ANS, Agents & Consensus: HCS for verifiable AI Identity

Added: 2026-06-03

[00:00:11]So, thank you to everyone for joining today's Linux Foundation decentralized trust meetup. Just like all of Linux Foundation decentralized trust events, we run this under our code of conduct.

[00:00:21]If you're interested in finding out more about that, there's a link here on the screen. But basically, we just ask that everybody be respectful. We do welcome any comments, questions, suggestions that you have. So, if you're in our Zoom call, feel free to use the Zoom chat. If you're watching one of the live streams, feel free to leave questions there and I can bring them over to uh uh so the speakers can see that. And with that, I will hand over the u um call to our speakers today. We have Michael, Keith, and Connor speaking about ANS agents and consensus HS for verifiable AI identity.

[00:00:56]So with that, let me stop sharing and we're all set.

[00:01:04]>> Hey everyone. Uh it's a pleasure to be here uh and hosted by the uh Linux Foundation Decentralized Trust. Uh thank you David for the intro. We are going to get started here shortly. Um we're going to have a blast today. So before we kind of kick off, I know that we've got a bunch of people in the room. Uh please do me a big big big big favor. Uh if you are watching this on YouTube, please share the link to your friends. Uh let's bring as many people as we can into this room. Uh if you are joining us from Zoom and you have colleagues and friends who you would like to join to ask questions and join us for the Q&A uh later on for all things ANS, uh LFDT, HCS and so forth, please invite them with the Zoom link. We are looking forward to and we will have lots of time uh towards the end to do Q&A. Uh so if you're coming in you're listening like wow this is really cool I have so many questions and I I want to know more. Uh the Zoom link is is a great place to kind of go and do that. So please share out the link. Uh and yeah David thanks for dropping that comment. Um to kick off, I'm just going to jump in a little bit here and explain about uh HOLL uh and then I think we're going to have our friends from GoDaddy uh explain ANS and do a deep dive. Before we do any of that, I think the best thing that we can do is do a round of introductions, who's here with us today, and what we're going to talk about. Um so I'll start with myself. I'm uh Michael Caner, president of Hrol. I've been in software for uh going close to two decades now uh and opensource uh development I think for a really really long time. I've been through FinTech, Edex and whole suite of different companies uh before landing myself in the blockchain ecosystem uh about 10 years ago. uh what started out as an inkling of curiosity uh ended uh where we are today in building uh an open source standards consortium we know as HOL.

[00:03:23]Um so next I'd love to introduce Keith and then Connor.

[00:03:30]>> Hey everyone, I'm Keith Perry. Uh I work on the agent name service team at GoDaddy. um principal engineer there, been there 11 years. Um worked at a biotech company before that. Um really work on a lot of scaling um infrastructure and high performance services at GoDaddy um in a domain space and many other spaces over the years.

[00:03:57]But really glad to be here. Connor, >> I'm Connor Stanker. Uh I work at GoDaddy on the ANS project with Keith. Um I've been here I think about 15 years mostly in the domains and registar side uh with a focus on security. So happy to be here.

[00:04:20]>> Awesome. Thanks guys. So let me jump in here. I'm gonna actually share a short deck first on my side. Let me see if it lets me pull it up. Uh That was strange.

[00:05:10]Sweet. Um, so I'm just do a brief intro about HOL and the work that we do. Uh, so a little bit of us. Uh, we are a open-source standards consortium. We are actually composed of many, uh, retail facing organizations. Some of you may know, especially if you're chiming in from the header ecosystem like hashpack, bons of finance and centex, uh we work with uh prominent organizations to essentially build a new agentic future through open-source uh standards of creation. As of today, we've published over 20 of these standards known as HCS.

