GARR — Global Agent Registry and Resolution
bofreq-sharaf-garr-global-agent-registry-and-resolution-00

Description
Autonomous AI agents are being deployed at Internet scale. Protocols for
agent-to-agent communication (A2A) and agent-tool invocation (MCP - Model
Context Protocol) are emerging rapidly from industry bodies including Google,
Anthropic, Microsoft, Salesforce, and the Linux Foundation. A foundational
gap exists: there is no standards-based infrastructure for globally unique
agent identification, cryptographically verifiable capability attestation, or
federated agent discovery across organizational boundaries.
Without an open, neutral standard, the emerging "Internet of Agents" will
fragment into siloed, vendor-proprietary trust domains - precisely the failure
mode that DNS (RFC 1034/1035) and PKIX (RFC 5280) prevented for the naming
and certificate layers of the Internet.

GARR proposes to explore whether the IETF should standardize the equivalent
infrastructure layer for AI agents: a federated, cryptographically verifiable
registry of agent identity and capability metadata, following the architectural
principles of DNS zone delegation, DMARC-style domain attestation, and RATS-
style cryptographic evidence.
The core artifact is the AgentCard: a signed, structured metadata record that
an agent publishes to declare its identifier, owning organization, capability
set, supported protocols, policy constraints, and attestation references -
analogous to a DNS resource record, but for agents.

GARR is explicitly complementary to the approved CATALIST BOF (which
coordinates the standards landscape), the proposed Discovery of Agents BOF
(which defines query/response protocols for finding agents using a registry),
and the proposed Agent Communication Protocols BOF (which addresses the
application-layer communication protocol). GARR fills the distinct gap of the
identity, attestation, and registry infrastructure layer - the DNS of the
agentic internet, not the HTTP.

This work is developed in collaboration with Paul Mockapetris (inventor of
DNS, RFC 1034/1035), Dr. Ramesh Raskar (Associate Professor, MIT Media Lab),
and is coordinated with the Linux Foundation A2A/MCP Steering Committee.
Required Details

Status: WG Forming
Responsible AD: Security Area (SEC) - cross-area interest anticipated from
Applications and Real-Time (ART) and Internet (INT) Areas
BOF proponents: Sam Sharaf sam.sharaf@google.com,
Paul Mockapetris paul@mockapetris.com,
Ramesh Raskar raskar@media.mit.edu
Number of people expected to attend: 100
Length of session (1 or usually 2 hours): 2 hours
Conflicts (whole Areas and/or WGs)

Chair Conflicts: CATALIST, DNSOP, WIMSE, SCITT, RATS, SPICE
Technology Overlap: CATALIST, Discovery of Agents BOF, Agent
Communication Protocols BOF, DNSOP, WIMSE, RATS, SCITT, SPICE, JOSE, COSE
Key Participant Conflict: CATALIST, DNSOP, WIMSE, SCITT, RATS

Additional Information
Problem Space and Motivation
The following problems are unsolvable at Internet scale without a neutral,
open standard for agent identity and attestation:

Identity spoofing: Any service can claim to be any agent. There is no
DNS-equivalent anchoring agent identity to a verifiable root of trust.
Capability opacity: When agent A receives a request from agent B, it has
no standards-based way to verify B's claimed capabilities, ownership, or
certification status.
Cross-organizational discovery: An agent at Organization X cannot reliably
discover the authoritative endpoint for a given service at Organization Y
without bilateral agreements or proprietary directories.
Accountability: Without persistent, verifiable agent identifiers bound to
cryptographic attestation records, post-hoc audit of agentic transactions
is infeasible.

