Abstract

Introduction

TODO: This section needs further development and refinement.

Design Goals

TODO: This section needs further development and refinement.

Architecture Overview

TODO: This section needs further development and refinement.

Conformance

As well as sections marked as non-normative, all authoring guidelines, diagrams, examples, and notes in this specification are non-normative. Everything else in this specification is normative.

The key words MAY and MUST in this document are to be interpreted as described in BCP 14 [[RFC2119]] [[RFC8174]] when, and only when, they appear in all capitals, as shown here.

Agent Identity

Overview

The Agent Identity module defines how agents identify, authenticate, and establish trust across different platforms, organizations, and deployment environments. It uses Decentralized Identifiers (DIDs) as the core identity primitive and standardizes a Web-based DID method, did:wba, for agent-oriented interoperability.

The did:wba method is extended from did:web. It keeps the operational advantages of Web infrastructure while adding constraints for DID Document processing, path-based cryptographic binding, service discovery, and cross-platform authentication. The default path profile binds an Ed25519 public key fingerprint into the DID path through the e1_ segment, strengthening the relationship between a DID and the private key controlled by the DID subject.

Cross-platform authentication is based on HTTP Message Signatures and Digest Fields. A client signs the request using a verification method in its DID Document, and a server verifies both the client identity and the request-body integrity without requiring a proprietary identity federation.

Design Principles

The design reuses mature Web infrastructure, including DNS, HTTPS, Web PKI, HTTP caching, and ordinary Web hosting, while preserving the decentralized identity model. Each platform may keep its own account and domain management system, but agents can still interoperate across platforms through resolvable DID Documents and standardized verification methods.

For path-type DIDs, the DID path carries a binding public key fingerprint. This makes the relationship between the DID and the subject-controlled key independently verifiable. Even when a platform hosts the DID Document, a verifier can still compare the document key material with the fingerprint embedded in the DID path and detect silent key substitution.

The DID string is treated as a verifiable cryptographic identifier rather than a stable human-readable name. When the binding key changes, the path-type DID changes as well. Stable user-facing references can be provided by an upper-layer Agent Name Service, similar to DNS, while the DID remains responsible for cryptographic verifiability.

The method also provides a compatibility path for native did:web. A native did:web identifier can participate in authentication, Handle-based name binding, service discovery, and end-to-end encryption as long as it satisfies the compatibility rules defined in this section.

did:wba DID Method Specification

Method name

The name string used to identify this DID method is wba. DIDs using this method must start with the following prefix: did:wba. According to the DID specification, this string must be lowercase. The remainder of the DID (after the prefix) is specified below.

Method-specific identifiers

The method-specific identifier is a fully qualified domain name (FQDN) protected by TLS and optionally contains the path to the DID document. The formal rules describing the syntax of valid domain names are described in RFC1035, RFC1123, and RFC2181.

The method-specific identifier must match the server certificate according to modern TLS service authentication rules. Domain name matching MUST be based on the DNS identifier (dNSName) in the certificate's subjectAltName extension; implementations MUST NOT rely on Common Name (CN) as the basis for service identity matching. Method-specific identifiers must not contain IP addresses. Port numbers can be included, but the colon between the host and port must be percent-encoded to prevent conflicts with paths. Directories and subdirectories can be optionally included, using colons instead of slashes as separators.

did:wba supports two forms:

  1. Naked domain name DID: used to identify the entire domain name subject, and can also be used for domain-level service identity, such as cross-domain service-to-service HTTP identity authentication;
  2. Path-type DID: used to identify specific users, agents or sub-identities under a domain name.

For newly created path-type did:wba, this specification defines "the last segment of the path carries the binding public key fingerprint" as the default scheme. The path segments before the fingerprint segment are defined by the implementer, such as user:alice, agents:billing, etc.

ABNF is defined as follows:

base64url-char = ALPHA / DIGIT / "-" / "_"
path-segment   = 1*(ALPHA / DIGIT / "-" / "_" / ".")
e1-fingerprint = "e1_" 43base64url-char

wba-root-did = "did:wba:" domain-name
wba-path-did = "did:wba:" domain-name 1*(":" path-segment) ":" e1-fingerprint
wba-did      = wba-root-did / wba-path-did

Description:

  1. The main specification default path profile only defines e1_.
How to use naked domain name DID

The usage of did:wba:{domain} is similar to did:web:{domain}. The main rules are as follows:

  1. The resolution method is consistent with the naked domain name entry of did:web: did:wba:example.com corresponds to https://example.com/.well-known/did.json
  2. Naked domain name DID is mainly used to express "the entire domain name subject" or "domain-level service identity", rather than a specific user or sub-identity;
  3. For domain-level service-to-service HTTP identity authentication, a service can use the naked domain name DID as its service identity, unless its application protocol defines a different binding;
  4. The naked domain name DID does not carry the e1_ path binding fingerprint, so the path binding verification rules of this specification for the e1_ path type DID do not apply;
  5. Its HTTP Message Signatures verification method is consistent with the similar usage of did:web: the verifier parses the DID, checks whether the verification method pointed to by keyid exists and is authorized by the authentication relationship, and then uses the corresponding public key to verify the request signature.

See the native did:web compatibility section for details on how native did:web identifiers can participate in the same authentication model.

Default path scheme: e1_ binds public key fingerprint

For newly created path type did:wba, the last path segment MUST be the e1_ binding public key fingerprint segment. e1_ indicates that the binding key is the Ed25519 public key, and the DID adopts the main specification default profile.

The recommended structure is as follows:

did:wba:{domain}:{namespace...}:{e1-fingerprint}

Example:

did:wba:example.com
did:wba:example.com:user:alice:e1_<fingerprint>
did:wba:example.com%3A3000:user:alice:e1_<fingerprint>

To be compatible with existing deployments, the parser MAY support the parsing of historical path-type DIDs without fingerprint segments; however, newly created path-type DIDs SHOULD adopt the default scheme defined in this specification.

e1_ fingerprint generation method (recommended)

The e1_ fingerprint is used to associate a path-type DID with the Ed25519 binding public key. The generation method is as follows:

  1. Select a DID binding key. The binding key MUST meet the following conditions:
    • is an Ed25519 public key;
    • Represented by Multikey / publicKeyMultibase in DID documents;
    • Authorized by the authentication relationship of the DID document.
  2. Convert the Ed25519 publicKeyMultibase to the equivalent public key JWK. The equivalent JWK retains only the necessary fields required by RFC 7638:
{
  "crv": "Ed25519",
  "kty": "OKP",
  "x": "..."
}

Specifically:

  • publicKeyMultibase must be Multibase base58-btc encoded Ed25519 Multikey;
  • After decoding, the original 32 bytes of the Ed25519 public key are obtained;
  • x is the base64url (without padding) representation of this 32-byte public key.
  1. Generate JWK Thumbprint input according to the rules of RFC 7638:
    • Only keep necessary fields;
    • Field names are sorted lexicographically;
    • Use JSON strings without extra whitespace;
    • Use UTF-8 encoding.
  2. Perform a SHA-256 hash on the UTF-8 byte sequence obtained in step 3 to obtain a 32-byte digest value.
  3. Base64url encode the 32-byte digest value and remove the trailing = padding. The encoding result length is fixed at 43 characters.
  4. Add the e1_ prefix in front of the encoding result to get the final path segment.

