<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 2.6.10) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-corneo-t2trg-sdf-coap-agents-00" category="info" submissionType="IRTF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="SDF CoAP Agents">Extending SDF and CoAP for AI Agent Interaction with IoT Devices</title>
    <seriesInfo name="Internet-Draft" value="draft-corneo-t2trg-sdf-coap-agents-00"/>
    <author initials="L." surname="Corneo" fullname="Lorenzo Corneo">
      <organization>Ericsson</organization>
      <address>
        <postal>
          <country>Finland</country>
        </postal>
        <email>lorenzo.corneo@ericsson.com</email>
      </address>
    </author>
    <author initials="J." surname="Jiménez" fullname="Jaime Jiménez">
      <organization>Ericsson</organization>
      <address>
        <postal>
          <country>Finland</country>
        </postal>
        <email>jaime.jimenez@ericsson.com</email>
      </address>
    </author>
    <author initials="A." surname="Keränen" fullname="Ari Keränen">
      <organization>Ericsson</organization>
      <address>
        <postal>
          <country>Finland</country>
        </postal>
        <email>ari.keranen@ericsson.com</email>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <workgroup>Thing-to-Thing Research Group (T2TRG)</workgroup>
    <abstract>
      <?line 42?>

<t>This document proposes extensions to the Semantic Definition Format
(SDF) and the Constrained Application Protocol (CoAP) to better support
AI agent interaction with Internet of Things (IoT) devices. It covers
two aspects: identifying AI agents in CoAP transactions, and making SDF
device descriptions readily consumable by large language models (LLMs)
and autonomous agents. The document is intended to stimulate discussion
within T2TRG on these topics.</t>
    </abstract>
    <note removeInRFC="true">
      <name>Discussion Venues</name>
      <t>Discussion of this document takes place on the
    Thing-to-Thing Research Group mailing list (t2trg@irtf.org),
    which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/t2trg"/>.</t>
      <t>Source for this draft and an issue tracker can be found at
    <eref target="https://gitlab.internal.ericsson.com/ietf/t2trg-iot-agents"/>.</t>
    </note>
  </front>
  <middle>
    <?line 52?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>AI agents — software systems that combine large language models with
tool use and autonomous decision-making — are increasingly used to
interact with networked services on behalf of users. In the IoT domain,
devices expose their capabilities through machine-readable descriptions
such as SDF <xref target="RFC9880"/>. Agents that want to discover,
understand, and actuate IoT devices need to consume these descriptions
and communicate with the devices, often over CoAP <xref target="RFC7252"/>.</t>
      <t>Two gaps exist in the current protocol landscape:</t>
      <ol spacing="normal" type="1"><li>
          <t>CoAP has no mechanism for a client to declare that it is an AI agent,
nor to carry an authenticated agent identity. Servers cannot
distinguish an autonomous agent from a human-operated application,
limiting their ability to apply agent-specific policies.</t>
        </li>
        <li>
          <t>SDF documents are JSON-based and machine-readable, but they lack
explicit guidance for LLM consumption. Missing or terse descriptions
can cause agents to misinterpret device capabilities, leading to
incorrect actions — a problem that ranges from wasted API calls to
safety hazards when physical actuators are involved.</t>
        </li>
      </ol>
      <t>This document outlines approaches to address both gaps. It is
informational and intended to frame discussion; it does not define
protocol extensions or registrations.</t>
    </section>
    <section anchor="terminology">
      <name>Terminology</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

<dl>
        <dt>SDF:</dt>
        <dd>
          <t>Semantic Definition Format, a JSON-based language for describing IoT
device capabilities <xref target="RFC9880"/>.</t>
        </dd>
        <dt>AI Agent:</dt>
        <dd>
          <t>A software system that uses a large language model in a loop with
external tools to achieve a goal autonomously.</t>
        </dd>
        <dt>LLM:</dt>
        <dd>
          <t>Large Language Model; a neural network trained on text that generates
token sequences given an input context.</t>
        </dd>
        <dt>Resource Directory (RD):</dt>
        <dd>
          <t>A CoAP-based directory where endpoints register their resources
<xref target="RFC9176"/>.</t>
        </dd>
      </dl>
    </section>
    <section anchor="ai-agent-identification-for-coap">
      <name>AI Agent Identification for CoAP</name>
      <t>On the web, work is underway to authenticate automated clients through
HTTP Message Signatures <xref target="RFC9421"/> and related mechanisms such as
<xref target="I-D.meunier-web-bot-auth-architecture"/>. These approaches let servers
verify what software is making a request and apply appropriate policies.</t>
      <t>In parallel, the IETF WIMSE (Workload Identity in Multi-System
Environments) working group is defining identity credentials for
workloads, including autonomous agents. The Workload Identity Token
(WIT) <xref target="I-D.ietf-wimse-workload-creds"/> is a signed token that
represents a workload's identity, and the Workload Proof Token (WPT)
<xref target="I-D.ietf-wimse-wpt"/> lets a workload prove possession of the key bound
to its WIT on a per-request basis. Together these represent the current
state of the art for authenticated agent identity, but they are defined
for HTTP and JSON-based environments.</t>
      <t>CoAP has no equivalent. The protocol authenticates devices via DTLS or
OSCORE <xref target="RFC8613"/>, but these mechanisms establish device identity, not
the nature of the client software. A CoAP server receiving a GET request
cannot tell whether the client is a firmware update agent, a user's
mobile app, or an autonomous AI agent exploring device capabilities.</t>
      <section anchor="approach">
        <name>Approach</name>
        <t>The approach proposed in this draft consists of a workflow in three steps.</t>
        <section anchor="step-1-agent-id-coap-option">