Proposed Scope
GARR proposes to standardize:

AgentCard schema - a signed, structured agent metadata record (identifier,
owning organization, capability set, supported protocols, policy
constraints, cryptographic public keys, attestation references, expiry
and revocation pointers). Candidate serializations: JSON-LD, CBOR (COSE
signed). Publication via well-known URIs (RFC 8615) or DNS records.
AgentCard Resolution Protocol - a mechanism for resolving an agent
identifier to its current AgentCard, following DNS resolution principles.
May be a well-known HTTPS convention or a DNS extension profile
(leveraging SVCB/HTTPS records, RFC 9460).
GARR Federation Protocol - a protocol for federated registry operation,
zone delegation, and harvesting, following the DNS zone delegation model.
GARR Attestation Token Profile - a profile of RATS EAT (RFC 9334) and/or
SCITT receipts for agent attestation, defining claims, signing algorithms,
and verification procedures.
IANA-managed Capability Identifier Registry - standardized identifiers for
agent capability declarations, analogous to the IANA URI scheme registry.

Relationship to Existing Protocols
Existing protocols this work builds on or must align with:

DNS (RFC 1034, RFC 1035) - foundational architecture; GARR follows the
zone delegation and resolution model
SVCB/HTTPS records (RFC 9460) - candidate vehicle for AgentCard pointers
in DNS
RATS (RFC 9334) - Remote ATtestation procedureS; directly relevant to agent
attestation; new EAT claims for agent-specific properties will be required
SCITT (IETF WG) - Supply Chain Integrity, Transparency, and Trust; relevant
to attestation ledger design
SPICE (IETF WG) - Secure Patterns for Internet Credentials; relevant to
credential format
WIMSE (IETF WG) - Workload Identity in Multi-System Environments; GARR
must align with workload identity work for agent-to-workload binding
JOSE (RFC 7515-7520) / COSE (RFC 8152) - candidate signing formats for
signed AgentCards; new IANA claim names required
did:web (W3C DID) - candidate mechanism for organization-level attestation
DMARC (RFC 7489) / DKIM (RFC 6376) - the DNS-based policy publication model
is directly analogous to proposed AgentCard DNS publication
WebFinger (RFC 7033) - candidate protocol for AgentCard publication at
well-known URIs

New protocols required:

AgentCard schema specification (new)
GARR Resolution Protocol (new, or DNS extension profile)
GARR Federation Protocol (new, or DNS zone transfer profile)
GARR Attestation Token Profile (RATS EAT profile, new claims)
IANA Capability Identifier Registry (new IANA registry)

Existing Implementations

GARR Reference Implementation (Python/FastAPI): prototype registry server
with AgentCard publication, Ed25519 signing, federated harvesting, and web
UI. To be published as open source prior to IETF 126.
Google A2A SDK (open source): GARR provides the identity layer below A2A.
https://github.com/google/A2A
Salesforce Agentforce AgentCard: proprietary predecessor concept; BOF
proposer contributed foundational work on this at Salesforce.
did:web implementations: multiple open source W3C did:web implementations
exist; GARR organization-level attestation may leverage these.

Proposed BOF Agenda (120 minutes)

00-05 Administrivia, Note Well, scribe (Chair)
05-20 Problem statement: why agent identity requires an open standard
20-35 GARR architecture: AgentCard, resolution, federation, attestation
35-45 Demo: GARR reference prototype
45-55 Relationship to CATALIST, Discovery, WIMSE, RATS, SCITT
55-65 Industry perspective (invited speaker TBD)
65-100 Open microphone: scope, feasibility, overlap, governance
100-115 Hum / Poll: WG formation interest and preferred scope
115-120 Summary and next steps (Chair)

Draft Milestones (If WG Forms)

Adopt AgentCard schema as WG document: IETF 127 (Nov 2026)
Adopt Resolution Protocol draft as WG document: IETF 127 (Nov 2026)
Adopt Attestation Token Profile draft as WG document: IETF 128 (Mar 2027)
AgentCard schema Last Call: IETF 129 (Jul 2027)
Resolution Protocol Last Call: IETF 130 (Nov 2027)
Attestation Token Profile Last Call: IETF 131 (Mar 2028)

Planned Internet-Drafts
The following I-Ds are in preparation for submission before the IETF 126
I-D cutoff:

draft-sharaf-garr-problem-statement-00
draft-sharaf-garr-agentcard-00
draft-sharaf-garr-architecture-00