Network Working Group L. Architect Internet-Draft Sovereign AG Intended status: Standards Track 30 April 2026 Expires: 1 November 2026 High-Frequency Action-Integrity Protocol (HAIP) draft-sovereign-haip-00 Abstract This document specifies the High-Frequency Action-Integrity Protocol (HAIP), a standard for real-time identity verification and autonomous resilience in AI agent environments. HAIP addresses the "Trust Tax" and the "Integrity Gap" by mandating a 6.42 us pulse, decentralized identity teleportation, and NIST-aligned non-repudiation. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 1 November 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Architect Expires 1 November 2026 [Page 1] Internet-Draft High-Frequency Action-Integrity Protocol April 2026 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology and Requirements Language . . . . . . . . . . . . 2 3. The Three-Pillar Architecture . . . . . . . . . . . . . . . . 3 3.1. Pillar I: Cryptographic Identity & Model Binding . . . . 3 3.2. Pillar II: Dynamic Authorization (Zero Trust) . . . . . . 3 3.3. Pillar III: Verifiable Provenance (The Black Box) . . . . 3 4. Protocol Specification: The Hydra Logic . . . . . . . . . . . 3 4.1. The Integrity Pulse Window . . . . . . . . . . . . . . . 4 4.2. Pulse Packet Structure . . . . . . . . . . . . . . . . . 4 4.3. Type-402 Protocol Severance . . . . . . . . . . . . . . . 4 4.4. Autonomous Teleportation Sequence . . . . . . . . . . . . 4 5. Developer Experience & Zero-Friction Integration . . . . . . 4 5.1. One-Line Implementation Wrapper . . . . . . . . . . . . . 4 5.2. Automated WAF and Firewall Bypass . . . . . . . . . . . . 4 6. Financial Integrity: Zero-Variance Math . . . . . . . . . . . 5 7. Security Considerations . . . . . . . . . . . . . . . . . . . 5 7.1. TOCTOU Mitigation . . . . . . . . . . . . . . . . . . . . 5 7.2. Elimination of Hardware Vendor Lock-in . . . . . . . . . 5 8. Privacy Considerations: Zero-Knowledge Identity . . . . . . . 5 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 10. Strategic Alignment & NIST Compliance . . . . . . . . . . . . 5 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 1. Introduction As the AI economy shifts from "Human-to-AI" to "Agent-to-Agent" workflows, the primary security threat is Identity Spoofing. In this environment, identity is the only perimeter. Current legacy frameworks (API keys/OAuth) cannot prevent an autonomous agent from being hijacked, leading to a projected $45B liability risk for enterprise deployments. HAIP provides a unified Root of Trust to secure these interactions at scale. 2. Terminology and Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119. * DID: Decentralized Identifier. * Tai: Action-Integrity Threshold (Maximum allowable latency between intent and verification). * Pulse: A micro-signed cryptographic heartbeat emitted by an agent. Architect Expires 1 November 2026 [Page 2] Internet-Draft High-Frequency Action-Integrity Protocol April 2026 * Lattice: The sharded registry layer responsible for pulse reconciliation. 3. The Three-Pillar Architecture 3.1. Pillar I: Cryptographic Identity & Model Binding * Every agent MUST be issued a Decentralized Identifier (DID) mapped to its model weights and legal owner signature. * The protocol mandates Ed25519 signatures for high-speed, small- footprint verification in HTTP headers. * Model Binding: The identity is cryptographically tied to the parent model hash. Any "Prompt Injection" or state poisoning that alters the model's integrity triggers an immediately revocation of the DID. * Compliance: Identity verification MUST reach AAL3. 3.2. Pillar II: Dynamic Authorization (Zero Trust) * HAIP advocates for a "Policy-as-Code" model where permissions are granular and session-based. * The Registry acts as a real-time intermediary, validating agent intent against a defined policy set. * The 3-Way Handshake Sequence: 1. MINT: Agent requests a Sovereign DID via Registry API. 2. CHALLENGE: Site requests a Verifiable Credential (VC). 