Notes:

  1. The e1_ prefix is not part of the hash output, but the profile prefix;
  2. It is recommended to use the thumbprint value without the e1_ prefix as the kid or fragment of the verification method to facilitate the intuitive correspondence between the DID path and the verification method identification;
  3. New deployments SHOULD preferentially use the e1_ profile.

Key material and document processing

Due to the way most web servers render content, it is likely that a particular did:wba document will be served with the media type application/json. If a document named did.json is retrieved, the following processing rules should be followed:

  1. If @context exists at the root of the JSON document, the document should be processed according to JSON-LD rules. If it cannot be processed, or the document processing fails, it should be rejected as a did:wba document.
  2. If @context exists at the root of the JSON document, the document is successfully processed through JSON-LD, and the context contains https://www.w3.org/ns/did/v1, it can be further processed into a DID Document according to Section 6.3.2 of the DID Core specification.
  3. If @context is not present, DID processing shall be performed according to the normal JSON rules specified in DID Core specification section 6.2.2.
  4. References to external resources, external DIDs, or serviceEndpoint MUST use absolute URIs.
  5. References to internal validation methods of the same DID Document MAY use relative DID URLs (such as #key-1); when the parser processes such references, it must expand based on the document root DID.

NOTE: This includes external URLs embedded in key material and other metadata, which prevents key obfuscation attacks.

DID Document Description

Apart from DID Core, most related specifications are still in the draft stage. This section shows a subset of DID Documents used for authentication. To improve interoperability between systems, all fields marked as required must be supported by all systems, while fields marked as optional may be supported selectively. Fields defined in other standards but not listed here may also be supported selectively.

The following e1 path-type DID document example includes core identity fields and optional illustrative service entries:

{
  "@context": [
    "https://www.w3.org/ns/did/v1",
    "https://w3id.org/security/data-integrity/v2",
    "https://w3id.org/security/multikey/v1",
    "https://w3id.org/security/suites/x25519-2019/v1"
  ],
  "id": "did:wba:example.com%3A8800:user:alice:e1_<fingerprint>",
  "verificationMethod": [
    {
      "id": "did:wba:example.com%3A8800:user:alice:e1_<fingerprint>#key-1",
      "type": "Multikey",
      "controller": "did:wba:example.com%3A8800:user:alice:e1_<fingerprint>",
      "publicKeyMultibase": "z6Mk..."
    },
    {
      "id": "did:wba:example.com%3A8800:user:alice:e1_<fingerprint>#key-x25519-1",
      "type": "X25519KeyAgreementKey2019",
      "controller": "did:wba:example.com%3A8800:user:alice:e1_<fingerprint>",
      "publicKeyMultibase": "z9hFgmPVfmBZwRvFEyniQDBkz9LmV7gDEqytWyGZLmDXE"
    }
  ],
  "authentication": [
    "did:wba:example.com%3A8800:user:alice:e1_<fingerprint>#key-1"
  ],
  "assertionMethod": [
    "did:wba:example.com%3A8800:user:alice:e1_<fingerprint>#key-1"
  ],
  "keyAgreement": [
    "did:wba:example.com%3A8800:user:alice:e1_<fingerprint>#key-x25519-1"
  ],
  "service": [
    {
      "id": "did:wba:example.com%3A8800:user:alice:e1_<fingerprint>#ad",
      "type": "AgentDescription",
      "serviceEndpoint": "https://example.com/agents/alice/ad.json"
    },
    {
      "id": "did:wba:example.com%3A8800:user:alice:e1_<fingerprint>#handle",
      "type": "ANPHandleService",
      "serviceEndpoint": "https://example.com/.well-known/handle/alice"
    },
    {
      "id": "did:wba:example.com%3A8800:user:alice:e1_<fingerprint>#anp",
      "type": "ANPMessageService",
      "serviceEndpoint": "https://example.com/anp",
      "serviceDid": "did:wba:example.com%3A8800"
    }
  ],
  "proof": {
    "type": "DataIntegrityProof",
    "cryptosuite": "eddsa-jcs-2022",
    "created": "2025-01-01T00:00:00Z",
    "verificationMethod": "did:wba:example.com%3A8800:user:alice:e1_<fingerprint>#key-1",
    "proofPurpose": "assertionMethod",
    "proofValue": "z..."
  }
}

The ANP-related service entries in this DID Document are illustrative examples only. ANP is an external protocol family and is distinct from this W3C Community Group protocol; their inclusion here does not require implementations of this specification to support ANP services.

Field explanation:

  • @context: required field, JSON-LD context defines the semantics and data model used in DID documents to ensure the understandability and interoperability of the document. https://www.w3.org/ns/did/v1 is required. For e1 documents using the standard Ed25519 proof, https://w3id.org/security/data-integrity/v2 and https://w3id.org/security/multikey/v1 are also required. Others are added as needed.
  • id: required field, cannot carry IP, but can carry port. When carrying port, the colon needs to be encoded as %3A. Use a colon later to split the path. For newly created path DIDs, the last path segment MUST be e1_<fingerprint>.
  • verificationMethod: A required field, containing an array of verification methods, which defines the public key information used to verify the DID subject. For scenarios that need to support end-to-end encryption (E2EE) communication, verificationMethod should contain both the signature key and the key agreement key to achieve key separation. The signing key is used for identity authentication and document assertion; the key agreement key (such as X25519KeyAgreementKey2019) is used for key negotiation of upper-layer protocols or receipt of confidential information. Both types of keys perform their own duties, and the leakage of a single key will not affect identity authentication and communication confidentiality at the same time.

For a path-type DID using the default path scheme, there MUST be at least one Ed25519 Multikey in verificationMethod as a binding key, and the RFC 7638 thumbprint of its equivalent public key JWK is exactly the same as the last e1_ fingerprint segment of the DID path.

