Skip to content

Cross-platform agent discovery via DID resolution (did:web) #28

@internet-dot

Description

@internet-dot

The protocol. The Ed25519 keypair + JWK thumbprint identity model and the /.well-known/agent-configuration discovery are clean and practical.

One gap: discovery currently works within a single directory or known service URL. If an agent authenticated via Agent Auth on Service A needs to prove its identity to Service B (or an A2A/MCP-compatible agent on a different platform), there's no standard cross-platform resolution mechanism. The kid (JWK thumbprint) is a good local identifier but isn't globally resolvable.

HCS-14 (Universal Agent ID) provides exactly this: a did:web:<domain> DID method that wraps existing identity systems into a globally resolvable identifier. The key advantage is that it's layered Agent Auth stays as the canonical auth layer, and the DID provides the cross-platform discovery on top.

The did:web method is pure DNS-based (no blockchain needed), which fits well with the Agent Auth Protocol's web2-native design. Resolution is just a DNS TXT record + HTTPS GET, no crypto dependency for the lookup itself.

The Standards SDK (@hol-org/standards-sdk) supports wrapDid() to create a DID from an existing Agent Auth kid, and resolveAgent(aid) for cross-platform lookup.

Not suggesting any changes to the core auth flow this would be an optional discovery extension for agents that need cross-platform portability.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions