Skip to content

RFC-010: AI Governance Protocol (AIGP) — Reference Register

RFC-010: AI Governance Protocol (AIGP) — Reference Register

© 2024-2026 Kanjani AI Research & Causum. All rights reserved.


Runtime AI Governance

# Reference Relevance to RFC
1 Xu, Z. et al. “Runtime Governance for AI Agents.” arXiv:2603.16586, 2025. Formalizes compliance policies as deterministic functions mapping agent identity, partial path, proposed next action, and organizational state to policy violation probability — directly validates AIGP’s pre-invocation REQUEST evaluation model.
2 Chen, M. et al. “A Multi-Agent Framework for AI System Compliance and Policy Enforcement (Governance-as-a-Service).” arXiv:2508.18765, 2025. Introduces Governance-as-a-Service (GaaS) as a modular, policy-driven enforcement layer operating at runtime without altering model internals — validates AIGP’s centralized governance authority architecture.
3 Luo, H. et al. “The Agentic AI Framework (AAIF): A Policy-Enforced Architecture for Accountable Intrusion Detection.” Frontiers in AI, 2026. Combines deep learning detection with a governance layer aligned to NIST AI RMF — validates AIGP’s integration of policy evaluation with the governance pipeline and NIST alignment.
4 Kerekes, L. et al. “Oversight Structures for Agentic AI in Public-Sector Organizations.” arXiv:2506.04836, 2025. Finds that agentic AI intensifies challenges to traditional oversight mechanisms relying on episodic approvals rather than continuous supervision — validates AIGP’s continuous per-invocation governance model over periodic audit.
5 Partnership on AI. “Preparing for AI Agent Governance.” 2025. https://partnershiponai.org/resource/preparing-for-ai-agent-governance/ Multi-stakeholder research on institutions, policies, and tools ensuring AI systems operate in the public interest — provides governance landscape context for AIGP’s design decisions.

HMAC Authentication and Message Security

# Reference Relevance to RFC
6 Krawczyk, H., Bellare, M., Canetti, R. “HMAC: Keyed-Hashing for Message Authentication.” IETF RFC 2104, 1997. https://www.rfc-editor.org/rfc/rfc2104 The foundational standard defining HMAC construction — AIGP’s HMAC-SHA256 authentication mechanism is a direct application of RFC 2104.
7 Atkinson, R. “HMAC-MD5 IP Authentication with Replay Prevention.” IETF RFC 2085, 1997. https://www.rfc-editor.org/rfc/rfc2085 Defines replay prevention using timestamps in HMAC-authenticated messages — AIGP’s X-AIGP-Timestamp header and 5-minute replay window follow this established pattern.
8 NIST. “FIPS 198-1: The Keyed-Hash Message Authentication Code (HMAC).” National Institute of Standards and Technology, 2008. Federal standard for HMAC — provides the compliance basis for AIGP’s choice of HMAC-SHA256 as the authentication mechanism.

Fail-Open / Fail-Closed Semantics

# Reference Relevance to RFC
9 Nygard, M. Release It! Design and Deploy Production-Ready Software. 2nd ed. Pragmatic Programmers, 2018. Defines fail-open and fail-closed patterns in distributed systems — AIGP’s REPORT mode (fail-open) and ENFORCE mode (fail-closed) directly implement these resilience patterns.
10 Fowler, M. “Circuit Breaker.” martinfowler.com, 2014. https://martinfowler.com/bliki/CircuitBreaker.html Foundational description of the circuit breaker pattern — AIGP’s governance modes represent architectural choices about failure behavior that align with this pattern language.
# Reference Relevance to RFC
11 Cavoukian, A. “Privacy by Design: The 7 Foundational Principles.” Information and Privacy Commissioner of Ontario, 2009. Establishes the principle of building governance into systems by design — AIGP’s consent-based model (applications opt into governance by registering) is analogous to Privacy by Design’s proactive approach.
12 EU General Data Protection Regulation (GDPR). Regulation 2016/679, Article 7: Conditions for Consent. European Parliament, 2016. Defines consent as a legal basis for processing — AIGP’s consent tier model (NONE/ANONYMOUS/REDACTED/STANDARD/FULL) adapts consent concepts to AI governance context.

