Table of Contents
Fetching ...

Agent Identity URI Scheme: Topology-Independent Naming and Capability-Based Discovery for Multi-Agent Systems

Roland R. Rodriguez

TL;DR

The paper tackles the problem of agent identity being bound to deployment location, which breaks references during migration and federation. It introduces the agent:// URI scheme, built from a trust root, a hierarchical capability path, and a sortable agent-id, enabling topology-independent identity and capability-based discovery via a DHT with trust-scoped keys. Cryptographic attestation using PASETO tokens binds capabilities to identities, supporting verifiable claims without real-time contact with issuers, while formal analyses provide migration invariance and $O(\log N)$ resolution. Empirical evaluation demonstrates complete capability expressiveness (100% coverage on 369 tools), perfect discovery precision/recall ($F1=1.0$) across 10,000 agents, and microsecond-scale operations, underscoring practical viability. The approach offers a foundation for decentralized agent identity that supports federation without centralized registries and has potential to influence future multi-agent system architectures and governance models.

Abstract

Multi-agent systems face a fundamental architectural flaw: agent identity is bound to network location. When agents migrate between providers, scale across instances, or federate across organizations, URI-based identity schemes break references, fragment audit trails, and require centralized coordination. We propose the agent:// URI scheme, which decouples identity from topology through three orthogonal components: a trust root establishing organizational authority, a hierarchical capability path enabling semantic discovery, and a sortable unique identifier providing stable reference. The scheme enables capability-based discovery through DHT key derivation, where queries return agents by what they do rather than where they are. Trust-root scoping prevents cross-organization pollution while permitting federation when desired. Cryptographic attestation via PASETO tokens binds capability claims to agent identity, enabling verification without real-time contact with the issuing authority. We evaluate the scheme across four dimensions: capability expressiveness (100% coverage on 369 production tools with zero collision), discovery precision (F1=1.0 across 10,000 agents), identity stability (formal proofs of migration invariance), and performance (all operations under 5 microseconds). The agent:// URI scheme provides a formally-specified, practically-evaluated foundation for decentralized agent identity and capability-based discovery.

Agent Identity URI Scheme: Topology-Independent Naming and Capability-Based Discovery for Multi-Agent Systems

TL;DR

The paper tackles the problem of agent identity being bound to deployment location, which breaks references during migration and federation. It introduces the agent:// URI scheme, built from a trust root, a hierarchical capability path, and a sortable agent-id, enabling topology-independent identity and capability-based discovery via a DHT with trust-scoped keys. Cryptographic attestation using PASETO tokens binds capabilities to identities, supporting verifiable claims without real-time contact with issuers, while formal analyses provide migration invariance and resolution. Empirical evaluation demonstrates complete capability expressiveness (100% coverage on 369 tools), perfect discovery precision/recall () across 10,000 agents, and microsecond-scale operations, underscoring practical viability. The approach offers a foundation for decentralized agent identity that supports federation without centralized registries and has potential to influence future multi-agent system architectures and governance models.

Abstract

Multi-agent systems face a fundamental architectural flaw: agent identity is bound to network location. When agents migrate between providers, scale across instances, or federate across organizations, URI-based identity schemes break references, fragment audit trails, and require centralized coordination. We propose the agent:// URI scheme, which decouples identity from topology through three orthogonal components: a trust root establishing organizational authority, a hierarchical capability path enabling semantic discovery, and a sortable unique identifier providing stable reference. The scheme enables capability-based discovery through DHT key derivation, where queries return agents by what they do rather than where they are. Trust-root scoping prevents cross-organization pollution while permitting federation when desired. Cryptographic attestation via PASETO tokens binds capability claims to agent identity, enabling verification without real-time contact with the issuing authority. We evaluate the scheme across four dimensions: capability expressiveness (100% coverage on 369 production tools with zero collision), discovery precision (F1=1.0 across 10,000 agents), identity stability (formal proofs of migration invariance), and performance (all operations under 5 microseconds). The agent:// URI scheme provides a formally-specified, practically-evaluated foundation for decentralized agent identity and capability-based discovery.
Paper Structure (42 sections, 3 theorems, 2 equations, 6 tables)

This paper contains 42 sections, 3 theorems, 2 equations, 6 tables.

Key Result

Theorem 1

Resolution of any agent uri terminates in $O(\log N)$dht hops, where $N$ is the number of dht nodes.

Theorems & Definitions (5)

  • Theorem 1: Bounded Resolution
  • proof
  • Corollary 1
  • Theorem 2: Eventual Consistency
  • proof : Proof sketch