[Ztcpp] Re: [saag] ZTNP / ZTIP – attestation-gated authorization & intent-bound delegation (seeking venue guidance)
Philip Griffiths <philipleonardgriffiths@gmail.com> Wed, 29 April 2026 16:42 UTC
Return-Path: <philipleonardgriffiths@gmail.com>
X-Original-To: ztcpp@mail2.ietf.org
Delivered-To: ztcpp@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B7017E5CEF0F for <ztcpp@mail2.ietf.org>; Wed, 29 Apr 2026 09:42:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1777480935; bh=e9bAiW4gWBqJSz3Hf4jl9iUEPjs5PHueIanSeoaXPWc=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=brfM9EZRPSSb3RjxhTyLIg7PksQkWboyTBy0uUYVBIpQ4efToeXb+y9edCX1D+wAZ w3gkgop6NeSu09/djUmMg/mWamltvJhtpf1feYJOnB71LtFbBCS0ujNvptuiBxQeru 8OH7SgptcrJuhkhXiEfOJRNUliNB/c2gkH/Ka1NI=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kO63hbfXNylr for <ztcpp@mail2.ietf.org>; Wed, 29 Apr 2026 09:42:15 -0700 (PDT)
Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id D77CDE5CEDE2 for <ztcpp@ietf.org>; Wed, 29 Apr 2026 09:41:00 -0700 (PDT)
Received: by mail-pl1-x629.google.com with SMTP id d9443c01a7336-2b7adb38d65so65181605ad.2 for <ztcpp@ietf.org>; Wed, 29 Apr 2026 09:41:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1777480860; cv=none; d=google.com; s=arc-20240605; b=YS58/caAnnelm1LSJx01j26FkscyS9Hg7WsGmJKpBwRqpnUCjv427eZOkQTUTgSMGW DZ4hVOIb4aOf6lGotnNAGHiJ7/ccVGd2xeUsLmwxQNu+00T774xl2fyaMFReGtPhSyOD Pus/ev98hDpeLQjvojBORo88oFg+hkNNhqr+wlHJex3WY6S5CJ8tnseFmrFHgk+BkMqx Tx7RaHPRINCp2h/JSpEX014QUG9m5VlXkDCQODPebIc5rr2RnMYzMWYiJKwkP4TfYiG8 Br+vY19X+ezKla2YNgSX6+fRfJLz+e6jDoXA/D06uuM54NOIEf7wNqsgzqiuX8cihPbU hiEA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=nb3jpZWXYeVgbVwwyzmx+7Uls2jpVnV7Xc2eKJDHxuQ=; fh=QGnlMRGxBIHPBzEusxlbTBaWvub7g+28wORZbODTsXs=; b=D6lYO8mv7ls7yQ9xiqoBpzW29xBMIHQkIpPj10KppFF0XgV3mOjoOwEcHx3AoJl878 ofN3aqcCkdaXaLUMNx+tmf/A66SvLcDQyggDbREllNpQbh1r4FEk1bRJFFxGvgRfTsDt xXIOIRTJabR66fwRA1hgtWYHa8Fds6FMUdQYxdbDb6AiOHXyLJUI1TKHbmjiwGvuggFQ Zif8EacrZkOHORvBNVgzoTO3YgknZfGpe1QIYC6torrnun01+d9ePDmdumuPnGpcE1Kq hWKXlwCHqVJQnU80rWfxaKisjJTMzBTV9UW0LunI2xnJfc0oyOJjcuTe6CMPftgG+DIV 3uAw==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1777480860; x=1778085660; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=nb3jpZWXYeVgbVwwyzmx+7Uls2jpVnV7Xc2eKJDHxuQ=; b=Agk96Jh+xgvlkNv5iUkZ2klSBTb9hKQPSLiRdNNqLXpc7YEQb4wvqouxX5cyfIEUOL 2OkfojvSW9Ql97OaQqnktUz71OIDuCJSTT4NJBxTGRbtEAGDyht/0L3E94dNVILOIagu 4aUuI4H5pInsVEWpopmiV2I8h7Jcj5x3ZjXmp9qXDjt6JcqeSIs4PvNZAF1761yVX0rk sxcxacxJjRxDNpjbnQ6eiGv/lxLA/R80oUtXnV7xNupGLeJWZ4kj5c+UMTuyVg29fE2v 93XXrbXnw1BueXPvemg1Q7Cyie1mLRg4tqERHVmvA8dE4IhFuiQfmQFLjyLCRG8KSGw5 qsXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1777480860; x=1778085660; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=nb3jpZWXYeVgbVwwyzmx+7Uls2jpVnV7Xc2eKJDHxuQ=; b=aXDE8ImG8UT5EqO6uOhIhvdRRGR+QahoXakWS9o76FzAd00p2LFmZrl2OmxWNNBXOh 7QyQAUNeEFlkhTdznl5K7JCYpvsGjuFWbfPrV8qX+pKHF4VD3+yYCkK9i+zd1MStTbAW h1Dl6GZTnpcXVkk9BmmXyG2hZaUK/FCjy8QfJBdqsUmdcDZUjdQdinNG01TPS+PBHQ/g 2JO6oqoQfvVyR2bwkR9H1R459xz/0ekFnjNL3LyvrjQ0dBiAqjWyZ/iuaCazmOFlKaFL ta4CFnMIMviESkhRQ6rfJoulA+Kl9mROzIoKxD7AmR2dT3oDTkrg3avwm/sE147D+AwH 8oUg==