          <name>Step 1: Agent-ID CoAP Option</name>
          <t>This approach leverages an elective CoAP option that carries agent
identification information. Being elective, servers that do not
understand it simply ignore it, preserving backward compatibility.</t>
          <t>The option would carry:</t>
          <ul spacing="normal">
            <li>
              <t>An agent identifier string (analogous to HTTP User-Agent but
structured for constrained environments).</t>
            </li>
            <li>
              <t>A cryptographic signature over relevant message fields, allowing the
server to verify the agent's claimed identity.</t>
            </li>
            <li>
              <t>A reference to where the agent's public key can be retrieved.</t>
            </li>
          </ul>
          <t>The signature and key material would use CBOR encoding to remain compact
for constrained links. An agent reading a sensor might then send:</t>
          <sourcecode type="coap"><![CDATA[
GET /sensors/temperature
Agent-ID: h'a4012667...' (COSE_Sign1, keyid "sig1")
Accept: 60 (application/cbor)

2.05 Content
Content-Format: 60 (application/cbor)

22.5
]]></sourcecode>
          <t>The <tt>Agent-ID</tt> value is a CBOR-encoded COSE_Sign1 structure; it is shown
here as a hexadecimal item with an inline comment. A server that does
not understand the elective option ignores it and answers as usual.</t>
        </section>
        <section anchor="step-2-key-discovery-via-resource-directory">
          <name>Step 2: Key Discovery via Resource Directory</name>
          <t>Rather than defining a new key distribution mechanism, agent public keys
can be registered in a CoAP Resource Directory <xref target="RFC9176"/>. The RD
already serves as a discovery mechanism for IoT endpoints; extending it
to host agent key material (or links to externally hosted keys) reuses
existing infrastructure.</t>
          <t>A server receiving an Agent-ID option with an unknown key identifier
would query the RD once to retrieve the key, then cache it for
subsequent interactions with that agent.</t>
        </section>
        <section anchor="step-3-agent-aware-server-behavior">
          <name>Step 3: Agent-Aware Server Behavior</name>
          <t>Once a server has verified an agent's identity, it can adjust its
responses. Examples include:</t>
          <ul spacing="normal">
            <li>
              <t>Returning richer descriptions alongside sensor data.</t>
            </li>
            <li>
              <t>Indicating content usage restrictions (e.g., data not to be used for
model training).</t>
            </li>
            <li>
              <t>Applying rate limiting or access restrictions specific to automated
clients.</t>
            </li>
          </ul>
          <t>These policy decisions remain simple — appropriate for constrained
devices with limited processing budgets.</t>
        </section>
      </section>
    </section>
    <section anchor="sdf-content-negotiation-for-ai-agents">
      <name>SDF Content Negotiation for AI Agents</name>
      <t>SDF documents are designed for toolchains and developers. An AI agent
requesting an SDF model receives a JSON structure that it can parse, but
may not correctly interpret — particularly when optional description
fields are absent or terse. The agent has no way to signal that it would
prefer a representation optimized for language model consumption.</t>
      <section anchor="approach-signaling-agent-intent">
        <name>Approach: Signaling Agent Intent</name>
        <t>A content type such as <tt>text/sdf</tt> could indicate that the client wants a
natural-language rendering of the SDF model rather than the raw JSON.
In HTTP, this maps to the Accept header:</t>
        <artwork><![CDATA[
GET /models/thermometer
Accept: text/sdf
]]></artwork>
        <t>In CoAP, the same intent could be expressed through a Content-Format
option. SDF already has a registered CoAP Content-Format (434) for
<tt>application/sdf+json</tt> <xref target="RFC9880"/>, so a representation for agents would
be a new, second format. The intent could alternatively be expressed
through resource type filtering using the CoRE Link Format <xref target="RFC6690"/>:</t>
        <artwork><![CDATA[
GET /sdf?rt=ai
]]></artwork>
        <t>In MQTT v5, the Content Type property in a SUBSCRIBE or PUBLISH packet
can carry the same media type string (e.g., <tt>text/sdf</tt>) to signal the
desired representation. An MQTT broker or bridge that also serves SDF
models can use this field to select the appropriate representation
before forwarding the payload to the subscriber.</t>
        <t>A server (or intermediary) receiving such a request would return a
text representation assembled from the SDF model's descriptive content,
rather than the raw JSON document.</t>
        <t>Requesting the registered format returns the JSON model:</t>
        <sourcecode type="coap"><![CDATA[
GET /sdf/thermometer
Accept: 434 (application/sdf+json)

2.05 Content
Content-Format: 434 (application/sdf+json)

{
  "sdfObject": {
    "thermometer": {
      "sdfProperty": {
        "temperature": { "type": "number", "unit": "Cel" }
      }
    }
  }
}
]]></sourcecode>
        <t>Requesting the agent-oriented format returns the natural-language
rendering. Its content-format has no assigned code point, shown here as
<tt>TBD</tt>:</t>
        <sourcecode type="coap"><![CDATA[
GET /sdf/thermometer
Accept: TBD (text/sdf)

2.05 Content
Content-Format: TBD (text/sdf)

Temperature sensor. Property @T is the reading in Celsius.
GET /temperature to read it.
]]></sourcecode>
      </section>
    </section>
    <section anchor="llm-friendly-sdf-descriptions">
      <name>LLM-Friendly SDF Descriptions</name>
      <t>Even when an AI agent successfully retrieves and parses an SDF document,
it may misinterpret the semantics. Tests show that agents make errors
when critical optional fields (like <tt>description</tt>) are missing, or when
the relationship between properties, actions, and events is not obvious
from the JSON structure alone.</t>
      <section anchor="approach-1-developer-defined-templates">
        <name>Approach 1: Developer-Defined Templates</name>
        <t>A new SDF quality (working name: <tt>sdfBot</tt>) would allow model developers
to embed natural-language instructions directly in the SDF document.
These instructions tell agents how to interpret and use the described
capabilities.</t>
        <t>The quality can appear at the document root (providing an overview) and
within individual affordances (providing usage instructions for specific
properties, actions, or events). A short reference mechanism allows the
root template to incorporate per-affordance descriptions by reference.</t>
        <t>Example SDF fragment:</t>
        <sourcecode type="json"><![CDATA[
{
  "sdfBot": "Temperature sensor. @T is the reading in Celsius.",
  "sdfObject": {
    "thermometer": {
      "sdfProperty": {
        "temperature": {
          "description": "Measured temperature",
          "type": "number",
          "unit": "Cel",
          "botRef": "T",
          "sdfBot": "Read-only. GET /temperature (Celsius)."
        }
      }
    }
  }
}
]]></sourcecode>
        <t>When an agent requests the <tt>text/sdf</tt> representation, the server
assembles the <tt>sdfBot</tt> strings into a coherent natural-language
description. When a non-agent client requests <tt>application/sdf+json</tt>,
it receives the standard JSON model (with or without the <tt>sdfBot</tt>
fields, depending on implementation).</t>
        <t>SDF already has a <tt>description</tt> field for human-readable text. The
<tt>sdfBot</tt> quality differs in intent: it targets automated consumers and
can include explicit usage instructions (endpoints to call, expected
value ranges, sequencing constraints) that would be unusual in a
human-facing description.</t>
      </section>
      <section anchor="approach-2-structured-examples-for-language-models">
        <name>Approach 2: Structured Examples for Language Models</name>
        <t>LLMs can be guided to perform tasks more accurately when the prompt
includes concrete examples of similar interactions. By showing the model
what a successful request looks like, it can generalize to new tasks in
the same context.</t>
        <t>This approach proposes a new SDF quality <tt>sdfStructuredExamples</tt> for including
such usage examples in the LLM-friendly representation. For simple cases, the
value of the quality is an array of JSON objects, each with three members:</t>
        <ul spacing="normal">
          <li>
            <t>"task": describing the example task</t>
          </li>
          <li>
            <t>"action": the resulting action the agent would take to achieve the
goals of the task</t>
          </li>
          <li>
            <t>"parameters": giving associated parameter values needed for the action</t>
          </li>
        </ul>
        <t>The "parameters" member can be omitted if the invocation of the
affordance does not need any parameters or they are obvious from the
context. Similarly, "action" can be omitted if the required interaction
is obvious from the context (e.g., reading the value of the property the
example describes).</t>
        <t>For SDF documents, such examples can be on object level to describe the
use of the capabilities of the object in general, or at the affordance
level to show how the affordance can be used to achieve a goal.</t>
        <t>Example of a structured example for a simple task:</t>
        <sourcecode type="json"><![CDATA[
{
  "sdfStructuredExamples": [
    {
      "task": "Get temperature notifications every 3s for 60s.",
      "action": "Execute sdfAction/startMonitor",
      "parameters": {
        "interval": 3,
        "duration": 60
      }
    }
  ]
}
]]></sourcecode>
        <t>For more complex interactions, a set of steps with actions and optional
parameters can be given. A step can also include a "readyWhen" member describing
the end state the agent should look for before considering the step (or the
overall task) complete. For example:</t>
        <sourcecode type="json"><![CDATA[
{
  "sdfStructuredExamples": [
    {
      "task": "Update firmware of the device to version 2",
      "steps": [
        {
          "action": "Set sdfProperty/firmware to v2 image",
          "parameters": "<new firmware file>"
        },
        {
          "action": "Execute sdfAction/startFirmwareUpdate"
        },
        {
          "action": "Observe sdfProperty/firmwareVersion",
          "readyWhen": "sdfProperty/firmwareVersion has version 2"
        }
      ]
    }
  ]
}
]]></sourcecode>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>Agent identification introduces the question of trust: a server must
decide which agent identities to accept and what policies to associate
with them. The cryptographic signature in the Agent-ID option prevents
impersonation but does not establish authorization. Servers need a
policy framework to map verified agent identities to permitted actions.</t>
      <t>The <tt>sdfBot</tt> and <tt>sdfStructuredExamples</tt> qualities expose instructions
that agents will follow. Malicious or poorly written content could cause
agents to perform unintended actions, and structured examples are
especially risky because they name concrete actions and parameters, so an
agent may execute them with little further reasoning. Developers should
treat both qualities as security-relevant, similar to API documentation
that automated systems act on without human review. A server or
intermediary that assembles the <tt>text/sdf</tt> representation should only
incorporate content from trusted SDF sources.</t>
      <t>Content usage restrictions signaled via agent-aware responses are
advisory. Enforcement depends on the agent honoring them; a malicious
agent can ignore any declared restrictions. Servers holding sensitive
data should not rely solely on declared agent identity for access
control.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <t>This document requests no IANA actions. If the mechanisms discussed
here were pursued, they would require registrations for a CoAP option
number for Agent-ID, a media type and CoAP Content-Format for the
agent-oriented SDF representation, and a resource type value.</t>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC7252">
          <front>
            <title>The Constrained Application Protocol (CoAP)</title>
            <author fullname="Z. Shelby" initials="Z." surname="Shelby"/>
            <author fullname="K. Hartke" initials="K." surname="Hartke"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <date month="June" year="2014"/>
            <abstract>
              <t>The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained (e.g., low-power, lossy) networks. The nodes often have 8-bit microcontrollers with small amounts of ROM and RAM, while constrained networks such as IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) often have high packet error rates and a typical throughput of 10s of kbit/s. The protocol is designed for machine- to-machine (M2M) applications such as smart energy and building automation.</t>
              <t>CoAP provides a request/response interaction model between application endpoints, supports built-in discovery of services and resources, and includes key concepts of the Web such as URIs and Internet media types. CoAP is designed to easily interface with HTTP for integration with the Web while meeting specialized requirements such as multicast support, very low overhead, and simplicity for constrained environments.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7252"/>
          <seriesInfo name="DOI" value="10.17487/RFC7252"/>
        </reference>
        <reference anchor="RFC8613">
          <front>
            <title>Object Security for Constrained RESTful Environments (OSCORE)</title>
            <author fullname="G. Selander" initials="G." surname="Selander"/>
            <author fullname="J. Mattsson" initials="J." surname="Mattsson"/>
            <author fullname="F. Palombini" initials="F." surname="Palombini"/>
