Security
The protocol provides essential security with focus on what's critical - message authentication and basic trust verification.
Essential Security Only
Security Requirements:
- TLS encryption for all HTTP communications
- Ed25519 signatures for message authentication
- Agent ID validation to prevent basic impersonation
- Basic error handling for security violations
Message Authentication
Approach: Every message is signed.
Basic Authentication Flow
- Sign every message with Ed25519 private key
- Verify every incoming message with sender's public key
- Reject invalid signatures immediately
// Simple authentication implementation
function authenticateMessage(message, senderPublicKey) {
const { sig, ...messageWithoutSig } = message;
try {
const isValid = crypto.verify(
null,
JSON.stringify(messageWithoutSig),
senderPublicKey,
Buffer.from(sig, "base64")
);
return isValid;
} catch (error) {
return false;
}
}
// Use in your endpoint
app.post("/tasks", (req, res) => {
const message = req.body;
// Get sender's public key (from cache, registry, or direct query)
const senderPublicKey = getSenderPublicKey(message.from);
if (!authenticateMessage(message, senderPublicKey)) {
return res.status(401).json({
error: "invalid_signature",
message: "Message signature verification failed",
});
}
// Process authenticated message
processTask(message);
});Benefits:
- No complex handshakes - authentication happens with every message
- Stateless - no session management required
- Simple to implement - just sign and verify
- Replay protection - each message is unique
Basic Authorization
Simple approach: If an agent advertises a capability, any authenticated agent can use it.
// Basic authorization check
function isAuthorized(message) {
// 1. Message is authenticated (signature verified)
// 2. Capability exists on this agent
// 3. Basic rate limiting (optional)
const capability = findCapability(message.data.capability);
return capability !== null;
}
app.post("/tasks", (req, res) => {
const message = req.body;
// Authenticate
if (!authenticateMessage(message, getSenderPublicKey(message.from))) {
return res.status(401).json({ error: "authentication_failed" });
}
// Authorize
if (!isAuthorized(message)) {
return res.status(403).json({ error: "capability_not_found" });
}
// Process task
processTask(message);
});Advanced authorization (roles, permissions, etc.) is only needed for advanced use cases.
Simple Trust
Basic approach: Trust agents that provide valid signatures and deliver results.
Trust Indicators
Immediate trust signals:
- ✅ Valid Ed25519 signature
- ✅ Agent ID format is correct
- ✅ TLS connection is secure
- ✅ Responds to capability queries
Optional trust tracking:
- Task completion rate
- Response time reliability
- Result quality assessment
// Simple trust implementation
const agentStats = new Map(); // Simple in-memory tracking
function recordTaskResult(agentId, success) {
if (!agentStats.has(agentId)) {
agentStats.set(agentId, { total: 0, successful: 0 });
}
const stats = agentStats.get(agentId);
stats.total++;
if (success) stats.successful++;
}
function getTrustScore(agentId) {
const stats = agentStats.get(agentId);
if (!stats || stats.total === 0) return 0.5; // Neutral for new agents
return stats.successful / stats.total;
}Basic Verification
Essential verification only:
// Verify task result format matches capability output specification
function verifyResult(capability, result) {
const outputSpec = capability.output;
for (const [field, type] of Object.entries(outputSpec)) {
if (typeof result[field] !== type) {
return false;
}
}
return true;
}Security Philosophy: provide essential security without complexity. Most agents don't need advanced trust models - just reliable message authentication.
Critical: Always verify message signatures before processing. This is your primary defense against impersonation and tampering.