- From: Disha Gupta <dishag252@gmail.com>
- Date: Mon, 8 Jun 2026 08:45:41 +0200
- To: public-agentprotocol@w3.org
- Message-ID: <CAP6bUeg+JejNdsF=4FqZ-7DHMNJFiYFLar6tn8fOqtL3uWKKKQ@mail.gmail.com>
Hi everyone, I have been researching the friction around agent to agent trust and wanted to share an early-stage concept draft with this group. Right now, a lot of agentic identity frameworks rely on preemptive developer registration or centralized "app store" models. To explore an open-web alternative, I put together a lightweight concept paper for a receiver-driven protocol for Agentic Identity. The core idea is simple: instead of checking a static registry, host servers use HTTP 401 Unauthorized and dynamic WWW-Authenticate headers to dictate exactly what Verifiable Credentials (SSO, KYB, etc.) an agent needs to present at runtime. You can read the short concept draft on GitHub here: https://github.com/guptadisha13/receiver-driven-agentic-identity-protocol/blob/main/receiver-driven-protocol-agentic-identity-v1.md Why I am sharing this: I am not a backend engineer, so I intentionally left the heavy implementation details out of this draft. I wanted to put the architectural concept in front of this community to see if this is a direction worth pursuing. I would be incredibly grateful for any feedback, especially regarding the "Challenges" section (handling header size limits, anti-replay nonces, etc.). Best regards, Disha
Received on Monday, 8 June 2026 06:46:59 UTC