            <author fullname="L. Seitz" initials="L." surname="Seitz"/>
            <date month="July" year="2019"/>
            <abstract>
              <t>This document defines Object Security for Constrained RESTful Environments (OSCORE), a method for application-layer protection of the Constrained Application Protocol (CoAP), using CBOR Object Signing and Encryption (COSE). OSCORE provides end-to-end protection between endpoints communicating using CoAP or CoAP-mappable HTTP. OSCORE is designed for constrained nodes and networks supporting a range of proxy operations, including translation between different transport protocols.</t>
              <t>Although an optional functionality of CoAP, OSCORE alters CoAP options processing and IANA registration. Therefore, this document updates RFC 7252.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8613"/>
          <seriesInfo name="DOI" value="10.17487/RFC8613"/>
        </reference>
        <reference anchor="RFC6690">
          <front>
            <title>Constrained RESTful Environments (CoRE) Link Format</title>
            <author fullname="Z. Shelby" initials="Z." surname="Shelby"/>
            <date month="August" year="2012"/>
            <abstract>
              <t>This specification defines Web Linking using a link format for use by constrained web servers to describe hosted resources, their attributes, and other relationships between links. Based on the HTTP Link Header field defined in RFC 5988, the Constrained RESTful Environments (CoRE) Link Format is carried as a payload and is assigned an Internet media type. "RESTful" refers to the Representational State Transfer (REST) architecture. A well-known URI is defined as a default entry point for requesting the links hosted by a server. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6690"/>
          <seriesInfo name="DOI" value="10.17487/RFC6690"/>
        </reference>
        <reference anchor="RFC9176">
          <front>
            <title>Constrained RESTful Environments (CoRE) Resource Directory</title>
            <author fullname="C. Amsüss" initials="C." role="editor" surname="Amsüss"/>
            <author fullname="Z. Shelby" initials="Z." surname="Shelby"/>
            <author fullname="M. Koster" initials="M." surname="Koster"/>
            <author fullname="C. Bormann" initials="C." surname="Bormann"/>
            <author fullname="P. van der Stok" initials="P." surname="van der Stok"/>
            <date month="April" year="2022"/>
            <abstract>
              <t>In many Internet of Things (IoT) applications, direct discovery of resources is not practical due to sleeping nodes or networks where multicast traffic is inefficient. These problems can be solved by employing an entity called a Resource Directory (RD), which contains information about resources held on other servers, allowing lookups to be performed for those resources. The input to an RD is composed of links, and the output is composed of links constructed from the information stored in the RD. This document specifies the web interfaces that an RD supports for web servers to discover the RD and to register, maintain, look up, and remove information on resources. Furthermore, new target attributes useful in conjunction with an RD are defined.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9176"/>
          <seriesInfo name="DOI" value="10.17487/RFC9176"/>
        </reference>
        <reference anchor="RFC9421">
          <front>
            <title>HTTP Message Signatures</title>
            <author fullname="A. Backman" initials="A." role="editor" surname="Backman"/>
            <author fullname="J. Richer" initials="J." role="editor" surname="Richer"/>
            <author fullname="M. Sporny" initials="M." surname="Sporny"/>
            <date month="February" year="2024"/>
            <abstract>
              <t>This document describes a mechanism for creating, encoding, and verifying digital signatures or message authentication codes over components of an HTTP message. This mechanism supports use cases where the full HTTP message may not be known to the signer and where the message may be transformed (e.g., by intermediaries) before reaching the verifier. This document also describes a means for requesting that a signature be applied to a subsequent HTTP message in an ongoing HTTP exchange.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9421"/>
          <seriesInfo name="DOI" value="10.17487/RFC9421"/>
        </reference>
        <reference anchor="RFC9880">
          <front>
            <title>Semantic Definition Format (SDF) for Data and Interactions of Things</title>
            <author fullname="M. Koster" initials="M." role="editor" surname="Koster"/>
            <author fullname="C. Bormann" initials="C." role="editor" surname="Bormann"/>
            <author fullname="A. Keränen" initials="A." surname="Keränen"/>
            <date month="January" year="2026"/>
            <abstract>
              <t>The Semantic Definition Format (SDF) is a format for domain experts to use in the creation and maintenance of data and interaction models that describe Things, i.e., physical objects that are available for interaction over a network. An SDF specification describes definitions of SDF Objects/SDF Things and their associated interactions (Events, Actions, and Properties), as well as the Data types for the information exchanged in those interactions. Tools convert this format to database formats and other serializations as needed.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="9880"/>
          <seriesInfo name="DOI" value="10.17487/RFC9880"/>
        </reference>
        <reference anchor="I-D.meunier-web-bot-auth-architecture">
          <front>
            <title>HTTP Message Signatures for automated traffic Architecture</title>
            <author fullname="Thibault Meunier" initials="T." surname="Meunier">
              <organization>Cloudflare</organization>
            </author>
            <author fullname="Sandor Major" initials="S." surname="Major">
              <organization>Google</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   This document describes an architecture for identifying automated
   traffic using [HTTP-MESSAGE-SIGNATURES].  The goal is to allow
   automated HTTP clients to cryptographically sign outbound requests,
   allowing HTTP servers to verify their identity with confidence.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-meunier-web-bot-auth-architecture-05"/>
        </reference>
        <reference anchor="I-D.ietf-wimse-workload-creds">
          <front>
            <title>WIMSE Workload Credentials</title>
            <author fullname="Brian Campbell" initials="B." surname="Campbell">
              <organization>Ping Identity</organization>
            </author>
            <author fullname="Joseph A. Salowey" initials="J. A." surname="Salowey">
              <organization>CyberArk</organization>
            </author>
            <author fullname="Arndt Schwenkschuster" initials="A." surname="Schwenkschuster">
              <organization>Defakto Security</organization>
            </author>
            <author fullname="Yaron Sheffer" initials="Y." surname="Sheffer">
              <organization>Intuit</organization>
            </author>
            <author fullname="Yaroslav Rosomakho" initials="Y." surname="Rosomakho">
              <organization>Zscaler</organization>
            </author>
            <date day="2" month="July" year="2026"/>
            <abstract>
              <t>   The WIMSE architecture defines authentication and authorization for
   software workloads in a variety of runtime environments, from the
   most basic ones up to complex multi-service, multi-cloud, multi-
   tenant deployments.

