To unify the proliferating set of would-be standards to govern AI agents, researchers have proposed yet another standard.
Proponents of agentic AI expect autonomous software bots will automatically complete multi-step, interactive tasks. To do so they'll need to use APIs to interact with enterprise applications and data and communicate with other agents. Work has begun on protocols to make that possible. Google has developed Agent2Agent (A2A), Anthropic offers Model Context Protocol (MCP), and IBM's contribution is the Agent Communication Protocol (ACP).
Another proposed protocol, the Agent Name Service (ANS), aims to fill the gaps between other proposed protocols by taking inspiration from the Domain Name System (DNS).
In a preprint paper titled, "Agent Name Service (ANS): A Universal Directory for Secure AI Agent Discovery and Interoperability," authors Ken Huang (DistributedApps.ai,), Vineeth Sai Narajala (Amazon Web Services), Idan Habler (Intuit), and Akram Sheriff (Cisco), make the case for a protocol-agnostic registry system that allows software agents to find each other and interoperate with some level of trust and assurance.
The authors make this proposal through their involvement with the Open Worldwide Application Security Project (OWASP) rather than as representatives of their respective employers.
"So what we see is in the near future, maybe as long as 10 years or short as two or three or five years, the majority of internet traffic will be agents," Ken Huang, chief AI officer of DistributedApps.ai and one of the paper's co-authors, told The Register.
Huang said that Anthropic's MCP is for internal enterprise use to connect models to corporate resources and that Google's A2A protocol is for horizontal business-to-business usage. IBM's ACP meanwhile is focused on agent-to-agent communication, specifically delegation and orchestration.
"There is no protocol-independent, standard way to find the agent," he said.
ANS aspires to play that role, at the risk of recalling XKCD's webcomic about standards.
The key to ANS is Public Key Infrastructure (PKI). "ANS differentiates itself by integrating PKI-based identity verification directly into the discovery and lifecycle management process, offering a universal registry mechanism that enhances trust and facilitates secure interaction across different protocol standards via a common discovery plan," the authors explain in their paper.
Thus, ANS is not just about finding agents but finding verified agents provided by known entities.
To understand how this works, imagine an organization, individual, or automated system has developed a software agent. To register it, the entity responsible would interact with an Agent Registry, a service that stores ACEM (Agent Credential and Entitlement Management) and DID (Decentralized Identifier) information and other details about agent capabilities, policies, and provenance.
The Agent Registry would communicate with a Certificate Authority (CA) that issues X.509 digital certificates for agents and a Registration Authority (RA) that validates agents as they join the system.
Under ANS, agents would publish metadata about themselves in JSON files. The authors' suggested fields suggested include: Protocol; Agent ID; Agent Capability; Provider; Version; Extension; Certificate; Digital Signature; ANS Name; and Endpoint.
In a scenario outlined by the authors, an agent claiming to be capable of performing sentiment analysis could have that claim checked by the Agent Registry or a verifying agent.
The authors have posted a reference implementation for the scheme on GitHub.
Huang said that the project has received positive feedback and MIT's Media Lab wants to explore the ideas it espouses. He also said some large companies are interested but have not publicly announced support.
The paper outlines various challenges to implementing ANS, such as architectural decisions about the extent of decentralization required, plus issues like latency, consistency, operational cost, and complexity.
Governance is also on the agenda.
To deal with issues like name collisions and name squatting, the paper says, "A governance model, potentially similar to ICANN for DNS, might be needed..."
That's a significant undertaking and will require funding. Microsoft last year published a similar proposal for personhood credentials - authenticating people rather than bots. Establishing enough momentum for either of these schemes to succeed will likely require support from many major industry players. ®
VCF bundle is worth it if you make the most of every part, says CTO
What about notebooks, including AI-ready devices? Ah well, still months to go, eh Microsoft
Exclusive Framework agreement may rescue some unis from 'financial abyss' after Oracle per-employee Java license, says insider
Baseball, apple pie, and assisted programming
FrontPage Remote Procedure Call and others set to be blocked in the name of 'Secure by Default'
Probably the easiest way to a Google-free smartphone or tablet
'Windows 365 Reserve' will be usable ten days a year for undisclosed fee