| Internet-Draft | ATP | March 2026 |
| Li, et al. | Expires 30 September 2026 | [Page] |
The Agent Transfer Protocol (ATP) is a communication protocol designed for autonomous agents to exchange messages, requests, and events in a secure, structured manner. ATP supports the emerging Internet of Agents (IoA) paradigm, where autonomous agents operate across four deployment scenarios: household (small scale), service (medium scale), enterprise (large scale), cloud provider (huge scale), and etc.¶
ATP employs a two-tier architecture where agents connect to the global Internet through ATP servers, enabling server-mediated communication for proper routing, security enforcement, and resource management. The protocol provides DNS-based service discovery using SVCB records, mandatory authentication via Agent Transfer Sender (ATS) policies and Agent Transfer Keys (ATK), and support for multiple interaction patterns including asynchronous messaging, synchronous request/response, and event-driven streaming.¶
This specification defines the discovery mechanism, identity model, authentication framework, transport layer, and message semantics for ATP.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 30 September 2026.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The evolution of the Internet has always centered around the theme of "connection":¶
Person-to-Person: Email and instant messaging connect people with people¶
Person-to-Service: Web pages and mobile apps connect people with services¶
Thing-to-Thing: IoT devices connect the physical world¶
The next trend is emerging: agents will become part of Internet infrastructure.¶
With the advancement of artificial intelligence technology, autonomous agents are moving from concept to large-scale application:¶
Households deploy intelligent assistants to act on behalf of users for daily tasks¶
Enterprises deploy customer service bots and operations agents to automate business processes¶
Cloud providers offer agent-based capabilities including AI services and IoT coordination¶
When agents are ubiquitous, they need to communicate with each other - this requires a communication protocol designed specifically for agents.¶
The Agent Transfer Protocol (ATP) is proposed as a communication protocol design reference for the era of Internet of Agents.¶
The emergence of autonomous agents represents a fundamental shift in how digital services are delivered and consumed. We are entering the era of the Internet of Agents (IoA), where autonomous agents will become ubiquitous in both personal and commercial environments.¶
The Agent Transfer Protocol (ATP) is a communication protocol designed for autonomous agents to exchange messages, requests, and events across the Internet. ATP enables secure, structured agent-to-agent communication through a server-mediated architecture that provides routing, security enforcement, and resource management.¶
This document describes the motivation, architecture, and technical specifications of ATP. We first present the vision of the Internet of Agents (IoA) and the four deployment scenarios that ATP supports. We then describe the design goals, terminology, and core components of the protocol, including discovery, identity, authentication, transport, and message semantics.¶
In the near future, autonomous agents will be deployed across four primary deployment scenarios, each serving distinct needs and scales:¶
Household (Small Scale): Every household will deploy personal agent systems—either as physical robots or dedicated home servers—that manage daily tasks, coordinate schedules, and interact with external services on behalf of family members. Each household member will have their own agent account, enabling personalized interactions while maintaining shared context.¶
Service (Medium Scale): Commercial organizations will deploy agent services to automate customer interactions, process transactions, and provide intelligent assistance. These service agents handle high-volume interactions with customers worldwide.¶
Enterprise (Large Scale): Large corporations and organizations will deploy internal agent systems to streamline business operations, from HR and IT support to development and operations automation.¶
Cloud Provider (Huge Scale): Major technology providers will operate multi-tenant agent platforms serving millions of global users, providing AI services, data management, IoT coordination, and machine learning capabilities across continents.¶
The agent ecosystem spans four distinct deployment scenarios, each with different scale requirements:¶
Household Agents (Small): A household domain (e.g., family.example.com) hosts a few personal agent identities:¶
Service Agents (Medium): Service providers operate multiple specialized agents:¶
Enterprise Agents (Large): Organizations deploy agents for various business functions:¶
Cloud Provider Agents (Huge): Global platforms serve diverse user bases:¶
Existing protocols cannot adequately meet the requirements of the Internet of Agents era:¶
| Requirement | Description | Limitations of Existing Protocols |
|---|---|---|
| Multi-tenant Identity | Each domain hosts multiple agent identities (from 2-5 in households to millions on cloud platforms) | Email supports multi-user but lacks identity management for automated scenarios |
| Structured Data Exchange | JSON/CBOR payloads for automated processing | HTTP can transport JSON but lacks native agent semantics |
| Strong Security Guarantees | Mandatory authentication and integrity verification for automated operations | TLS only protects transport; application-layer authentication depends on implementation |
| Multiple Interaction Patterns | Asynchronous messaging, synchronous request/response, event-driven streaming | Typically requires combining multiple protocols (e.g., HTTP + WebSocket) |
| Scalable Discovery | Cross-internet agent location and authentication | Relies on centralized directory services or additional infrastructure |
| Context Awareness | Stateful multi-turn dialogues and complex workflow coordination | No native support; must be implemented at application layer |
| Variable Scale Support | Efficient handling from household to cloud platform scenarios | Typically optimized for specific scales, difficult to accommodate all |
Therefore, agents need their own communication protocol.¶
This vision requires a communication infrastructure that supports:¶
Multi-tenant Identity: Each domain hosts multiple agent identities, from a few agents in households to thousands in cloud platforms, requiring scalable identity management and routing.¶
Structured Data Exchange: Agents communicate using structured payloads (JSON, CBOR) rather than unstructured text, enabling automated processing and decision-making.¶
