Re: Proposal: Agent Trust Protocol (ATP) – Trust & Security Profile for AI Agent Protocol CG

You are very welcome. Our next meeting will be at 13:00 UTC on June 3,
2026, and you are welcome to introduce ATP during the session.

If convenient, please share some materials in advance so that we can have a
more in-depth discussion during the meeting.

On Thu, May 21, 2026 at 11:15 PM Larry Lewis <llewis@sovrlabs.com> wrote:

> Hi Chairs and Members of the AI Agent Protocol Community Group,
>
> I was encouraged to reach out directly to this group and propose a short
> presentation on some work that appears closely aligned with your current
> focus on agent identity, security, and interoperability.
>
> I am the author of Agent Trust Protocol (ATP), an open, quantum-safe trust
> layer for AI agents designed to complement the AI Agent Protocol framework
> rather than replace it. ATP focuses on four areas that overlap strongly
> with the “Security and Privacy” and “Agent Identity” work items in your
> current technical framework:
>
>    - *Cryptographic agent identity that travels across ecosystems*
>    (agents, tools, and runtimes modeled as first-class identities,
>    typically DID-based, not just API keys)
>    - *Capability-scoped authorization for autonomous agents*
>    (short-lived, narrowly scoped capabilities instead of broad session
>    tokens)
>    - *Verifiable evidence of agent behavior*
>    (signed evidence chains for sensitive actions, compatible with
>    Verifiable Credentials)
>    - *Guardian-style suspension and revocation*
>    (a control plane for revoking compromised agents across protocols and
>    runtimes)
>
> I have drafted an “ATP Trust and Security Profile” in W3C Community Group
> style that treats the existing AI Agent Protocol work as the base layer and
> specifies how ATP can layer a trust profile on top: binding ATP Agent DIDs
> to your identity model, mapping capability tokens into your tiered
> authorization requirements, and defining evidence and Guardian mechanisms
> that could be candidates for standardization.
>
> I would like to propose a 30-minute walkthrough during one of your
> biweekly calls to:
>
>    1. Briefly summarize ATP’s trust model and components
>    (Agent DID, Capability Token, Evidence Chain, Guardian, Trust Registry)
>    2. Show how an “ATP Trust Profile” can align with and extend the AI
>    Agent Protocol framework
>    (identity, description, security, and privacy modules)
>    3. Discuss open questions where the group’s feedback would be most
>    valuable
>    (e.g., DID extension namespaces, evidence formats, Guardian APIs,
>    Trust Score interoperability)
>
> Would it be possible to schedule a 30-minute slot in an upcoming or a
> proposed biweekly CG meeting for this walkthrough?
>
> I am happy to share the draft Trust Profile document in advance so
> participants can review it and come with questions and feedback.
>
> Thank you for considering this, and for the work the group is doing to
> define open, interoperable protocols for AI agents on the Web.
>
>
>
> Best regards,
> Larry Lewis
>
>
>
>
>
>
>
>
>
>
>
>
> ---- On Mon, 18 May 2026 09:04:53 -0500 *Roy Ruoxi Ran <ran@w3.org
> <ran@w3.org>>* wrote ----
>
>
>
> Hi Larry,
>
> Thank you for following up.
>
> I think I mentioned AI Agent Protocol CG before, the areas you outlined
> are very relevant to the discussions around AI agents, I think you could
> apply a presentation through email to the Chairs of the CG
> <https://www.w3.org/groups/cg/agentprotocol/participants/> directly. I
> usually join their biweekly meetings, and I believe that is proper place
> for ATP to present.
>
> Beside that CG, also Web & AI IG <https://www.w3.org/groups/ig/webai/> could
> be a place for you to present your work, also you could raise an issue
> here <https://github.com/w3c/webai>, and Chairs and I will schedule
> agenda for upcoming meetings. Dom and I are participants in this group. I
> would be happy to learn more. A short 30 minute walkthrough sounds useful.
>
> Thank you and Best Regards,
>
> Roy Ruoxi Ran, 冉若曦, W3C
>
>
> On May 18, 2026, at 21:14, Larry Lewis <llewis@sovrlabs.com> wrote:
>
> Hi Ian,
>
> Good morning.  I wanted to follow up and see if Dom and Ruoxi had a chance
> to look at the materials I shared last Monday.
>
> Over the past week I’ve been seeing even more concrete, day‑to‑day use
> cases that underline why a deeper discussion around Agent Trust Protocol
> (ATP) feels timely. In particular, ATP is focused on three areas that seem
> very aligned with the work your group is driving:
>
> • Cryptographic agent identity that travels across ecosystems
> ATP treats agents, tools, and runtimes as first‑class identities with
> verifiable provenance, not just API keys or app IDs.
> • Capability‑scoped, short‑lived authorization for autonomous agents
> Rather than broad, long‑lived tokens, ATP issues narrowly scoped,
> time‑bounded capabilities that constrain what an agent can do at each step,
> even as it moves across different protocols and orchestration layers.
> • Verifiable evidence of what agents actually did
> Every sensitive action is tied to signed evidence — who the agent was,
> what it was allowed to do, which policies applied, and why a decision was
> approved or denied — so behavior is auditable and interoperable instead of
> trapped inside one vendor’s logs.
>
> My goal here is not to introduce “yet another agent framework,” but to
> explore whether ATP could serve as a trust and security profile that
> complements the AI Agent Protocol Community Group’s work on identity,
> description, and communication.
>
> If it is useful, I would be happy to walk through a short, focused
> overview of ATP framed entirely in terms of how it could align with or
> extend the work you, Dom, and Ruoxi are already doing.
>
> Would a 30–45 minute slot sometime next week work for you and the team?
> Best regards,
>
> Larry Lewis
> Founder of Sovr(Sovrlabs)
> Agent Trust Protocol(ATP)
>
>
> ---- On Mon, 11 May 2026 09:52:21 -0500 *Larry Lewis <llewis@sovrlabs.com
> <llewis@sovrlabs.com>>* wrote ----
>
> Hi Ian,
>
> Thank you again for offering to introduce me to Dom Hazael-Massieux and
> Ruoxi Ran regarding the AI Agent Protocol Community Group.
>
> Since our last exchange, ATP has come a long way. I took your guidance
> seriously and refined the work so that ATP is positioned not as a competing
> protocol, but as a specialization that can complement the group’s existing
> direction around interoperable, secure, and trustworthy AI agent ecosystems.
>
> The current ATP contribution focuses on a narrow trust and security layer
> for AI agents:
>
>    - W3C DID-based agent identity
>    - Verifiable Credentials for agent capabilities and delegation
>    - Quantum-safe signing using ML-DSA / Dilithium with Ed25519
>    compatibility
>    - Policy-bound capability authorization
>    - Trust scoring and audit trails for agent-to-agent and agent-to-tool
>    interactions
>    - Compatibility with existing agent ecosystems such as MCP, A2A,
>    OpenClaw, LangChain, and AutoGPT
>
> My goal is to contribute this as a standards-aligned specialization for
> agent trust, identity, and authorization, rather than as a separate or
> competing framework.
>
> I have attached the latest ATP white paper by and specialization/spec
> materials for review. I would be grateful for your guidance, and for Dom
> and Ruoxi’s feedback, on the best way to shape this into a useful
> contribution to the Community Group.
>
> If helpful, I can also prepare a shorter W3C-style explainer or present
> the work in an upcoming Community Group meeting.
>
> Best,
>
> Larry Lewis
> Founder, Sovr INC
> Agent Trust Protocol
> https://www.agenttrustprotocol.com
>
>
>
>
>
>
>
>
>
> ---- On Mon, 18 Aug 2025 08:29:42 -0500 *Ian Jacobs <ij@w3.org
> <ij@w3.org>>* wrote ----
>
>
>
>
> Hi Dom and Roy,
>
> I’d like to introduce you to Larry Lewis (Sovr INC), with whom I chatted
> recently about his work on the Agent Trust Protocol (ATP) [1].
> I encouraged Larry to think about contributing ideas to the AI Agent
> Protocol CG and so I am making this introduction so that Larry
> has an initial point of contact in the group.
>
> All the best,
>
> Ian
>
> [1] https://socket.dev/pypi/package/agent-trust-protocol
> --
> Ian Jacobs <ij@w3.org>
> https://www.w3.org/People/Jacobs/
> Tel: +1 917 450 8783
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>