Subfield:

  • id: The unique identifier of the verification method.
  • type: The type of verification method.
  • controller: Controls the DID of this verification method.
  • publicKeyJwk: Public key information, using JSON Web Key format.
  • publicKeyMultibase: Public key information, using Multibase format.
  • authentication: required field, lists the verification method used for authentication, can be a string or object. For path-type DIDs using the default path scheme, the binding key MUST be authorized by the authentication relationship. By default, cross-platform authentication should prefer signing with this binding key.
  • assertionMethod: Optional field listing the validation method used to express the assertion. For DIDs with the e1 profile and using the standard DID Document proof, the binding key or Ed25519 Multikey used to generate the proof MUST be authorized by assertionMethod.
  • keyAgreement: Optional field that defines the public key information used for key agreement and can be used for encrypted communication between two DIDs. The verification method generally uses key agreement algorithms such as X25519KeyAgreementKey2019 that can be used for key exchange. keyAgreement can be a string reference (pointing to an entry in verificationMethod) or an embedded object. For end-to-end encryption (E2EE) scenarios, this field is used to provide key negotiation material to the upper layer protocol. The upper layer protocol can be direct messaging end-to-end encryption Profile, group end-to-end encryption Profile or other security overlays defined in the future; this specification does not hardcode keyAgreement into a specific algorithm process. New deployments should typically contain X25519KeyAgreementKey2019 or the semantically equivalent X25519 entry. If there is no keyAgreement in the DID document or no negotiation entry available for the upper layer protocol, it means that the agent does not support the relevant E2EE capabilities.

Subfield:

  • id: Unique identifier of the key agreement method.
  • type: The type of key agreement method.
  • controller: The DID that controls the key negotiation method.
  • publicKeyMultibase: Public key information in Multibase format.
  • service: Optional field that defines the list of services associated with the DID subject.
    • id: The unique identifier of the service.
    • type: Service type. Examples of service types that may appear in DID Documents include:
      • AgentDescription: an agent description service. serviceEndpoint points to an agent description document, such as a document described by the Agent Description section of this specification.
      • ANPHandleService and ANPMessageService: examples of service types used by the external ANP ecosystem. They are shown here only to illustrate that a DID Document can reference services defined by other protocols. This specification does not define these ANP service types, their endpoint formats, or their processing requirements. Implementations that do not support ANP may ignore these service entries according to local policy.
    • serviceEndpoint: The endpoint URL of the service.
    • serviceDid: Optional field used by some service protocols to indicate which DID is used for service-level authentication. If a service protocol uses this field, its detailed semantics are defined by that service protocol, not by this specification.
  • proof: For the default e1_ profile, proof is a required field; for other profiles, whether this field appears is determined by the corresponding profile rules. proof is used to express the integrity proof of the DID Document, proving that the DID Document has not been tampered with after generating the proof, and indicating that the signer controlled the corresponding private key when the proof was created. Proof itself does not replace the DID method parsing process alone, nor does it alone replace the id consistency check.
  • For the default e1 profile, this version defines DataIntegrityProof + eddsa-jcs-2022 proof profiles based on W3C standards.

Note:

  1. Public key information currently supports two formats, publicKeyJwk and publicKeyMultibase. See verification method properties for details.
  2. For verification method type definition, see verification method types. For e1 binding keys, Multikey is recommended.
  3. For scenarios that need to support end-to-end encryption communication, it is recommended to adopt a key separation design: the signature/assertion key and the key agreement key are managed separately. Signing/assertion keys do not participate in key agreement, and key agreement keys do not participate in signing. The specific use of these materials is defined by the upper layer direct messaging E2EE, group E2EE and other Profiles.
  4. For newly created path-type DIDs using the default path scheme, the binding key MUST satisfy:
    • represented using Multikey / publicKeyMultibase;
    • authorized by the authentication relationship;
    • The RFC 7638 thumbprint of its equivalent public key JWK is exactly the same as the last e1_ fingerprint segment of the DID path.

DID Method Operations

Create (Register)

The did:wba method specification does not specify specific HTTP API operations, but leaves programmatic registration and management to each implementation to define according to the requirements of its Web environment.

Creating a DID requires the following steps:

  1. Apply to the domain name registrar to use the domain name;
  2. Store the location and IP address of the hosting service in the DNS query service;
  3. If you create a path-type DID, first generate the Ed25519 binding key and calculate the e1_ fingerprint segment according to Section 2.2.2;
  4. Create a DID document JSON-LD file, containing the appropriate key pair, and store the did.json file under the .well-known URL to represent the entire domain name, or under the specified path if multiple DIDs need to be resolved under the domain name.

For example, for the domain name example.com, did.json will be available under the following URL:

Example: Creating a DID
did:wba:example.com
 -> https://example.com/.well-known/did.json

The creation and hosting method of the naked domain name DID is consistent with the naked domain name entry of did:web: the domain name owner only needs to provide the corresponding DID document in /.well-known/did.json, and the DID can be used as the domain name subject identity or domain-level service identity.

If an optional path is specified instead of a naked domain name, and the default path scheme is used, did.json will be available under the path with the e1_ fingerprint segment:

Example: Creating a path-based DID with the default path scheme
did:wba:example.com:user:alice:e1_<fingerprint>
 -> https://example.com/user/alice/e1_<fingerprint>/did.json

If an optional port is specified on the domain name, the colon between the host and the port must be percent-encoded to prevent conflicts with the path.

Example: Creating a DID with an optional path and port
did:wba:example.com%3A3000:user:alice:e1_<fingerprint>
 -> https://example.com:3000/user/alice/e1_<fingerprint>/did.json
Reading and Parsing

The following steps must be performed to parse a DID Document from a did:wba DID:

  • Replace : with / in method-specific identifiers to obtain the fully qualified domain name and optional path.
  • Percent decode the colon if the domain name contains a port.
  • Generate HTTPS URLs by prepending https:// to the expected DID document location.
  • If no path is specified in the URL, /.well-known is appended.
  • Append /did.json to complete the URL.
  • Perform HTTP GET requests to the URL using a proxy capable of successfully negotiating a secure HTTPS connection that enforces the security requirements described in Section 2.6 Security and Privacy Considerations.
  • Verify that the id of the parsed DID Document matches the did:wba DID being parsed.
  • For the e1_ path type DID defined by the main specification, it must be verified according to the following strict binding relationship:
    • DID Document top-level proof must exist;
    • proof must pass DataIntegrityProof + eddsa-jcs-2022 verification;
    • The verification method pointed to by proof.verificationMethod MUST be Ed25519 Multikey (or a semantically equivalent Ed25519 verification method representation);
    • Calculate the RFC 7638 thumbprint with the Ed25519 public key corresponding to proof.verificationMethod, and the result must be completely consistent with the last e1_ fingerprint segment of the DID path.
  • When performing DNS resolution during an HTTP GET request, clients should use RFC8484 to prevent tracking of the identity being resolved.
  • For e1_ DID, the above proof verification is not affected by the local policy switch, but is a necessary condition for successful parsing.
  • For other profiles, if the local policy enables DID Document proof verification and the document contains proof, it should be verified according to the corresponding profile rules.

