Skip to content

Trust Model

The trust model defines what evidence is required before an agent, tool, or service is allowed to participate in a workflow.

Trust is not binary. A public Agent Card may be discoverable, but production use often requires stronger evidence from identity, registry, policy, evaluation, and operations layers.

Trust Levels

LevelMeaningTypical evidence
PublicMetadata can be read, but use is not approved by defaultAgent Card, public docs
VerifiedDomain, version, and ownership are checkedHTTPS origin, signed or cached metadata, known provider
Organization-approvedUse is allowed under local policyRegistry entry, required scopes, review status
RestrictedUse requires extra approval or environment controlsHuman review, private catalog, policy gateway

Trust Evidence

  • Discovery evidence: Agent Card, OpenAPI, well-known metadata.
  • Identity evidence: issuer, subject, audience, scopes, expiry.
  • Registry evidence: approved domain, version, trust level, review metadata.
  • Runtime evidence: trace ID, audit events, policy decisions, artifact references.
  • Evaluation evidence: scenarios for happy path, auth denial, prompt injection, tool failure, and stale discovery metadata.

Page created by Dr. C. Klukas