| Internet-Draft | AI-Session-ID Problem Statement | February 2026 |
| Serafini | Expires 28 August 2026 | [Page] |
This document describes a signaling-layer correlation gap in SIP-based real-time AI voice systems. Existing SIP identifiers provide dialog and communication-session scope, but they do not define a stable application-layer identifier capable of persisting across topology changes, multi-dialog call control operations, federated interconnects, or distributed processing environments.¶
The document analyzes current mechanisms and their limitations, and motivates the need for a standardized SIP-carried identifier whose semantics are restricted to application-layer correlation and out-of-band context retrieval.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 28 August 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
SIP defines transaction and dialog machinery for communication signaling ([RFC3261]). Dialog identity is established by Call-ID and local/remote tags. That identity is sufficient for SIP dialog processing, routing decisions, and in-dialog request handling.¶
A second identity class is communication session identity. Session-ID ([RFC7989]) provides end-to-end and endpoint-associated identifiers for communication sessions and troubleshooting use cases. Session-ID semantics are intentionally focused on communication sessions.¶
A third identity class is application-layer identity - defined in this document. In distributed AI voice systems, application components maintain conversation state, policy state, tool-execution state, and audit state that are not encoded in SIP dialog state. This logical flow can span multiple SIP dialogs and, in some deployments, multiple communication sessions or federations.¶
This document uses the term "AI-Session-ID" to denote an application-layer correlation identifier carried in SIP. AI-Session-ID is not defined as a SIP dialog identifier and is not defined as a communication session identifier. Its intended role is limited to stable correlation.¶
This section reviews existing SIP and related mechanisms and evaluates their scope relative to application-layer continuity requirements.¶
Call-ID and tags identify SIP dialogs ([RFC3261]). They solve dialog matching and in-dialog request association.¶
Dialog identifiers are dialog-local; transfers, B2BUA-created legs, dialog replacement, topology-hiding transformations, and re-originations can produce new dialogs with different identifiers.¶
Therefore, dialog identifiers do not by themselves provide stable correlation for one logical application workflow across multiple dialogs.¶
Session-ID ([RFC7989]) provides communication-session identifiers intended for cross-element troubleshooting and correlation of communication sessions.¶
Session-ID semantics are tied to communication sessions; application workflows may intentionally span multiple communication sessions while preserving one logical application interaction.¶
Therefore, Session-ID is necessary for communication-session diagnostics but does not fully define application-layer workflow continuity semantics.¶
UUI ([RFC7433]) transports user-to-user application information in SIP signaling. It solves structured transport of application data between participating endpoints.¶
UUI is payload-oriented and deployment behavior depends on intermediary and policy handling. It does not define a globally stable, workflow-scoped identifier with deterministic propagation requirements across all dialog derivation patterns.¶
Therefore, UUI can carry correlation data but does not by itself establish interoperable semantics for a persistent application workflow identifier.¶
Implementations often use proprietary headers, platform interaction identifiers, and database mappings. These approaches can be operationally effective within one implementation.¶
Semantics, security handling, and propagation behavior are deployment-specific. Interoperable behavior across vendors and domains is not guaranteed.¶
Distributed AI voice systems typically include SIP proxies, SBCs, B2BUAs, media services, AI orchestration services, and external tools. Processing is commonly distributed across regions and horizontally scaled nodes.¶
In these architectures, a single logical interaction can involve multiple SIP dialogs due to AI-to-AI transfer, AI-to-human-to-AI escalation, B2BUA leg creation, third-party call control, and callbacks. Stateless SIP processing patterns and retry behavior further require idempotent operations across asynchronous components.¶
Dialog-local state is insufficient because dialog identifiers can change when signaling topology changes. Communication session identity is insufficient because one flow may span multiple communication sessions.¶
A stable application-layer identifier transported in SIP enables deterministic out-of-band context retrieval through HTTP APIs, event systems, and distributed state stores. This allows any authorized component receiving signaling to re-associate events with the correct workflow state during normal processing, retry, or failover.¶
AI-Session-ID is differentiated as follows:¶
As result, standardized AI-Session-ID construct can provide deterministic context lookup semantics, improve distributed state resilience, support observability and governance workflows, enable multi-vendor interoperability, and reduce dependence on fragile mapping logic.¶
The following requirements are derived from the use cases and constraints described in this document. They define properties for a SIP-level construct intended to represent an application-layer AI-Session-ID identifier.¶
This document is a problem statement, it identifies protocol and architectural gaps and states requirements for further specification work.¶
This document makes no request of IANA.¶
AI-Session-ID is intended as a correlation identifier, not an authorization artifact. In single-domain or fully trusted environments, transporting only the identifier may be operationally sufficient. When signaling crosses administrative boundaries or traverses semi-trusted intermediaries, deployments often need a verifiable way to trust the asserted AI-Session-ID value.¶
SIP transport protections such as TLS or mutual TLS provide hop-by-hop confidentiality and integrity. However, hop-by-hop protection alone does not guarantee end-to-end integrity of an asserted AI-Session-ID value against in-path intermediaries that can legitimately terminate and re-originate SIP messages.¶
A deployment best practice is to carry AI-Session-ID together with an associated signed assertion when a trust boundary is crossed. This is an optional mechanism selected by policy and it is not required in all deployments.¶
To keep SIP signaling lightweight, deployments may prefer passing a signed assertion by reference; when by-reference retrieval is unavailable, an embedded assertion may be used as a fallback.¶
Possession of an AI-Session-ID value or an associated signed assertion does not by itself grant access to application context. Out-of-band context retrieval requires independent authentication and authorization.¶
Acknowledgements section.¶
Contributions section.¶