Trust & Attestation

This draft introduces optional trust and attestation mechanisms for AX, designed to support safer and more scalable agent discovery across organizational and ecosystem boundaries—without coupling discovery to execution, authorization, or governance workflows.

What’s new in Draft-02

Draft-02 adds:

• Optional trust tier declarations (e.g. self-asserted, enterprise-attested)
• Attestation statements that describe provenance and verification signals
• Explicit support for multiple, independent attestation authorities
• Clear guidance on how trust signals are intended to be consumed, not enforced

Important scope clarifications

This draft intentionally:

• Treats trust signals as non-authoritative inputs, not approvals or endorsements
• Separates discovery, trust signaling, and execution governance into distinct layers
• Avoids defining registry workflows, approval processes, or runtime policy
• Defers relationship graphs, reputation propagation, and federation semantics to future drafts

The goal is to provide shared, upstream trust signals that registries, brokers, arbiters, and platforms can interpret according to their own policies—rather than embedding governance decisions into discovery itself.

Why this matters

As agent ecosystems expand beyond single enterprises into partner, multi-cloud, and cross-organizational environments, discovery alone is not sufficient. Draft-02 aims to enable richer evaluation of discovered agents while preserving:

• registry neutrality
• protocol agnosticism
• incremental adoption
• ecosystem diversity

Request for feedback

Feedback is especially welcome on:

• Whether the layering boundaries are clear and defensible
• The trust tier model and its neutrality
• Attestation structure and multi-authority assumptions
• Any unintended coupling to registry or execution semantics

Draft-02 is intended to be conservative, composable, and extensible. If you see areas where it overreaches—or doesn’t go far enough—please raise them.

Thanks to everyone who has contributed to the discussions so far (private and public). Your feedback has directly shaped this draft.

Aaron.

Capability hashing

Added

• Introduced capability hashing to enable deterministic change detection of an agent’s capability surface.
• Defined canonicalization and hashing semantics for capability comparison and caching.

Unchanged

• No changes to AX discovery semantics.
• Discovery mechanism, document location, and protocol advertisement remain identical to draft-agent-discovery-00.

Notes

• Capability hashing is explicitly scoped to change detection only.
• Trust, attestation, signing, and authorization remain out of scope and are deferred to future drafts.

Initial public draft of Agent Discovery Exchange (AX)

Autonomous AI agents increasingly operate across organizational and administrative boundaries. However, there is no standardized, internet-native mechanism for discovering agent endpoints, understanding their capabilities, or negotiating supported interaction protocols.

This document defines Agent Discovery Exchange (AX), a lightweight, protocol-agnostic discovery mechanism that enables agents to advertise their capabilities and supported interaction protocols using existing DNS and HTTPS infrastructure. AX is designed to complement — not replace — existing agent execution and communication protocols such as GraphQL, MCP, A2A, and REST.