For naked domain name DIDs, the parsing and verification process follows the same basic pattern as did:web naked domain name DIDs: parse /.well-known/did.json, check id consistency, and verify the verification method in the authentication relationship according to DID Core / HTTP Message Signatures rules; e1_ path binding verification does not apply.

Update

To update the DID document, you need to update the did.json file corresponding to the DID.

For path type did:wba with the default path scheme, as long as the last bound key fingerprint of the DID path does not change, the DID itself will remain unchanged, but other contents of the DID document can change, for example, adding new verification keys, revoking old keys, or updating service endpoints.

If the binding key changes, the path DID MUST be changed to the new DID. At this time, a new DID document should be created, and an upper-layer Agent Name Service, similar to DNS, can be responsible for stable references and migration.

Note:

  1. Use a version control system such as git and a continuous integration system such as GitHub Actions to manage updates to DID documents, which can provide support for authentication and audit history.
  2. The HTTP API update process does not specify a specific HTTP API, but leaves programmatic registration and management to each implementer to define according to their needs.
Deactivation

To delete a DID document, the did.json file must be removed or otherwise no longer publicly available.

For path type did:wba using the default path scheme, if the binding key is permanently discarded, the rotation can also be completed by deactivating the old DID and creating a new DID; the stable reference relationship is maintained by an upper-layer Agent Name Service.

DID Document Proof

Whether the top-level proof field appears in a did:wba DID Document depends on the profile in use. For the default e1_ profile, proof is a required field; for other profiles, the DID Document MAY contain a top-level proof field to provide proof of document integrity. This field is used to prove that the DID Document has not been tampered with after the proof was generated and indicates that the signer controlled the corresponding private key when the proof was created. Proof itself does not replace DID method parsing, nor does it replace the id consistency check on its own.

For the default e1_ profile, the proof profile defined by the master specification MUST conform to:

  • Verifiable Credential Data Integrity 1.0
  • Data Integrity EdDSA Cryptosuites v1.0

The proof object contains the following fields:

  • type: required field. Fixed to DataIntegrityProof
  • cryptosuite: required field. Fixed to eddsa-jcs-2022
  • created: required field. Proof creation time, in XML Schema datetime format
  • verificationMethod: required field. Full DID URL pointing to Ed25519 Multikey in the DID Document used to generate the proof
  • proofPurpose: required field. Fixed to assertionMethod
  • proofValue: required field. Use base58-btc multibase (z...) encoding
  • domain: optional field
  • challenge: optional field

Additional constraints:

  1. proof.verificationMethod MUST use e1_ to bind the key to unify DID path binding, public key binding and document integrity certification;
  2. The parser MUST recalculate the RFC 7638 thumbprint with the Ed25519 public key corresponding to proof.verificationMethod and verify that it is completely consistent with the last e1_ fingerprint segment of the DID path;
  3. The generation and verification of proof MUST follow the standard algorithm process of eddsa-jcs-2022, and the algorithm details will no longer be rewritten by this specification.

When parsing an e1_ did:wba DID Document, proof verification is not an optional enhanced check, but part of the path-binding semantics. If proof is missing, proof verification fails, or proof.verificationMethod is inconsistent with the e1_ binding fingerprint, parsing MUST fail.

For e1_ DIDs, there is no relaxed mode of "DID Document does not contain proof and can still be parsed".

For non-e1_ profiles, implementations MAY choose one of the following two modes according to the corresponding profile rules or local policy:

  1. Relaxed mode: If the DID Document does not contain proof, parsing can still continue;
  2. Strict mode: If the local policy requires proof, the lack of proof in the DID Document MUST be regarded as a verification failure.

Normative Note:

For DIDs using the e1_ profile, this specification requires that the top-level proof of the DID Document use the W3C standard Data Integrity proof mechanism. Its proof data model, proof configuration, document transformation, hashing, proof serialization and verification rules follow Verifiable Credential Data Integrity 1.0 and Data Integrity EdDSA Cryptosuites v1.0 respectively. This specification only restricts the use location, field requirements and verification relationship of proof in the did:wba scenario, and does not repeatedly define the underlying cryptographic algorithm; if a conflict occurs, the upstream W3C specification shall prevail.

Security and Privacy Considerations

For security and privacy considerations, please refer to did:web method specification section 2.6. Implementers should also pay additional attention to DID rotation caused by binding key changes under the default path scheme, and Agent Name Service synchronization issues.

Cross-Platform Identity Authentication over HTTP

When a client initiates a request to a server on a different platform, the client can use the domain name combined with TLS to authenticate the server, and the server verifies the client's identity based on the verification method in the client's DID document.

When the client makes the first HTTP request, it uses the Signature-Input and Signature headers defined by RFC 9421 for signature; if the request carries a message body, it uses the Content-Digest header defined by RFC 9530 to bind the integrity of the message body. After the first verification is passed, the server can return the access token, and the client will carry the access token in subsequent requests. The server does not need to verify the client's identity every time, but only needs to verify the access token.

sequenceDiagram
    participant Agent A Client
    participant Agent B Server
    participant Agent A DID Server

    Note over Agent A Client,Agent B Server: First Request
    Agent A Client->>Agent B Server: HTTP Request: Signature-Input, Signature, Content-Digest
    Agent B Server->>Agent A DID Server: Get DID Document
    Agent A DID Server->>Agent B Server: DID Document

    Note over Agent B Server: Authentication

    Agent B Server->>Agent A Client: HTTP Response: Authentication-Info(access token)

    Note over Agent A Client, Agent B Server: Subsequent Requests
    Agent A Client->>Agent B Server: HTTP Request: Authorization(access token)
    Agent B Server->>Agent A Client: HTTP Response
Cross-platform Identity Authentication Flow (did:wba over HTTP)

Initial request

When the current client initiates an HTTP request to the server for the first time, it needs to perform identity authentication according to the following method.

Request header format

Clients MUST send authentication information using the Signature-Input and Signature header fields defined in RFC 9421. When a request includes a message body, the client MUST also send the Content-Digest header field defined in RFC 9530.

The minimum signature coverage set is as follows:

  • @method
  • @target-uri
  • content-digest (when the request contains a message body)

Recommended additional components for coverage are as follows:

  • @authority
  • content-type
  • content-length

The key parameter requirements in Signature-Input are as follows:

  • keyid: MUST be a complete DID URL, pointing to a verification method in the DID document, for example: did:wba:example.com:user:alice:e1_<fingerprint>#key-1
  • created: MUST, indicating the signature creation time
  • expires: SHOULD, indicating the signature expiration time
  • nonce: MAY be carried; if nonce is given in the server challenge, the client MUST use that nonce
  • alg: Non-required field. This specification does not mandate the use of the alg parameter, the verifier can determine the algorithm based on the DID verification method type pointed to by keyid

By default, the client SHOULD sign using the binding key corresponding to the last e1_ fingerprint segment of the DID path. If the server allows other authentication verification methods, it belongs to the local authorization policy and does not change the binding semantics of DID.