   This document defines the credentials that workloads use to represent
   their identity.  They can be used in various protocols to
   authenticate workloads to each other.  To use these credentials,
   workloads must provide proof of possession of the associated private
   key material, which is covered in other documents.  This document
   focuses on the credentials alone, independent of the proof-of-
   possession mechanism.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-wimse-workload-creds-02"/>
        </reference>
        <reference anchor="I-D.ietf-wimse-wpt">
          <front>
            <title>WIMSE Workload Proof Token</title>
            <author fullname="Brian Campbell" initials="B." surname="Campbell">
              <organization>Ping Identity</organization>
            </author>
            <author fullname="Arndt Schwenkschuster" initials="A." surname="Schwenkschuster">
              <organization>Defakto Security</organization>
            </author>
            <date day="2" month="March" year="2026"/>
            <abstract>
              <t>   The WIMSE architecture defines authentication and authorization for
   software workloads in a variety of runtime environments, from basic
   deployments to complex multi-service, multi-cloud, multi-tenant
   systems.  This document specifies the Workload Proof Token (WPT), a
   mechanism for workloads to prove possession of the private key
   associated with a Workload Identity Token (WIT).  The WPT is a signed
   JWT that binds the workload's authentication to a specific HTTP
   request, providing application-level proof of possession for
   workload-to-workload communication.  This specification is designed
   to work alongside the WIT credential format defined in draft-ietf-
   wimse-workload-creds and can be combined with other WIMSE protocols
   in multi-hop call chains.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-wimse-wpt-01"/>
        </reference>
      </references>
    </references>
  </back>
  <!-- ##markdown-source:
H4sIAIuWS2oAA7Vb23Ycx3V9r6+oQA8CkpkRAVGUBDl2QAKUYBMCDYDR8vLy
CntmajAl9nSNu7oBQVr0ykfkA/KQl/xG/Cf5kux9TlVfAFB2nJUXcjDddTuX
ffY5p2Y6nZrGN6U7tDsnPzSuWvrq2l4ev7RFtbQvwtFruwq1PTq1R9euauxp
1bi6WDQ+VPbWN2t7Gq7ssbvxCxd3TDGf1+4GU3ECGSyj8GQZFlWxwSrLulg1
00WoKxemzUFTX0/jcoUviu20kJenT56YRdG461DfHVpfrYLx2/rQNnUbm4Mn
T758cmBiO9/4GLGL5m6LWU8vrl6aJQYd2oMnB8+MuQ31u+s6tNtDe7XGkaZN
mMoHe+GiK+rF2n7Nx3b36uDq4us98/iUVbuZu/pQpzY42afGFG2zDvjO2qnV
M70Ktat+DDgxT4UH1ob6+tCe1H4RY6jkm0Voq4YneumrEsKVL92m8OWhLXWC
mYrln1wah783g2V+XfiNs7/2mz//Z+V+/BuW+Z4TzL7HPxj/oVWOam9/4+o/
