@techreport{sokolov-rats-aep-composition-02, number = {draft-sokolov-rats-aep-composition-02}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-sokolov-rats-aep-composition/02/}, author = {Anton Sokolov}, title = {{Composing Application-Layer Action Evidence with Remote Attestation Procedures}}, pagetotal = 8, year = 2026, month = jun, day = 28, abstract = {This document sketches a composition pattern in which an application- layer "action evidence package" (AEP) -- a signed, append-only record of an action taken by an automated (for example, AI-agent) system, the authority under which it was taken, and its outcome -- is treated as Evidence in the sense of the RATS Architecture (RFC 9334) and bound to platform Evidence produced by a hardware root of trust. The intent is that a single Verifier, or a composition of Verifiers, can appraise both the platform state and the application-layer action together, and emit an Attestation Result that a Relying Party can use to reason about \_what an automated system did\_ and \_on what platform it did so\_ without trusting the operator's self-report for either. This is an individual sketch intended to ask the working group whether the pattern is already covered by existing mechanisms or warrants a short document.}, }