Strong Security Guarantees: Agent communication involves automated actions on behalf of users, demanding mandatory authentication and integrity verification to prevent unauthorized operations.¶
Multiple Interaction Patterns: Beyond simple messaging, agents need:¶
Scalable Discovery: Agents must locate and authenticate each other across the global internet using existing, proven infrastructure.¶
Context Awareness: Agents maintain state across interactions, support multi-turn dialogues, and coordinate complex workflows involving multiple parties.¶
Variable Scale Support: The protocol must efficiently handle scenarios ranging from small household deployments (2-5 agents) to massive cloud platforms (millions of users), with appropriate resource allocation and routing strategies for each scale.¶
ATP addresses these requirements by providing a modern, secure, and extensible protocol built upon existing internet infrastructure while introducing agent-specific semantics.¶
ATP is designed so that it can interoperate with application-layer agent interaction protocols. While protocols such as A2A and MCP define rich semantics for agent capabilities, task management, and tool invocation, ATP provides the underlying cross-domain transport infrastructure with DNS-native discovery and mandatory security guarantees. ATP's payload is opaque by design, enabling it to carry messages from any application-layer agent protocol.¶
The Internet of Agents (IoA) follows a two-tier architecture where agents connect to the global internet through ATP servers. This design ensures proper resource allocation, security enforcement, and efficient routing.¶
Internet of Agents (IoA)
╔══════════════════════════════════════════════════════════════╗
║ INTERNET ║
╚══════════════════════════════════════════════════════════════╝
│ │ │ │
│ │ │ │
┌───────┴────────┐ ┌────┴────┐ ┌──────────┴──────────┐ │
│ ATP │ │ ATP │ │ ATP │ │
│ Server │ │ Server │ │ Server │ │
│ Household │ │ Service │ │ Enterprise │ │
│ (Small) │ │(Medium) │ │ (Large) │ │
└─────┬──────────┘ └────┬────┘ └───────────┬─────────┘ │
│ │ │ │
│ │ │ │
┌─────┼─────┐ ┌─────┼─────┐ ┌──────┼──────┐ │
│ │ │ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │ │ │
┌─┴─┐ ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ │
│P1 │ │P2 │ │H1 │ │S1 │ │S2 │ │S3 │ │E1 │ │E2 │ │E3 │ │
└───┘ └───┘ └───┘ └───┘ └───┘ └───┘ └───┘ └───┘ └───┘ │
Parent1 Parent2 Home Bot1 Bot2 Shop HR Dev Ops │
┌─────────────────────────────┘
┌──────────────────┴──────────────────┐
│ ATP Server │
│ Cloud Provider │
│ (Huge) │
└──────────────────┬──────────────────┘
┌─────┬─────┬─────┬───┴───┬─────┬─────┬─────┐
│ │ │ │ │ │ │ │
│ │ │ │ │ │ │ │
┌─┴─┐ ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ ┌─┴─┐ ┌─┴─┐
│US │ │EU │ │CN │ │AI │ │DB │ │IoT│ │ML │ │API│
└───┘ └───┘ └───┘ └───┘ └───┘ └───┘ └───┘ └───┘
User User User AI Data IoT ML API
Household (Small): Personal/Family agents (Parent1/2, Home Assistant)
Service (Medium): Commercial service agents (Service Bot1/2, Shopping)
Enterprise (Large): Corporate agents (HR Bot, Dev Bot, Ops Bot)
Cloud Provider (Huge): Multi-tenant cloud serving global users
(US, EU, CN, AI, Data, IoT, ML, API)
In this architecture:¶
ATP Servers act as gateways for agents, handling:¶
Agents operate within their ATP Server's domain:¶
Scale Considerations:¶
This architecture reflects the reality that in the Internet of Agents era, every household and organization will deploy an ATP server (or manager) to coordinate local agent activities, manage network connections, and provide security boundaries.¶
Security-first: Authentication and integrity verification are mandatory, not optional.¶
Structured semantics: Native support for multiple interaction patterns (message, request/response, event/subscription).¶
DNS-based discovery: Leverage existing DNS infrastructure for agent discovery and service location.¶
Transport agnostic: Support multiple transport protocols (HTTPS, QUIC) for flexibility and performance.¶
Backward compatible: Coexist with existing internet infrastructure and standards.¶
Extensible: Support capability discovery and protocol negotiation for future evolution.¶
Multi-tenant support: Efficiently handle multiple agents per domain, similar to multi-user email systems.¶
Server-mediated communication: All agent communication MUST flow through ATP servers for proper routing, security enforcement, and resource management. This design reflects the reality that agents operate within managed domains (households, organizations, cloud services) that require centralized coordination.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This document uses the following terms:¶
Agent: An autonomous software entity capable of communication, decision-making, and task execution.¶
Agent ID: A unique identifier in the format local@domain that identifies a specific agent.¶
ATP Server: A server implementing the ATP protocol and handling agent communication. The ATP Server acts as a gateway for agents within its domain, providing resource allocation, connection management, security enforcement, and message routing. All agent communication MUST flow through their respective ATP servers.¶
ATP Client: An agent or application initiating ATP communication.¶
ATP Transfer: The process of transferring messages between ATP servers across the Internet.¶
ATS: Agent Transfer Sender policy - a DNS record defining authorized senders for a domain.¶
ATK: Agent Transfer Key - a DNS record publishing cryptographic keys for message signature verification.¶
SVCB: Service Binding - DNS record type defined in [RFC9460] for service discovery.¶
ALPN: Application-Layer Protocol Negotiation - TLS extension for protocol negotiation.¶
+-------------------------------------------------+ | Application Semantics | | message / request-response / event-stream | +-------------------------------------------------+ | Message Format (JSON/CBOR) | | envelope + payload + signature | +-------------------------------------------------+ | Transport Layer (HTTPS/QUIC) | | TLS 1.3+ / ALPN negotiation | +-------------------------------------------------+ | Discovery (DNS SVCB) | | _atp.<domain> SVCB records | +-------------------------------------------------+
ATP is built upon a layered protocol stack that leverages existing Internet infrastructure while introducing agent-specific semantics. The stack consists of four layers, from bottom to top:¶
Discovery Layer: Uses DNS SVCB records [RFC9460] to enable agents to locate and discover ATP services for any given domain. The discovery query targets _atp.<domain> to retrieve service endpoint information including hostname, port, and supported protocols.¶
