| Internet-Draft | JIS | January 2026 |
| van de Meent & AI | Expires 28 July 2026 | [Page] |
This document specifies JIS (JTel Identity Standard), a semantic security protocol providing identity management, trust establishment, and intent validation across multiple communication protocols. Unlike traditional security systems that react to attack patterns, JIS validates semantic intent before execution. JIS introduces FIR/A (First Initiation Revoke/Accept) for trust genesis, SNAFT for semantic firewall, BALANS for risk scoring, and Humotica for human-readable context. JIS integrates with TIBET for complete provenance tracking where audit is a precondition for behavior, not an observation of it.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 28 July 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Modern computing suffers from three fundamental challenges, made urgent by emerging regulations including [EU-AI-ACT] and [GDPR]:¶
JIS addresses these challenges through:¶
JIS is designed to be:¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].¶
HID is an X25519 key pair for human-device binding.¶
CRITICAL: HID MUST NEVER leave the device. Only the binding hash with DID is shared.¶
{
"hid": {
"public_key": "X25519_public",
"private_key": "X25519_private"
}
}
¶
The private_key field is shown for completeness but MUST NEVER be transmitted.¶
DID is an Ed25519 key pair for device authentication.¶
{
"did": {
"public_key": "Ed25519_public",
"private_key": "Ed25519_private"
}
}
¶
The public key is shared during FIR/A establishment. The private key MUST remain on the device.¶
FIR/A (First Initiation Revoke/Accept) is the trust genesis protocol - the digital handshake.¶
Phase 1 - INITIATE: The initiator sends a request:¶
{
"type": "fira_init",
"initiator": "did:jtel:alice",
"responder": "did:service:bank",
"intent": "fraud_verification_call",
"humotica": {
"sense": "Suspicious transaction detected",
"context": "5000 EUR transfer to unknown account",
"intent": "Verify with account holder",
"explanation": "Bank fraud detection triggered"
}
}
¶
Phase 2 - CAPABILITIES: The responder returns capabilities:¶
{
"type": "fira_capabilities",
"fir_a_id": "GENESIS-BANK-ALICE-2025-11-29",
"capabilities": ["voice_call", "sms_verification"],
"rules": {
"no_calls_after": "22:00",
"require_caller_id": true,
"max_attempts": 3
}
}
¶
Phase 3 - CONFIRM: The initiator accepts capabilities:¶
{
"type": "fira_confirm",
"fir_a_id": "GENESIS-BANK-ALICE-2025-11-29",
"accepted_capabilities": ["voice_call"],
"continuity_hash": "7f3a...c2e1"
}
¶
Phase 4 - EXECUTE: Both parties now have an established trust relationship. All subsequent actions are linked to this FIR/A.¶
+--------+ +--------+
| Client | | Server |
+---+----+ +---+----+
| |
| 1. FIR/A INITIATE |
| (DID + Intent + Humotica) |
|---------------------------------------->|
| |
| 2. FIR/A CAPABILITIES |
| (Rules + Available Actions) |
|<----------------------------------------|
| |
| 3. FIR/A CONFIRM |
| (Accepted + Genesis Hash) |
|---------------------------------------->|
| |
| [Trust Established] |
| |
SNAFT provides proactive security through semantic intent analysis.¶
Blocked Intents (no legitimate Humotica context possible):¶
Validation Rules:¶
Why Malware Fails: Malware cannot provide legitimate Humotica context. "Why are you running SQL injection?" has no valid answer.¶
BALANS provides risk scoring from 0.0 (blocked) to 1.0 (full trust).¶
Factors:¶
Thresholds:¶
Dialogue-based security resolution instead of blind blocking:¶
HICSS (HALT Immediate Critical System Stop) provides emergency halt for threshold violations.¶
Triggers: Physical safety risks, security breach detection, critical system threshold violation.¶
Action: Immediate system halt, no gradual degradation.¶
Humotica provides human-readable context for every transaction.¶
{
"humotica": {
"sense": "What triggered this intent?",
"context": "What is the current situation?",
"intent": "What does the user want to achieve?",
"explanation": "Why is this action being taken?"
}
}
¶
The Humotica context enables systems to understand human emotional state and respond appropriately. For example, detecting user frustration from repeated failed attempts and prioritizing resolution.¶
HMAC-linked token chain for tamper-proof audit trail:¶
Token_n = HMAC(user_key, Token_{n-1} || cost || humotica_hash)
Genesis -> Token_1 -> Token_2 -> Token_3 -> ...
¶
Tamper Detection: Attempting to inject a fake token breaks the HMAC chain and is immediately detectable.¶
Advantages over Blockchain:¶
JIS integrates with TIBET (Transaction/Interaction-Based Evidence Trail) for complete provenance tracking. See [I-D.vandemeent-tibet-provenance].¶
The JIS/TIBET coupling represents a fundamental architectural shift:¶
Traditional approach:¶
[Authentication] -> [Action] -> [Logging]
(who) (what) (why - reconstructed)
¶
JIS/TIBET approach:¶
[JIS Identity + TIBET Intent] -> [SNAFT] -> [Action+Audit]
(who + why) (check) (inseparable)
¶
In traditional systems, audit is an observation of behavior that already occurred. Logs can fail, be bypassed, or be deleted. Intent must be reconstructed after the fact - "compliance archaeology".¶
In JIS/TIBET systems, audit is a precondition for behavior. No action is architecturally possible without both identity AND intent declared upfront. The audit trail is not a side effect; it is the mechanism that enables the action.¶
The Three Laws:¶
Action(A) is valid if and only if there exists Token(T) where:¶
JIS works over multiple transport protocols:¶
| Protocol | Binding Method |
|---|---|
| HTTP/REST | X-JIS-* headers or Authorization |
| WebSocket | Payload fields in JSON messages |
| MQTT | Topic prefix + payload fields |
| SIP | Custom headers in INVITE/MESSAGE |
| Matrix | Event content fields |
| Email/SMTP | X-JIS-* headers |
| CoAP | Option fields |
| gRPC | Metadata fields |
| WebRTC | Signaling channel |
| Bluetooth | Characteristic values |
For interoperability, [RFC8259] encoding over HTTPS is RECOMMENDED as the baseline binding.¶
HTTP Headers:¶
HID (Human Identity) MUST NEVER be transmitted. Only DID and HID-DID binding hashes are shared. This ensures human identity remains private even if device is compromised.¶
SNAFT validates intent legitimacy BEFORE execution. Attackers must provide legitimate Humotica context - impossible for malicious actions.¶
The Continuity Chain uses HMAC linking. Any tampering breaks the chain and is immediately detectable.¶
Actions are time-bound through FIR/A session and continuity chain position. Replayed tokens fail validation.¶
This document requests registration of:¶
Media Type: application/jis+json¶
URI Scheme: did:jtel¶
Basic plus: SNAFT semantic firewall and BALANS risk scoring.¶
Secure plus: NIR dialogue resolution, HICSS emergency halt, full Humotica context, and TIBET integration.¶
JIS was developed as part of HumoticaOS, an AI governance framework built on human-AI symbiosis. The core insight - "Audit is not an observation of behavior, it is a precondition for behavior" - emerged from the JIS/TIBET coupling architecture [ZENODO-COUPLING]. The full JIS specification is available at [ZENODO-JIS].¶