[00:05:52]Uh we uh recently moved our standards into Hyro under the uh Linux Foundation decentralized trust and we work on problems like AI agent tooling uh integration, interoperability, security and really we're kind of thinking about hey there's going to be a world soon where there's going to be hundreds of thousands maybe millions maybe billions of agents and we're wondering are we prepared for that? like uh we saw open claw, we saw the madness, the game of open claw and everyone got really excited and that was validation that the idea of AI agents exists. We could finally look and feel and we can touch and we can talk to this thing could do things for us. It can act as our assistant can send out emails um and more so it can create code and ship production applications. But then we also thought about the privacy and security issues. Uh immediately after open call, we saw all these issues around hey there's a bunch of open ports. People are hacking into these things. Is this actually safe? Is it actually secure? And while you know this is a really interesting point for us, we realized quite quickly like no we're not ready. We're not ready at all. And the moment that token and inference costs become cheap enough where we can run these agents from our laptops and our phones, uh, we're going to have something on our hands that we're not able to control. So at HOL, we're creating standards for a safe, secure, and scalable agentic internet. So we're not walking in blind. And this is work that encompasses blockchain because blockchain is really great for attestation, security and audits, but also the web 2 ecosystems uh because everything in this world really stands on standards like HTCP and DNS at its forefront. So through this uh HOL has an open contribution model uh where anybody can come in submit a standard and work with HOL to promote and bring awareness to this standard because at the end of the day we can't wait four years to get a standard out into production. The next open claw could be out in two to three months and we won't have the guardrails to protect against that. So we bring these ideas to standards very very fast.

[00:08:20]We iterate with you uh quickly uh bring them on the RAC CS uh and then we validate use cases by working with organizations and companies within our network uh to say hey this is a cool idea now what happens when it hits the market what happens when we bring it into an application and people actually start using this thing so it's an open model uh HOL's had a lot of momentum uh through this work so we've published again over 20 plus standards on direct CS today that are used by startups, enterprises, and medium-sized businesses. We've got uh and even this slide is outdated. Uh closer to 3,000 GitHub uh stars, and 400,000 package downloads across npm and Python. So, a lot of folks are using these standards today. And recently we announced a founding cohort of our HOL partner program with over 30 organizations including goday who have here today, XNCP, Horizon Scale, number of blockchain companies, a number of web 2 organizations who are all really interested on hey how do we create this safe interoperable future and through this partner program we ship and ideulate more standards to create that future. So if you're watching the stream and you're a company and organization and you'd like to be a part of that work, reach out. Uh if you are participating uh during kind, there's no cost or anything. Uh there's only just upside and being able to work with HOL to make those standards a reality.

[00:09:53]The area that we are focusing in with this uh cohort and probably the broader picture is we're not the only ones who are working on new standards. is actually tons and tons of organizations and companies that are uh aware of this problem. We'd be naive to say that folks aren't aware of it. Um and that also creates other systemic issues. Uh so essentially a fundamental towel of babble if you will where we have lots of cool standards being built like Google's Atoropics MCP and skill MD. You've got agency and Cisco creating a registry that is really enterprisefriendly. you have AGUI uh now we have ANS and then we have all these blockchain ecosystems on the other side things like ACP EOC 804 fetchi uh you have registries being built on Salana Hideera and so forth and these things can't talk to each other so what happens when we get to billions of agents and no one knows what a valid registry is no one knows where trust is and how to aggregate all that trust so that has created a world of fragmentation and this is going to sound weird but it's actually okay that there is all this fragmentation uh I think a lot of times in technology we hear the word fragmentation and we get worried like okay this is a big problem we need to solve this there has to be one way to do this one thing and the truth is that that's never how technology actually goes uh if you want to see an example of this just think about USB USBC and how long it took for us to get to a good place uh with something as simple as a cable that plugs into your computer and your phone. Um our belief is that there's going to be many ways for AI agents to communicate to each other and they're going to base they're going to communicate differently based on their circumstances. things like privacy regulators and and different verticals like if I'm talking to an AI agent that is giving me medical advice and I'm talking to another AI agent that is giving me financial advice they should talk to each other very differently right I don't think that uh those same rules apply to those kinds of conversations and you shouldn't either and when it comes to registration of these agents in different registries in different markets different verticals they're going to have to register differently Right? If I again like if I have a agent that gives medical advice, I should have a human overseer with a doctorate degree that can add a test to what that agent is actually doing. And that's really important, but the regulation hasn't gotten there yet. And it probably will over time as we run into these various issues. And we have to build for that in advance. We need to create standards around these areas so that when these things come and these agents are talking to each other, we reduce a lot of the risk of these issues that going to come with it. We also believe that with registries and discovery, there's going to be different forms of reputation, right? The way that we I can keep going on and on laring about this example, but the way that we look at reputation for an agent that gives medical advice versus an agent that gives financial advice is really different. Right? If my agent's giving me financial advice, I don't care if it's getting attested by somebody with a PhD. Really, I care if that agent has actually seen an ROI and some kind of portfolio and vice versa. So every registry will probably have to source different reputation signals and for consumers this is really important because you need great levels of transparency. That's part of the reason why I'm really happy and excited to see the work that ANS is doing here because they're sort of that passport to these different layers of reputation.

