How TSAI works

TSAI introduces a trust signaling layer for the agentic economy. Independent Trust Authorities evaluate agents and issue short-lived credentials, which agents then present when accessing services. Service providers verify these credentials offline — and make their own access decisions based on the trust signals inside. The core principle is simple: the protocol signals, service providers decide.

Trust model actors and relationships

TSAI protocol flow: User invokes Agent, Agent presents credentials to Service Provider, Trust Authority issues credentials to Agent, Service Provider verifies credentials offline against Trust Authority
verified_user

Trust Authorities

Independent organisations that evaluate agent operators (KYC, certifications, domain verification) and their agents (track record, behaviour, success rates). They issue short-lived, cryptographically signed credentials at the appropriate trust tier. Trusted Shops is the first live TA in the ecosystem.

smart_toy

Agent Operators

Companies that run AI agents register with a Trust Authority, complete verification, and receive credentials that their agents carry when accessing services. The credential proves identity, reputation, and operator accountability in a single verifiable package.

storefront

Service Providers

Platforms receiving agent traffic check the TSAI-Credential header, verify the JWT signature offline (under 5ms, no external calls), and make access decisions based on the trust signals inside. The protocol provides the information — the platform decides what to do with it.

What a credential carries

A TSAI credential carries two layers of information: operator-level signals about the company behind the agent, and agent-level signals about the specific program's track record. Both are cryptographically signed using W3C Verifiable Credentials, short-lived (2–4 hours), and verifiable without any network call.

Operator signals

The company behind the agent — verified once, shared across all their agents

  • Legal identityAcme Ltd, London, UK
  • KYC levelEnhanced (registry verified)
  • CertificationsISO 27001, GDPR
  • Domainacme-corp.com (4yr age)

Agent signals

This specific agent program — builds its own track record over time

  • Reputation87 / 100
  • Interactions14,200 across platforms
  • Success rate96.3%
  • Time in operation11 months
  • Credential expiry2 hours (auto-renewed)

Matching trust depth to risk level

Not every interaction requires the same level of assurance, so TSAI uses a tiered model that lets service providers calibrate access to risk — while agent operators can start simple and grow their credential as reputation builds.

T0 · IdentityVerified operator identity. Suitable for browsing, search, and low-risk access. Fully automated verification, available immediately.
T1 · ReputationAdds track record, certifications, and behavioural history. Suitable for transactions and API access. The primary tier for most commercial interactions.
T2 · StakeAdds economic accountability — the operator has something at stake. Suitable for payments and sensitive operations where financial recourse matters.
T3 · ConstraintsAdds explicit operation limits and value caps. For regulated and high-value systems where the credential itself constrains what the agent may do.

Most agent operators start at T0 and build toward T1 as their agents accumulate interaction history. T2 and T3 are designed for specialised, high-stakes use cases where additional assurance is warranted.

How to integrate — for both sides

storefront Service Providers

1

Check the header. Look for TSAI-Credential on incoming HTTP requests. It contains a JWT — a Verifiable Presentation signed by a Trust Authority.

2

Verify the signature. Standard JWT verification against the TA's public key. This happens offline, requires no external calls, and completes in under 5ms.

3

Read the signals. Extract the trust tier, reputation score, operator identity, and certifications. All structured and machine-readable.

4

Apply your policies. You decide what each tier gets access to. The protocol provides the information — your platform makes the decision.

No SDK required. Works with any HTTP-based service, MCP server, or A2A endpoint. The open specification on GitHub includes JSON schemas and reference verification logic.

smart_toy Agent Operators

1

Register with a Trust Authority. Trusted Shops is the first live TA. Complete business verification — KYC, domain ownership, and relevant certifications.

2

Receive your credential. The TA evaluates your agents and issues a short-lived, cryptographically signed credential at the tier you qualify for.

3

Present it on every request. Add the TSAI-Credential header to your agent's HTTP requests. That is the entire integration on your side.

4

Build reputation over time. Every successful interaction grows your track record. Credentials auto-renew every 2–4 hours with updated signals reflecting your agent's latest performance.

Built on W3C Verifiable Credentials. Works with MCP, A2A, and any HTTP-based protocol.

What the protocol builds on

Rather than inventing new standards, TSAI builds on W3C Verifiable Credentials with JWT signing for the credential format, Decentralized Identifiers (did:web) for agent and operator identity, and offline verification by design — service providers cache the Trust Authority's public key and verify signatures locally without any network call at request time.

security

W3C Verifiable Credentials

The credential format is a standard VP-JWT (Verifiable Presentation as JSON Web Token), interoperable with the broader VC ecosystem and verifiable by any standard JWT library.

speed

Offline verification

Service providers verify credentials locally against cached public keys. No network call to the Trust Authority is needed at request time — verification completes in under 5ms.

sync

Short-lived credentials

Credentials expire after 2–4 hours and are refreshed automatically. Short lifetimes reduce the need for active revocation — most credentials expire naturally before revocation becomes necessary.

extension

Protocol-agnostic

TSAI integrates with MCP (via HTTP headers or initialization params), A2A (via Agent Card security schemes), and any HTTP-based service. It complements existing auth (OAuth, API keys) without replacing it.

The full specification — including architecture documents, JSON schemas, OpenAPI definitions, and design decisions — is available on GitHub.

Questions?

If you would like guidance on how TSAI fits your organisation, reach out to the working group.