RFC-010: AI Governance Protocol (AIGP) — Reference Register
RFC-010: AI Governance Protocol (AIGP) — Reference Register
© 2024-2026 Kanjani AI Research & Causum. All rights reserved.
Runtime AI Governance
| # | Reference | Relevance to RFC |
|---|---|---|
| 1 | Xu, Z. et al. “Runtime Governance for AI Agents.” arXiv:2603.16586, 2025. | Formalizes compliance policies as deterministic functions mapping agent identity, partial path, proposed next action, and organizational state to policy violation probability — directly validates AIGP’s pre-invocation REQUEST evaluation model. |
| 2 | Chen, M. et al. “A Multi-Agent Framework for AI System Compliance and Policy Enforcement (Governance-as-a-Service).” arXiv:2508.18765, 2025. | Introduces Governance-as-a-Service (GaaS) as a modular, policy-driven enforcement layer operating at runtime without altering model internals — validates AIGP’s centralized governance authority architecture. |
| 3 | Luo, H. et al. “The Agentic AI Framework (AAIF): A Policy-Enforced Architecture for Accountable Intrusion Detection.” Frontiers in AI, 2026. | Combines deep learning detection with a governance layer aligned to NIST AI RMF — validates AIGP’s integration of policy evaluation with the governance pipeline and NIST alignment. |
| 4 | Kerekes, L. et al. “Oversight Structures for Agentic AI in Public-Sector Organizations.” arXiv:2506.04836, 2025. | Finds that agentic AI intensifies challenges to traditional oversight mechanisms relying on episodic approvals rather than continuous supervision — validates AIGP’s continuous per-invocation governance model over periodic audit. |
| 5 | Partnership on AI. “Preparing for AI Agent Governance.” 2025. https://partnershiponai.org/resource/preparing-for-ai-agent-governance/ | Multi-stakeholder research on institutions, policies, and tools ensuring AI systems operate in the public interest — provides governance landscape context for AIGP’s design decisions. |
HMAC Authentication and Message Security
| # | Reference | Relevance to RFC |
|---|---|---|
| 6 | Krawczyk, H., Bellare, M., Canetti, R. “HMAC: Keyed-Hashing for Message Authentication.” IETF RFC 2104, 1997. https://www.rfc-editor.org/rfc/rfc2104 | The foundational standard defining HMAC construction — AIGP’s HMAC-SHA256 authentication mechanism is a direct application of RFC 2104. |
| 7 | Atkinson, R. “HMAC-MD5 IP Authentication with Replay Prevention.” IETF RFC 2085, 1997. https://www.rfc-editor.org/rfc/rfc2085 | Defines replay prevention using timestamps in HMAC-authenticated messages — AIGP’s X-AIGP-Timestamp header and 5-minute replay window follow this established pattern. |
| 8 | NIST. “FIPS 198-1: The Keyed-Hash Message Authentication Code (HMAC).” National Institute of Standards and Technology, 2008. | Federal standard for HMAC — provides the compliance basis for AIGP’s choice of HMAC-SHA256 as the authentication mechanism. |
Fail-Open / Fail-Closed Semantics
| # | Reference | Relevance to RFC |
|---|---|---|
| 9 | Nygard, M. Release It! Design and Deploy Production-Ready Software. 2nd ed. Pragmatic Programmers, 2018. | Defines fail-open and fail-closed patterns in distributed systems — AIGP’s REPORT mode (fail-open) and ENFORCE mode (fail-closed) directly implement these resilience patterns. |
| 10 | Fowler, M. “Circuit Breaker.” martinfowler.com, 2014. https://martinfowler.com/bliki/CircuitBreaker.html | Foundational description of the circuit breaker pattern — AIGP’s governance modes represent architectural choices about failure behavior that align with this pattern language. |
Consent-Based and Opt-In Governance
| # | Reference | Relevance to RFC |
|---|---|---|
| 11 | Cavoukian, A. “Privacy by Design: The 7 Foundational Principles.” Information and Privacy Commissioner of Ontario, 2009. | Establishes the principle of building governance into systems by design — AIGP’s consent-based model (applications opt into governance by registering) is analogous to Privacy by Design’s proactive approach. |
| 12 | EU General Data Protection Regulation (GDPR). Regulation 2016/679, Article 7: Conditions for Consent. European Parliament, 2016. | Defines consent as a legal basis for processing — AIGP’s consent tier model (NONE/ANONYMOUS/REDACTED/STANDARD/FULL) adapts consent concepts to AI governance context. |
Distributed Tracing and Observability