/0flqr9hjaL2s3cwEYwer2CoyXpTNP7GUXgXL198fvDZQfr4xbP9T9PHZ8++
fJI+frn/+bP88enBfv74xRfywun0eLZxbeVdPb118+k8NFMqZ0r1+sYtmrZ2
+UXvmtX01m+im9I2ylAsp4vaLeNjL2ybQ2Om06kt5rGhuRsD44kWVtxu6Abb
OmxDdNE6+gyNJtom2Gbt7CUEUTV+Aa9Y+cqLp7yUg5tduMWeOBZffIFBmNxX
bmmPttvSw+j58us6NGERSrtLD9rjvHPXwO1sbLfbUDcG3iiuAue47438onKN
DSu1+2h34aF7dqkuOrOnDdR34+pomttgi7iFmCLcbIn5/OqOHpKnj5hfvRjb
rKKuEydygE3xLgGF0amxQlzUfivv2NoVS1/eYakqtptiXjo7v7NlUV87/Ftd
t1jAbsLSldjgq1dncc9wVmgvVGET2ph2MMMpXC92H+XI1RIig1hi4zdtCde0
Sx8XrTivoRywb3FrC7lA1NHh7S1scaZa3fjlsnTGfER51WHZysmM6Q/+3//6
bzaGVXNb1M7Gu9i4DRS8Lii8zRwq+8BZuLhpApTXYtF7R1q6hecWp0l4XITz
+wqGWER8BYlhHM9msmpVr1AprRaPoqtFkzza3K2LckVdY1RN5cpxBZOXAf5Y
TZJ2aKg0WD72tV0U22LuSxin47EAhNdrqBReU7kpdScaG2oU8AjILKKEhp9+
Sl74/v0sIbwK5xaWT8VQHTSyiWmhqzo2kITaDU7UUmGyxbS1yqk61Vhc0tho
dQ6F5DdwdoYGFQqPmuaYQAiwC8tF1WRljwQY7BHeC1u/LrYUg4/0Gxm8aOs6
ebN6HMEsQjhADbM/04nWOHQV7MYt1kXl40biYWEXpXfpsG5RUo0iAS9GWlSd
E00IjhWG8IBFXd/xIVGK/sazLLMviwc2dzMgSE0HxetVFRqOhzwbmEfr4zoN
H7mJXdVhgz2t4WrVNGxhODJvDyqyi9JvPKdJRqAWcMeN8c07nWtKRPAr4Nc2
YDQMBOI7mInesx9GMdtfX55/O50XtFdFhLH5TOy8bbgU/X7xjhuADXLKxuIk
y6ICaFCWcP+kelH2zJ4xDGObFBrkcM8UGH8gg0UhHpaMD/qBa9FltjXQL0HS
0MwntiQm8fQSoeF0AdqHgyVcU3ekLWDzG9UmYO8aBirivS0ihXr0+hTzlmVM
88Ri5SDEdfFjUS8BANCr3a7vIgRfJmsPdUx+fhPKG7ec3Y8moW1KiC5SD3WA
HJ0cqVguaxejRVxbi/UKevvYR9JQcREIf4iKqxpxfICIX9Eol4GOFigaRCVn
OpMfBDDIu3bXnkFJJDIjQl65euOrUIbrO27b2XdQKLAIZ905e3N5tTPR/+23
5/L54uS3b04vTo75+fKbo1evug8mvXH5zfmbV8f9p37ki/Ozs5Nvj3UwvrWj
r8zO2dHvdhRGds5fX52ef3v0akd9eShN8UXGTNsZBE00GjWjuaO47PMXr//r
3/efAif+DkBxsL//5fv36Y8v9j9/ij+oSl0tVPAO/ZP2bKAmUEjOAkOglfmm
KBkYo43rcFvZtasdpPf3v6dk/nBofzFfbPef/jJ9wQOPvswyG30pMnv4zYPB
KsRHvnpkmU6ao+/vSXq836Pfjf7Och98+Ytf0XjtdP+LX/3SGAOgODSHP0OD
IKchdnQhlFiQVEQ3RYSAfz3iyaPwI0FbQhAXPboftNWNWzK14tGQLUoE/w5b
jd1WHKKmXzGMqx8C2NwNwMZeB/pbh77lHdYHfHHpVzL5qzz5GSf/CkMq19YY
lAK4zYSPxAQr6f6wfYFsglsT3gFBovtj6yoGx2vQ5Yqg76ttS/pRcRzWRR4T
2hqyOfaEMSRLdvfieE/FwMiV5LvsHt/SLC1wYhs8UVOdHQFT40GdJuQuVMRg
3yLijwb5n/LEzFWpM65lzLmGVPDwiZWTwiUl+N8WGmIGIU9EuJEYpWG0IyHm
m6ur1/YMqEchXvrrqiCJzzpHDgDHpEvWrpTxXViG6ylDMT/99FclBuQuV8I0
BqhbInhEDb8G/4AQQ2rQUGdWOFVibwX2ACWBTQiv0QjKmba15xkH4RO0bFvA
CkpXTpSgnVy9tN+dnl2e2N3vUjaSRItYApM8a8vGTy/Fhs1JdePrUEnk3RPh
cn3JbrkfQXR+kxmEZV7DjwAlasjkhAcQhbBXthIGP8C1H27nihZpdr87RRqh
sv1gLgXlkP3YCMVJMKIt08RN7YDDUbmDzYM+jt2eJ11a1G0AeRCzGJlj97vX
V3vm4erbBktCacNZGcJvKP8It2dkI0FuUuSaI3VdgqEjJkZo4IqOiKAPQ8na
hNd4yiJcOwyqExvt9j8kjgbEFppO0xd1o9zwZ8jdgBTRmjQYLw2HieVTCANs
dAPNw46GfBS79TdFiSeqty6gD5ePHce+8YU9vnp1iSBvzi9fnF+cqEsx737/
vtsWTjrwKIgDTI6kM8FwfwwSUx5a/TOLIJHi7C2zhETJpSDEhfM36jxfn1xl
