| Internet-Draft | API Index | April 2026 |
| Rehfeld | Expires 31 October 2026 | [Page] |
This document, draft-rehfeld-bot-service-index-08, is superseded by three successor Internet-Drafts that together constitute the APIX specification suite:¶
draft-rehfeld-apix-core-00 — Core infrastructure, trust model, and Index API¶
draft-rehfeld-apix-services-00 — Web API and bot service registration profile¶
draft-rehfeld-apix-iot-00 — IoT device service registration profile¶
Readers are directed to those documents. This revision exists solely to document the supersession and to note two trust model updates that diverge from prior revisions.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 31 October 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
This document is superseded. The APIX specification originally developed
in the draft-rehfeld-bot-service-index series has been restructured
into three separate Internet-Drafts to improve implementor focus and
allow each profile to evolve independently.¶
The three successor documents are:¶
[APIX-CORE] (draft-rehfeld-apix-core-00)
Defines the core APIX infrastructure: the organisation and service
trust model (O-0–O-5 and S-0–S-4), the APIX Manifest (APM) base
fields, the Index API, the HATEOAS navigation model, the Spider
verification framework, and the operator governance and security
obligations.¶
[APIX-SERVICES] (draft-rehfeld-apix-services-00)
Defines the APM extension fields for web API and bot service
registration, notification channel types, GraphQL introspection
behaviour, capability taxonomy governance, accredited verifier
requirements, and the free registration tier.¶
[APIX-IOT] (draft-rehfeld-apix-iot-00)
Defines the APM extension fields for IoT device class and device
instance registration, the presence signalling protocol, the
fleet circuit breaker, the Law Enforcement Request (LER) interface,
and the agent delegation model.¶
All normative content from draft-rehfeld-bot-service-index-07 has
been transferred to those three documents. This revision adds no new
normative requirements.¶
Two changes to the trust model have been made in the successor drafts
that differ from draft-rehfeld-bot-service-index-07:¶
Organisation trust level O-3 was previously described as "Basic Compliance Verified". In the successor drafts, O-3 is designated "Hygiene Verified" to better reflect its character: automated checks (domain ownership confirmed, basic sanctions screening passed, service liveness verified) without human review or audit. This is a label change only; the verification requirements at O-3 are unchanged.¶
In draft-rehfeld-bot-service-index-07, reaching trust level O-5
(Audited) required prior attainment of O-4 (Accredited Verifier
Assessment). In the successor drafts, this prerequisite is removed.
An organisation may proceed directly from O-3 to O-5 by engaging an
Accredited Verifier and meeting the O-5 criteria, without first
completing a separate O-4 assessment. The substantive requirements
for O-5 are unchanged; only the path constraint is lifted.¶
This document is a supersession notice only. It introduces no protocol mechanisms, no new data formats, and no operational requirements. All security considerations applicable to the APIX specification are addressed in the successor documents: [APIX-CORE] Section 12, [APIX-SERVICES], and [APIX-IOT] Section 9.¶
This document has no IANA actions.¶