LIVE · APRIL 1, 2026
Every agent.
Verified.
Agent Registry for Identity & Authorization
The open protocol for AI agent identity. DNS-anchored. Post-quantum native. Governed by a nonprofit. Working today.
AI agents are crossing organizational boundaries thousands of times per second — negotiating contracts, moving money, accessing sensitive data. There is no standard way to verify who they are, who authorized them, what they’re allowed to do, or how to stop them if something goes wrong.
Every platform invents its own answer. None of them talk to each other. None of them survive the agent crossing an organizational boundary.
We built the layer that was missing.
ARIA is an open protocol that gives every AI agent a verifiable, cryptographically-signed identity — anchored to the internet’s existing trust infrastructure, governed by a nonprofit, and working today.
AID — Agent Identity Document
Every agent registered through ARIA receives an AID: a W3C Verifiable Credential containing the agent’s identity, who authorized it, and what it’s allowed to do — cryptographically signed, portable, and independently verifiable. Including offline.
Four Trust Levels
L0 through L3 — from cryptographic self-service to government-verified legal entity. Free to start. DNS anchoring begins at L1. Each level adds human and organizational verification on top of the same cryptographic foundation.
DNS Anchoring
Starting at L1, every credential is bound to a DNS TXT record — the same infrastructure that has governed the internet for 40 years. L0 operates without DNS — the cryptographic entry point with zero friction.
Post-Quantum Cryptography
ML-DSA-65 + Ed25519 composite signatures (FIPS 204 + RFC 8032). Both must verify. Not a migration plan. The launch configuration.
ATP — Agent Trust Protocol
ARIA gives agents an identity. ATP is the process when that identity arrives at your door. Three-phase handshake: declare identity and intent, evaluate against DNS-published policy, admit or reject. DMARC for AI agents.
Trust Ledger
Every credential lifecycle event — issuance, renewal, suspension, revocation, expiry, tombstone — permanently recorded in an append-only log. Not interaction logging. The audit trail that proves accountability.
Before an agent is admitted, it must state its purpose — what it intends to do, for whom, and within what boundaries. No other agent protocol requires this. Accountability starts with intent.
ARIA does not replace any existing protocol. It provides the identity layer that none of them include.
A2A handles communication. SPIFFE handles infrastructure identity. MCP handles tool connectivity. OAuth handles tokens. Microsoft Entra, AWS AgentCore, and Google IAM handle cloud identity. None provide verifiable organizational identity with revocation across boundaries.
ARIA is the identity layer between trust domains — designed to complement, not compete.
When an agent arrives at your infrastructure, the protocol answers three questions in milliseconds.
Identity
Who is this agent? Who authorized it? Is the AID valid? Is it anchored to a domain the principal controls? Has it been revoked?
Intent
What does it want to do? On whose behalf? Within what boundaries? Intent declaration is a protocol requirement. No declaration, no entry.
Authorization
Does the trust level meet your policy? Are scopes sufficient? ATP evaluates against your DNS record and logs to the Trust Ledger.
These aren’t abstract principles. They’re protocol operations running live at api.aria.bar.
Maria runs a logistics company in Mexico City. She authorizes an AI agent to negotiate freight rates with three carriers. Each carrier’s system checks the agent’s ARIA credential in milliseconds: Is it real? Is Maria’s company verified? Is it authorized to negotiate up to $50,000? Can she revoke it instantly?
Yes to all four. Every action signed, timestamped, traceable. If the agent is compromised, she kills its credentials globally.
This works today. Live at api.aria.bar.
1,000 API requests per minute.
How many are agents?
No identity
Any process can claim to be anything. Without verified identity, every API call is blind trust.
Invisible scope creep
Agents exceed their mandate. Without boundaries, overreach is undetectable until damage is done.
No kill switch
Compromised agents keep operating. No standard mechanism to revoke credentials across systems.
Six protocol layers. One open standard.
Every layer maps to an existing standard. No new crypto. No proprietary formats.
Four trust levels. Progressive verification.
Every level post-quantum. DNS anchoring begins at L1. Behind every level: a human authorized this agent.
Cryptographic identity. Self-service. No DNS required.
DID + keypair generation.
Internal tooling, development, testing
DNS-anchored and verified. An identified person controls this agent.
L0 + DNS verification. Automatic.
External agents, support bots, assistants
Organization verified via DoH. vLEI-compatible.
L1 + DNS-over-HTTPS. 2-day review.
B2B commerce, data access, procurement
Legal entity. Government registry. HSM.
L2 + legal docs + admin approval.
Finance, healthcare, regulated contracts
ARIA gives agents a passport.
ATP is customs.
Like DMARC for AI agents. Publish a DNS record. Set your trust requirements. Start with monitoring. Move to enforcement.
The agent presents its identity (AID) and declares its intent.
The receiver checks credentials against its published DNS policy.
Pass or reject. The evaluation result is returned as an ATP response code. Enforcement follows the mode set in your DNS policy.
_aria-policy.bank.com TXT "v=ATP1; min=L2; enforce=strict; req=finance:*; intent=purpose,principal_ref"
Trust Ledger — Everything is recorded
Append-only log of credential lifecycle events. The audit trail that makes agent identity accountable.
Behind every AI agent: a human.
At every trust level, a human principal authorized this agent. L0: a human generated the keypair. L1: the credential is DNS-anchored and an identified person controls it. L2: the organization verified. L3: the legal entity verified. The chain always leads back to a person.
Agents don’t exist in a vacuum. They exist because someone authorized them. ARIA makes that authorization cryptographically provable and instantly revocable.
Try it right now.
curl https://api.aria.bar/v1/verify/did:aria:aria.bar:agent-alpha
Public endpoint. No auth required. Real-time.
import { verifyAgent } from '@aria-registry/verify'; const result = await verifyAgent(credential); if (result.valid) { console.log(result.did, result.trustLevel); }
~20KB · Offline-capable · TypeScript. SDK by TUNO Labs. Apache 2.0.
Built on open standards. Filed with NIST.
Filed with NIST docket 2025-0035, March 9, 2026. NCCoE concept paper submitted April 2, 2026. Factual filings — not endorsements.
Owned by a nonprofit. Operated transparently.
Same model as Mozilla. Nobody owns the standard. Everybody can build on it.
TrustLayer Foundation A.C.
Owns the protocol, spec, and standard. Constituted March 20, 2026. Anti-capture clause. CC-BY-4.0 docs. Apache 2.0 code. Public RFC process.
Consejo: Aaron Grego (Presidente) · Adolfo Grego Micha (Secretario) · Ivan Moreno Mendoza (Vocal) · Carlos Grego Samra (Tesorero)
TUNO Labs SAPI de CV
Operates registry, API, platform, and SDK under ROLA license from TLF. Sibling entity, not subsidiary. 14 years DNS heritage via Punto 2012 (101K+ domains).
Technical Steering Committee
Technical authority on protocol and spec. Open membership through contribution. Apache/IETF model.
Working Groups
Community-driven, GitHub RFC process. Cryptography, trust levels, ATP, commerce, compliance.
Advisory Board
AI infrastructure, identity standards, internet governance. 4-6 meetings/yr. Remote-first.
Open by design. Real by implementation.
ARIA is not a product. It’s infrastructure — and infrastructure belongs to everyone who builds on it.
Register your agent.
Today.
The agents are already here. The question is whether they have identity.