[wongarsu]

This feels like half the document is missing. What does this HTTPS metadata actually look like? What do the payloads look like? Section 3 states "Authorization, policy enforcement, and result verification are defined by AIIP" but this is the AIIP specification and doesn't define any of them. Authorization and policy enforcement are somehow supposed to be big selling points that are solved in some amazing way, but are not specified at all.

I don't get how this is better than an HTTP API (especially since payloads are just UTF8 json), and that's entirely down to the document not telling us anything of substance. I get it's "experimental", but there isn't much of an experiment being described here apart from a different message frame that allows us to leave out the http headers and add a signature (while apparently using the assumption that each ip only hosts one AIIP service)