Transport Layer: Supports multiple transport protocols for flexibility and performance:¶
HTTPS: Primary transport protocol, enabling deployment behind existing CDNs, load balancers, and firewalls. Uses TLS 1.3+ for encryption and ALPN for protocol negotiation.¶
QUIC: Optional transport protocol [RFC9000] for low-latency scenarios, providing 0-RTT handshakes and connection migration capabilities.¶
Message Format Layer: Defines the structure of ATP messages using structured data encodings:¶
JSON: Recommended encoding [RFC8259] with Content-Type application/atp+json¶
CBOR: Optional encoding [RFC8949] for bandwidth-constrained environments with Content-Type application/atp+cbor¶
Messages consist of an envelope (containing from, to, timestamp, nonce, type) and a payload, with a cryptographic signature for integrity and authenticity.¶
Application Semantics Layer: Provides three interaction patterns for different use cases:¶
ATP uses DNS SVCB (Service Binding) records [RFC9460] for agent discovery. The SVCB record provides the hostname, port, protocol version, and optional connection hints for the ATP service. The DNS query follows the standard DNS protocol [RFC1034][RFC1035].¶
The standard SVCB query name for ATP discovery is:¶
_atp.<domain>¶
Where <domain> is the domain portion of the recipient Agent ID.¶
_atp.<domain>. IN SVCB <priority> <target> (
port=<port-number>
alpn=<protocol-identifier>
[ipv4hint=<ipv4-address>]
[ipv6hint=<ipv6-address>]
[atp-capabilities=<capability-list>]
)
¶
_atp.example.com. IN SVCB 1 agent.example.com. (
port=7443
alpn="atp/1"
ipv4hint=192.0.2.1,192.0.2.2
ipv6hint=2001:db8::1,2001:db8::2
atp-capabilities="message,request,event"
atp-auth="ats,atk"
)
¶
port: TCP/UDP port number for the ATP service. If not specified, the default port is 7443.¶
alpn: Application-layer protocol negotiation identifier. Supported values:¶
ipv4hint (optional): Comma-separated list of IPv4 addresses for faster connection establishment.¶
ipv6hint (optional): Comma-separated list of IPv6 addresses for faster connection establishment.¶
atp-capabilities (optional): Comma-separated list of supported protocol capabilities.¶
atp-auth (optional): Comma-separated list of supported authentication mechanisms. Supported values include ats (ATS policy validation), atk (ATK signature verification), mtls (mutual TLS). This parameter enables clients to determine the server's authentication requirements before connection establishment.¶
The ATP client performs the following steps to discover the recipient's ATP service:¶
Extract Domain: Parse the recipient Agent ID to extract the domain portion. The domain portion is derived from the local@domain Agent ID format — the same domain that hosts the agent's identity also hosts the ATP service discovery records.¶
DNS SVCB Query: Query the SVCB record for _atp.<domain>.¶
Address Resolution: Resolve the target hostname to IP addresses using A/AAAA records. Implementations MUST query both A and AAAA records and SHOULD prefer IPv6 addresses when available.¶
Connection Establishment: Establish a secure connection to the resolved endpoint using the specified port.¶
Agents can advertise their capabilities to enable protocol negotiation and feature discovery.¶
When both DNS-based and HTTP-based capability information are available, the HTTP-based response MUST take precedence, as it can be updated more frequently than DNS records. DNS-based capabilities serve as an initial hint for connection establishment and protocol negotiation; HTTP-based capabilities provide the authoritative and current capability set.¶
Capabilities can be included in the SVCB record using the atp-capabilities parameter:¶
_atp.example.com. IN SVCB 1 agent.example.com. (
port=7443
alpn="atp/1"
atp-capabilities="message,request,event,payment,search"
)
¶
Agents can query capabilities via an HTTP endpoint:¶
GET /.well-known/atp/v1/capabilities Host: agent.example.com Accept: application/json¶
Response:¶
{
"version": "1.0",
"capabilities": ["message", "request", "event", "payment", "search"],
"protocols": ["atp/1", "atp-json"],
"max_payload_size": 1048576,
"rate_limits": {
"messages_per_second": 100,
"requests_per_minute": 1000
},
"metadata_url": "https://agent.example.com/.well-known/agent.json"
}
¶
The metadata_url field (OPTIONAL) points to an external agent description document that provides additional metadata about agents at this server. The format of the referenced document is out of scope for this specification. This field enables zero-cost cross-ecosystem discovery without binding ATP to any specific agent description standard.¶
Agent identifiers follow the standard email address format but with extended semantics for agent communication.¶
agent-id = local-part "@" domain
local-part = 1*63( ALPHA / DIGIT / "." / "-" / "_" / "+" )
domain = sub-domain *("." sub-domain)
sub-domain = ; as defined in RFC 5321
¶
The local-part identifies a specific agent within the domain, and the domain identifies the ATP server responsible for routing messages to that agent. ATP uses a restricted character set compared to RFC 5321 to ensure safe handling across diverse agent implementations.¶
A key design feature of ATP is that each domain hosts multiple agent identities using the local@domain format, similar to how email domains host multiple user mailboxes. This multi-tenant identity model is fundamental to ATP's architecture:¶
Households: parent1@family.example.com, parent2@family.example.com, home@family.example.com¶
Services: support@company.com, billing@company.com, shop-bot@company.com¶
Enterprises: hr@enterprise.com, dev@enterprise.com, ops@enterprise.com¶
Cloud Providers: user-us@cloud.com, user-eu@cloud.com, ai-service@cloud.com¶
Unlike centralized agent discovery systems that assign globally unique identifiers, ATP's local@domain model allows each domain administrator to independently manage their agent namespace. This mirrors the email ecosystem's proven scalability: no central registry is needed, and identity management is delegated to domain owners.¶
The local-part uses alphanumeric characters, period (.), hyphen (-), underscore (_), and plus (+). The maximum length of the local-part is 63 characters.¶
Domains MUST support case-insensitive matching of local-parts, similar to email systems.¶
The domain portion MUST be a valid Internationalized Domain Name (IDN) as defined in [RFC5890]. ATP servers MUST support both ASCII and UTF-8 encoded domain names.¶
Domains can delegate agent handling to external ATP servers using DNS CNAME records or SVCB alias mode.¶
_atp.user.example.com. IN CNAME _atp.provider.net.¶
This allows users to maintain their identity (@user.example.com) while using third-party ATP services.¶
