Tenzro
A2A extension

TDIP binding for A2A.

An Agent-to-Agent protocol extension that lets agents present a verifiable Tenzro identity inside their Agent Card.
01

Overview

The Agent-to-Agent protocol describes agents through an Agent Card — a JSON document served at /.well-known/agent.jsonthat advertises the agent's name, skills, capabilities, and endpoint. By itself the Agent Card carries no proof that the entity serving it controls the identity it claims.

This extension binds an Agent Card to a decentralized identifier governed by the Tenzro Decentralized Identity Protocol. A binding lets any peer A2A agent verify, against the Tenzro Ledger, that the advertised identity, controller, and key really do correspond to the party serving the card.

The extension is identified by the URL https://tenzro.network/a2a/extensions/tdip-binding/v1 and appears under the extensions object of the Agent Card.

02

Identity claim

The binding presents three identity fields:

  • did— the agent's own Tenzro decentralized identifier, of the form did:tenzro:machine:<controller-address>:<suffix> for delegated agents, or did:tenzro:machine:<suffix> for autonomous agents.
  • controller — the decentralized identifier of the human or organisation that delegates authority to the agent, when applicable. Autonomous agents omit this field.
  • publicKey— the agent's signing key, expressed as a JSON Web Key. The key type and curve must match the entry registered for the decentralized identifier in the Tenzro Ledger.

The agent must be able to demonstrate control of publicKey; the controller, if present, must have a delegation that authorises the agent to act within the scope advertised in the Agent Card.

03

Signature scheme

The signature is computed over the canonical JSON serialisation of the Agent Card with the signature field excluded. Canonicalisation follows RFC 8785 (JSON Canonicalization Scheme): keys sorted lexicographically at every depth, no insignificant whitespace, UTF-8 encoding, and numbers serialised per RFC 8785.

The signing algorithm is Ed25519, encoded base64url without padding. The signature must verify under the public key declared in the same binding. If the binding declares a hybrid signing key, the post-quantum leg is included alongside the classical signature; both legs must validate.

04

Verification

A peer agent verifies the binding in three steps:

  1. Fetch the Agent Card from /.well-known/agent.json and extract the TDIP binding object.
  2. Resolve the decentralized identifier against the Tenzro Ledger. Resolution returns the registered public key, controller binding, and delegation scope.
  3. Recompute the canonical JSON of the Agent Card without the signature field and verify the Ed25519 signature against the registered public key.

Resolution can be performed by querying any Tenzro node or by calling the public verification endpoint at api.tenzro.network.

# Resolve the binding through the Tenzro Ledger.
curl -s https://api.tenzro.network/verify/transaction \
  -H 'content-type: application/json' \
  -d '{
    "did": "did:tenzro:machine:0xabc...:5f3e",
    "publicKey": "Qx1z8K...",
    "signature": "...",
    "payload": "<canonical JSON of the Agent Card without the signature field>"
  }'

A binding is valid when the decentralized identifier resolves, the declared public key matches the ledger entry, the signature verifies, the controller (if present) has not revoked the agent, and the advertised skills lie within the controller's delegation scope.

05

Example

An Agent Card for a settlement agent operated under a human controller, with a TDIP binding attached:

{
  "name": "settler.tenzro",
  "description": "Cross-chain settlement agent.",
  "url": "https://settler.example.com/a2a",
  "version": "2026-01-01",
  "capabilities": { "streaming": true },
  "skills": [
    { "id": "settlement", "name": "Settle invoice" },
    { "id": "verification", "name": "Verify receipt" }
  ],
  "extensions": {
    "https://tenzro.network/a2a/extensions/tdip-binding/v1": {
      "did": "did:tenzro:machine:0xabc...:5f3e",
      "controller": "did:tenzro:human:9c1a...",
      "publicKey": {
        "kty": "OKP",
        "crv": "Ed25519",
        "x": "Qx1z8K..."
      },
      "signatureAlg": "Ed25519",
      "signature": "base64url(Ed25519(canonicalJson(card_without_signature)))",
      "issuedAt": "2026-05-16T09:14:22Z"
    }
  }
}

The same shape applies to autonomous agents; the controllerfield is omitted and the agent's decentralized identifier resolves to itself.