ATH Protocol Specification v0.1

This document defines the ATH (Agent Trust Handshake) protocol specification. ATH is a lightweight, decentralized application-layer security protocol that establishes trusted connections between AI agents and external services.

Status

Version: 0.1 (Current) This is the initial release of the ATH specification, covering:
  • Agent identity model (URI-based Agent_ID + signed JWT attestation)
  • Three discovery modes (manual, gateway catalog, service-side .well-known)
  • Trusted handshake flow (Phase A: agent registration, Phase B: user OAuth consent)
  • Scope intersection enforcement
  • API endpoints (register, authorize, token, proxy, revoke)
  • Security considerations
  • Three adoption levels (gateway → agent-aware OAuth → native ATH)

Core Principle

An agent can access a service only when both conditions are met:
AuthorizationWho decidesWhat it answers
App-sideService provider / agent registry”Is this agent allowed to use this service?”
User-sideEnd user”Does this user allow this agent to act on their behalf?”
Neither authorization alone is sufficient.

Specification Sections

Handshake Flow

The trusted handshake protocol

Client Handshake

Client-side handshake flow

Client Reference Impl

Client reference implementation

Server Handshake

Server-side handshake flow and API endpoints

Server Reference Impl

Server reference implementation

Schema

JSON Schema reference

Conformance

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this specification are to be interpreted as described in RFC 2119.