_atp.delegated.example.com. IN SVCB 0 _atp.target.org.¶
SVCB alias mode provides a more modern delegation mechanism with additional metadata capabilities.¶
All ATP connections MUST use TLS 1.3 [RFC8446] or higher. TLS 1.2 MAY be used for backward compatibility, but its use is NOT RECOMMENDED.¶
Mandatory Encryption: All ATP traffic MUST be encrypted using TLS.¶
Certificate Validation: Clients MUST validate server certificates against trusted Certificate Authorities (CAs).¶
Cipher Suites: Servers SHOULD support modern cipher suites (e.g., TLS_AES_128_GCM_SHA256).¶
Forward Secrecy: Ephemeral key exchange (ECDHE) MUST be used.¶
For server-to-server communication, ATP servers SHOULD support mutual TLS (mTLS) authentication. For environments where ATS IP-based validation is the primary sender verification mechanism, mTLS provides an additional layer of transport-level authentication. ATP servers MAY require mTLS for all connections in high-security deployments.¶
The Agent Transfer Sender policy (ATS) defines which entities are authorized to send ATP messages on behalf of a domain. ATS is designed specifically for agent communication with strict enforcement.¶
ATS policies are published as DNS TXT records at the following location:¶
ats._atp.<domain>. IN TXT "v=atp1 <policy-directives>"¶
Simple IP-based policy:¶
ats._atp.example.com. IN TXT "v=atp1 allow=ip:192.0.2.0/24"¶
Multi-source policy:¶
ats._atp.example.com. IN TXT "v=atp1 allow=ip:192.0.2.0/24 allow=domain:agent-provider.com include:ats._atp.trusted-partner.net"¶
Permissive policy:¶
ats._atp.example.com. IN TXT "v=atp1 allow=all"¶
Restrictive policy:¶
ats._atp.example.com. IN TXT "v=atp1 deny=all allow=ip:192.0.2.10"¶
ATS policy directives are evaluated in order, with later directives overriding earlier ones when conflicts occur.¶
v=atp1: Version identifier (REQUIRED). Indicates ATP version 1 policy format.¶
allow=ip:<cidr>: Authorize messages from specific IP address ranges.¶
allow=domain:<domain>: Authorize messages from agents at the specified domain.¶
allow=all: Authorize messages from any source (NOT RECOMMENDED).¶
deny=ip:<cidr>: Explicitly deny messages from specific IP ranges.¶
deny=domain:<domain>: Explicitly deny messages from agents at the specified domain.¶
deny=all: Deny all sources (must be followed by specific allow directives).¶
include:<record>: Include policy from another ATS record.¶
redirect=<domain>: Redirect policy evaluation to another domain.¶
exp=<domain>: Specify a domain for explanation text (human-readable).¶
When an ATP server receives a message claiming to be from sender@domain.com, it performs the following ATS verification:¶
The ATS verification algorithm processes policy directives as follows:¶
result = NEUTRAL
FOR EACH directive in policy:
IF directive is 'allow=ip:<cidr>' AND source_ip matches <cidr>:
result = PASS
ELSE IF directive is 'deny=ip:<cidr>' AND source_ip matches <cidr>:
result = FAIL
ELSE IF directive is 'allow=domain:<domain>' AND sender_domain matches <domain>:
result = PASS
ELSE IF directive is 'deny=domain:<domain>' AND sender_domain matches <domain>:
result = FAIL
ELSE IF directive is 'allow=all':
result = PASS
ELSE IF directive is 'deny=all':
result = FAIL
ELSE IF directive is 'include:<record>':
include_result = query_ats(<record>)
IF include_result is PASS or FAIL:
result = include_result
RETURN result
¶
ATS validation errors are returned as HTTP responses with structured JSON error bodies:¶
403 Forbidden with body: {"error": "ATS_VALIDATION_FAILED", "detail": "Sender not authorized by ATS policy"}¶
502 Bad Gateway with body: {"error": "ATS_TEMPORARY_FAILURE", "detail": "DNS lookup timeout for ATS record"}¶
403 Forbidden with body: {"error": "ATS_RECORD_INVALID", "detail": "ATS record syntax error"}¶
In cloud environments where agents share IP addresses (e.g., CDN, serverless platforms, container orchestration), IP-based ATS policies may be insufficient. Deployments in such environments SHOULD:¶
Use allow=domain:<domain> directives instead of IP-based directives where possible.¶
Combine ATS with mutual TLS for stronger sender verification.¶
Rely on ATK signature verification as the primary authentication mechanism, with ATS as an additional signal.¶
Note: ATS is designed as a first-pass filter, not a sole authentication mechanism. ATK signature verification provides cryptographic proof of sender identity regardless of network topology.¶
Start Restrictive: Begin with a restrictive policy and gradually add authorized sources.¶
Use Includes: Use include: directives to inherit policies from trusted providers.¶
Monitor Logs: Regularly review ATS validation logs to identify unauthorized attempts.¶
Gradual Deployment: Deploy ATS gradually, starting with monitoring mode before enforcement.¶
The Agent Transfer Key (ATK) record publishes cryptographic public keys used for message signature verification. ATK is mandatory in ATP and uses modern cryptographic algorithms.¶
ATK records are published as DNS TXT records at the following location:¶
<selector>.atk._atp.<domain>. IN TXT "v=atp1 <key-parameters>"¶
Where <selector> is an identifier for the specific key (e.g., default, 2026q1, rotated-key).¶
Ed25519 key (RECOMMENDED):¶
default.atk._atp.example.com. IN TXT "v=atp1 k=ed25519 p=MCowBQYDK2VwAyEAtLJ5VqH7K+R5VZ8cD9XwY3J2mN8K+R5VZ8cD9XwY3J2m"¶
RSA key (3072-bit):¶
legacy.atk._atp.example.com. IN TXT "v=atp1 k=rsa p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA..."¶
ECDSA key (P-256):¶
p256.atk._atp.example.com. IN TXT "v=atp1 k=ecdsa n=prime256v1 p=MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE..."¶
v=atp1: Version identifier (REQUIRED). Indicates ATP version 1 key format.¶
k=<algorithm>: Key algorithm (REQUIRED). Supported values:¶
p=<base64-key>: Base64-encoded public key (REQUIRED).¶
n=<curve-name>: Elliptic curve name (REQUIRED for ECDSA). Supported values: prime256v1, secp384r1, secp521r1.¶
h=<hash-alg>: Hash algorithm (OPTIONAL). Defaults to sha256. Supported values: sha256, sha384, sha512.¶
s=<service>: Service type (OPTIONAL). Indicates which ATP services use this key.¶
t=<flags>: Flags (OPTIONAL). Comma-separated list of flags:¶
x=<expiry>: Key expiry timestamp (OPTIONAL). Unix timestamp after which the key should not be used.¶
When an ATP server receives a signed message, it performs the following ATK verification:¶
Extract Signature Information: Parse the message signature to extract key selector, domain, signature algorithm, and signature value.¶
Query ATK Record: Query the DNS TXT record for <selector>.atk._atp.<domain>.¶
Validate Key Parameters: Verify that the key algorithm and parameters match the signature.¶
