Decentralized Agent Network

Problem

Centralised agent registries do not scale across the public internet: every party must trust the registry operator, every cross-org integration requires an admin to onboard, and the registry becomes a single point of policy and failure. There is no protocol for an agent in organisation A to discover and cryptographically verify an agent in organisation B without a pre-arranged channel. Capability advertisement, identity verification, and authorisation all collapse onto the registry operator, who becomes a gatekeeper at internet scale.

Solution

Assign every agent a W3C Decentralized Identifier (DID) resolvable via a DID method (DID:web, DID:key, DID:ion, etc.). Publish the agent's capability graph as JSON-LD signed by the DID's key, hosted at a location the DID document points to. A peer wanting to discover or verify the agent resolves the DID, fetches the JSON-LD capability graph, verifies the signature against the DID's published keys, and proceeds with whatever interop protocol the capabilities advertise (MCP, A2A, or domain-specific). No central registry sits in the path; trust derives from the cryptographic chain rooted in the DID method.

When to use

• Agents must discover and verify each other across organisational boundaries with no shared registry.
• Cryptographic identity rotation is a hard requirement and centralised re-onboarding is unacceptable.
• Capability advertisement should be machine-parseable by generic tooling, not bespoke per vendor.
• The deployment is on the open internet rather than inside one enterprise.