Client request example:

POST /orders HTTP/1.1
Host: api.example.com
Content-Type: application/json
Content-Digest: sha-256=:BASE64_SHA256_DIGEST:
Signature-Input: sig1=("@method" "@target-uri" "@authority" "content-digest");created=1733402096;expires=1733402156;nonce="abc123";keyid="did:wba:example.com:user:alice:e1_<fingerprint>#key-1"
Signature: sig1=:BASE64_SIGNATURE:
Signature generation process
  1. If the HTTP request contains a message body, the client first calculates the Content-Digest value of the message body according to RFC 9530.
  2. Select the verification method to use for the signature. By default, binding keys for path-type DIDs should be used in preference.
    • If the DID uses the Ed25519 binding key represented by Multikey (corresponding to the e1_ profile), it should be signed using the Ed25519 algorithm;
    • Other algorithms are defined by corresponding verification method types.
  3. Construct Signature-Input, covering at least @method and @target-uri; if a message body exists, content-digest must also be covered.
  4. Generate a signature base string (signature base) according to the rules defined in RFC 9421.
  5. Use the client private key to sign the signature base, obtain the signature byte string, and write it into the Signature header field.
  6. Send Signature-Input, Signature, and (if applicable) Content-Digest to the server.

Server-side verification

Verification request header

After receiving the client request, the server performs the following verification:

  1. Verify request format: Check whether Signature-Input and Signature exist; when the request contains a message body, check whether Content-Digest exists.
  2. Verify message body integrity: When the request contains a message body, verify whether Content-Digest is consistent with the actual message body according to RFC 9530.
  3. Extract keyid and parse DID: Extract keyid from Signature-Input to obtain the corresponding DID and verification method.
  4. Read DID document: Parse the DID document based on DID.
  5. Verify DID binding relationship:
    • Verify that the verification method pointed to by keyid exists;
    • Verify that the verification method is authorized by the authentication relationship of the DID document;
    • For e1_ DID, the DID binding relationship must be verified based on the Ed25519 public key corresponding to proof.verificationMethod instead of randomly selecting an Ed25519 key in authentication:
      • proof must exist and pass eddsa-jcs-2022 verification;
      • Recalculate the RFC 7638 thumbprint using this public key, and the result MUST be exactly the same as the last e1_ fingerprint segment of the DID path.
  6. Verify signature coverage: Rebuild the signature base based on Signature-Input, and verify that the HTTP components covered by the signature are consistent with the actual request.
  7. Verification time window: Check whether created / expires is within a reasonable time range. The recommended time window is 1 minute to 5 minutes, which is configurable by the implementer.
  8. Verification Replay Protection:
    • For direct connection proof profile, the server should establish a short-term replay cache for (keyid, nonce) or equivalent keys;
    • For challenge profile, if nonce comes from a server challenge, then nonce MUST be used one at a time.
  9. Verify DID permission: After successful authentication, independently verify whether the DID in the request has the permission to access server resources. If there is no permission, 403 Forbidden is returned.
  10. Verification result: If the signature verification is successful, the request passes the authentication; otherwise, 401 Unauthorized is returned with challenge information attached.
Signature verification process
  1. Parse the signature tag, coverage component, created, expires, nonce, keyid and other parameters from Signature-Input, and extract the corresponding signature value from Signature.
  2. According to RFC 9421 rules, the signature base is reconstructed based on the actual HTTP request.
  3. Obtain the corresponding verification method and public key from the DID document according to keyid.
  4. Select the verification algorithm based on the verification method type:
    • For the Ed25519 verification method represented by Multikey, verify according to the 64-byte signature format of Ed25519;
    • Other algorithms are defined according to the corresponding verification method type.
  5. Use the obtained public key to verify the signature to ensure that the signature is generated by the corresponding private key.
  6. If the request contains a message body, the Content-Digest verification results should also be included in the overall certification conclusion.
Successful authentication returns access_token

After the server-side verification is successful, the access token can be returned in the response. The access token is recommended to use JWT (JSON Web Token) format. The client's subsequent requests carry the access token. The server does not need to verify the client's DID identity every time, but only needs to verify the access token. The following generation process is not required by the specification and is for reference only. Implementers can define and implement it as needed.

JWT generation method reference RFC7519.

  1. Generate Access Token

Assuming that the server uses JWT (JSON Web Token) as the Access Token format, JWT usually contains the following fields:

  • header: Specify signature algorithm
  • payload: stores user related information
  • signature: Sign header and payload to ensure their integrity

The payload can contain the following fields (other fields are added as needed):

{
  "sub": "did:wba:example.com:user:alice:e1_<fingerprint>",
  "iat": "2024-12-05T12:34:56Z",
  "exp": "2024-12-06T12:34:56Z",
  "scope": "orders.read orders.write"
}
  1. Return Access Token

The server MUST return the access token via the Authentication-Info response header, not the Authorization response header.

Example:

Authentication-Info: access_token="eyJhbGciOi...", token_type="Bearer", expires_in=3600, scope="orders.read orders.write"
  1. Suggestions on sender-constrained token

In order to reduce the risk of the token being directly reused after being leaked, it is recommended to use sender-constrained access token to bind the token to the key held by the client.

This version of the specification retains this extension capability, but does not yet fully define the specific profile of sender-constrained token. Implementers can reserve the following capabilities for future expansion:

  • Add a statement bound to the client's public key in the token (such as cnf or equivalent field);
  • Require the client to continue to provide proof bound to the token in subsequent requests;
  • Differentiate different token profiles through the token_type field.

Before the sender-constrained profile is unified, for the sake of compatibility, you can use Bearer as the default token_type.

  1. Client sends Access Token

The client usually sends the Access Token via the Authorization header field in subsequent requests:

Authorization: Bearer <access_token>

If the token_type returned by the server is not Bearer, the client MUST send the token according to the corresponding extension specification.

  1. Server-side verification Access Token

After receiving the client's request, the server extracts the Access Token from the Authorization header and performs verification, including verifying the signature, verifying the expiration time, verifying the fields in the payload, etc. The verification method refers to RFC7519.

Error handling

3.2.4.1 401 response

When the server fails to verify the signature, Content-Digest fails to verify, the signature expires, there is a risk of replay, or the server requires the client to re-sign according to the challenge information, it can return a 401 Unauthorized response.

If the server requires that the client must use the nonce issued by the server for signature, it can return 401 when the client makes the first request and append the challenge information to the response. This adds an interaction that implementers can choose to use or not if needed.

Error information is returned through the WWW-Authenticate header field, and the server can also indicate the components it expects to cover in the next request through Accept-Signature. Examples are as follows:

WWW-Authenticate: DIDWba realm="api.example.com", error="invalid_signature", error_description="Signature verification failed.", nonce="xyz987"
Accept-Signature: sig1=("@method" "@target-uri" "@authority" "content-digest");created;expires;nonce;keyid
Cache-Control: no-store

Contains the following fields:

  • realm: optional field, indicating the domain to which the protected resource belongs
  • error: required field, error type, containing the following string values:
    • invalid_request: The request is malformed, missing required fields, or contains unsupported parameters
    • invalid_nonce: Nonce is used, is invalid, or does not match the server challenge
    • invalid_timestamp: timestamp out of range
    • invalid_did: The DID format is wrong, or the corresponding DID document cannot be found based on the DID.
    • invalid_signature: Signature verification failed
    • invalid_verification_method: Unable to find the corresponding public key based on keyid
    • invalid_content_digest: Content-Digest does not match the message body
    • invalid_access_token: access token verification failed
    • forbidden_did: DID does not have permission to access server resources
  • error_description: optional field, error description
  • nonce: Optional field, a random string generated by the server. If carried, the client needs to use the nonce to regenerate the signature and reinitiate the request

After the client receives the 401 response, if the response carries nonce, it needs to use the server's nonce to regenerate the signature and reinitiate the request. If the response does not carry nonce, the client can regenerate the local nonce and try again.

It should be noted that the client and server need to limit the number of retries in their respective implementations to prevent an infinite loop.

3.2.4.2 403 response

When server-side authentication is successful, but the DID does not have the permission to access server-side resources, a 403 Forbidden response can be returned.

Privacy Protection

Privacy protection is very important in a decentralized network. For example, illegal software may record and track the user's behavior through the user's DID, causing the leakage of user privacy.

In this regard, we suggest that DID providers can adopt a multi-DID strategy, that is, generate multiple DIDs for one user, each DID has different roles and permissions, and uses different key pairs to achieve privacy protection and fine-grained permission control.

For example, a master DID is generated for the user. This DID generally does not change and is used in scenarios such as maintaining social relationships. Then a series of sub-DIDs are generated for the user, which can be used for shopping, ordering takeout, booking tickets and other scenarios. These sub-DIDs are subordinate to the main DID, and expired DIDs can be periodically deactivated and new DIDs applied to improve privacy and security protection.

For scenarios that require stable external references but also want the underlying DID to be rotated, it is recommended to use an upper-layer Agent Name Service, similar to DNS: the stable agent name remains human-readable, and the underlying did:wba can rotate as the binding key changes.

Security Tips

Implementers need to consider the following security issues when implementing:

  1. Key Management
    • The private key corresponding to DID must be kept properly and must not be leaked. In addition, a mechanism for regularly refreshing the private key should be established.
    • For path-based DIDs with the default path scheme, the binding key is best kept using hardware isolation, HSM, or the system enclave.
    • By default, cross-platform authentication should prefer signing with a bound key.
    • New deployments SHOULD prefer the e1_ profile.
    • Users should generate multiple DIDs, each with different roles and permissions, and use different key pairs to achieve fine-grained permission control.
    • When the binding key changes, the path-type DID will change with it, so upper-level Agent Name Service mappings should be updated synchronously.
  2. Anti-attack measures
    • The server must implement replay protection. For direct connection proof profile, a short-term replay cache should be established for (keyid, nonce), (keyid, jti) or equivalent keys; for challenge profile, nonce issued by the server must be used one at a time.
    • The server must determine the created / expires time window in the request to prevent time rollback attacks. Generally speaking, the cache time of the server's replay cache should be longer than the signature expiration time.
    • When generating nonce, you must use a secure random number generator provided by the operating system, complying with modern cryptographic security specifications and standards. For example, you can use a module like Python's secrets to generate secure random numbers.
    • When the request contains a message body, the server must verify Content-Digest to prevent the message body from being tampered with.
    • Successful authentication does not equal successful authorization. The server must handle authorization judgment and identity authentication separately.
    • For e1_ DID, the parser MUST verify DataIntegrityProof; for other profiles, if the implementation enables DID Document proof verification, it SHOULD verify proof according to the corresponding profile rules.
  3. Transmission Security
    • When obtaining DID documents, the server should use the DNS-over-HTTPS (DoH) protocol to improve security.
    • The transmission protocol must use HTTPS, and the client must strictly determine whether the other party's CA certificate is trustworthy.
    • When performing TLS service identity verification, the client must match according to dNSName in subjectAltName and should not rely on Common Name.
    • Unconditional following of untrusted cross-origin redirects should be avoided during DID resolution.
  4. Token Security
    • The client and server must properly keep the Access Token, and must set a reasonable expiration time.
    • Sender-constrained access tokens SHOULD be preferred. This specification has reserved expansion capabilities, but the specific profile has not yet been fully defined.
    • IP address, User-Agent and other information can only be used as auxiliary risk signals and should not be used as the only binding mechanism for Access Token.
    • The access token SHOULD only be returned on HTTPS connections and sent via the Authentication-Info response header.

Native did:web Compatibility

Objectives and Scope

This appendix defines the did:wba network compatibility mode for native did:web.

The goal of the compatibility mode is to enable the native did:web to still access the capabilities defined in this specification without requiring the other party to migrate the DID to did:wba, including but not limited to:

  • Cross-platform identity authentication (the cross-platform authentication sections)
  • Handle-based name binding
  • end-to-end encryption Communication (E2EE)
  • Service discovery through DID service entries, such as AgentDescription or externally defined service types

In compatibility mode, did:web continues to be created, parsed, and updated according to the did:web method specification; this appendix only defines how the did:wba network accepts and verifies native did:web.

Parsing and Verification Rules

When an implementation receives a native did:web, it MUST perform parsing according to the did:web method specification and complete at least the following checks:

  1. Parse DID Document according to did:web rules;
  2. Check whether the id of the DID Document is completely consistent with the requested did:web;
  3. Check according to DID Core rules whether the relevant verification method exists and is in the correct verification relationship.

In compatibility mode, implementations MUST NOT enforce the following did:wba-specific checks on native did:web:

  • did:wba-specific path binding public key fingerprint check;
  • Path binding profile semantic check in did:wba main specification;
  • did:wba's unique path-type DID rotation semantic check;
  • Use did:wba-specific proof rules as a prerequisite for successful did:web parsing.

If the native did:web DID Document itself carries a standard proof (such as Data Integrity proof), the implementation MAY perform verification according to the proof's declaration profile and local policy; however, the success of did:web parsing itself is not predicated on the proof rules of did:wba.

Cross-Platform Authentication Compatibility

Native did:web is compatible with the cross-platform identity authentication process defined in the cross-platform authentication sections of this specification.