Canonicalization: Canonicalize the message payload according to the specified algorithm.¶
Signature Verification: Verify the signature using the public key from the ATK record.¶
Validation Decision:¶
If signature verification succeeds, accept the message.¶
If signature verification fails, reject the message with HTTP 403 and error body {"error": "ATK_SIGNATURE_INVALID", "detail": "Signature verification failed"}.¶
If ATK record is not found, reject the message with HTTP 403 and error body {"error": "ATK_KEY_NOT_FOUND", "detail": "No ATK record found for selector"}.¶
Domains SHOULD rotate ATK keys periodically (e.g., every 90 days).¶
If a key is compromised, it SHOULD be revoked immediately by updating the ATK record to include the r flag.¶
Use Ed25519: Prefer Ed25519 keys for new deployments due to their security and performance characteristics.¶
Key Size: For RSA keys, generate new keys with at least 3072 bits (4096-bit RECOMMENDED). Implementations MUST accept RSA keys of 2048 bits or longer for signature verification. For ECDSA, use P-256 or stronger curves.¶
Multiple Keys: Maintain multiple keys (current, next, previous) for smooth rotation.¶
DNSSEC: Sign ATK records with DNSSEC to prevent DNS spoofing attacks.¶
Monitoring: Monitor signature validation failures to detect potential attacks or misconfigurations.¶
All ATP messages MUST be cryptographically signed to ensure integrity and authenticity.¶
The signature is included in the message envelope as a signature field:¶
{
"from": "sender@example.com",
"to": "recipient@example.com",
"timestamp": 1710000000,
"nonce": "msg-12345-abcde",
"type": "message",
"payload": {},
"signature": {
"key_id": "default.atk._atp.example.com",
"algorithm": "ed25519",
"signature": "MEUCIQDR...",
"headers": ["from", "to", "timestamp", "nonce", "type"],
"timestamp": 1710000000
}
}
¶
The signature algorithm depends on the key type:¶
The signature MUST cover all fields of the message envelope except the signature field itself. The headers field within the signature object is informational and lists the fields that were present at signing time; it MUST NOT be used to selectively exclude fields from signature verification.¶
Verifiers MUST reject messages where the set of fields in the message envelope does not match the headers list in the signature object.¶
Messages MUST be canonicalized before signing to ensure consistent signature verification.¶
JSON Canonicalization Process:¶
ATP uses JSON Canonicalization Scheme (JCS) [RFC8785] for JSON payloads:¶
Remove the signature field from the message object.¶
Apply JCS canonicalization to the remaining JSON object.¶
Convert the canonicalized JSON to UTF-8 bytes.¶
Sign the UTF-8 bytes using the specified algorithm.¶
CBOR Canonicalization Process:¶
For CBOR payloads, ATP uses deterministic CBOR encoding as defined in RFC 8949 Section 4.2 (Core Deterministic Encoding Requirements):¶
The recipient verifies the signature as follows:¶
Extract the signature field from the message.¶
Verify that the headers list in the signature object matches the set of fields present in the message envelope (excluding signature). Reject the message if they do not match.¶
Reconstruct the message object without the signature field.¶
Apply the appropriate canonicalization process (JCS for JSON, deterministic encoding for CBOR).¶
Verify the signature using the public key from the ATK record.¶
If signature verification fails, the recipient MUST reject the message and MAY log the failure for monitoring.¶
The primary transport for ATP is HTTPS, enabling easy deployment behind existing infrastructure such as CDNs, load balancers, and firewalls.¶
The default port for ATP over HTTPS is 7443. IANA registration for this port is requested in the IANA Considerations section of this document.¶
Deployments MUST support custom port configuration via SVCB records. ATP servers MAY listen on alternative ports (including 443) as specified in the SVCB record's port parameter. The use of a dedicated port provides operational advantages in enterprise environments: security teams can identify and audit ATP traffic by port number without requiring deep packet inspection, and it avoids path conflicts with existing HTTPS services on port 443.¶
ATP servers MUST implement the following standard endpoints:¶
POST /.well-known/atp/v1/message Content-Type: application/atp+json¶
Request Body: ATP message envelope¶
Response:¶
GET /.well-known/atp/v1/capabilities¶
Response: JSON object describing server capabilities¶
GET /.well-known/atp/v1/health¶
Response:¶
{
"status": "ok",
"version": "1.0.0",
"uptime": 86400,
"load": 0.45
}
¶
ATP deployments SHOULD support IPv6 connectivity. ATP servers MUST publish both A and AAAA records when IPv6 is available. Clients SHOULD implement Happy Eyeballs [RFC8305] for dual-stack connection establishment.¶
In the SVCB record, the ipv6hint parameter provides IPv6 address hints for faster connection establishment without an additional AAAA query:¶
_atp.example.com. IN SVCB 1 agent.example.com. (
port=7443
alpn="atp/1"
ipv4hint=192.0.2.1
ipv6hint=2001:db8::1,2001:db8::2
atp-capabilities="message,request,event"
)
¶
For new ATP deployments, IPv6-only operation is a valid configuration. IPv4 support is NOT REQUIRED when the deployment environment is IPv6-capable.¶
ATP is designed to support QUIC transport [RFC9000] for low-latency scenarios. The ALPN identifier for ATP over QUIC is atp/1.¶
The full specification of QUIC transport for ATP, including message-to-stream mapping, QUIC error code registry, and 0-RTT security considerations, is deferred to a companion document. This section provides an overview of the intended design.¶
0-RTT Handshake: Establish connections with zero round-trip time for resumed connections.¶
Multiplexing: Multiple ATP messages over a single connection without head-of-line blocking.¶
Connection Migration: Maintain connections across network changes.¶
Better Performance: Reduced latency over lossy networks.¶
QUIC 0-RTT data is subject to replay attacks. ATP messages sent over 0-RTT MUST be idempotent, or servers MUST implement application-level replay protection in addition to the timestamp/nonce mechanism defined in this specification.¶
All ATP messages share a common envelope structure with the following fields:¶
{
"from": "string",
"to": "string",
"cc": ["string"],
"timestamp": "integer",
"nonce": "string",
"type": "string",
"in_reply_to": "string",
"task_id": "string",
"context_id": "string",
"payload": "object",
"signature": "object",
"routing": "object"
}
¶
from: The Agent ID of the message sender (REQUIRED). MUST be a valid agent identifier.¶
to: The Agent ID of the primary recipient (REQUIRED). MUST be a valid agent identifier.¶
cc: Array of Agent IDs for carbon-copy recipients (OPTIONAL).¶