BzJKdAGIiKYAqSz2PJ2Y1MrXG/HAdrsUCBFyjQdMfT6OZhMQH8SXJyQyY5bc
JcxkoKHmDh4JLES6j5iKCxoo28nYkDP+Zc83WMgS4goQjZSAmuCqDLf6Uu0Q
hhq31Yk/spf4bPcPFUmnp8cqm/OtJp9CCbvlSgScuiD5xElcCchCHNABQQak
bBQZBUOinM74MTgPaOLMPnc8dZ5pklFOp1kGUWifrJEyRr8hpsGVA4EPwhYX
qEWBc1B6qEOysi2W0FxipkJLO7wNbbnUpIflFHtUjbxh5VnSaEQbuwUibrim
ruCb4gpvsNRUgw6MEzEJr7aC3Etxs8WgfDL0k70ZlwIG3m2bcF0X2zVISMyR
RDNERA93w1x1kyIN9lISHoHR4TalSFxS7RZbSsFA/Jx7AnQh6/MbGkRO3GTd
2q0QZZnbYJRG3OGgbQuHWggUMYuZE1kgApfTAjfYKvXAFxkpEVPKJFDmPS+e
n1/g1IuQMhrMwnRftbFozH0BgaG9A6h1GqhTLgSoBvvHyxt/vRYEIPeoltDX
n/70J8uqrKGnfqKvxU8QjyS9xP5MtuNDu/64ePpk/+DZs89ns9nHdvfF+eXJ
vzB67094Ag/CjmPt7+yZo8XCbZtD++wJdN7np58s5qHeY6L55DMWxhqac/p/
qrTxw2MOZp9xtyq+t3lXby3gsXWKHpTXVOQFYfS7623qq5S5C383oraCA9fu
h4J1mw3E70kopfIgdExYL4sSgsFHnbGoQ4FGEdMGLkUz6Dw5uYg6V+TiwiKq
eEunxNJtbItyCBwHh/Y3MIbjVFq5E0h/SAJBDIsEoNhlxw1IRG/FmlhLAMVu
Zf0O7CfJMHr7jKYzUKWJin2FgtAj7HPIGSUkXRyboqSl3alsoop02Z1gXFNh
Sagjp19pYipG6hsG7HUg1ZJNjpxiF0PFvOkGmbwDt/i+EwcCaaodcwAj1R+Z
skKW3CmfWcQjMarqkTojWlJ+W72rmOdxIz2YGfVPxLRakeICAxMSZC/PRGSi
vrYg7aT2SdNiO1fePyrsxlzsKtLxh0bxaY4mRxIbtXIErF8XNx4zgpUvnDi5
fE/qIEDmpWbTgVIf1n0jsFQsv29ZJmsiiFvcYhMsHZ/8UCAi0FqFRDoB9QsH
CYqJ1X5BuxvVgQHq1XXE/BlnELsLAuUpVEs3xriFujksnkiM9SCpdPJdN7ue
TWSQFC80rZcSKQVmUw4nKIepFPrJxGU/pAldzYucANgT43iFrtqlKYpmJZg4
5SWKyTGx+buuhBsz4EqQdFo7GpD/e/jbVWFFlbInJzyVG5Jw2i5BN7Xior0z
lcm37jqAx3e5Vs7DouTZ9wpykLzy7pWUG0MJ7/JUApAFG3AlK4MaBTIhMomC
JXvnnCpSdQNJm8lHe6Dsypy0E2Q1UQt9ZoM0jypKVTUSh64cR+ngVXDSFjl4
qqUkn4IHDyzGaCCW4xRz4du5CqiYogCQOHBKLSVilt3GxAvNVgKxZGmJuasU
uerG/5ikdK8YMCxDjsjgoeaipbRHukYo5AfgyPbLtmFOQu1bZumfxOXqLbtl
JaFzqbmvbHPAblkzx4GNBP2inHZbqlnRE3aU2PVAOwOI55O6uBU1zZhqkj1N
lKNuWPJOfSmNvAhoiGc1XJc9Ownt2rr4hDNuwsZB2PIsR+p8EEljif2awkYW
Gb2eXE8IzwS9ZsWSqV9qKhR2HMVNSEVeaTGn6LCWuDCIMxJixgPt7tNPn+6J
278dkgDs7B++j6F6OywLgd6Gh6qX5EwLxmojc6dxkWwYWhSTwFJqaaOzFaXE
FYZumO/wpCafNJdP1A5WniOovDYmPokDIet6hVCVCmG6Y7Y7378fKgRH+lXd
/GPhReRnv726sjefTXLPUHZ1xTUIN67WgkFhL988v3xxcfr8hB7z+s3zV6eX
38DrFu+cJFip+dCpDswV/EFtNnFwBdvecvdGzuVYP/XUzlisgieyyXmNXL3m
8vPaA89SzCqhixT/2S5MnTJuqZWGFOxUvF5WE4KkjHkAp+MVobcVUxL8wxQk
i3db3En6n+yd0VTKvfUwvJMtCDDJ+eu7vUHAV9/tyjoazWuJb/BPKdfds6gC
FrCZlwQTtghGTvpx7IHtxmWUmJgP+W4H5lLb61BZXuk9Qy007SrKUxksSz5k
7cvVyK+zT8OVxlQ6e9FfouA/N/AnWPAO/j6ffw8d7hzan8SkdwYb6L7UN18n
Ax58zff7FIMP8AWMFJ929DIGewNt5bnAzgtX7tj3aaj+z3/fm/eaENyToza4
kP/jv8dleR+ETQfC7L3ErMVpGpriEMxAAy/zCysEdjLoBLAo+fbq+fHbv1o/
eNnuZj/8Szq5//JVL7/EumY2S9r+0xWzHDUqTQHZ44dD+hbsQzY1kL8y14Ll
gJlK9CO266YvKcIlkJDWfjzszpkTlqslvg+aoHQtUp1VS2aeubAyE+EQMbOP
7AQTg0hOTjHq64lfp8YCa3SOlRcKekCPpUALgK5r5KtGdoLtNdKP6yhHohm7
