Skip to content

RFC-011: AIGP Vendor Trust Package — 6. Security

AIGP SpecificationRFC-011: AIGP Vendor Trust Package › 6. Security

← 5. Governance Modes · Section index · 7. Backward Compatibility →

6. Security

  • All vendor endpoints MUST support HTTPS.
  • Evidence records SHOULD be signed using the HMAC mechanism defined in RFC-010.
  • Session IDs MUST be opaque (no embedded PII).
  • User references MUST be hashed when crossing trust boundaries.


← 5. Governance Modes · Section index · 7. Backward Compatibility →