Add wallet-native Agent Identifiers and proof/payment binding#17
Conversation
fcfe108 to
f752eaa
Compare
Adds an OPTIONAL did:pkh Agent Identifier profile (normative when a Verifier accepts it) under Agent Identifier Schemes and HTTP-Layer Binding, and a normative Proof and Payment Binding security subsection: when a route requires both x401 proof and a machine-payment artifact and binds the Agent, the payer identity (from the payment protocol's non-settling verification step) MUST be the bound Agent Identifier or a credential-attested authorized key, validated before settlement against the same unexpired verifier-issued request context, with payer_agent_mismatch reported in PROOF-RESPONSE. Adds conditional verifier conformance bullets, a combined proof+payment example, and tightens the Machine Payments and 402 open question to note the identity-binding invariant is settled while carrier mappings, quote binding, and sequencing remain open. x401 stays payment-neutral; no payment protocol, library, or product name appears in normative text.
f752eaa to
af92838
Compare
|
I think this PR gets the main invariant right, especially keeping the Agent Identifier identity-only and requiring payer identity to match the bound Agent or an attested key before settlement. The part I am less sure about is whether "the same unexpired verifier-issued request context" is meant to be a named binding object/reference, or just verifier-local state. If an implementation wants to test or audit this, it would be helpful to know what has to be tied together: x401 nonce/request id, route and method, Agent Identifier, payment quote, and payment artifact or receipt id. If the exact carrier shape is intentionally out of scope, maybe the PR can say that the identity-binding invariant is settled here, while the concrete binding reference/bytes stay with the per-protocol carrier mappings. |
Summary
Adds wallet-native Agent Identifiers and proof/payment binding guidance to x401.
This introduces an optional
did:pkh:eip155:<chainId>:<address>Agent Identifier profile for deployments that want to bind an Agent to an EVM account. The profile is identity-only and does not change the402 Payment Requiredboundary. Verifiers that accept it must treat the chain id as part of the identity and verify account control using the account's own signature rules: EIP-191/secp256k1 for EOAs and ERC-1271 for smart-contract accounts.The PR also adds proof/payment binding guidance for routes that require both x401 proof satisfaction and a machine-payment artifact. In that case, the Verifier determines payer identity through the payment protocol's non-settling verification step, checks that it matches the bound Agent Identifier or a credential-attested authorized key/account, and rejects mismatches before settlement.
Changes
Validation
git diff --checkspec-up