[00:13:49]And the last thing that I want to kind of feed you guys in before we pass off to uh the ANS crew here is one of the ways that HL is helping to bridge this gap is through a standard that we created called HCS14.

[00:14:05]HCS14 again is completely blockchain agnostic uh web two and web 3 agnostic.

[00:14:12]All it is is a simple string uh that kind of tells you just by looking at it where an agent is from, what registry it's from, what communication protocols it's using. So that if you put this string on a blockchain or if you put it on a DNS record, you know immediately it's like okay this agent is using A to A to talk it's on this registry. I can go in this registry. I can see uh who is attesting its data. I can see its reputation signals. But that gives me a really high level view of that basic information that I need about an agent.

[00:14:48]HS14 ships with two identification methods called uh did aid and did u and essentially the idea is if I'm sure a lot of you folks chiming in from the LFT side especially the trust over IP working groups and so forth and uh did Foundation are pretty well aware of what DIDs are. DIDs are great. Um, but the problem with DIDs is that most AI agents, let's say 99.9% of them don't have a DID yet. Um, and in that world, it's hard to identify an agent. So, they do have something like that as their credential. In the meantime, uh, UAE is kind of a compromise. It sits in that middle ground. And the way that EU aid works is we take publicly available data from an AI agent like its name, its ID inside of a registry, its communication protocol and then we hash that and we create a unique string and now with that string anyone can generate the same string by looking at the registry and pulling that same information. So to put it all together a U8 kind of looks like this. You have the ID as a prefix. Uh then you have the method name. Then you have the hash. And then you have the parameters. And the parameters are kind of like the really cool part of this because if you're looking at my screen, you can see oh protocol ATS10 native ID blah blah blah registry blah blah blah.

[00:16:12]So through this standard you can kind of immediately just by visually looking at it understand where an agent is and what communication protocol he uses. This is important for today's session uh where GoDaddy is going to do a much deeper dive because one of the standards that they shipped uh working with us is actually built on top of ACS14.

[00:16:36]So with that little intro, I think at this point I'll pass it over to Keefe.

[00:16:41]Uh Kee, if you want to jump in. Uh I think the audience would love to know more about ANS.

[00:16:51]Turn my screen here.

[00:16:59]All right. Thanks for that intro, Michael. Uh, all that work the HOL is doing is awesome.

[00:17:07]Um, you book a trip to Paris. Uh, your travel agent calls a pricing agent. How do you know that pricing agent is real and not draining your card into someone else's account? That's the problem that ANS solves. ANS is a passport for the open agentic internet.

[00:17:26]Uh at GoDaddy uh we run the infrastructure behind one of the world's largest domain registars. Um we have three decades of naming and identity and we recently joined the Linux foundations uh agent agentic AI foundation um with a bunch of other companies. HOL is in there as well. Um I'm in I'm in some of the working groups. Uh if you if you are as well, look me up on Discord or in the meetings. Um but we we know identity at Good Eddie. Um and we're extending that to AI agents.

[00:18:06]Um there really is no internet for agents yet. Um there's lots of standards out there as Michael was talking about earlier. Um agents today are kind of travelers with no papers or maybe many different types of papers. Um, and there's no real phone book. Uh, how how do you know which agent is legitimate?