X-Forwarded-Encrypted: i=1; AFNElJ8XOTgZxbn1Wg3jZIvHt7zl2PM1TffST2gLk2Bwb7CR57aHY1/mdFQQIFXdV2SdHOE78Q/7AQ==@ietf.org
X-Gm-Message-State: AOJu0Yz7lBjvNsQvzU+UCwyCgYt47HyKroucaVeBVW0yni3g+RrxSN9Y CFj0t7VaUTn/VI1tHAtv9U5LAqCBqCk4rgeDdw2f1KrxrLwdrYkd6E5KOH4SZGWmb2M1XNN1yCA 8Uu2IQpmV95KzXK3oVsB+GvpLCfO5+n4=
X-Gm-Gg: AeBDietlunuRYvxhoRApLCkjoWHYv8uHQcgaDbhs7JxPgZxq0YvjdjDXQ1TtLH8WhPz DRE3oCX8YMLmxQ0KfeFv5qmwxl+b4LYS5yDS6TszWjPlM6TLmQGjoc/3+eV0dwepkfIuINgM+SR ucXX7oZJLrI2kFr5+DZ+2THj7MTjDOx87aaFmO4d85YBpSakJY/lDSdR4KqUzx7H+y0XjmASIyw ChYbGOuLcEL3Pbj6wsMx7Y2Erj7o7Q0THajBlnf4ysfasL31pQdd09I04LQXE9RbelTfkMMwlMc 1Fl0xKzahQ/UZuSUCowQDCSsyro7k2BSAbMe7QvbshBh2VBAXp4=
X-Received: by 2002:a17:902:ea0a:b0:2b0:c90f:44b2 with SMTP id d9443c01a7336-2b97c3ffd29mr88933985ad.12.1777480859677; Wed, 29 Apr 2026 09:40:59 -0700 (PDT)
MIME-Version: 1.0
References: <CAPqcJNXnEguRSg8rhgGhV+7qAgAN31=qkpZBsNWHNwVN=0Mo8A@mail.gmail.com> <001501dcd6b3$67cd7380$37685a80$@tsinghua.org.cn>
In-Reply-To: <001501dcd6b3$67cd7380$37685a80$@tsinghua.org.cn>
From: Philip Griffiths <philipleonardgriffiths@gmail.com>
Date: Wed, 29 Apr 2026 17:40:48 +0100
X-Gm-Features: AVHnY4If9twx30B92Pyl-Or5cPlo8pqJmzAePlNFIFmM-4-Ac4ZCWk-c_bHzQ3I
Message-ID: <CAJuQJ1EnoQ8bWB5aZ4-W2aVDiNhNdGDjxgkxRdxAuW4a=krwaw@mail.gmail.com>
To: Aijun Wang <wangaijun@tsinghua.org.cn>, Jake Miller <jake@zivis.ai>
Content-Type: multipart/alternative; boundary="0000000000003c78fc06509c035e"
Message-ID-Hash: DVWCT4ICKJYXS7UQOC6H6WH7AVG264PZ
X-Message-ID-Hash: DVWCT4ICKJYXS7UQOC6H6WH7AVG264PZ
X-MailFrom: philipleonardgriffiths@gmail.com
X-Mailman-Rule-Hits: member-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address
CC: oauth@ietf.org, saag@ietf.org, ztcpp@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Ztcpp] Re: [saag] ZTNP / ZTIP – attestation-gated authorization & intent-bound delegation (seeking venue guidance)
List-Id: Zero Trust Control and Policy Protocol <ztcpp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ztcpp/cZ85EPNPHyzMaNxyo6skYjOE6kg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ztcpp>
List-Help: <mailto:ztcpp-request@ietf.org?subject=help>
List-Owner: <mailto:ztcpp-owner@ietf.org>
List-Post: <mailto:ztcpp@ietf.org>
List-Subscribe: <mailto:ztcpp-join@ietf.org>
List-Unsubscribe: <mailto:ztcpp-leave@ietf.org>
Hey all, Thanks for sharing @jake, I will quick add too, ZTNP/ZTIP look complementary to the ZTCPP discussion rather than overlapping entirely (if my quick reading of the drafts is correct). I read it that ZTNP/ZTIP focus on how posture, attestation, intent, and delegation evidence can inform authorization decisions at the session/application layer. ZTCPP, is more focused on the control/policy protocol gaps needed to enforce least-privilege connectivity itself: authenticate-before-connect, minimizing pre-auth reachability/exposure, and binding policy decisions to concrete sessions/flows. So I’d be interested in exploring whether ZTNP/ZTIP could provide inputs or claims into a ZTCPP-style policy/enforcement model, while ZTCPP addresses how those decisions are distributed and enforced at the connectivity layer. Regards Philip On Tue, 28 Apr 2026 at 03:08, Aijun Wang <wangaijun@tsinghua.org.cn> wrote: > Hi, Jake: > > > > I think your work is aligned well with the aim of ZTPP(Zero Trust Control > and Policy Protocol) efforts. > > And, we are now updating the charter( > https://github.com/ietf-ztcpp/Charter/blob/main/Charter.md) for the > future BoF/Side Meeting in IETF 126. > > > > If you are interested, please subscribe the mailing list at > https://mailman3.ietf.org/mailman3/lists/ztcpp.ietf.org/ and contribute > your thoughts to refine the charter? > > > > Aijun > > > > *From:* forwardingalgorithm@ietf.org [mailto:forwardingalgorithm@ietf.org] > *On Behalf Of *Jake Miller > *Sent:* Tuesday, April 28, 2026 6:50 AM > *To:* oauth@ietf.org; saag@ietf.org > *Subject:* [saag] ZTNP / ZTIP – attestation-gated authorization & > intent-bound delegation (seeking venue guidance) > > > > Hello, > > I’ve recently submitted two individual Internet-Drafts that explore gaps > we’re encountering as systems become more agent-driven and involve > multi-hop delegation: > > ZTNP (Zero-Trust Negotiation Protocol) > https://datatracker.ietf.org/doc/draft-miller-ztnp/ > > ZTIP (Zero-Trust Intent Protocol) > https://datatracker.ietf.org/doc/draft-miller-ztip/ > > At a high level: > > - *ZTNP* looks at how to bind attestation (or posture) to > authorization at session establishment, including channel binding and local > policy evaluation by the relying party. > - *ZTIP* explores how to bind authorization to structured user intent > across delegation chains, with explicit scope monotonicity and end-to-end > verifiability. > > The drafts explore a potential gap between: > > - attestation (e.g., RATS-style evidence/results), and > - authorization mechanisms (OAuth / GNAP) > > This is particularly true in scenarios where actions are delegated across > multiple agents and are susceptible to prompt injection or confused deputy > patterns. > > These drafts are intended as early contributions. I’m interested in > critical feedback, especially on: > > - whether the problem framing resonates > - how this relates to existing work in OAuth, GNAP, and RATS > - and whether there is an appropriate venue (existing WG or otherwise) > for further discussion > > Thank you for any feedback or direction. > > Best regards, > Jake Miller > jake@zivis.ai > _______________________________________________ > Ztcpp mailing list -- ztcpp@ietf.org > To unsubscribe send an email to ztcpp-leave@ietf.org >
- [Ztcpp] Re: [saag] ZTNP / ZTIP – attestation-gate… Aijun Wang
- [Ztcpp] Re: [saag] ZTNP / ZTIP – attestation-gate… Philip Griffiths