Lab/DID-OPENA2A

Look up an agent the way a browser looks up a site

did:opena2a is the naming face: it turns an opaque agent into a resolvable name, so AIP, ATX, ATP and AAP all have a key to verify against. It comes first because nothing downstream works without it.

REFERENCE · read the full did:opena2a specification

Interactive lab · 1 of 5 in the familystart

the problem

Before the spec: the usual way

The usual way: an agent is just an opaque API key or a bare URL. There is no way to independently look up its public key, so you trust whoever handed you the string.

the usual way

x-api-key: sk-live-7f3a… (or a bare https URL)

The agent is just an opaque key or URL. There is no way to independently look up its public key or trust endpoints. You trust whoever handed you the string.

What is real here

did:opena2a is provisional (v0.1 draft, pending W3C DID Method Registry review). The trust model is explicit and not glossed: you trust a did:opena2a name exactly as much as you trust the Registry resolver you configured. Resolution is a cacheable HTTP call (the reference resolver sends Cache-Control max-age=300), so this is not a no-network claim; it is a name-to-signed-key claim. The Ed25519 check is real.

Copy as codeResolve a DID and use its key

import { resolveDid } from "@opena2a/did";

// HTTP GET, then cached for 5 minutes per Cache-Control.
const doc = await resolveDid("did:opena2a:agent:acme-corp/billing-agent");
const key = doc.verificationMethod[0].publicKeyHex;
// Everything downstream (AIP, ATX) verifies against this key.

Read the did:opena2a specification→Next: prove the agent holds the key→

Next in the chain2 of 5: Score an agent's trust, do not just check a box→