse-execution-context-00.xml --html
Output files
After building, you will have:
draft-nennemann-wimse-execution-context-00.xml-- canonical XML (for IETF datatracker submission)draft-nennemann-wimse-execution-context-00.txt-- plain text renderingdraft-nennemann-wimse-execution-context-00.html-- HTML rendering
Submitting to the IETF
Upload the generated .xml file at https://datatracker.ietf.org/submit/
Author
Christian Nennemann Independent Researcher ietf@nennemann.de
License
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.