| # | Reference | Relevance to RFC |
|---|---|---|
| 13 | Sigelman, B. et al. “Dapper, a Large-Scale Distributed Systems Tracing Infrastructure.” Google Technical Report, 2010. | Foundational work on distributed tracing with causally-related spans — AIGP’s TRACE message and stage-level span emission follow Dapper’s model adapted to governance pipeline stages. |
| 14 | OpenTelemetry Project. “OpenTelemetry Specification v1.0.” Cloud Native Computing Foundation, 2024. https://opentelemetry.io/docs/specs/otel/ | Industry standard for telemetry collection — AIGP’s REPORT-TRACE mode and span attributes align with OpenTelemetry conventions for stage-level observability. |
| 15 | Shkuro, Y. Mastering Distributed Tracing. Packt Publishing, 2019. | Comprehensive treatment of distributed tracing systems — provides context for AIGP’s trace_id/request_id correlation and multi-stage span emission. |
Policy Evaluation and Decision Caching
| # | Reference | Relevance to RFC |
|---|---|---|
| 16 | Open Policy Agent (OPA). “Policy Language (Rego).” CNCF, 2024. https://www.openpolicyagent.org/docs/latest/policy-language/ | Industry-standard policy evaluation engine — provides context for AIGP’s policy evaluation model where policies are declarative rules evaluated against request context. |
| 17 | XACML TC. “eXtensible Access Control Markup Language (XACML) Version 3.0.” OASIS Standard, 2013. | Defines the PDP/PEP architecture for access control — AIGP’s governance authority (PDP) and client library (PEP) separation follows established access control architecture patterns. |
AI Governance Frameworks and Regulation
| # | Reference | Relevance to RFC |
|---|---|---|
| 18 | NIST. “AI 100-1: Artificial Intelligence Risk Management Framework.” National Institute of Standards and Technology, 2023. | U.S. national framework for AI risk management — AIGP’s governance pipeline maps to NIST’s GOVERN/MAP/MEASURE/MANAGE functions. |
| 19 | EU Regulation 2024/1689. “Artificial Intelligence Act.” European Parliament, 2024. | EU AI regulation — AIGP’s governance modes and audit trail support obligations under Art. 9 (risk management), Art. 12 (record-keeping), Art. 13 (transparency), Art. 14 (human oversight). |
| 20 | California SB 53. “Safe and Secure Innovation for Frontier Artificial Intelligence Models Act.” California Legislature, 2025. | State-level AI safety regulation — AIGP’s audit trail integrity and incident reporting mechanisms address SB 53 §4(b) and §7(a) obligations. |
| 21 | California AB 853. “Artificial Intelligence Training Data Transparency Act.” California Legislature, 2025. | Content provenance regulation — AIGP’s RECORD message provenance fields and future C2PA integration address AB 853 disclosure obligations. |
| 22 | ISO/IEC 42001:2023. “Information Technology — Artificial Intelligence — Management System.” ISO, 2023. | International standard for AI management — provides compliance context for AIGP’s governance pipeline as an operational implementation of AIMS controls. |
Default-Deny and Zero Trust for AI
| # | Reference | Relevance to RFC |
|---|---|---|
| 23 | Cloud Security Alliance. “Agentic Trust Framework: Zero Trust for AI Agents.” 2025. https://cloudsecurityalliance.org/articles/the-agentic-trust-framework-zero-trust-governance-for-ai-agents | Applies established Zero Trust principles to AI agents — validates AIGP’s pre-invocation CHECK requirement where every invocation must be authorized before proceeding. |
| 24 | Rose, S. et al. “Zero Trust Architecture.” NIST Special Publication 800-207, 2020. | Defines Zero Trust as “never trust, always verify” — AIGP’s mandatory pre-invocation REQUEST check implements this principle at the AI governance layer. |
Decision Caching and Performance
| # | Reference | Relevance to RFC |
|---|---|---|
| 25 | Dean, J., Ghemawat, S. “MapReduce: Simplified Data Processing on Large Clusters.” OSDI, 2004. | Establishes the pattern of trading freshness for performance through caching — AIGP’s decision cache with configurable TTL follows this principle to reduce governance latency. |
| 26 | Ousterhout, J. “Always Measure One Level Deeper.” Communications of the ACM, 2018. | Argues for understanding performance characteristics at each system layer — validates AIGP’s stage-level TRACE for latency attribution across the governance pipeline. |
Last updated: June 2026