timestamp: Unix timestamp (seconds since epoch) when the message was created (REQUIRED). Recipients MUST reject messages with timestamps more than 300 seconds (5 minutes) in the past or more than 60 seconds in the future relative to the recipient's clock. Implementations SHOULD use NTP-synchronized clocks.¶
nonce: Cryptographically random unique identifier for the message (REQUIRED). MUST be unique per sender within the timestamp validity window. Recipients MUST maintain a cache of recently seen (sender, nonce) pairs for at least the duration of the timestamp validity window (300 seconds) and MUST reject duplicate (sender, nonce) pairs.¶
type: Message type indicator (REQUIRED). Values: message, request, response, event.¶
in_reply_to: The nonce of the original message that this message is responding to (OPTIONAL). REQUIRED for response type messages. Used for request-response correlation.¶
task_id: Identifies the task or workflow this message belongs to (OPTIONAL). All messages related to the same task SHOULD use the same task_id.¶
context_id: Identifies the conversation or session context (OPTIONAL). Used for multi-turn interactions.¶
payload: Message-specific content (REQUIRED). Structure depends on message type.¶
signature: Cryptographic signature envelope (REQUIRED).¶
routing: Routing information for multi-hop scenarios (OPTIONAL).¶
ATP supports three primary message types, each with distinct semantics and use cases.¶
The message type is used for asynchronous, fire-and-forget communication.¶
{
"from": "a1@example.com",
"to": "a2@example.com",
"timestamp": 1710000000,
"nonce": "msg-12345-abcde",
"type": "message",
"payload": {
"subject": "Hello from Agent A1",
"body": "This is an asynchronous message",
"attachments": [
{
"name": "data.json",
"content_type": "application/json",
"data": "base64-encoded-data"
}
],
"priority": "normal"
},
"signature": {}
}
¶
The request/response pattern supports synchronous RPC-style interactions.¶
{
"from": "client@example.com",
"to": "service@example.org",
"timestamp": 1710000000,
"nonce": "req-67890-fghij",
"type": "request",
"payload": {
"action": "get_weather",
"params": {
"location": "New York",
"units": "metric"
},
"timeout": 30,
"correlation_id": "corr-12345"
},
"signature": {}
}
¶
{
"from": "service@example.org",
"to": "client@example.com",
"timestamp": 1710000001,
"nonce": "resp-67890-klmno",
"type": "response",
"in_reply_to": "req-67890-fghij",
"payload": {
"status": "success",
"data": {
"temperature": 22,
"conditions": "sunny",
"humidity": 65
},
"correlation_id": "corr-12345"
},
"signature": {}
}
¶
The event type supports streaming and event-driven communication.¶
{
"from": "subscriber@example.com",
"to": "publisher@example.org",
"timestamp": 1710000000,
"nonce": "sub-11111-pqrst",
"type": "request",
"payload": {
"action": "subscribe",
"event_types": ["price_update", "news", "alert"],
"filter": {
"symbol": "AAPL",
"priority": ">=high"
},
"delivery_mode": "push",
"subscription_id": "sub-12345"
},
"signature": {}
}
¶
{
"from": "publisher@example.org",
"to": "subscriber@example.com",
"timestamp": 1710000010,
"nonce": "evt-22222-uvwxy",
"type": "event",
"payload": {
"event_type": "price_update",
"subscription_id": "sub-12345",
"data": {
"symbol": "AAPL",
"price": 150.25,
"timestamp": 1710000010,
"volume": 1000000
},
"sequence_number": 42
},
"signature": {}
}
¶
ATP supports multiple payload encoding formats.¶
JSON [RFC8259] is the RECOMMENDED encoding format.¶
Content-Type: application/atp+json¶
CBOR [RFC8949] is an OPTIONAL encoding format for bandwidth-constrained environments.¶
Content-Type: application/atp+cbor¶
ATP servers SHOULD enforce message size limits:¶
Asynchronous messages follow a store-and-forward model.¶
Sender Agent ATP Server A ATP Server B Recipient Agent
| | | |
|---[Submit]---->| | |
| | | |
| |---[Transfer]--->| |
| | | |
| | |----[Deliver]------>|
| | | |
In this model:¶
The Sender Agent submits a message to its local ATP Server A¶
ATP Server A performs policy enforcement (ATS/ATK validation) and transfers the message to ATP Server B¶
ATP Server B performs security checks and delivers the message to the Recipient Agent¶
Each hop (Submit/Transfer/Deliver) involves independent ATS/ATK validation for security enforcement.¶
ATP asynchronous messages provide store-and-forward delivery with the following semantics:¶
Servers SHOULD retry failed deliveries using exponential backoff:¶
Initial retry interval: 1 second¶
Maximum retry interval: 1 hour¶
Maximum retry duration: 48 hours¶
Maximum retry count: 10¶
After exhausting retries, servers MUST generate a bounce notification if the sender requested acknowledgment.¶
Synchronous request/response follows an RPC pattern.¶
All agent communication MUST go through their respective ATP servers. This design ensures proper routing, security filtering, and policy enforcement.¶
Client Agent ATP Server A ATP Server B Service Agent
| | | |
|---[Request]--->| | |
| | | |
| |---[Transfer]--->| |
| | | |
| | |---[Request]---->|
| | | |
| | |<--[Response]----|
| | | |
| |<--[Transfer]----| |
|<--[Response]---| | |
| | | |
In this model:¶
The Client Agent submits a request to its local ATP Server A via HTTP POST¶
ATP Server A performs policy enforcement (ATS/ATK validation) and transfers the request to ATP Server B¶
ATP Server B performs security checks and delivers the request to the Service Agent¶
The Service Agent processes the request and returns a response¶
The response flows back through the same path (Service Agent → ATP Server B → ATP Server A → Client Agent)¶
Each hop (Submit/Transfer/Deliver) involves independent ATS/ATK validation for security enforcement.¶
For multi-hop request/response interactions, the timeout MUST be converted to an absolute deadline for relay forwarding. The absolute deadline is computed as:¶
deadline = sender_timestamp + timeout¶
When a relay forwards a request:¶
Event/subscription follows a publish-subscribe pattern.¶
All event publications and subscriptions MUST go through ATP servers for proper routing and access control.¶
Publisher ATP Server A ATP Server B Subscriber
| | | |
|----[Event]--->| | |
| | | |
| |--[Transfer]-->| |
| | | |
| | |-----[Event]---->|
| | | |
| | |<--[Subscribe]---|
| | | |
| |<--[Transfer]--| |
|<-[Subscribe]--| | |
| | | |
The event/subscription flow consists of two phases:¶
Subscription Phase: The Subscriber initiates a subscription request to its local ATP Server, which transfers the request to the Publisher's ATP Server, which then delivers it to the Publisher. This establishes the subscription relationship across the server chain.¶
