PHASE 0 ActiveProtocol Specification Governance
Foundation and Project Definition Define the mission, global scope, principles and initial structure of the project.
Dependency
Foundational phase — depends on no other.
Scope
Problem definition Internet of Agents definition W4GEO mission Positioning as an open protocol Independence from Seglox Neutrality principles Entities and participants definition Complete architecture Security principles Privacy principles Versioning strategy Documentation structure Public project identity Institutional site Initial documentation Public repository Initial contribution process
Mission, positioning, independence from Seglox, complete architecture and a public repository are already defined and published; formal versioning and a contribution process have not been structured yet.
PHASE 1 In DevelopmentProtocol Specification Reference Implementation
Discovery Protocol Allow humans, systems and agents to find W4GEO information by domain.
Dependency
Depends on the initial definition (Phase 0).
Scope
/.well-known/w4geo.json Document structure JSON Schema Versioning Entity identification Endpoints Public keys Services Agents Policies Evidence Revocations Federation Cache Content type Validation Security Fallback Examples Test vectors Implementation guide Conformance tests
The base document is already published in production and signature-verified; a formal JSON Schema, versioning, test vectors and the remaining endpoints do not exist yet.
PHASE 2 In DevelopmentProtocol Specification Reference Implementation Security and Privacy
Cryptographic Identity Create verifiable identity and proof of control.
Dependency
Depends on the initial definition (Phase 0); evolves in parallel with the Discovery Protocol.
Scope
Identifiers Initial Ed25519 Cryptographic extensibility Canonicalization Document signing Key IDs Proof of control Domain binding Timestamps Nonces Replay protection Key rotation Multiple keys Recovery keys Compromised key process Event signing Reference libraries Test vectors Conformance
Ed25519 signing and verification with canonicalization already work in production (w4geo-verify); key rotation, multiple keys and replay protection are still in specification.
PHASE 3 In SpecificationProtocol Specification
Entity, Domain and Business Context Represent and validate people, organizations, domains and digital assets.
Dependency
Depends on Cryptographic Identity (Phase 2) and the initial definition (Phase 0).
Scope
Entity schema Entity types Legal name Public name Jurisdiction Registrations Representatives Ownership declarations Domain ownership Domain control Official services Related domains Credentials Verified claims Evidence references Expiry Privacy classification Selective disclosure Status lifecycle Entity resolution Domain intelligence Business verification Conflict handling
PHASE 4 In SpecificationProtocol Specification Security and Privacy
Agent Identity and Runtime Attestation Identify agents, their responsible parties, implementations and execution environments.
Dependency
Depends on Cryptographic Identity (Phase 2).
Scope
agent_id Agent schema principal owner operator developer deployer purpose Agent class Model metadata Software version Runtime metadata Deployment environment Capabilities Restrictions Tool manifest Tool manifest hash Endpoint binding Version history Agent status Provenance Software attestation Runtime attestation TPM compatibility TEE compatibility Confidential computing compatibility Remote attestation Attestation evidence Fallback for unattested agents Privacy protections Conformance tests
PHASE 5 In SpecificationProtocol Specification Security and Privacy
Delegation and Capability Authorization Define verifiable authority that is limited and transferable in a controlled way.
Dependency
Depends on Agent Identity (Phase 4) and Cryptographic Identity (Phase 2).
Scope
Delegation schema Capability schema delegator delegate resources actions scopes conditions audience expiration jurisdiction parent delegation delegation chains attenuation maximum depth cycle detection privilege escalation prevention non-transferable capabilities usage limits financial limits temporal limits geographic limits purpose restrictions proof chain capability tokens Compatibility analysis with Macaroons Compatibility analysis with Biscuit Compatibility analysis with UCAN Compatibility with OAuth Compatibility with OIDC Policy enforcement Conformance tests
Delegation MUST NOT expand authority.
PHASE 6 In SpecificationProtocol Specification Security and Privacy
Revocation, Suspension and Recovery Enable a secure response to compromise, error, expiration and loss of control.
Dependency
Must evolve alongside Identity (Phase 2), Agents (Phase 4) and Delegation (Phase 5).
Scope
Revocation model Revocation registry Key revocation Identity revocation Agent revocation Credential revocation Delegation revocation Evidence revocation Suspension Expiration Status checking Propagation Cache invalidation Emergency shutdown Recovery keys Domain recovery Organization recovery Ownership transition Incident response Compromised validator process Audit trail Federation propagation Conformance tests
Architectural reference: /.well-known/w4geo-revocations.json. This endpoint is not operational yet.
PHASE 7 In SpecificationProtocol Specification
Evidence and Proof Registry Standardize facts, proofs, validations and events used in decisions.
