How TSAI works
TSAI introduces a trust signaling layer for the agentic economy. Independent Trust Authorities evaluate agents and issue short-lived credentials, which agents then present when accessing services. Service providers verify these credentials offline — and make their own access decisions based on the trust signals inside. The core principle is simple: the protocol signals, service providers decide.
Trust model actors and relationships
Trust Authorities
Independent organisations that evaluate agent operators (KYC, certifications, domain verification) and their agents (track record, behaviour, success rates). They issue short-lived, cryptographically signed credentials at the appropriate trust tier. Trusted Shops is the first live TA in the ecosystem.
Agent Operators
Companies that run AI agents register with a Trust Authority, complete verification, and receive credentials that their agents carry when accessing services. The credential proves identity, reputation, and operator accountability in a single verifiable package.
Service Providers
Platforms receiving agent traffic check the TSAI-Credential header, verify the JWT signature offline (under 5ms, no external calls), and make access decisions based on the trust signals inside. The protocol provides the information — the platform decides what to do with it.
What a credential carries
A TSAI credential carries two layers of information: operator-level signals about the company behind the agent, and agent-level signals about the specific program's track record. Both are cryptographically signed using W3C Verifiable Credentials, short-lived (2–4 hours), and verifiable without any network call.
Operator signals
The company behind the agent — verified once, shared across all their agents
- Legal identityAcme Ltd, London, UK
- KYC levelEnhanced (registry verified)
- CertificationsISO 27001, GDPR
- Domainacme-corp.com (4yr age)
Agent signals
This specific agent program — builds its own track record over time
- Reputation87 / 100
- Interactions14,200 across platforms
- Success rate96.3%
- Time in operation11 months
- Credential expiry2 hours (auto-renewed)
Matching trust depth to risk level
Not every interaction requires the same level of assurance, so TSAI uses a tiered model that lets service providers calibrate access to risk — while agent operators can start simple and grow their credential as reputation builds.
Most agent operators start at T0 and build toward T1 as their agents accumulate interaction history. T2 and T3 are designed for specialised, high-stakes use cases where additional assurance is warranted.
How to integrate — for both sides
storefront Service Providers
Check the header. Look for TSAI-Credential on incoming HTTP requests. It contains a JWT — a Verifiable Presentation signed by a Trust Authority.
Verify the signature. Standard JWT verification against the TA's public key. This happens offline, requires no external calls, and completes in under 5ms.
Read the signals. Extract the trust tier, reputation score, operator identity, and certifications. All structured and machine-readable.
Apply your policies. You decide what each tier gets access to. The protocol provides the information — your platform makes the decision.
No SDK required. Works with any HTTP-based service, MCP server, or A2A endpoint. The open specification on GitHub includes JSON schemas and reference verification logic.
smart_toy Agent Operators
Register with a Trust Authority. Trusted Shops is the first live TA. Complete business verification — KYC, domain ownership, and relevant certifications.
Receive your credential. The TA evaluates your agents and issues a short-lived, cryptographically signed credential at the tier you qualify for.
Present it on every request. Add the TSAI-Credential header to your agent's HTTP requests. That is the entire integration on your side.
Build reputation over time. Every successful interaction grows your track record. Credentials auto-renew every 2–4 hours with updated signals reflecting your agent's latest performance.
Built on W3C Verifiable Credentials. Works with MCP, A2A, and any HTTP-based protocol.
What the protocol builds on
Rather than inventing new standards, TSAI builds on W3C Verifiable Credentials with JWT signing for the credential format, Decentralized Identifiers (did:web) for agent and operator identity, and offline verification by design — service providers cache the Trust Authority's public key and verify signatures locally without any network call at request time.
W3C Verifiable Credentials
The credential format is a standard VP-JWT (Verifiable Presentation as JSON Web Token), interoperable with the broader VC ecosystem and verifiable by any standard JWT library.
Offline verification
Service providers verify credentials locally against cached public keys. No network call to the Trust Authority is needed at request time — verification completes in under 5ms.
Short-lived credentials
Credentials expire after 2–4 hours and are refreshed automatically. Short lifetimes reduce the need for active revocation — most credentials expire naturally before revocation becomes necessary.
Protocol-agnostic
TSAI integrates with MCP (via HTTP headers or initialization params), A2A (via Agent Card security schemes), and any HTTP-based service. It complements existing auth (OAuth, API keys) without replacing it.
The full specification — including architecture documents, JSON schemas, OpenAPI definitions, and design decisions — is available on GitHub.
Questions?
If you would like guidance on how TSAI fits your organisation, reach out to the working group.