Agent Name Service (ANS): A Universal Directory for Secure AI Agent Discovery and Interoperability

📝 Paper Summary

Agent discovery Agent interoperability Agent security

ANS provides a secure, DNS-like directory service for AI agents that binds human-readable names to cryptographic identities and capabilities, enabling trusted discovery across heterogeneous agent protocols.

Core Problem

Current service discovery mechanisms like DNS map names to addresses but lack the semantic granularity, identity verification, and lifecycle management required for autonomous AI agents to trust and interact with one another.

Why it matters:

Traditional DNS lacks built-in verification for agent capabilities or identities, creating security risks in automated agent-to-agent interactions.
Emerging protocols (A2A, MCP, ACP) are fragmented; without a universal registry, agents cannot securely discover counterparts across different ecosystems.
Autonomous agents need robust mechanisms to verify that a target agent actually possesses claimed capabilities before sharing sensitive data.

Concrete Example: An agent seeking a 'Sentiment Analysis' tool might find an endpoint via DNS, but cannot verify if the provider is legitimate or malicious. Without ANS, the agent blindly connects. With ANS, it verifies the target's PKI certificate and capability attestation before interaction.

Key Novelty

DNS-inspired Public Key Infrastructure for Agents

Introduces a 'Agent Name Service' (ANS) that maps human-readable names (e.g., `mcp://agent.provider.v1`) to verifiable endpoints containing cryptographic keys and capability metadata.
Integrates a Protocol Adapter Layer to translate diverse agent protocols (MCP, A2A, ACP) into a unified registry format, allowing cross-ecosystem discovery.

Architecture

The high-level architecture of the ANS ecosystem.

Evaluation Highlights

Defines a formal `ANSName` schema combining Protocol, AgentID, Capability, Provider, and Version to ensure unique, resolvable identities.
Establishes a challenge-response verification mechanism where agents must prove capabilities (e.g., via Zero-Knowledge Proofs) during the resolution process.
Implements a caching strategy with a recommended default Time-To-Live (TTL) of 300 seconds to balance load and security.

Breakthrough Assessment

7/10

Provides a necessary infrastructure layer for the maturing agent ecosystem. While not an algorithmic breakthrough, it proposes a critical standard for interoperability and trust.

⚙️ Technical Details

Problem Definition

Setting: Secure, protocol-agnostic discovery and resolution of autonomous AI agents in a distributed environment.

Inputs: An `ANSName` query (e.g., `mcp://sentimentAnalyzer.textAnalysis.ExampleCorp.v1.0`).

Outputs: A resolvable `Endpoint` object containing network address, PKI certificate, and capability metadata.

Pipeline Flow

Agent Registration (Identity & Capability Binding)
Resolution Query (Lookup)
Verification (PKI & Capability Check)
Connection Establishment

System Modules

Registration Authority (RA)

Validates agent identity and capability claims before issuance.

Model or implementation: Policy-based validation engine

Protocol Adapter Layer

Translates protocol-specific metadata (MCP, A2A) into the internal registry format.

Model or implementation: JSON Schema Mapper

ANS Resolver

Resolves ANSNames to Endpoints and enforces security checks.

Model or implementation: Lookup Service with Caching

Novel Architectural Elements

Integration of PKI directly into the service discovery layer, making identity verification a prerequisite for resolution.
Protocol Adapter Layer that normalizes metadata from competing standards (MCP, A2A, ACP) into a single queryable schema.

Modeling

Base Model: N/A (Architecture paper, not a learned model)

Comparison to Prior Work

vs. DNS-SD: ANS adds cryptographic identity (PKI) and semantic capability matching, whereas DNS-SD only maps names to IP/Port.
vs. FIPA: ANS is designed for modern web protocols (HTTP/JSON) and heterogeneous agent ecosystems (MCP/A2A), whereas FIPA relies on older, rigid ACLs.
vs. OIDC Discovery [not cited in paper]: OIDC handles identity but not capability discovery or agent-specific lifecycle management; ANS combines both.

Limitations

Centralized reliance on Certificate Authorities (CA) could introduce bottlenecks or single points of failure.
DNSSEC-like security mechanisms suggested may increase latency and amplification attack risks.
Requires broad adoption of the `ANSName` standard by competing agent framework providers to be effective.

Reproducibility

The paper provides schema definitions and architectural diagrams. No specific code repository is linked. It functions as a protocol specification rather than a software release.

📊 Experiments & Results

Evaluation Setup

Conceptual architecture proposal and protocol specification. No empirical performance experiments (latency, throughput) are reported.

Metrics:

Statistical methodology: Not explicitly reported in the paper

Experiment Figures

The sequence flow for Agent Resolution.

Main Takeaways

The paper defines the `ANSName` structure: `Protocol://AgentID.agentCapability.Provider.Version`.
It proposes a default TTL of 300 seconds (5 minutes) for cached endpoints.
Validation mechanisms differ by protocol: A2A uses Agent Cards, MCP uses Tool Schemas, and ACP uses Profiles, all unified under the ANS Protocol Adapter.

📚 Prerequisite Knowledge

Prerequisites

Public Key Infrastructure (PKI) concepts
Domain Name System (DNS) architecture
Basic understanding of Agentic AI protocols (MCP, A2A)

Key Terms

ANS: Agent Name Service—a registry framework for secure agent discovery and capability verification.

PKI: Public Key Infrastructure—a system for creating, storing, and distributing digital certificates to verify identity.

MCP: Model Context Protocol—an open standard for connecting AI assistants to systems and data.

A2A: Agent2Agent Protocol—Google's protocol for standardized inter-agent communication.

ACP: Agent Communication Protocol—IBM's protocol for agent orchestration and delegation.

CSR: Certificate Signing Request—a message sent from an applicant to a certificate authority to apply for a digital certificate.

ZKP: Zero-Knowledge Proof—a cryptographic method where one party proves to another that a statement is true without revealing the information itself.

ANSName: A structured string identifier for agents format: `Protocol://AgentID.agentCapability.Provider.Version`.

TTL: Time-To-Live—the duration for which a resolved record can be cached before requiring re-validation.