RFC-011: AIGP Vendor Trust Package — 6. Security
AIGP Specification › RFC-011: AIGP Vendor Trust Package › 6. Security
← 5. Governance Modes · Section index · 7. Backward Compatibility →
6. Security
- All vendor endpoints MUST support HTTPS.
- Evidence records SHOULD be signed using the HMAC mechanism defined in RFC-010.
- Session IDs MUST be opaque (no embedded PII).
- User references MUST be hashed when crossing trust boundaries.
← 5. Governance Modes · Section index · 7. Backward Compatibility →