Skip to content

Registry Federation Interoperability — Mutual Trust & Cross-Registry Provenance #63

Description

@ejoaquin

Continuation of #53, condensed per feedback.

Problem

ARD defines discovery within a single catalog, but as agents appear in multiple registries (scanned, imported, or federated across org boundaries), three gaps emerge:

  1. No bilateral trust between registries. When Registry B federates agents from Registry A, there's no protocol for Registry A to approve, scope, or revoke that relationship. The publisher has no voice — and consumers have no signal (like a browser padlock) indicating whether a federated entry is verified.

  2. No provenance for federated entries. When the same agent exists in multiple registries, consumers can't determine which is canonical, who maintains it, or whether they're seeing a stale copy.

  3. No cross-registry lifecycle sync. Deprecating an agent at its source doesn't propagate to downstream registries. Consumers keep discovering sunset agents with no warning.

These gaps are acute in B2B scenarios — e.g., a cloud provider's agents federated into a customer's enterprise registry.

Proposed Solution (summary)

Three optional, additive extensions to the Agent Card schema:

Extension What it does
mutualTrust State machine (unverified → one_way → mutual → revoked) + bilateral handshake via .well-known/ard-approvals.json endpoints. Supports both DNS-anchored and DID-based identity (#47).
cardProvenance Tracks residency (owned / federated / mirrored), canonical source URI, owner identity, and last-synced timestamp. Enforces "canonical always wins" for mutable fields.
contentIntegrity SHA-256 digest of canonical card content + reconciliation interval + drift detection. Separates "trust is healthy" from "content is fresh."

These compose with existing proposals: #45 (lifecycle), #44 (deployment metadata), #42 (dependencies), #7 (TRACE federation referrals), #41 (SOVP-v1).

Prior Art

Open Questions

  1. Should mutualTrust live inside trustManifest (§5) or as a top-level sibling?
  2. Should lifecycle sync reuse Spec Proposal: No Lifecycle or Deprecation Model #45's lifecycle object directly?
  3. Should the anti-duplication rule be MUST or SHOULD for v1.0?

Happy to elaborate on any of these (state machine details, JSON schemas, version selection rules, trust duration model) in follow-up comments as consensus forms.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions