W4GEO.org
W4GEO-RFC-001 · OPEN PROTOCOL

Trust infrastructure for the Internet of Agents

W4GEO is an open protocol for verifiable identity, authority, evidence, risk, governance and audit across humans, organizations and autonomous agents.

Open Protocol
Ed25519 Identity
Reference Implementation Available
Initial Production Adoption
Specification in Development
EntityIdentityAgentDelegationEvidenceDecisionAudit
§ 1

1.Why W4GEO

An open trust and verifiable context protocol for the Internet of Agents.

The Web has protocols for documents, communication, identity and payments. W4GEO defines a verifiable trust, authority and context layer for humans, organizations and autonomous agents.

W4GEO lets systems and agents discover:

Who an entity is
Which domain, organization or person controls it
Who created or operates an agent
What actions that agent can perform
Who delegated that authority
What limitations apply
What evidence supports a claim
Whether an identity, key, credential or delegation has been revoked
What policies and jurisdictions apply
How a decision was calculated
How that decision can be audited
How different validators and networks can interoperate
§ 2

2.The Problem

Autonomous agents can already:

Access systemsUse toolsRepresent people and organizationsExecute transactionsExchange informationMake decisionsOperate across platforms

Autonomous agents already do all of this today. But today's protocols only solve isolated parts of the problem — none of them unify identity, ownership, authority, delegation, context, evidence, reputation, risk, policy, revocation, consensus, audit and governance into a single verifiable layer.

What still needs to come together
IdentityOwnershipAuthorityDelegationContextEvidenceReputationRiskPolicyRevocationConsensusAuditGovernance
§ 3

3.The W4GEO Proposal

W4GEO does not replace existing identity, authorization, agent communication or credential standards. It connects them into a shared trust and decision context.

Planned compatibility and complementarity with:

DNS and HTTPSJSON-LD and Schema.orgOAuth 2.0OpenID ConnectDIDVerifiable CredentialsMCPA2AAgent identity protocolsCapability-based authorizationCryptographic signaturesPublic key infrastructureConfidential computing and runtime attestation

Planned technical interoperability — no partnership or official integration is claimed with any organization or standard listed above.

§ 4

4.Complete Architecture — 16 Layers

Every layer below officially belongs to the W4GEO architecture — a layer not being implemented yet does not mean it is out of scope.

LAYER 1In Development

Discovery Layer

Standardized discovery of entities, agents, keys, services, endpoints, capabilities and W4GEO documents.

/.well-known/w4geo.jsonPublic discovery documentsDomain resolutionIdentity endpointsAgent endpointsEvidence endpointsRevocation endpointsPolicy endpointsVersion and compatibility metadata

The base document and domain resolution are already in production; agent, evidence, revocation and policy endpoints do not exist yet.

View in the Roadmap →
LAYER 2In Development

Cryptographic Identity Layer

Verifiable cryptographic identity and proof of control.

IdentifiersPublic keysDigital signaturesKey rotationCanonicalizationProof of controlKey-domain-entity bindingMultiple cryptographic methodsInitial Ed25519 compatibilityExtensible algorithmsReplay protectionTimestampsNonces

Ed25519 signing and verification with canonicalization already work in production; key rotation, multiple methods and replay protection are still in specification.

View in the Roadmap →
LAYER 3Specification

Domain Intelligence Layer

Validate and contextualize domains and digital assets.

Domain ownership or controlChange historyDomain-entity relationshipOfficial servicesAuthorized subdomainsTechnical signalsPublic recordsEndpoint integritySuspicious changesAssociated assets

Hidden or redacted data does not mean fraud. It only means the identity could not be corroborated by that source.

View in the Roadmap →
LAYER 4Specification

Entity and Business Verification Layer

Represent and verify people, companies, organizations, governments, institutions, communities, creators, projects, services and digital assets.

Entity typeLegal namePublic namesJurisdictionBusiness registrationsRepresentativesResponsible partiesAddressesTax identifiersCredentialsVerified declarationsDomain linksVerification statusTemporal validityEvidence origin

No global business-verification database exists yet.

View in the Roadmap →
LAYER 5Specification

Agent Identity Layer

Bind an autonomous agent to the entity that operates it.

agent_idprincipalowneroperatordeveloperdeployerDeclared purposeAgent classModel usedSoftware versionExecution environmentAvailable toolsTool manifest hashCapabilitiesRestrictionsEndpointsStatusVersion historyRuntime identityRuntime attestationProvenanceEntity bindingDomain binding
View in the Roadmap →
LAYER 6Specification

Delegation and Capability Layer

Define who authorized an agent and what it is allowed to do.

delegatordelegatecapabilityresourceactionscopeconditionsexpirationaudiencejurisdictionmax depthparent delegationproof chainattenuationcycle detectionnon-transferabilityrevocationusage constraintsrate limitsfinancial limitsgeographical limitstemporal limits

Delegation MUST NOT expand authority. Every sub-delegation must have authority equal to or lower than the previous delegation.

View in the Roadmap →
LAYER 7Specification

Revocation and Recovery Layer

Interrupt and safely recover trust.

Key revocationIdentity revocationAgent revocationCredential revocationDelegation revocationEvidence revocationTemporary suspensionExpirationRecovery keysKey rotationDomain recoveryOrganizational recoveryCompromised key proceduresEmergency shutdownPropagation statusRevocation registry

Architectural reference: /.well-known/w4geo-revocations.json. This endpoint is not operational yet.

View in the Roadmap →
LAYER 8Specification

Evidence and Proof Registry

Register facts, proofs, validations and events — not arbitrary opinions.

domain_verifiedorganization_verifiedidentity_verifiedkyc_verifiedcredential_issuedcredential_revokeddelegation_createddelegation_revokedagent_registeredagent_updatedruntime_attestedpolicy_applieddispute_openeddispute_resolvedvalidator_decisionsecurity_incident
View in the Roadmap →
LAYER 9Research

Trust and Reputation Layer

Organize historical and contextual trust signals.

Validated identityOperational historyCredentialsIncidentsRevocationsConsistencyProvenanceBehaviorPositive and negative evidenceContextual trustDomain reputationCapability reputationIssuer reputationValidator reputationTemporal decayDispute handlingLimited, contextual portability

Reputation is not absolute truth and should not be treated as a single universal score.

View in the Roadmap →
LAYER 10Research

Risk Intelligence Layer

Calculate contextual risk.

Identity riskDomain riskAgent riskTool riskDelegation riskTransaction riskEvidence riskJurisdiction riskBehavioral riskFraud riskCompromise riskAnomaliesContradictory signalsLocal policiesVerifier risk tolerance

The protocol standardizes signals, inputs, justifications and auditable results, without forcing every organization to use the same risk model.

View in the Roadmap →
LAYER 11Specification

Policy and Decision Context Layer

Combine verifiable context and policy into a decision.

policy_idpolicy issuerapplicable jurisdictionrequired evidenceminimum assuranceaccepted validatorsdenied capabilitiesconditional approvalhuman approval requirementrisk thresholddecision resultdecision reasonsexpirationappeal path

Identity + Authority + Delegation + Evidence + Reputation + Risk + Policy = Decision Context. Decisions can result in: allow, deny, conditional, require_more_evidence, require_human_review, suspend, quarantine.

View in the Roadmap →
LAYER 12Research

Semantic Quorum Layer

Resolve divergence between sources, validators, policies and interpretations.

Multiple validatorsWeightsDomain specializationEvidence conflictMinimum quorumConsensusRegistered dissentSemantic versionJustificationsAggregate confidenceAnti-collusion rulesValidator diversityAppeal mechanisms

Semantic Quorum does not require blockchain — the architecture allows different consensus and validation mechanisms.

View in the Roadmap →
LAYER 13Research

Federation Layer

Interoperability between organizations, validators, jurisdictions and W4GEO networks.

Public federationsPrivate federationsSector federationsGovernment federationsValidator admissionTrust anchorsCross-federation recognitionPortabilityLocal policiesVersion compatibilityNode discoverySynchronizationTrust listsBlock listsFederated revocationConflict resolution
View in the Roadmap →
LAYER 14Proposed

Governance and Compliance Layer

Rules for evolution, participation and accountability.