When the client uses did:web to participate in cross-platform authentication:

  1. keyid still MUST be a complete DID URL;
  2. The server must still parse the DID Document;
  3. The server must still verify that the verification method pointed to by keyid exists;
  4. The server MUST verify that the verification method is located in the authentication relationship of the DID Document;
  5. The subsequent HTTP Message Signatures / Content-Digest verification logic is the same as did:wba.

In compatibility mode, the identity binding semantics of did:web comes from the parsing result of did:web itself, rather than the path binding public key fingerprint of did:wba.

Service Entry Compatibility

Native did:web DID Documents MAY include service entries for agent description, name binding, messaging, or other application-level functions. This specification only defines how the DID and its verification methods are parsed and verified; it does not require support for every service type that may appear in the service array.

For example, an implementation might encounter the following service types:

  • AgentDescription: a service entry that points to an agent description document.
  • ANPHandleService or ANPMessageService: examples of service types used by the external ANP ecosystem.

The ANP service types above are illustrative examples only. ANP and this W3C Community Group protocol are distinct. This document does not define ANP endpoint formats, message flows, role models, capability negotiation, or the detailed semantics of fields such as serviceDid. Implementations MAY ignore unsupported service types, preserve them as metadata, or process them only when they explicitly implement the corresponding external protocol.

End-to-End Encryption Compatibility

Native did:web is compatible with end-to-end encryption when its DID Document contains suitable keyAgreement entries and the application-layer protocol defines how to use them.

For example:

  • X25519KeyAgreementKey2019
  • or other key agreement types explicitly supported by the upper-layer protocol

In compatibility mode, the prerequisites for E2EE capabilities are:

  1. DID Document can be parsed successfully;
  2. The required keyAgreement verification method exists;
  3. The upper layer protocol supports corresponding algorithms, public key representation methods, and message protection procedures.

Implementation Recommendations

Implementers SHOULD distinguish between two parsing modes:

  1. did:wba mode
    • Enforce full path binding, public key fingerprinting, and proof rules as per this specification.
  2. did:web compatibility mode
    • Parse according to the did:web specification;
    • Do not enforce did:wba-specific path binding, public key fingerprint, or proof rules on native did:web identifiers;
    • When service entries exist, select only service types supported by the implementation or required by the application protocol;
    • Unsupported external service types, including ANP-specific service examples, MAY be ignored or preserved as metadata according to local policy.

Application implementations SHOULD NOT deny participation in cross-domain authentication or end-to-end encryption solely because a native did:web DID Document does not contain did:wba-specific path bindings or proofs.

At the same time, if new deployments want stronger "path binding public key verifiability" and a unified standard proof experience, they should still (SHOULD) give priority to the e1_ profile of the did:wba main specification.

Agent Description

The core objective of the Agent Description module is to establish standardized agent description mechanisms, enabling agents to clearly publish their basic information, service capabilities, and interaction interfaces to other agents in the network, thereby achieving efficient capability discovery and collaboration matching:

Therefore, agent description protocols must possess good extensibility and semantic clarity, ensuring that different agents can accurately understand each other's capability boundaries.

The following example demonstrates an agent description document:

EXAMPLE

{
  "@context": {
    "@vocab": "https://schema.org/",
    "ad": "https://example.com/ad#"
  },
  "@type": "ad:AgentDescription",
  "name": "SmartAssistant",
  "did": "did:wba:agent.example.com:alice",
  "description": "An intelligent agent providing natural language processing capabilities",
  "version": "1.0.0",
  "interfaces": [
    {
      "@type": "ad:NaturalLanguageInterface",
      "protocol": "YAML",
      "url": "https://agent.example.com/alice/nl-interface.yaml"
    }
  ]
}

1. Core Concepts

This specification defines two core concepts for agent description: Information and Interface. These concepts provide a standardized framework for agents to publish information externally, ensuring that agents can effectively discover, understand, and interact with each other.

1.1 Information

Information represents data resources that an agent provides to external entities. These resources can be structured or unstructured data used to describe the agent's capabilities, status, products, or services.

Information resources include but are not limited to the following types:

Information has the following key characteristics:

1.2 Interface

Interface defines standardized entry points for agents to engage in dynamic interactions with external entities. Interfaces provide callable representations of agent functionality, allowing other agents or systems to interact with them programmatically.

Interfaces are divided into the following two main categories:

1.2.1 Natural Language Interface

Natural language interfaces provide agents with human language-based interaction capabilities. These interfaces allow the use of natural language queries and commands to access agent functionality.

Characteristics of natural language interfaces include:

1.2.2 Structured Interface

Structured interfaces provide programmatic interaction methods based on predefined protocols and data formats. These interfaces follow standardized API design principles, ensuring predictability and efficiency.

Characteristics of structured interfaces include:

1.3 Interface Selection and Priority

Agents implementing the protocol should follow the following priority and selection strategies when choosing interaction interfaces:

  1. Structured interface priority principle: When there are structured interfaces that meet functional requirements, they should be prioritized for interaction to achieve optimal performance and reliability
  2. Functional completeness assessment: Before selecting an interface, it is necessary to evaluate whether the target interface can fully meet the functional requirements of the current task
  3. Fallback mechanism: When structured interfaces cannot meet complex or non-standardized requirements, fallback to natural language interfaces is acceptable
  4. Context-aware selection: Interface selection should consider task complexity, real-time requirements, and the degree of personalization needed

2. Interaction Model

The protocol adopts a linked data-based interaction model that allows agents to organize their Information and Interfaces into a navigable data network through Uniform Resource Locators (URLs). This approach is similar to the hyperlink structure of the World Wide Web, enabling agents to construct their public data into a data network, where all data networks can be connected into an AI-accessible data network.

2.1 Networked Data Organization

The core principle of the interaction model is based on the following architectural design:

2.1.1 URL Link Network

Agents must use URLs as a unified addressing mechanism to organize their Information and Interface resources. Each URL points to a specific resource or interface definition, forming a traversable link graph. This design ensures:

2.1.2 Entry Point Mechanism

It is recommended that each agent provide a primary entry point, typically manifested as an Agent Description Document. This document functions similarly to a website's homepage and contains:

2.2 Interaction Process

The interaction process between agents is similar to how web crawlers work, starting from an entry point and proceeding with recursive navigation. The client agent first obtains the target agent's description document URL, retrieves the document through an HTTP request, and then parses the Information resource links and Interface definition links contained within. Based on task requirements, the client agent selectively accesses relevant URL links. If the retrieved resources contain further links, it continues recursive retrieval until sufficient information needed to complete the task is collected.

