Know what the standards actually say.
Revision-aware cartography for workload identity, agent authorization, human evidence, receipts, and relying-party acceptance.
sha256:23efb7e98b88176a06Agenda request submitted for the WIMSE and EMILIA two-row composition
An external WIMSE participant submitted a request for a short IETF 126 slot covering possession in the live channel plus action-bound authorization evidence joined by digest.
Operative-version correction: The original file contains a standalone confirmation-evidence deliverable; the operative merged charter does not. The standards move changes from citing an existing deliverable to proposing restoration of a modular work item.
Guarantees, not labels
Every cell has a source-locked rationale. “Unknown” means the evidence is insufficient, not that the feature is absent.
| Source | Layer | Human | RP bar | Action | Quorum | No self | Consume | Offline | Details |
|---|---|---|---|---|---|---|---|---|---|
| framework | Named human: Partial | RP-pinned acceptance: Unknown | Exact-action binding: Partial | Distinct-human quorum: Not defined | Initiator exclusion: Not defined | One-time consumption: Not defined | Offline verification: Not defined | ||
| human-authorization | Named human: Partial | RP-pinned acceptance: Unknown | Exact-action binding: Partial | Distinct-human quorum: Not defined | Initiator exclusion: Not defined | One-time consumption: Not defined | Offline verification: Partial | ||
| human-authorization | Named human: Partial | RP-pinned acceptance: Partial | Exact-action binding: Defined | Distinct-human quorum: Not defined | Initiator exclusion: Not defined | One-time consumption: Unknown | Offline verification: Defined | ||
| payment-intent | Named human: Partial | RP-pinned acceptance: Partial | Exact-action binding: Defined | Distinct-human quorum: Not defined | Initiator exclusion: Not defined | One-time consumption: Unknown | Offline verification: Defined | ||
| identity-possession | Named human: Not defined | RP-pinned acceptance: Partial | Exact-action binding: Not defined | Distinct-human quorum: Not defined | Initiator exclusion: Not defined | One-time consumption: Not defined | Offline verification: Partial | ||
| identity-possession | Named human: Not defined | RP-pinned acceptance: Partial | Exact-action binding: Partial | Distinct-human quorum: Not defined | Initiator exclusion: Not defined | One-time consumption: Not defined | Offline verification: Partial | ||
| transparency | Named human: Not defined | RP-pinned acceptance: Partial | Exact-action binding: Partial | Distinct-human quorum: Not defined | Initiator exclusion: Not defined | One-time consumption: Not defined | Offline verification: Defined | ||
| audit-composition | Named human: Partial | RP-pinned acceptance: Unknown | Exact-action binding: Partial | Distinct-human quorum: Not defined | Initiator exclusion: Not defined | One-time consumption: Not defined | Offline verification: Partial | ||
| delegation-authorization | Named human: Partial | RP-pinned acceptance: Partial | Exact-action binding: Defined | Distinct-human quorum: Not defined | Initiator exclusion: Not defined | One-time consumption: Partial | Offline verification: Defined | ||
| human-authorization | Named human: Defined | RP-pinned acceptance: Partial | Exact-action binding: Defined | Distinct-human quorum: Not defined | Initiator exclusion: Not defined | One-time consumption: Partial | Offline verification: Partial | ||
| machine-policy | Named human: Not defined | RP-pinned acceptance: Defined | Exact-action binding: Defined | Distinct-human quorum: Not defined | Initiator exclusion: Not defined | One-time consumption: Partial | Offline verification: Partial | ||
| machine-policy | Named human: Not defined | RP-pinned acceptance: Partial | Exact-action binding: Defined | Distinct-human quorum: Not defined | Initiator exclusion: Not defined | One-time consumption: Not defined | Offline verification: Defined | ||
| delegation | Named human: Partial | RP-pinned acceptance: Partial | Exact-action binding: Partial | Distinct-human quorum: Not defined | Initiator exclusion: Not defined | One-time consumption: Partial | Offline verification: Partial | ||
| machine-policy | Named human: Partial | RP-pinned acceptance: Partial | Exact-action binding: Defined | Distinct-human quorum: Not defined | Initiator exclusion: Not defined | One-time consumption: Partial | Offline verification: Defined | ||
| human-authorization | Named human: Defined | RP-pinned acceptance: Defined | Exact-action binding: Defined | Distinct-human quorum: Partial | Initiator exclusion: Defined | One-time consumption: Defined | Offline verification: Defined | ||
| human-authorization | Named human: Defined | RP-pinned acceptance: Defined | Exact-action binding: Defined | Distinct-human quorum: Defined | Initiator exclusion: Defined | One-time consumption: Defined | Offline verification: Defined | ||
| evidence-composition | Named human: Defined | RP-pinned acceptance: Defined | Exact-action binding: Defined | Distinct-human quorum: Defined | Initiator exclusion: Defined | One-time consumption: Partial | Offline verification: Defined |
Condition-Bounded Credentials for Workload and Agent Identity
Hardware-rooted possession under current attested conditions, with independent failure classes for possession, delegation, and authorization.
“This profile is an authentication input, not an authorization one”
Latest Datatracker revision at snapshot time; individual submission discussed in WIMSE.
The draft explicitly says it is an authentication input and delegates human authorization to a separate offline-verifiable receipt joined on an action digest.
The draft explicitly leaves named-human authorization to a separate mechanism.
It defines a verifier contract for condition evidence, not the complete authorization sufficiency policy.
The composition text joins layers on a shared action digest; this profile's own possession proof is not the authorization.
No distinct-human quorum is defined.
No human separation-of-duties rule is defined.
Key-use conditions and grant replay controls do not define once-only action authorization consumption.
Condition evidence is verifier-facing; the separate human receipt is described as offline-verifiable.