Dependency
Can start early and evolve continuously alongside the other phases.
Scope
Evidence event model Evidence schema Event types subject issuer verifier source evidence hash signatures timestamp expiration jurisdiction status confidence privacy classification selective disclosure evidence chains provenance evidence revocation evidence disputes issuer reputation validator evidence append-only options public registries private registries federated registries API query model conformance tests
Evidence states
PROPOSED AUTHENTICATED ADMISSIBLE CONFIRMED DISPUTED REVOKED EXPIRED SUPERSEDED REJECTED
evidence — kyc_verified Copy
{
"type": "kyc_verified",
"issuer": "example-platform",
"subject": "w4geo:entity:123",
"status": "confirmed"
} evidence — fraud_confirmed Copy
{
"type": "fraud_confirmed",
"issuer": "example-bank",
"subject": "w4geo:entity:456",
"status": "confirmed"
} PHASE 8 ResearchProtocol Specification
Trust and Reputation Context Organize historical and contextual trust signals without creating an absolute universal authority.
Dependency
Depends on signals and evidence (Phase 7).
Scope
Trust signal taxonomy Positive signals Negative signals Contextual trust Entity reputation Agent reputation Capability reputation Domain reputation Issuer reputation Validator reputation Evidence quality Behavioral history Incident history Temporal decay Confidence intervals Dispute handling Reputation portability Anti-manipulation Sybil resistance Collusion resistance Transparency Explainability Privacy Optional scoring profiles No universal mandatory score
PHASE 9 ResearchProtocol Specification Security and Privacy
Risk Intelligence Engine Assess risk based on verifiable context, policies and signals.
Dependency
Depends on signals and evidence (Phase 7).
Scope
Risk signal schema Identity risk Domain risk Agent risk Runtime risk Tool risk Capability risk Delegation risk Evidence risk Transaction risk Fraud risk Jurisdiction risk Behavioral risk Anomaly detection Compromise indicators Contradictory evidence Configurable models Local risk policies Risk thresholds Explainability Confidence Model versioning Auditability Human review Data minimization Adversarial testing Red-team testing API Reference engine
PHASE 10 In SpecificationProtocol Specification
Policy and Decision Context Turn identity, authority, evidence, trust and risk into auditable decisions.
Dependency
Depends on Risk Intelligence (Phase 9) and Delegation (Phase 5).
Scope
Policy schema policy issuer applicable jurisdiction policy version required evidence required assurance accepted validators denied capabilities restrictions thresholds human approval rules allow deny conditional require_more_evidence require_human_review suspend quarantine decision reasons decision expiration policy conflict jurisdiction conflict appeal path policy engine decision API decision receipts conformance tests
Identity + Authority + Delegation + Evidence + Reputation + Risk + Policy = Decision Context.
PHASE 11 ResearchProtocol Specification Validation and Pilots
Semantic Quorum Resolve conflicts between evidence, validators, sources and interpretations.
Dependency
Depends on Evidence (Phase 7), validators and decisions (Phase 10).
Scope
Quorum model Validator responses Weighted quorum Minimum quorum Domain specialization Validator diversity Conflicting evidence Conflicting policies Semantic versions Consensus Registered dissent Aggregate confidence Validator accountability Anti-collusion Anti-Sybil mechanisms Trust boundaries Appeal Re-evaluation Quorum receipts Public quorum Private quorum Regulated quorum Pluggable consensus mechanisms Reference implementation Simulations Adversarial testing
Semantic Quorum does not require blockchain — the architecture allows different consensus mechanisms.
PHASE 12 ResearchFederation and Global Network
Federation Enable interoperability between different operators, sectors, countries and networks.
Dependency
Depends on identity, revocation (Phase 6), governance (Phase 13) and interoperability (Phase 16).
Scope
Federation model Public federation Private federation Regulated federation Sector federation Validator admission Validator removal Trust anchors Root policies Cross-federation recognition Cross-federation evidence Cross-federation revocation Federation discovery Federation metadata Node discovery Protocol negotiation Version compatibility Synchronization Trust lists Block lists Policy translation Jurisdiction boundaries Dispute resolution Federation exit Compromised federation handling Federation conformance
PHASE 13 ProposedGovernance
Governance and Standardization Create an open, neutral, transparent and sustainable governance model.
Dependency
Must evolve alongside every phase that requires shared rules.
Scope
Governance charter Maintainer roles Contributor roles Technical steering Security council Conflict-of-interest rules Proposal process Request for comments Specification changes Voting mechanisms Consensus mechanisms Release process Semantic versioning Backwards compatibility Deprecation Intellectual property policy Trademark policy Code of conduct Vulnerability disclosure Security response Transparency reports Validator governance Federation governance Dispute procedures Appeals Independent participation International participation Standardization strategy
No foundation or council has been constituted yet.
PHASE 14 In SpecificationSecurity and Privacy Protocol Specification
Audit, Accountability and Compliance Enable reconstruction, explanation, contestation and oversight of decisions.
Dependency
Must exist from the earliest implementations and expand with every layer.
Scope
Audit record schema Decision receipt Identity snapshot Agent snapshot Runtime snapshot Delegation trail Evidence trail Reputation context Risk context Policy trail Quorum result Validator responses Timestamps Signatures Software versions Data sources Decision result Explanation Human intervention Appeal Retention Redaction Selective disclosure Privacy controls Compliance export Auditor role Independent audit Regulated audit Tamper evidence Verification tools
decision audit object Copy
{
"decision": "approved",
"subject": "w4geo:agent:payments-001",
"action": "release_payment",
"policy": "w4geo-payment-policy-v1",
"evidence": [],
"authority_chain": [],
"delegation_chain": [],
"risk_factors": [],
"validators": [],
"timestamp": "2026-07-11T00:00:00Z",
"proof_hash": "sha256:..."
} PHASE 15 In DevelopmentReference Implementation Developer Ecosystem
Reference Implementation and Developer Ecosystem Provide real tools for adoption.
Dependency
Depends on every specification that already has enough content to implement.
Scope
Reference server Reference resolver Identity library Signing library Validation library Delegation library Revocation client Evidence registry Risk reference engine Policy engine Quorum engine Audit verifier Validator node Federation node Command-line interface JavaScript SDK TypeScript SDK Python SDK Java SDK Go SDK Examples Starter templates Test suite Conformance suite Playground Validator dashboard Documentation portal API reference Migration guides Integration guides
w4geo-verify (reference server, resolver, MCP server and signing scripts) already exists and is public; SDKs, CLI, playground and dashboard have not been built yet.
PHASE 16 ResearchInteroperability
Interoperability Integrate W4GEO with the existing ecosystem.
Dependency
Depends on the core specifications (Phases 1–10) being mature enough to map compatibility.
Scope
DNS HTTPS JSON-LD Schema.org OAuth 2.0 OpenID Connect DID Verifiable Credentials MCP A2A Agent identity protocols Capability systems PKI Certificate transparency Confidential computing TPM TEE Cloud identity Enterprise IAM API gateways Security platforms Compliance systems
No official third-party endorsement is claimed — technical interoperability is planned only.
PHASE 17 PlannedSecurity and Privacy
Security Validation Test the protocol against real threats.
Dependency
Depends on enough implementation existing (Phases 1, 2, 15) to test against real threats.
Scope
Threat model Impersonation Key theft Replay Privilege escalation Delegation abuse Cycle attacks Stale revocation Evidence forgery Validator collusion Sybil attacks Federation compromise Policy manipulation Semantic disagreement Malicious agents Compromised runtimes Tool substitution Model substitution Metadata tampering Privacy leakage Correlation attacks Denial of service Dependency compromise Supply-chain attacks Penetration testing Public security review Bug bounty planning Red-team exercises Incident response drills
PHASE 18 PlannedValidation and Pilots
Pilot Implementations Validate the protocol in real environments.
Dependency
Depends on the Reference Implementation (Phase 15) and Security Validation (Phase 17).
Scope
Software APIs E-commerce Marketplaces Financial services Healthcare Legal services Public administration Creator platforms Digital identity Cybersecurity Autonomous commerce Enterprise agents Agent-to-agent services
Seglox acts as an early implementation environment, never as the owner of the protocol. No pilot beyond that is confirmed.
PHASE 19 ProposedFederation and Global Network Validation and Pilots
Public Validator and Federation Network Operate distributed, interoperable infrastructure.
Dependency
Depends on Federation (Phase 12), Governance (Phase 13) and Pilots (Phase 18).
Scope
Validator node specification Validator admission Validator identity Validator attestation Validator reputation Public discovery Health monitoring Revocation Federation formation Cross-federation testing Public status Transparency logs Quorum operation Governance participation Incident response Geographic diversity Organizational diversity Jurisdiction diversity Sustainability model
PHASE 20 ProposedFederation and Global Network Governance
Global Adoption and Long-Term Evolution Make W4GEO a sustainable global infrastructure.
Dependency
Depends on the public validator network (Phase 19) being operational.
Scope
International contributors Multilingual specifications Regional governance participation Regulated-sector profiles Industry profiles Government profiles Education Certification programs Conformance certification Interoperability events Public research Protocol maintenance Security maintenance Backward compatibility New cryptography Post-quantum migration Long-term archival Governance evolution Ecosystem sustainability Standardization submissions Independent implementations