pcerbwcEBKBH7rHRFqSUkjiFUYmV2hhb+y2vZNw69vpUstJhHN2QwAHlCoW2
3cIchLyNpsOJe6yKRNmNOQdLRceZtk2PtVRoqd1SegUANeZ0lNofkSuyVLub
i8N6lectDOJ5aN7uJSyT6kaiED0hZHIFFMPcDyiIr3SHwni1kSDErkO6HrOU
Jo8GSD0v6UR0FAackCJS/M/9XezA3CvHMQ7ns0leoo23RKC6jl8dIOFdln39
MjFZJpg33t3KdZt8J4QcDK+0bOKs4MLSg47DkZqDjE5B1pCzBPOotvGCKntP
ygDrUDeDMlCf5Ir4xfmM7LhJqlTBgDhvg+QsVHe/v3FCNb/rp4aAUkomukBG
e72RRpigDFG5w2RYAfHyMWj4WUTYmfz/gHr3AI8G5+Mez1wRpcg3HDIZDrgf
D4bPhpFh9GAemgu3EiGMH/TSucD5p+z1zuwDINxNEtmb7XSDfybwfJcAMFfb
JAyplAeZwZhNJF4tPMVkZpHGJEdOVE1uQZHgLgLjC1Z4ELcGQp1Z3Q1wqNIr
ljn16Pb1OKMWDO4SQdkcC1ms+vacA5jDnJY4if+DthG6DZtcWF26barmsOpF
m93kcyNrNw+zgREoJ4JIV9Q7Lt0dJWmGkq+bTkYZMJZ+tWIxTRyfEfOQ2WHD
Pi0Trr4FqdeOaglHQpVTfaO/r/IILOz2fVS52VOWE74PJwGMaeVRb49McjM3
1Tq0JsBOnl6ZyrlTW0nJT8i80VOuioW2KnpdjiPEAfLSvire1WfkVs2oEx2l
Tx1zzZn3b/SyCAycXAZiie8QOUmri8WiJQ7lPL3R7hLSYpMEIzxowXsVOHJa
EzlqRGJdFvWoeDWzz+8kQmcOJkZjpKlaDGhBx7rLELARxuWuGqXt8RJJO3fM
mKe79RqWJZ3p++LjPkp3UbN4ECxpML30svDeivS6Nqnee1P9u77+JUchE1pl
JnQ/KXrJsKHFoUURaQbEfTWMlM/njeiFMaRnoDt4JL4VBG8xyvEUqQLIhtKG
obqOUnvboRyAXINbE1JkTkGBT/mWqgLvKchH9pYZJRepj5SrKmqKDdnT4NaD
dkJ48yHmjeeJ2dSWEBAx+XWqmsYYFl4cq3uslXi96JfLU1x1kTtfbjRXOmM2
1rDxDafzujhvUaUGl27HDGNlvuYkdwqL6q7fhNxv6jqviY91eZvJBmQv1YrL
u0knuQ/shCbrtSzeGbyBMu/PnY0zZ9g5zvLRyCC6hJ4bylrM5IiNLUOrGhX+
Jpq1dqaZd1olC5JGYqnXFHUemZzMK/dsh1dr0ndprO98T3uqKTHvxG26yYWD
Kw8fvpC3ky613rtJM+Av0j0dNPjy4fWuZfIjmt1j5OahE8Mcfy9BuSMmyVN2
vnbNkFjQVrqGaSSNq+/sp4qgz54k/iMTdE60c/KDW7SAPqx8tNCIiaDSnAVQ
j9DTkbF3DKiQWAv0jm8/7ZnIzrLVa3c7bHQ9YBZ/yMyCFiAwzVZf6X4Yoe1E
av1y+1saz6lhkUKWXGVLGZAZ+EUOCrxpJAyWnQWh2yzd5GBY2B2JzyQTnYv2
yCNQDCi0eieiRxWYBmGFuC5iTcUbaZyn+qZSCyy6qy5qyN55tY5a20snbZyC
ajKN/6shvNFrBN21gmT56VqAdnzl8shBr1GRaTflcNp7JnLJa0Q9Ff6kW4Xz
HoD/QDRjFjoylp1fMFZ1g1a+dL8c0M7JX1r+Axb6Mk2oR//fTHg+F1r66Jn+
WeU0Pk5vKYejpOD+qNySSpJ+QK3/8NABPrKXOF3NwPki2VCRag9Ho9sF3S0I
veKfKKwWhFLw4C+KDvv+2AZ/GrZ4YO63a89q4PD2jk/XcrWQTm8SGpMvesmz
HP1MvqG+0Wryh64jJCpxv9EILiEZpfGEKti4noW3dLoQ19/O0V8k+R8T9cj3
xzUGmtS6kmvBegcxsDEw6AQ+csgtr/1KsMtELrXXM8vm8T/EoJTY+P5XB0Pm
bIalmlsPL18FJsYze1ZQkIyccPNtCNIpqrmLqmuyLNKdEkQU01/+ziwW2V++
CD2qxTyMLNJiMk4Se2kX1z6+Y2Vf75ULT6gSsVSmO0TR3lu101DpXqRg5ZLz
Ufe539c0jGVtLZVf/tYjVFJS7Mo7McGkafC00RvfvRR5rzjZ/DRfXZl0dBvn
56X0TAm0RK5C7nKc/BMW/qAk9bGZqkmagQ2xUjK4whBqM6yRp+LaOCP9UBab
8Z55tBlWNbIGlRXR87Avcpl061Tut32wE6xtCIzgrQet4xYCjl1/WhRaLG98
DDUy+BNeflpIlpmSz2hHbHcdqpCjz4Y3dTfZ/JIyJRPUy08kkulnHsvRvnpn
W4dSSB3LKp4VfyNd6yQN+mvNjCqGkv+Fqp9vfENQKY+kRcJJ6yC3QOzp0bdH
DwBv/DOCLp2vgr7e5WCnGtwGV/vSzwOQq0qF+pb/bNs6tm6pl9y79odw3PEP
AxItG9xGSz+U1B51wjKSkUGXqfs96b2+XsoGzL3iPC3jfn1Ersjca7QJgU6/
6+KlNPM/6qiCQNI6AAA=

-->

</rfc>