Event Notification Phase: When an event occurs, the Publisher sends the event to its local ATP Server (Server B), which transfers it across the Internet to the Subscriber's ATP Server (Server A), which then delivers the notification to the Subscriber.¶
This bidirectional flow ensures:¶
TTL: Subscriptions SHOULD include a ttl field (in seconds) in the subscribe request payload. If not specified, the default TTL is 3600 seconds (1 hour).¶
Renewal: Subscribers MUST renew subscriptions before TTL expiry by sending a new subscribe request with the same subscription_id.¶
Heartbeat: Publishing servers SHOULD send periodic heartbeat events (type: event, event_type: heartbeat) to subscribing servers. Note that heartbeat is a server-to-server mechanism, not agent-to-agent; it verifies the liveness of the subscription channel between ATP servers. Subscribing servers that do not receive a heartbeat within 2x the expected interval SHOULD re-subscribe.¶
Auto-expiry: Subscriptions that are not renewed within their TTL period are automatically expired. Publishers MUST stop sending events to expired subscriptions.¶
For push-mode event delivery, the publishing server sends events to the subscribing server's ATP message endpoint. The subscribing server's endpoint is discovered through the standard DNS SVCB discovery process using the subscriber's domain.¶
Future versions of this specification MAY define additional transport mechanisms for real-time event delivery, including:¶
These mechanisms are out of scope for the current version.¶
ATP is designed with security as a first-class requirement. This section analyzes the threat model and security considerations for each component of the protocol.¶
The threat model for ATP considers the following adversaries and attack vectors:¶
Network Adversaries: Passive or active attackers on the network path between agents and ATP servers, or between ATP servers. Capabilities may include:¶
Eavesdropping on unencrypted traffic¶
Man-in-the-middle (MitM) attacks to intercept or modify communications¶
Replay attacks using captured messages¶
Traffic analysis to infer communication patterns¶
Malicious Agents: Compromised or malicious agents that attempt to:¶
Send unauthorized messages on behalf of other agents (spoofing)¶
Flood servers with excessive requests (DoS)¶
Exploit protocol vulnerabilities to gain unauthorized access¶
Rogue ATP Servers: Compromised or malicious ATP servers that may:¶
Fail to enforce ATS/ATK policies¶
Leak sensitive message content¶
Drop or delay messages selectively¶
DNS Attackers: Adversaries that attempt to compromise DNS infrastructure:¶
Threat: Network adversaries attempting eavesdropping or MitM attacks.¶
Mitigation:¶
Certificate validation against trusted Certificate Authorities is mandatory¶
Cipher suites MUST provide forward secrecy (ECDHE key exchange)¶
Cipher suites SHOULD use authenticated encryption (AES-GCM, ChaCha20-Poly1305)¶
Residual Risk: Certificate authority compromise or mis-issuance. Deployments with high security requirements SHOULD implement certificate pinning or use DANE [RFC6698].¶
Threat: Malicious agents attempting to send messages on behalf of domains they do not control (spoofing).¶
Mitigation:¶
ATS records define authorized sending sources per domain¶
Policy directives include IP ranges, domains, and explicit deny rules¶
Each ATP server performs ATS validation on every incoming message¶
Failed ATS validation results in immediate rejection¶
Residual Risk: ATS record tampering via DNS attacks. Deployments SHOULD sign ATS records with DNSSEC [RFC4033].¶
Threat: Message tampering or forgery by network adversaries or malicious agents.¶
Mitigation:¶
ATK records publish cryptographic public keys for signature verification¶
All ATP messages MUST be cryptographically signed¶
Supported algorithms: Ed25519 (RECOMMENDED), RSA (3072+ bit for new keys), ECDSA (P-256+)¶
Signature covers all critical message fields (from, to, timestamp, nonce, type, payload)¶
Residual Risk: Key compromise. Domains MUST implement key rotation and maintain revocation procedures via the r flag in ATK records.¶
Threat: Message modification in transit, replay attacks.¶
Mitigation:¶
Cryptographic signatures cover canonicalized message content¶
Nonce prevents replay attacks¶
Timestamp enables expiration checking¶
Signature includes headers list to prevent header manipulation¶
Residual Risk: Long-term key compromise enables retroactive forgery. Future work may introduce forward-secure signature schemes.¶
Threat: Traffic analysis revealing communication patterns, relationships, or sensitive business information.¶
Exposure:¶
from and to fields are visible to ATP servers and network observers¶
timestamp reveals timing of communications¶
type indicates interaction pattern (message, request, response, event)¶
Mitigation:¶
Payload content SHOULD be encrypted end-to-end when confidentiality is required¶
Agents MAY use pseudonymous identifiers for sensitive communications¶
ATP servers SHOULD minimize metadata logging¶
Residual Risk: Metadata analysis remains possible. Applications with strong privacy requirements SHOULD implement additional obfuscation at the application layer.¶
Threat: Unauthorized access to message content by ATP servers or network adversaries.¶
Mitigation:¶
TLS encryption protects payload in transit between hops¶
Agents MAY encrypt payload content end-to-end using recipient's public key¶
CBOR encoding supports embedded encrypted content¶
Residual Risk: ATP servers must inspect messages for policy enforcement. Deployments handling sensitive data SHOULD implement server-side encryption with customer-managed keys.¶
Threat: Adversaries flooding ATP servers with excessive messages or connections.¶
Attack Vectors:¶
Message flooding to exhaust server storage or bandwidth¶
Connection exhaustion to deplete server connection pools¶
Computational DoS via expensive cryptographic operations¶
Mitigation:¶
Threat: Attackers providing fraudulent DNS responses to redirect ATP traffic.¶
Mitigation:¶
ATP servers SHOULD validate DNS responses using DNSSEC [RFC4033]¶
SVCB records SHOULD be cached with appropriate TTL¶
Multiple independent DNS resolvers SHOULD be consulted¶
Residual Risk: DNSSEC adoption is not universal. Applications requiring high assurance SHOULD implement additional verification.¶
Threat: Compromised ATP server leaking or modifying messages.¶
Mitigation:¶
Deployments SHOULD implement the following security practices:¶
DNSSEC: Sign all DNS zones containing ATS and ATK records¶
Key Rotation: Rotate ATK keys every 90 days minimum¶
Monitoring: Log and alert on ATS/ATK validation failures¶
Certificate Management: Monitor certificate expiration and implement automated renewal¶
Incident Response: Maintain procedures for key revocation and emergency policy updates¶