Open governanceProposal processVersioningCompatibilitySpecification maintenanceCommunity participationConflicts of interestSecurityVulnerability disclosureBrand protectionNeutralityTransparencyJurisdictionsPrivacyData protectionRetentionConsentDisputesAppealsSanctionsValidator exit
View in the Roadmap →
LAYER 15Specification

Audit and Accountability Layer

Reconstruct decisions and actions.

Audit recordsDecision logsIdentity snapshotDelegation trailEvidence trailPolicy trailRisk signalsValidator responsesTimestampsSignaturesSoftware versionsRuntime informationResultExplanationAppealRetention policyPrivacy controlsSelective disclosure
View in the Roadmap →
LAYER 16Proposed

Global Network Layer

Future distributed operation of the ecosystem.

Validator nodesFederation nodesDiscovery nodesTrust authoritiesEvidence providersIdentity issuersPolicy issuersAudit servicesMonitoring servicesPublic infrastructurePrivate infrastructureGovernance participationInteroperability testingConformance testing
View in the Roadmap →
§ 5

5.Ecosystem Entities

SubjectHumanOrganizationDomain OwnerAgentPrincipalOperatorDeveloperDeployerDelegatorCredential IssuerEvidence ProviderValidatorPolicy IssuerAuditorFederationResolverRelying PartyGovernance Participant

An organization can play more than one role, as long as conflicts of interest are declared and handled.

§ 6

6.The Complete Trust Cycle

DiscoveryIdentity ResolutionDomain and Entity VerificationAgent ResolutionRuntime VerificationDelegation ValidationRevocation CheckEvidence CollectionReputation ContextRisk EvaluationPolicy EvaluationSemantic QuorumDecisionAudit RecordMonitoringDispute or Recovery
§ 7

7.Use Cases

An agent authorized to make a purchase
A financial agent with a transaction limit
A customer-service agent representing a company
A medical agent accessing permitted data
A legal agent submitting documents
A software agent executing a deploy
A marketplace validating a seller and its agent
A platform verifying a creator and their content
A government verifying an organization and its representative
A company granting access to APIs
An agent hiring another agent
An agent using MCP tools
Agent-to-agent communication via A2A
Verification of an official domain
Fighting fake sites and impersonation
Verification of credentials and evidence
Audit of an automated decision
Emergency revocation of a compromised agent
§ 8

8.Privacy & Security

Data minimizationPrivacy by designSelective disclosureConsentPurpose limitationCryptographic verificationLeast privilegeCapability attenuationRevocationKey rotationAuditabilityZero-trust assumptionsProtection against replayProtection against impersonationProtection against privilege escalationProtection against validator collusionProtection against evidence tamperingProtection against correlation and unnecessary tracking

Public documents must not contain unnecessary personal data.

§ 9

9.Openness & Neutrality

Open protocolPublic specificationIndependent implementationVendor neutralityExtensibilityInteroperabilityCommunity participationTransparent developmentCompatibility with existing standards

License: to be defined. No specific license has been set in the repository yet.

§ 10

10.What Exists Today

Protocol vision and definitionAvailable
Complete architecture (16 layers)Specification
Public siteIn Development
Discovery document (.well-known/w4geo.json)Available
Reference implementation (w4geo-verify)In Development
GovernanceProposed
Public validationPlanned
Federated networkPlanned
§ 11

11.Protocol Documents

W4GEO OverviewDraft
Core SpecificationPlanned
Discovery SpecificationIn Development
Identity SpecificationIn Development
Agent Identity SpecificationPlanned
Delegation and Capability SpecificationPlanned
Revocation and Recovery SpecificationPlanned
Evidence Registry SpecificationPlanned
Trust and Reputation SpecificationPlanned
Risk Intelligence SpecificationPlanned
Policy and Decision SpecificationPlanned
Semantic Quorum SpecificationPlanned
Federation SpecificationPlanned
Governance SpecificationPlanned
Audit SpecificationPlanned
Security ConsiderationsPlanned
Privacy ConsiderationsPlanned
Conformance RequirementsPlanned
JSON SchemasPlanned
API ReferencePlanned
Test VectorsPlanned
§ 12

12.Participation

For developers, researchers, companies, governments, security professionals, standards contributors, identity providers, agent platform builders, validators and auditors:

§ 13

13.FAQ

W4GEO is an open protocol for verifiable identity, authority, delegation, evidence, risk, governance and audit between humans, organizations and autonomous agents.