[00:18:26]Um, there's no way to verify. Uh, if you just pick one and connect, uh, there's no way to know it's the real one. Um, and identity would solve that.

[00:18:40]Um, but identity isn't always enough, right?

[00:18:43]Even in the passport scenario, you know, if you go through customs, they'll identify you with your passport, but they're still going to search your bag, right? Um, in certain situations with payment, as Michael was alluding to as well, uh, trust requires more than identity.

[00:19:01]Um, the ANS is a standard foundation.

[00:19:04]Uh, the good a service is built on top of the standard and then we have a trust layer built on top of that.

[00:19:11]So what is ANS? Um it's kind of based on three primitives. Uh the X509. Uh so that's kind of the passport itself. The these certificates um and the transporter log which is the issuers register. Um type registration gets sealed in this appendon log. And and then we have this DNS anchor which is kind of the citizenship behind it. um these ANS records um users uh or agents can query and um discover uh on a domain that the registar already has verified.

[00:19:47]There's three pieces. One, verifiable identity.

[00:19:52]Um in the transparency log, um every registration or version bump or life cycle change is sealed in this dependently log. Um and there's no rewriting history here. Um GoDaddy's implementation use a merkel tree. Uh and then we also offer these uh skit conformant receipts. Each each registration emits this coast receipt.

[00:20:17]Um and then we have these ad testations that are sealed in every entry like on registration for example. Um and so the these are some examples of those attestations. Um but kind of the cool thing is that an agent can connect um or can look at the transparency log um and query it um and get the like the public search uh fingerprint for example before it actually connects. Um so it's pretty powerful. Um, >> for the for the nontechnical folks who are watching this, Keith, um, how would you explain this like for someone who has no idea how any of this stuff works?

[00:21:00]>> Uh, which part?

[00:21:03]>> Um, the transparency log like a really high level like why is skit important?

[00:21:07]Why are accessations important at the TPS level?

[00:21:12]>> So, it's kind of the idea of like a certificate authority. um where it it just keeps track of it's like an audible trail um an audit trail is what the way I would describe it. So there's and there's no way to rewrite it like we can't just throw it away. So it's it's it's you know kind of uses that you know in the blockchain scenario. Um that's kind of what a miracle Merkel tree is.

[00:21:40]I was just going to add that I I think it's the big draw there too is that it's all cryptographically provable too. So um you can be certain that you know nothing's been modified from the start to the end entry after entry. So independently verifiable.

[00:22:00]>> Exactly. So if I'm coming in and I'm looking at ANS and I'm looking at the agents I can know verifiably that this hasn't changed. It's the same that it was yesterday unless you know the actual person owns age and has updated the log in which case you would see that too.

[00:22:17]>> Awesome.

[00:22:18]>> Exactly.

[00:22:21]>> So we like to think think of it as a book that no one can rewrite um and clients are able to do this offline verification.

[00:22:31]So to register in ANS um you know this is kind of like the agent is applying for its passport. Uh what you bring is a domain you control um your agent code uh which is running behind that domain. Um and then any metadata um there's a lot of metadata that's optional but it's basically what you want your uh agent to be searchable by. um you know the functions the display name um that that kind of information um the RA then validates that you actually control the domain um and we return the DNS records for you to publish and then we construct this uh so in this example we're using the super aent.example.com example.com we construct this ANS name and this gets sealed in the transparency log and then what you get back is this identity um uh transparency log badge um and you know it'll have those attestations that we talked about before um and then for agent discoverability it's kind of twofold here uh we have the you're discoverable by DNS by those records that we gave you to publish and then also your discoverable by the registry itself. Um, so you can do a a get API request uh to get get those agents out of there and search. Um, and then we also provide this a uh you also get verifiable agent agent communication.

[00:24:02]Um, receivers can verify your sign request cryptographically as Connor was mentioning. Um, we like to think of it, you know, verify and connect. Don't connect and pray.