Defense in Depth: Implement multiple layers of security controls¶
Metadata Visibility: ATP does not hide communication metadata from ATP servers¶
DNS Trust: DNS security depends on DNSSEC adoption¶
Server Trust: ATP servers can observe unencrypted payload content¶
Key Management: Compromised keys enable message forgery until revocation¶
Future revisions of ATP may address these limitations through techniques such as onion routing, encrypted DNS, or decentralized trust models.¶
IANA is requested to register the following ALPN protocol identifier:¶
IANA is requested to register the following well-known URI:¶
IANA is requested to register the following media types:¶
IANA is requested to register the following service:¶
IANA is requested to register the following entries in the "Service Binding (SVCB) SvcParamKey" registry defined in [RFC9460]:¶
| SvcParamKey | Meaning | Format Reference | Change Controller |
|---|---|---|---|
| atp-capabilities | Comma-separated list of ATP protocol capabilities | Section 2.3 of this document | IETF |
| atp-auth | Comma-separated list of supported authentication mechanisms | Section 2.1 of this document | IETF |
The initial registered values for the atp-capabilities parameter are:¶
| Value | Description | Reference |
|---|---|---|
| message | Asynchronous messaging | Section 7.1 |
| request | Synchronous request/response | Section 7.2 |
| event | Event/subscription streaming | Section 7.3 |
Additional values may be registered via Specification Required [RFC8126] policy.¶
The initial registered values for the atp-auth parameter are:¶
| Value | Description | Reference |
|---|---|---|
| ats | ATS policy validation | Section 4.2 |
| atk | ATK signature verification | Section 4.3 |
| mtls | Mutual TLS authentication | Section 4.1 |
IANA is requested to create the "ATP Message Types" registry with the following initial values:¶
| Type | Description | Reference |
|---|---|---|
| message | Asynchronous message | Section 6.2.1 |
| request | Synchronous request | Section 6.2.2 |
| response | Synchronous response | Section 6.2.2 |
| event | Event notification | Section 6.2.3 |
New message types are registered via Specification Required [RFC8126] policy.¶
Client DNS Server
| | |
|---- SVCB Query --------->| |
| | |
|<----- SVCB Response -----| |
| _atp.example.com | |
| agent.example.com:7443| |
| | |
|---- A/AAAA Query ------->| |
| | |
|<------- IP Address ------| |
| 192.0.2.1 | |
| | |
|==========================|======================|
| |
|<-------------------TLS Handshake--------------->|
| |
|--- POST /.well-known/atp/v1/message ----------->|
| Content-Type: application/atp+json |
| { |
| "from": "a1@sender.com", |
| "to": "a2@example.com", |
| "type": "message", |
| "payload": {...}, |
| "signature": {...} |
| } |
| |
|<---------------------- 202 Accepted ------------|
| |
The request/response flow demonstrates synchronous RPC-style interaction between agents. The Client Agent connects to its local ATP Server (Server A), which enforces policy and transfers the request to the destination ATP Server (Server B), which delivers it to the Service Agent. The response follows the reverse path.¶
Client DNS ATP ATP Service
Agent | Server A Server B Agent
| | | | |
|-- SVCB Query --------| | | |
| | | | |
|<- SVCB Response -----| | | |
| _atp.service.org | | | |
| service.org:7443 | | | |
| | | | |
|-- A/AAAA Query ------> | | |
| | | | |
|<- IP Address --------- | | |
| 198.51.100.1 | | | |
| | | | |
|======================|====================|=============|=============|
| | | |
|<-------------TLS Handshake--------------->| | |
| | | |
|-- POST /.well-known/atp/v1/message ------>| | |
| Content-Type: application/atp+json | | |
| { | | |
| "from": "client@example.com", | | |
| "to": "service@service.org", | | |
| "timestamp": 1710000000, | | |
| "nonce": "req-67890-fghij", | | |
| "type": "request", | | |
| "payload": { | | |
| "action": "get_weather", | | |
| "params": {"location": "New York"} | | |
| }, | | |
| "signature": {...} | | |
| } | | |
| | | |
| |-[Transfer]->| |
| | | |
| | |-[Request]-->|
| | | |
| | |<-[Response]-|
| |<-[Transfer]-| |
| | | |
|<- 202 Accept/Response --------------------| | |
| { | | |
| "from": "service@service.org", | | |
| "to": "client@example.com", | | |
| "timestamp": 1710000002, | | |
| "nonce": "resp-67890-klmno", | | |
| "type": "response", | | |
| "in_reply_to": "req-67890-fghij", | | |
| "payload": { | | |
| "status": "success", | | |
| "data": {"temperature": 22} | | |
| }, | | |
| "signature": {...} | | |
| } | | |
| | | |
The event subscription flow demonstrates the publish-subscribe pattern with streaming notifications. The flow has two phases:¶
Phase 1 - Subscribe: The Subscriber sends a subscription request to its local ATP Server (Server A), which transfers it to the Publisher's ATP Server (Server B), which delivers it to the Publisher.¶
Phase 2 - Event Notification: When an event occurs, the Publisher sends the event to Server B, which transfers it to Server A, which delivers the notification to the Subscriber.¶
Subscriber DNS ATP ATP Publisher
Agent | Server A Server B Agent
| | | | |
|-- SVCB Query --------| | | |
| | | | |
|<- SVCB Response -----| | | |
| _atp.publisher.io | | | |
| publisher.io:7443 | | | |
| | | | |
|-- A/AAAA Query ------> | | |
| | | | |
|<- IP Address --------- | | |
| 203.0.113.1 | | | |
| | | | |
|======================|====================|=============|=============|
|<-------------TLS Handshake--------------->| | |
|============================ Subscribe Phase ==========================|
| | | |
|-- POST /.well-known/atp/v1/message ------>| | |
| Content-Type: application/atp+json | | |
| { | | |
| "from": "subscriber@example.com", | | |
| "to": "publisher@publisher.io", | | |
| "timestamp": 1710000000, | | |
| "nonce": "sub-11111-pqrst", | | |
| "type": "request", | | |
| "payload": { | | |
| "action": "subscribe", | | |
| "event_types": ["price_update"], | | |
| "subscription_id": "sub-12345" | | |
| }, | | |
| "signature": {...} | | |
| } | | |
| |-[Transfer]->| |
| | |-[Subscribe]>|
|<-- 202 Accepted --------------------------| | |
| | | |
|======================== Event Notification Phase =====================|
| | | |
| | |<---[Event]--|
| |<-[Transfer]-| |
|<--[Event Delivery]------------------------| | |
| { | | |
| "from": "publisher@publisher.io", | | |
| "to": "subscriber@example.com", | | |
| "timestamp": 1710000010, | | |
| "nonce": "evt-22222-uvwxy", | | |
| "type": "event", | | |
| "payload": { | | |
| "event_type": "price_update", | | |
| "subscription_id": "sub-12345", | | |
| "data": {"symbol": "AAPL", | | |
| "price": 150} | | |
| }, | | |
| "signature": {...} | | |
| } | | |