You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Additive support for publishers with no controllable FQDN, rooted in a
W3C DID (did:plc, did:web) instead of DNS. Closes the identity hole raised
in #47. The FQDN mainline is untouched.
- §4.2.1: DID-anchored URN branch
urn:air:did:<method>:<method-specific-id>:<namespace>:<agent-name>,
initial set {did:plc, did:web host-only}; existing schema pattern already
admits it (no schema change).
- §5.1: additive authority-alignment carve-out for identityType "did".
- §5.1.1: normative 4-step DID resolution path; canonicalization pinned to
JCS (RFC 8785), not implementation-defined.
- Appendix C.1: shows the DID branch preserves all five federation
properties; written to compose with #24.
- §4.4: domainless (DID-anchored) worked example.
- ADR 0010.
Companion artifact-side field: drknowhow/install-manifest-spec#37.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
***`<namespace>`**: Optional hierarchical segments separated by : (e.g., finance:trading, weather:telemetry). Allows publishers to categorize capabilities by department, team, or product line without altering infrastructure routing.
205
205
***`<agent-name>`**: Mandatory terminal segment representing the specific, logical short name of the agent or tool (e.g., assistant, pptx-creator).
206
206
207
+
#### Domainless Publishers: the DID-Anchored Branch
208
+
209
+
Publishers without a controllable fully qualified domain name — for example, agents whose identity is rooted in a [Decentralized Identifier (W3C DID)](https://www.w3.org/TR/did-core/) and a signed personal data store rather than in DNS — MAY substitute a DID for the `<publisher>` FQDN. The `<publisher>` position then carries a DID in place of a domain:
* The literal token `did` in the `<publisher>` position signals the DID-anchored branch and distinguishes it unambiguously from an FQDN root (no registrable domain is the bare label `did`).
216
+
* In the initial registered set, `<method>` MUST be one of `plc` or `web`, and the DID MUST occupy **exactly three** colon-delimited segments — `did:<method>:<method-specific-id>`. Accordingly, `did:web` is restricted to its host-only form (`did:web:<host>`) in this branch; path-bearing `did:web` identifiers and additional DID methods (`did:key`, `did:peer`, …) are deferred to a future amendment so the resolution machinery can be validated against a small, fixed set first.
217
+
*`<namespace>` (optional) and `<agent-name>` (mandatory terminal segment) retain exactly their meaning from the FQDN branch.
Authority for a DID-anchored identifier is established by verified control of the DID — see [§5.1.1](#511-did-anchored-identity-resolution-domainless-publishers) — not by FQDN cross-reference against `trustManifest`. A `did:web` publisher that also controls a domain MAY appear under either branch; the two forms denote the same publisher when the `did:web` host equals the FQDN, which makes `did:web` a natural migration on-ramp between the branches. The existing `identifier` pattern in the `ai-catalog.json` schema already admits this branch (the DID's internal colons parse as additional segments), so no schema change is required.
227
+
207
228
#### Please see more details at [Architectural Rationale for URN Restriction](#appendix-c:-agent-naming-urn-format)
208
229
209
230
### 4.3 Host Info Object
@@ -296,6 +317,32 @@ Discovery via GitHub Pages (combining the above):
296
317
}
297
318
```
298
319
320
+
#### The Domainless (DID-Anchored) Path
321
+
322
+
Like the Solo Developer Path, but the publisher has no domain at all — identity is rooted in a `did:plc` and a signed personal data store. The discovery identifier uses the DID-anchored branch (§4.2.1); authority is proven by DID control (§5.1.1), and `trustManifest` carries the same DID with `identityType: "did"`.
"signature": "<detached JWS over the JCS-canonicalized Trust Manifest; alg negotiated via the DID Document verificationMethod>"
338
+
}
339
+
}
340
+
]
341
+
}
342
+
```
343
+
344
+
No FQDN, no SPIFFE issuer, no cloud account: a consumer resolves `did:plc:ewvi7nxzyoun6zhxrhs64oiz` to its DID Document, validates the detached JWS against the published key, and accepts the entry as bound to that DID.
345
+
299
346
#### Enterprise Example
300
347
301
348
Using trustManifest for compliance, published in a manifest.
@@ -357,6 +404,21 @@ The trustManifest object sits alongside the artifact content in a catalog entry
357
404
| provenance | Array | Optional. List of Provenance Link objects recording lineage. |
358
405
| signature | String | Optional. Detached JWS signature computed over the Trust Manifest content. |
359
406
407
+
**Authority alignment for DID-anchored identities.** For `identityType: "did"`, the authority-alignment requirement on `identity` (above) is satisfied by verified control of the DID, established via the resolution path defined in [§5.1.1](#511-did-anchored-identity-resolution-domainless-publishers). FQDN alignment is NOT required for this identity type. The FQDN mainline — where the cryptographic trust domain MUST align with the authority domain root embedded in the discovery identifier namespace — is otherwise unchanged.
When a catalog entry's discovery identifier uses the DID-anchored URN branch ([§4.2.1](#421-agent-identifier-identifier-format-and-rationale)) — or, equivalently, when `trustManifest.identity` is a DID with `identityType: "did"` — registries and orchestrators MUST establish publisher authority by verifying control of the DID rather than by FQDN cross-reference. The procedure is:
412
+
413
+
1.**Resolve the DID Document.** Dereference the DID to its DID Document using the method-specific resolution path:
414
+
*`did:plc` → `GET https://plc.directory/<did>`
415
+
*`did:web` → `GET https://<host>/.well-known/did.json`, where `<host>` is the method-specific identifier.
416
+
2.**Select the verification key.** From the DID Document's `verificationMethod` array, select the key indicated by the detached JWS `kid` header parameter when present; otherwise select the first `verificationMethod` whose key type is compatible with the JWS `alg`.
417
+
3.**Reconstruct the signed payload.** Canonicalize the signed content using **JCS (JSON Canonicalization Scheme, [RFC 8785](https://www.rfc-editor.org/rfc/rfc8785))**. Canonicalization MUST be JCS and MUST NOT be implementation-defined; JCS is already the canonical form used elsewhere in this specification, keeping a single signing mental model. The detached JWS ([RFC 7515 §A.5](https://www.rfc-editor.org/rfc/rfc7515)) carried in `trustManifest.signature` is computed over these canonical bytes.
418
+
4.**Validate the signature.** Verify the detached JWS against the selected verification key. On success, the entry is bound to the DID and the publisher is authoritative for that DID's namespace. On failure, the entry MUST be rejected.
419
+
420
+
A successful DID-control proof establishes *who published* the entry; consistent with [§7.2](#72-search-post-search), it MUST NOT be interpreted as a cryptographic trust, compliance, or safety rating for the underlying capability.
421
+
360
422
### 5.2 Attestation Object
361
423
362
424
Provides verifiable proof of a claim (e.g., compliance certifications).
@@ -696,6 +758,18 @@ Restricting the discovery identifier to this specific URN format, rather than al
696
758
4.**Search and Discovery Ergonomics (The @ Resolution Pattern)**: Users and LLMs require intuitive, semantic handles for capabilities (e.g., Assistant@Acme). The structured hierarchy of `urn:air:<publisher>:<namespace>:<agent-name>` allows search engines and federated registries to parse components deterministically. Registries can easily match natural language queries to the publisher domain (Acme) and the terminal short name (Assistant), enabling high-performance semantic filtering, aggregation, and conflict resolution (e.g., displaying Assistant with a verified Acme shield).
697
759
5.**Cross-Network Uniqueness and Federation Scalability**: Domain-anchored URNs guarantee global uniqueness across disparate federated registries without requiring centralized registration databases. Because domain names are already globally unique via the DNS root, anchoring the URN to a domain eliminates collision risks when merging catalogs from multiple upstream registries in auto or referrals federation modes.
698
760
761
+
### C.1 DID-Anchored Identifiers for Domainless Publishers
762
+
763
+
The five properties above assume an FQDN `<publisher>` root. The DID-anchored branch ([§4.2.1](#421-agent-identifier-identifier-format-and-rationale)) preserves every one of them for publishers that hold no controllable domain:
764
+
765
+
1.**Nomenclature stability** — a DID is an immutable logical noun by construction and never encodes a physical network location, so the immutable-noun property is strengthened, not weakened.
766
+
2.**Separation of concerns** — the DID remains the searchable discovery handle, while the security principal is the key material resolved from the DID Document ([§5.1.1](#511-did-anchored-identity-resolution-domainless-publishers)). Discovery index and security mesh stay decoupled exactly as in the FQDN branch.
767
+
3.**Decentralized trust and authority binding** — DNS is not the only verifiable authority root. Control of a DID is provable without a domain: `did:plc` via its signed PLC operation log, `did:web` via a DNS-anchored `did.json`. Authority is established by the §5.1.1 resolution path in place of an mTLS certificate or SPIFFE SVID issued by the FQDN. Namespace-squatting is foreclosed the same way the FQDN branch forecloses it — an actor cannot present a valid DID-control proof for a DID it does not control.
768
+
4.**Search and discovery ergonomics** — the terminal `<agent-name>` and optional `<namespace>` segments parse identically; only the publisher-root component differs (a DID rather than a domain shield).
769
+
5.**Cross-network uniqueness** — DIDs are globally unique by construction, so catalog merges across federated registries remain collision-free without a central registry.
770
+
771
+
This branch is deliberately written to compose with the transport-side URN questions raised in [#24 (URN semantics for NAT'd and relay-accessed agents)](https://github.com/ards-project/ard-spec/issues/24): both press the FQDN assumption in item 3 of the main rationale above — #24 from the transport side, this branch from the identity side. A future unified "domainless namespace" amendment should be able to subsume both without conflicting with the wording here.
0 commit comments