Re: Agent Identity Registry Protocol Community Group launched from Adolfo Grego Micha on 2026-05-01 (public-council@w3.org from May 2026)

From: Adolfo Grego Micha <adolfo@trustlayer.foundation>
Date: Thu, 30 Apr 2026 23:21:33 -0700
To: Jeffrey Yasskin <jyasskin@google.com>
Cc: public-council@w3.org, Chaals Nevile <chaals@fastmail.fm>, Aaron Adolfo Grego <aaron@trustlayer.foundation>, Cristian Acosta <cyberstock1024@gmail.com>, Carolina Biringer <caro@punto2012.com>
Message-ID: <CACpwBj-FcNoKULW8Te39r43WEg0B=ouBmnKWdy77UVK=bgT+5g@mail.gmail.com>

Hi Jeffrey,

I'm Adolfo, co-founder of TrustLayer Foundation, the governing body behind
the proposed protocol.

From what we've understood, WebBotAuth is focused on authenticating
automated clients to human-facing websites over HTTP — crawlers, archivers,
AI training agents, content-retrieving agents. Their charter explicitly
puts out of scope: authenticating access to HTTP APIs and agent-to-agent
interfaces, defining intent vocabulary, and reputation tracking.

That's where ARIA starts. Our focus is cross-organizational agent identity
and authorization — agents operating across system boundaries, carrying
pre-enrolled credentials that declare intent, with revocation that
propagates across every system that admitted them. We're not touching
human-facing web authentication at all.

In practice the two are complementary layers: a well-architected agent
could carry a WebBotAuth credential when retrieving content from
human-facing sites, and an ARIA credential when interacting with APIs and
organizational systems downstream. We'd welcome any thoughts — it's
possible we're missing something.

If this is or any other conversation worth continuing, we'd love to have
your voice in the group.

No commitment beyond the discussion itself.
Best,
Adolfo

El mar, 28 de abr de 2026, 11:45, Jeffrey Yasskin <jyasskin@google.com>
escribió:

> What's the interaction or overlap between this CG and
> https://datatracker.ietf.org/wg/webbotauth/about/?
>
> On Fri, Apr 24, 2026 at 4:34 PM <public-council@w3.org> wrote:
>
>> With your support, the Agent Identity Registry Protocol Community Group
>> has been launched:
>>   https://www.w3.org/community/agent-identity/
>>
>> This group was originally proposed on 2026-04-22 by Aaron Adolfo Grego.
>> The following people supported its creation:
>>   Chaals Nevile
>>   Aaron Adolfo Grego
>>   Adolfo Grego Micha
>>   Cristian Acosta
>>   Carolina Biringer
>>
>> To join the group, please use:
>>   https://www.w3.org/community/agent-identity/join
>>
>> Please note that supporting a group is different from joining
>> a group. Supporters must also enroll if they wish to participate.
>>
>> --------------------
>> Although autonomous AI agents increasingly operate across organizational
>> boundaries —negotiating, transacting, and making decisions on behalf of
>> humans and organizations— there is no agreed upon mechanism for verifying
>> an agent's identity, its controlling entity, or its authorization scope
>> before interaction begins. This gap creates accountability, security, and
>> liability challenges that multiple industry and government bodies have
>> identified as urgent, including NIST's AI Agent Identity initiative and the
>> OpenID Foundation's AIIM working group.
>>
>> This Community Group develops open specifications for verifiable AI agent
>> identity infrastructure. The group's work addresses how AI agents can
>> present cryptographically verifiable credentials that bind them to their
>> controlling organizations, enabling cross-organizational trust negotiation
>> without requiring pre-existing bilateral agreements.
>>
>> The group's scope includes:
>>
>> - A DID method specification for agent identity resolution
>> - An agent credential format based on W3C Verifiable Credentials
>> - A trust negotiation protocol for cross-organizational agent interactions
>> - Trust level definitions and verification requirements
>> - Integration profiles with complementary protocols (MCP, A2A,
>> OAuth/OIDC, SPIFFE)
>> - Revocation and credential lifecycle management
>> - Post-quantum cryptographic requirements for agent identity
>>
>> **Note**: This group will take inspiration from work created by
>> TrustLayer Foundation A.C., and that work may inform the group's
>> discussions. That work does not constrain the group's discussions, and all
>> decisions about the group's deliverables will be made by the Community
>> Group participants.
>>
>> Coordination is anticipated with the W3C Credentials Community Group
>> (CCG), the Decentralized Identity Foundation (DIF), the OpenID Foundation
>> AIIM Community Group, and the IETF WIMSE Working Group.
>> --------------------
>>
>> Thank you,
>>
>> W3C Community Development Team
>>
>>
>>

Received on Friday, 1 May 2026 06:28:20 UTC