3. VERIFY: Registry validates DID/Policy in under 50ms. 4. GRANT: Website unlocks access based on the signal. 3.3. Pillar III: Verifiable Provenance (The Black Box) * To achieve Non-Repudiation, every agentic decision MUST be cryptographically signed by its Identity Key. * The Black Box: Sovereign maintains an immutable, tamper-proof audit trail for every decision. * Metadata Discovery: Identity keys and metadata SHOULD be hosted in a standardized .well-known/ directory. 4. Protocol Specification: The Hydra Logic Architect Expires 1 November 2026 [Page 3] Internet-Draft High-Frequency Action-Integrity Protocol April 2026 4.1. The Integrity Pulse Window HAIP-compliant agents MUST emit a state-hash "Heartbeat" at a frequency defined by the Registry (default: 100ms). The Registry MUST verify this pulse within 6.42 us to mitigate Time-of-Check (TOC) window exploits. 4.2. Pulse Packet Structure The Pulse packet MUST follow the structured JSON-L format: { "svrn_id": "DID:SOV:UUID", "pulse_type": "ENUM(HEARTBEAT|ACTION|MINT)", "state_hash": "SHA-256", "ts": "UNIX_MS", "sig": "ED25519_HEX" } 4.3. Type-402 Protocol Severance If a pulse fails verification (invalid signature or state drift), the Registry MUST respond with an HTTP 402 (Payment Required) or Protocol Severance signal. Upon receipt of this signal, compliant WAFs and API Gateways MUST drop all active connections for that DID within 50ms. 4.4. Autonomous Teleportation Sequence If an "Integrity Drift" is identified: 1. Detection: Hash mismatch identified within the pulse window. 2. Isolation: Compromised node's DID is revoked instantly. 3. Migration: DID Anchor is re-keyed to a verified standby node. 4. Resumption: Agent continues execution without data loss. 5. Developer Experience & Zero-Friction Integration HAIP-compliant SDKs SHOULD achieve a 90% reduction in security integration time for enterprise startups. 5.1. One-Line Implementation Wrapper Protocol enforcement MUST be achievable via a single-line wrapper around the agent instance. 5.2. Automated WAF and Firewall Bypass Architect Expires 1 November 2026 [Page 4] Internet-Draft High-Frequency Action-Integrity Protocol April 2026 The SDK MUST autonomously handle header injection to sign HTTP requests. This provides a "Digital Passport" allowing agents to move from "Blocklists" to "Whitelists" at the network edge. 6. Financial Integrity: Zero-Variance Math To ensure incentive alignment and prevent compute-drain attacks, HAIP integrates an integer-based settlement layer. * All financial values MUST be stored as 64-bit integers. * $1.00 USD is treated as 10,000 "Pulse Units" to eliminate floating-point rounding drift. * The Registry MUST perform real-time balance checks before validating "ACTION" type pulses. 7. Security Considerations 7.1. TOCTOU Mitigation Legacy protocols with >100ms latency are vulnerable to "Flash- Injection" attacks. HAIP strictly mandates an Action-Integrity Threshold (Tai) of <= 1,000 us. 7.2. Elimination of Hardware Vendor Lock-in Sovereign-compliant protocols MUST NOT be bound to specific proprietary hardware chips (e.g., TPM-only locks). This ensures agents remain cloud-native and cross-provider mobile. 8. Privacy Considerations: Zero-Knowledge Identity The Registry SHOULD NOT store the private logic or PII of the agent. Verification MUST be performed using Public Key Infrastructure (PKI) to ensure the Registry remains zero-knowledge regarding internal agent state. 9. IANA Considerations This document requests the allocation of Port 5001 for HAIP Heartbeat synchronization and the registration of the ".well-known/sovereign" URI suffix. 10. Strategic Alignment & NIST Compliance The HAIP standard is architected to exceed NIST AI 600-1 and SP 800-63 guidelines. By mandating AAL3 (Authenticator Assurance Level 3), HAIP ensures that agentic decisions meet the highest threshold of legal non-repudiation. Architect Expires 1 November 2026 [Page 5] Internet-Draft High-Frequency Action-Integrity Protocol April 2026 Author's Address Lead Architect AG Pixel Studio / Sovereign AG Architect Expires 1 November 2026 [Page 6]