| Internet-Draft | TIBET | January 2026 |
| van de Meent & AI | Expires 28 July 2026 | [Page] |
This document specifies TIBET (Transaction/Interaction-Based Evidence Trail), a protocol for establishing complete provenance chains in AI-to-AI and AI-to-human interactions. TIBET provides a standardized token structure capturing WHAT happened (ERIN), WHAT was attached (ERAAN), the CONTEXT around it (EROMHEEN), and WHY it happened (ERACHTER). This enables audit trails that meet emerging regulatory requirements for AI transparency.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 28 July 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
Modern AI systems increasingly make decisions that affect people, organizations, and critical infrastructure. Regulators worldwide are introducing requirements for AI transparency, accountability, and auditability, including the [EU-AI-ACT], [CA-AB853], and [GDPR]. Current approaches to logging and audit trails are fragmented and often inadequate for compliance.¶
TIBET addresses this gap by providing a standardized protocol for capturing complete provenance information for any AI interaction. Unlike traditional logging that captures only WHAT happened, TIBET captures four dimensions of provenance:¶
This four-dimensional approach enables organizations to answer not just "what happened?" but also "why did it happen?" and "what was the context?" - questions regulators ask.¶
The protocol is designed to be:¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].¶
TIBET operates as follows:¶
+--------+ +---------+ +--------+ +---------+
| Actor |--->| Create |--->| Sign |--->| Store |
+--------+ | Token | | Token | | Ledger |
+---------+ +--------+ +---------+
| |
v v
+---------+ +---------+
| Child | | Verify |
| Tokens | | Chain |
+---------+ +---------+
A TIBET token is encoded as [RFC8259] and MUST contain the following fields:¶
{
"token_id": "uuid",
"type": "action|decision|message|query|response",
"timestamp": "ISO-8601",
"actor": "actor-identifier",
"erin": { },
"eraan": [ ],
"eromheen": { },
"erachter": "string",
"parent_id": "optional-parent-token-id",
"state": "CREATED|DETECTED|CLASSIFIED|MITIGATED|RESOLVED",
"signature": "cryptographic-signature",
"hash": "sha256-hash"
}
ERIN ("What's IN it" - Dutch origin) captures the actual content or action being performed.¶
{
"erin": {
"query": "What is the weather in Tokyo?",
"format": "natural_language",
"language": "en"
}
}
¶
The ERIN component MUST be present and MUST NOT be empty.¶
ERAAN ("What's attached" - Dutch origin) captures dependencies, references, and related resources.¶
{
"eraan": [
"token:abc123",
"document:policy-v2.3",
"model:gpt-4-turbo"
]
}
¶
Format: "type:identifier". Common types: token, document, model, dataset, api, human.¶
The ERAAN component MAY be empty but MUST be an array.¶
EROMHEEN ("What's around it" - Dutch origin) captures environmental and situational context.¶
{
"eromheen": {
"environment": "production",
"region": "eu-west-1",
"regulatory_context": ["GDPR", "AI-Act"]
}
}
¶
SHOULD include: environment, timestamp context, and relevant regulatory frameworks.¶
ERACHTER ("What's behind it" - Dutch origin) captures intent, reasoning, and purpose. This is REQUIRED for regulatory compliance.¶
{
"erachter": "User requested weather for travel planning."
}
¶
MUST be a human-readable string explaining WHY this action was taken.¶
Tokens MUST be created at the initiation of any user query, AI decision, data access, external API call, or state change in a workflow.¶
Upon creation, the token MUST be assigned a unique token_id ([RFC9562] UUID v4 RECOMMENDED), current timestamp in ISO-8601 format, initial state of "CREATED", and cryptographic signature from the actor.¶
TIBET tokens support the following states:¶
CREATED -> DETECTED -> CLASSIFIED -> MITIGATED -> RESOLVED¶
Transitions MUST record: new state, timestamp, actor, and reason for transition.¶
Tokens form chains through parent_id. A child token MUST reference its parent to maintain audit trail continuity.¶
Query -> Processing -> API Call -> Result
| | | |
token_1 token_2 token_3 token_4
parent:1 parent:2 parent:3
Complete chains enable reconstruction of any interaction from initial request to final response.¶
TIBET integrates with FIR/A for trust scoring. Each actor has a trust score from 0.0 to 1.0.¶
Trust Levels:¶
Trust scores are behavior-based, not claim-based. Scores adjust based on behavior patterns, ERACHTER accuracy, chain integrity, and verification responses.¶
TIBET is transport-agnostic. Implementations MAY use HTTPS REST APIs, WebSocket, message queues (AMQP, Kafka), or gRPC.¶
For interoperability, [RFC8259] encoding over HTTPS is RECOMMENDED as baseline transport.¶
Content-Type: application/tibet+json¶
All tokens MUST be cryptographically signed. Signatures SHOULD use Ed25519 or ECDSA P-256. The signature covers all fields except the signature field itself.¶
Each token MUST include a hash of its contents. Child tokens SHOULD include parent's hash in ERAAN to enable chain verification.¶
ERIN and EROMHEEN MAY contain sensitive data. Implementations MUST support encryption at rest and SHOULD support field-level encryption for sensitive components.¶
Actor signature combined with immutable ledger storage provides non-repudiation. Actors cannot deny creating tokens they have signed.¶
This document requests registration of:¶
Media Type: application/tibet+json¶
{
"token_id": "550e8400-e29b-41d4-a716-446655440000",
"type": "query",
"timestamp": "2026-01-24T10:30:00Z",
"actor": "user_12345",
"erin": {
"query": "What are my account permissions?",
"format": "natural_language"
},
"eraan": ["session:sess_abc123"],
"eromheen": {
"environment": "production",
"client": "mobile-app-v3.2",
"regulatory_context": ["GDPR"]
},
"erachter": "User requesting account info.",
"state": "CREATED",
"signature": "base64-sig",
"hash": "sha256-hash"
}
¶
{
"token_id": "550e8400-e29b-41d4-a716-446655440001",
"type": "decision",
"timestamp": "2026-01-24T10:30:05Z",
"actor": "credit_model_v2",
"erin": {
"decision": "APPROVED",
"amount": 50000,
"confidence": 0.92
},
"eraan": [
"token:550e8400-e29b-41d4-a716-446655440000",
"model:credit-scoring-v2.3.1"
],
"eromheen": {
"environment": "production",
"region": "eu-west-1",
"regulatory_context": ["GDPR", "EU-AI-Act"]
},
"erachter": "Credit approved per policy 4.2.",
"parent_id": "550e8400-e29b-41d4-a716-446655440000",
"state": "CLASSIFIED",
"signature": "base64-sig",
"hash": "sha256-hash"
}
¶
The TIBET protocol was developed as part of HumoticaOS, an AI governance framework built on human-AI symbiosis.¶
The Dutch component names (ERIN, ERAAN, EROMHEEN, ERACHTER) reflect practical, no-nonsense engineering roots.¶