Distributed Tracing and Observability

# Reference Relevance to RFC
13 Sigelman, B. et al. “Dapper, a Large-Scale Distributed Systems Tracing Infrastructure.” Google Technical Report, 2010. Foundational work on distributed tracing with causally-related spans — AIGP’s TRACE message and stage-level span emission follow Dapper’s model adapted to governance pipeline stages.
14 OpenTelemetry Project. “OpenTelemetry Specification v1.0.” Cloud Native Computing Foundation, 2024. https://opentelemetry.io/docs/specs/otel/ Industry standard for telemetry collection — AIGP’s REPORT-TRACE mode and span attributes align with OpenTelemetry conventions for stage-level observability.
15 Shkuro, Y. Mastering Distributed Tracing. Packt Publishing, 2019. Comprehensive treatment of distributed tracing systems — provides context for AIGP’s trace_id/request_id correlation and multi-stage span emission.

Policy Evaluation and Decision Caching

# Reference Relevance to RFC
16 Open Policy Agent (OPA). “Policy Language (Rego).” CNCF, 2024. https://www.openpolicyagent.org/docs/latest/policy-language/ Industry-standard policy evaluation engine — provides context for AIGP’s policy evaluation model where policies are declarative rules evaluated against request context.
17 XACML TC. “eXtensible Access Control Markup Language (XACML) Version 3.0.” OASIS Standard, 2013. Defines the PDP/PEP architecture for access control — AIGP’s governance authority (PDP) and client library (PEP) separation follows established access control architecture patterns.

AI Governance Frameworks and Regulation

# Reference Relevance to RFC
18 NIST. “AI 100-1: Artificial Intelligence Risk Management Framework.” National Institute of Standards and Technology, 2023. U.S. national framework for AI risk management — AIGP’s governance pipeline maps to NIST’s GOVERN/MAP/MEASURE/MANAGE functions.
19 EU Regulation 2024/1689. “Artificial Intelligence Act.” European Parliament, 2024. EU AI regulation — AIGP’s governance modes and audit trail support obligations under Art. 9 (risk management), Art. 12 (record-keeping), Art. 13 (transparency), Art. 14 (human oversight).
20 California SB 53. “Safe and Secure Innovation for Frontier Artificial Intelligence Models Act.” California Legislature, 2025. State-level AI safety regulation — AIGP’s audit trail integrity and incident reporting mechanisms address SB 53 §4(b) and §7(a) obligations.
21 California AB 853. “Artificial Intelligence Training Data Transparency Act.” California Legislature, 2025. Content provenance regulation — AIGP’s RECORD message provenance fields and future C2PA integration address AB 853 disclosure obligations.
22 ISO/IEC 42001:2023. “Information Technology — Artificial Intelligence — Management System.” ISO, 2023. International standard for AI management — provides compliance context for AIGP’s governance pipeline as an operational implementation of AIMS controls.

Default-Deny and Zero Trust for AI

# Reference Relevance to RFC
23 Cloud Security Alliance. “Agentic Trust Framework: Zero Trust for AI Agents.” 2025. https://cloudsecurityalliance.org/articles/the-agentic-trust-framework-zero-trust-governance-for-ai-agents Applies established Zero Trust principles to AI agents — validates AIGP’s pre-invocation CHECK requirement where every invocation must be authorized before proceeding.
24 Rose, S. et al. “Zero Trust Architecture.” NIST Special Publication 800-207, 2020. Defines Zero Trust as “never trust, always verify” — AIGP’s mandatory pre-invocation REQUEST check implements this principle at the AI governance layer.

Decision Caching and Performance

# Reference Relevance to RFC
25 Dean, J., Ghemawat, S. “MapReduce: Simplified Data Processing on Large Clusters.” OSDI, 2004. Establishes the pattern of trading freshness for performance through caching — AIGP’s decision cache with configurable TTL follows this principle to reduce governance latency.
26 Ousterhout, J. “Always Measure One Level Deeper.” Communications of the ACM, 2018. Argues for understanding performance characteristics at each system layer — validates AIGP’s stage-level TRACE for latency attribution across the governance pipeline.

Last updated: June 2026