- From: Gaowei Chang <chgaowei@gmail.com>
- Date: Sun, 18 Jan 2026 18:28:16 +0800
- To: public-agentprotocol <public-agentprotocol@w3.org>
- Message-ID: <CAGJoCKyz=Bsk4M=wDMC=1yaBZPTE-imE-e9ZcCiXM0XHUPBt+g@mail.gmail.com>
Dear all, The minutes from the AI Agent Protocol CG meeting held on January 14, 2026 have now been compiled. Please review them at the link below and feel free to provide any feedback: **Meeting minutes:** https://github.com/w3c-cg/ai-agent-protocol/blob/main/meetings/2026-01-14.md This meeting began with Song providing an overview of the W3C Community Group on AI Agent Protocols, clarifying that while CGs cannot create official W3C specifications, they can publish community group reports and contribute to the development of specifications through working groups. Geun-Hyung raised questions about the group's ability to make recommendations, which Roy addressed by explaining the distinction between CG reports and W3C specifications. The main discussion focused on agent identity authentication schemes and cross-vendor authentication methods. Sean presented a DID-based protocol for agent authentication, highlighting its advantages over traditional approaches like PKI—allowing direct verification without third-party platforms and supporting federated architecture. George raised concerns about the trust framework and suggested exploring OAuth as an alternative to pre-registration. He also questioned the feasibility of using HTTP message signatures or a one-time call to the token endpoint. The discussion emphasized the need for further exploration of trust frameworks and semantic equivalency across different technologies. The group also discussed authorization mechanisms, particularly the use of DID and OAuth for agent-to-agent authorization. Sean explained their approach of keeping DID simple with a focus on domain path and public key, while using tokens as a medium for trust transfer. George raised concerns about maintaining OAuth capabilities in the token request/response process. Several valuable resources were shared during the meeting: - [RFC 9449 - OAuth 2.0 Demonstrating Proof of Possession]( https://datatracker.ietf.org/doc/html/rfc9449) - [OAuth Client ID Metadata Document]( https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/ ) - [OpenID Digital Credentials Protocols Specifications]( https://openid.net/wg/digital-credentials-protocols/specifications/) - [OpenID for Verifiable Presentations 1.0]( https://openid.net/specs/openid-4-verifiable-presentations-1_0.html) - [OAuth Attestation-Based Client Authentication]( https://datatracker.ietf.org/doc/draft-ietf-oauth-attestation-based-client-auth/ ) - [RFC 9396 - OAuth 2.0 Rich Authorization Requests]( https://datatracker.ietf.org/doc/html/rfc9396) The conversation concluded with plans to create a roadmap for the group's activities and address outstanding questions about trust levels and revocation mechanisms in future discussions. For reference, the previous meeting minutes (December 17, 2025) are available here: https://github.com/w3c-cg/ai-agent-protocol/blob/main/meetings/2025-12-17.md The next meeting date will be announced soon. Further details and the agenda will be shared closer to the date. Thank you all for your continued contributions. Best regards, Song and Gaowei
Received on Sunday, 18 January 2026 10:28:33 UTC