Episode 117 - GluuFederation/identerati-office-hours GitHub Wiki

• Host: Mike Schwartz, Founder/CEO Gluu
• Guest: Ken Huang, AI and Cybersecurity Expert

• Linkedin Event
• Youtube Video

Developed under the OWASP GenAI Security Project – Agentic Security Initiative, the Agent Name Service (ANS) Protocol has some interesting properties for agent identity and discovery:

• ✅ DNS-inspired universal registry for AI agents
• ✅ PKI-based identity verification (X.509) for trust
• ✅ Capability-aware discovery (find agents by what they do!)
• ✅ Protocol-agnostic design (A2A, MCP, ACP & more)
• ✅ Threat Analysis using MAESTRO Agentic AI Threat Modeling framework

Could a protocol like this provide a path towards building interoperable, trustworthy, and scalable AI ecosystems that can work together seamlessly across platforms and organizations? Join us to find out!

• White Paper: Agent Name Service (ANS) for Secure Al Agent Discovery v1.0

• IETF Draft Capability Attestation Extensions for the Entity Attestation Token (EAT) in Agentic AI Systems

• ⚡ Some kind of Agent Discovery Service is probably needed. But DNS is a security and privacy nightmare. PKI is a nightmare to scale. Is putting these two things together really a good idea?

• ⚡ Capabilities search is a great idea, but if the registries are federated, it's unclear how this could be accomplished. And what about fuzzy pattern matching, for example "voice authentication" and "speech authentication".

• ⚡ Why isn't ANS just a DID method? For example: did:ans:mcp://<ANSName>? What wouldn't that accomplish? Do we really need the PKI if domains publish their public keys somewhere like on a URL or "on the blockchain"? PKI is warranted for banking... but is it really warranted for Agent Discovery?

• ⚡ It's unclear what identifer to use for ANSName. Will each protocol (e.g. mcp, a2a) define its own naming convention? Will the names have some kind of built in trust model, for example to delegate authority for a "top level domain"?

• ⚡ Is a new ANS Server worth the risk of compromise? Just look how much trouble we have with DNS servers getting hacked... and people being hurt because they "trust" DNS. The ANS server is yet another infrastructure with hard-to-detect subtle compromises in the data.

• ⚡ To what extent we can trust the data itself? If "federation" is the answer, what kind of federation? A banking-like multi-party federation where a federation operator vets and certifies the participants? An open federation, like the Web, where anyone can connect who aligns with HTTP messaging? Or will different federations arise in different ecosystems? If so, this is un-DNS-like... DNS is an Internet scale infrastructure.

here