Independent Submission L. Muscariello Internet-Draft M. Papalini Intended status: Informational M. Sardara Expires: 7 December 2025 Cisco 5 June 2025 Secure Interactive Low-Latency Interactive Messaging (SLIM) draft-agntcy-slim-latest Abstract This document specifies the Secure Low-Latency Interactive RealTime Messaging (SLIM), a protocol designed to support real-time interactive AI applications at scale. SLIM leverates gRPC and add publish-subscribe capabilities to enable efficient many-to-many communication patterns between AI agentic applications (AI models, tools and data). The protocol provides mechanisms for connection management, stream multiplexing, and flow control while maintaining compatibility with existing gRPC deployments. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://spec.slim.agntcy.org. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-agntcy-slim/. Discussion of this document takes place on the WG Working Group mailing list (mailto:discussion@agntcy.org). Source for this draft and an issue tracker can be found at https://github.com/agntcy/slim. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 7 December 2025. Copyright Notice Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Table of Contents 1. Conventions and Definitions 2. Introduction 2.1. Protocol Overview 2.2. Terminology 3. Architecture 3.1. Protocol Layers 3.2. Core Components and Termonilogy 3.2.1. Meassging Nodes 4. Security Considerations 4.1. MLS Integration 4.2. Authentication and Identity 4.3. Group Security 4.4. Operational Security 4.5. Privacy Considerations 4.6. Implementation Requirements 5. Normative References Authors' Addresses 1. Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 2. Introduction As AI systems become more sophisticated and interconnected, there is a growing need for protocols that can support real-time interactive applications at scale. 2.1. Protocol Overview SLIM is designed to work as messaging layer for applications running as workloads in a data center, but also running in a browser or mobile device while guaranteeing end-end security and low-latency communication. SLIM leverages HTTP/2 end to end as a thin waist of the communication stack and avoids the need to create message transcoding along the path. By leveraging message encryption via MLS, TLS connection termination along the path does not negatively affect confidentiality. Authentication and authorization are handled at the application level and can be managed in a decentralized or federated way or a mix of both. In SLIM there are three main communication elements: 1) intermediate nodes equipped with message queues, 2) message producers and 3) message consumers. A producer (also called a "publisher") is an endpoint that encapsulates content in SLIM messages for transport within the SLIM message network of nodes. A producer MUST belong to an MLS group to encrypt messages that can be decrypted by message consumers who are members of the same group, as specified by the MLS protocol. Once a SLIM message is encrypted, it can be published under a routable name, which is human-readable and hierarchical. This routable channel name is used by intermediate nodes to store and forward messages within the same channel, allowing consumers to retrieve messages using this name. A routable name is a name prefix that is stored in a forwarding table (FIB). This enables requests to reach the producer and fetch a response, if one exists. ` 2.2. Terminology 3. Architecture 3.1. Protocol Layers +-------------------+ | Application | +-------------------+ | SLIM Services | +-------------------+ | Pub/Sub | +-------------------+ | gRPC | +-------------------+ | HTTP/2 | +-------------------+ 3.2. Core Components and Termonilogy * Messaging Nodes: Handle routing and message distribution * Topics: Named channels for pub/sub communication * Streams: Bidirectional communication channels * Services: Application-specific RPC definitions 3.2.1. Meassging Nodes Nodes are essential components of the SLIM architecture. They handle routing and message distribution between agents and manage the communication infrastructure. Meassaging Nodes are composed of two main tables: the connection table and the subscription table. 3.2.1.1. Connection Table The connection table maintains interfaces with neighboring nodes and local applications. It is responsible for: * Establishing and managing connections with other Gateway Nodes * Maintaining active connections with local applications * Handling connection setup, teardown, and error recovery The connection table entries include: * Node ID: Unique identifier for the neighboring node or local application * Connection Status: Current status of the connection (e.g., active, inactive, error) * Connection Parameters: Details such as IP address, port, and security credentials 3.2.1.2. Subscription Table The subscription table is used to map topic subscriptions to neighboring nodes. It manages the distribution of messages based on topic subscriptions and ensures efficient routing of pub/sub messages. The subscription table entries include: * Topic: The name of the topic to which the subscription applies * Subscriber Node IDs: List of node IDs that have subscribed to the topic * Subscription Status: Current status of the subscription (e.g., active, inactive) The subscription table is responsible for: * Managing topic subscriptions from local applications and neighboring nodes * Routing messages to the appropriate subscribers based on topic subscriptions * Handling subscription updates, additions, and removals * Ensuring efficient and reliable message delivery By maintaining these tables, Meassaging Nodes facilitate seamless communication and message distribution in a SLIM network, enabling real-time interactive AI applications at scale. 4. Security Considerations SLIM relies on the Messaging Layer Security (MLS) protocol to provide end-to-end security for group communications between agents. 4.1. MLS Integration SLI uses MLS for the following security properties: * End-to-end encryption for all agent communications * Forward secrecy and post-compromise security * Group key management and membership changes * Scalable group messaging security 4.2. Authentication and Identity Each agent MUST: * Maintain cryptographic identities compatible with MLS * Use certified credentials for initial authentication * Validate peer credentials during connection establishment * Support credential revocation and rotation 4.3. Group Security MLS provides the following guarantees for agent groups: * Continuous group key updates * Secure member addition and removal * Protection against message forgery * Perfect forward secrecy for all messages 4.4. Operational Security Implementations MUST: * Maintain secure key storage * Support MLS epoch advancement * Implement proper credential management * Monitor for security events * Support secure group state recovery 4.5. Privacy Considerations SLIM with MLS provides: * Metadata protection * Group membership privacy * Participant anonymity options * Traffic analysis resistance 4.6. Implementation Requirements Implementations MUST NOT: * Use non-MLS encryption schemes * Support downgrades to less secure modes * Allow plaintext communication * Skip credential verification 5. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . Authors' Addresses Luca Muscariello Cisco Email: lumuscar@cisco.com Michele Papalini Cisco Email: micpapal@cisco.com Mauro Sardara Cisco Email: msardara@cisco.com