<?xml version="1.0" encoding="UTF-8"?>
<reference anchor="I-D.morrison-compute-location-gate" target="https://datatracker.ietf.org/doc/html/draft-morrison-compute-location-gate-00">
   <front>
      <title>The Compute-Location Gate: Provenance-Class Routing of Identity Inference with Wire-Layer Refusal of Unconsented Provenance Classes</title>
      <author initials="B." surname="Morrison" fullname="Blake Morrison">
         <organization>Alter Meridian Pty Ltd (~truealter)</organization>
      </author>
      <date month="May" day="21" year="2026" />
      <abstract>
	 <t>   This memo specifies the compute-location gate: a mechanism by which a
   client and an identity-inference server negotiate, at the wire layer
   and before any inference is performed, the location at which an
   identity inference will compute, as a deterministic function of the
   provenance class of the input signal.  Three provenance classes are
   distinguished.  Active inference, initiated by the inferred-about
   principal, MAY compute server-side and produce a server-held identity
   vector.  Passive aggregate observation over a cohort no smaller than
   a declared minimum MAY compute server-side but yields only a
   population-level observation that is not attributable to an
   individual.  Passive individual observation is local-only: it is
   computed and retained on the device that observed it and is never
   transmitted to a server.  The gate is enforced by consent-class
   matching and by a wire-layer refusal returned when a requested
   provenance class is not consented; it is not enforced by any
   cryptographic proof concerning data that was not used.  The memo is
   Informational.  The wire surface composes with the discovery
   mechanism of [MCPDNS], the handle namespace of [IDPRONOUNS], and the
   organisational policy substrate of [POLICYPROV]; no new transport is
   introduced.

	 </t>
      </abstract>
   </front>
   <seriesInfo name="Internet-Draft" value="draft-morrison-compute-location-gate-00" />
   
</reference>