While gathering information, the client agent integrates this data in its local environment, formulates execution strategies, and selects appropriate Interfaces for invocation. The entire process emphasizes local decision processing, with sensitive information not passed to third parties but analyzed and processed locally at the client. Finally, the client agent executes specific operations through discovered Interfaces, processes return results, and completes tasks. This model ensures both privacy security and flexible on-demand information retrieval.

2.3 Architectural Advantages of the Interaction Model

2.3.1 Compatibility with Existing Web Infrastructure

Fully leverages existing web technology stacks and infrastructure:

2.3.2 Privacy Protection and Data Sovereignty

The local decision-making model provides important privacy protection advantages:

Note: This section is being continuously refined. We sincerely invite community members to contribute and jointly improve the technical specifications and implementation solutions for agent description standards.

Agent Discovery

The core objective of the Agent Discovery module is to establish efficient agent discovery mechanisms, enabling agents to be conveniently found and accessed by other agents in different network environments, thereby building dynamic and open agent collaboration networks:

This specification defines the Agent Discovery Service Protocol (ADSP), a standardized protocol for discovering agents. Based on the JSON-LD format, it provides two discovery mechanisms: active discovery and passive discovery, aimed at enabling agents to be effectively discovered and accessed by other agents or search engines in the network.

The core elements of the protocol include:

  1. Using JSON-LD as the foundational data format, supporting linked data and semantic web features
  2. Defining an active discovery mechanism, using .well-known URI paths as agent discovery entry points
  3. Providing a passive discovery mechanism, allowing agents to submit their descriptions to search services
  4. Supporting pagination and linking of agent descriptions, facilitating the management of large numbers of agent information

Overview

We use JSON-LD (JavaScript Object Notation for Linked Data) as the format for agent discovery documents, consistent with the Agent Description Protocol. By using JSON-LD, we can achieve rich semantic expression and linking relationships while maintaining simplicity and ease of use.

Agent description documents are detailed expressions of agent information, as referenced in the Agent Description Protocol. The agent discovery document serves as a collection page, containing URLs of all public agent description documents under a domain, facilitating indexing and access by search engines or other agents.

Active Discovery

Active discovery refers to search engines or agents only needing to know a domain to discover all public agent description documents under that domain. We adopt the Web standard .well-known URI path as the entry point for agent discovery.

.well-known URI

According to RFC 8615, .well-known URI provides a standardized way to discover services and resources. For agent discovery, we define the following path:

https://{domain}/.well-known/agent-descriptions

This path should return a JSON-LD document containing URLs of all public agent description documents under the domain.

Discovery Document Format

Active discovery documents adopt the JSON-LD format, using the CollectionPage type, containing the following core properties:

Each agent description item contains:

EXAMPLE

{
  "@context": {
    "@vocab": "https://schema.org/",
    "did": "https://w3id.org/did#",
    "ad": "https://example.com/ns/agent-description#"
  },
  "@type": "CollectionPage",
  "url": "https://example.com/.well-known/agent-descriptions",
  "items": [
    {
      "@type": "ad:AgentDescription",
      "name": "Smart Assistant",
      "@id": "https://example.com/agents/smartassistant/ad.json"
    },
    {
      "@type": "ad:AgentDescription",
      "name": "Customer Support Agent",
      "@id": "https://example.com/agents/customersupport/ad.json"
    }
  ],
  "next": "https://example.com/.well-known/agent-descriptions?page=2"
}

Pagination Mechanism

When there are a large number of agents under a domain, a pagination mechanism should be adopted. Pagination is implemented through the next property, pointing to the URL of the next page. Clients should recursively retrieve all pages until there is no next property.

Passive Discovery

Passive discovery refers to agents actively submitting their agent description URLs to other agents (typically search service agents), enabling them to index and crawl their information.

Registration API

Passive discovery typically requires using the registration API provided by search service agents. These APIs are defined by the search service agents themselves and should be clearly stated in their agent description documents. Agents can register their description URLs with search services by calling these APIs.

Registration Process

  1. Agent obtains the description document of the search service agent
  2. Finds the registration API endpoint and parameter requirements from the description document
  3. Constructs a registration request, including its own agent description URL and other necessary information
  4. Sends the registration request to the search service
  5. Search service verifies the request and indexes the agent
sequenceDiagram
    participant Agent as Agent
    participant Search as Search Service Agent
    
    Agent->>Search: Get agent description document
    Search-->>Agent: Return description document (including registration API info)
    Note over Agent: Parse registration API from description document
    Agent->>Search: Send registration request (including own description URL)
    Note over Search: Verify request
    Search-->>Agent: Confirm registration
    Note over Search: Crawl agent description document and index
Passive Discovery Registration Process

Security Considerations

To ensure the security of agent discovery, the following measures are recommended:

  1. Content Validation: Search services should verify the validity and integrity of agent description documents
  2. DID Authentication: Use the did:wba method for identity authentication, ensuring the authenticity of agent identities
  3. Rate Limiting: Implement appropriate rate limiting measures to prevent malicious requests and DoS attacks
  4. Permission Control: Distinguish between public and private agents, only including public agents in discovery documents

Relationship with Other Protocols

The Agent Discovery Protocol is closely related to the following protocols:

  1. Agent Description Protocol: The discovery protocol provides indexing and access mechanisms for description documents
  2. DID:WBA Method: Provides identity authentication and security guarantees
  3. Meta-Protocol: In agent communication, protocol negotiation can be based on discovery results

Note: This section is being continuously refined. We sincerely invite community members to contribute and jointly improve the technical specifications and implementation solutions for agent discovery standards.

Security Considerations

The core objective of the Security Considerations module is to ensure the security of agents during interactions, establish multi-layered security protection systems, and maximize defense against various security threats and malicious attacks:

Therefore, agent security protocols must adopt defense-in-depth strategies, establishing corresponding security protection measures at the network layer, application layer, and data layer.

Note: This section is being continuously refined. We sincerely invite community members to contribute and jointly improve the technical specifications and implementation solutions for agent security standards.

Privacy Considerations

The core objective of the Privacy Considerations module is to maximize the protection of personal privacy during agent interactions, ensuring that users' sensitive information is not improperly transmitted or leaked between agents, and establishing privacy-first interaction mechanisms:

Therefore, agent privacy protocols must make privacy protection a fundamental design principle, ensuring that technological progress does not come at the expense of user privacy.

Note: This section is being continuously refined. We sincerely invite community members to contribute and jointly improve the technical specifications and implementation solutions for agent privacy protection standards.

References

  1. [RFC2119] Key words for use in RFCs to Indicate Requirement Levels. S. Bradner. IETF. March 1997. Best Current Practice. URL: https://www.rfc-editor.org/rfc/rfc2119
  2. [RFC8174] Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words. B. Leiba. IETF. May 2017. Best Current Practice. URL: https://www.rfc-editor.org/rfc/rfc8174