[00:24:17]Um, ANS is built on top of a stack of open standards. Um, just a little history here. Um, there was an IETF draft uh, one version one. Um, and that is not owned by GoDaddy. Um, and wasn't originally published by GoDaddy. Um, we don't have any authors on that. Um, we just thought it was such a good standard um that we decided to try to build the service on top of it.

[00:24:45]Um, and then Scott Courtourtney, our our VP, um, he contributed to version two.

[00:24:52]Um, so we learned a lot from version one and then they made a version two. Um, but there's a bunch of open standards that ANS is built on top of um, or that GoDaddy service is built on top of. Um, we hope that, uh, um, we thought it was such a good standard, we think everyone should should stand up their own instances. Um, and we have ways that help you do that. Uh, Conor will talk a little bit about. Um, but then on top of that, we built the agent integrity monitor, uh, which detects any drift, uh, after they've been attested to in the transparency log. Um so like let's say uh you know a agent would swap out their server that was not in the transparency log um it would catch that drift and then on top of that we have the search API um you know we realized early on you know as a as uh people were putting agents in we had a lot of consumers that want to get that data out um so we provided the search API which provides an easy way to do that and then uh there's some trust scores that we we're just starting with a couple pillars right now. Um, but uh the it's still early on, but uh we plan on expanding that a little bit more as we go on. Um, so ANS is standard here.

[00:26:14]>> Oh, go ahead.

[00:26:16]>> Yeah, I think that's so that's so cool.

[00:26:18]Just like the the history behind uh how GoDaddy decided to use ANS and build infrastructure around it. Usually what kind of happens with big companies and organizations is they're kind of like, "Oh, let me just make my own thing. You know, this thing wasn't good enough. Uh, we're just going to go and reinvent the wheel. We're going to do it again for the thousandth time and we're going to squeeze out some little percent of performance or some nomenclature or some XYZ vocabulary in here that everyone's going to be really excited about. It's going to be different, but usually it's not different. It's maybe a little bit uh the same thing. Maybe there's different uh words, but it's kind of the same implementation.

[00:27:02]And with GoDaddy and ANS, like, well, someone already came up with the standard. Somebody already did the hard thinking, they thought about the DNS side. Uh why would we go and remake it?

[00:27:14]Let's just build on top of that and let's iterate on top of that. I find that so fascinating.

[00:27:21]>> Yeah. Awesome.

[00:27:23]Yeah. So in this case you know a passport works because you know countries that have agreed upon this the shared standard and so you know open standards are at this at the base of AMS. Um GoDaddy issues the passport we're kind of like the passport office in this case as their service and then you know trust scores and uh the agent integrity monitor kind of like the visa on top.

[00:27:52]So why standardize on DNS? um you know how a passport works you know it because the world already agrees on the standard DNS is that agreement for the internet right it's something that's scalable uh it's been around for 30 years it's proven technology um there's one passport not a bunch of vendor silos uh clients can verify with the existing tools um and we're really pushing for uh an open internet. Uh we're hoping they're not there's not just a couple walled gardens. Uh you should too. Uh more competition is going to be better for customers and companies. Um agents then also become addressable just like websites. Uh uh so the same way you check a web server um you can follow that chain back to a domain that somebody already controls. Um and then there's that real cross vendor interop.

[00:28:50]um vendor A doesn't need to build a bunch of scaffolding um to talk to vendor B. Um in this case they just check each other's each other's passports right.

[00:29:01]Um so that's the passport open standard anchored in DNS available to any open source developer any registar uh small company anyone that wants to stand up their own instance.

[00:29:17]Conor's going to talk a little bit about how we're going to bridge the gap between web two and web 3. Thanks. Oh, before before we do that, I'm kind of curious what you guys do is sorry to keep larping on this, but >> if somebody's coming into and and they're watching this call and they have no idea what DNS is or SSL, like they're they're just they haven't ever learned about this stuff, how would you explain it to them?

[00:29:46]>> Um, DNS is just kind of the naming for the internet, um, is kind of the way I look at it. um at least in the web two world. Um can't think of a simpler way to explain it, Hunter.

[00:29:59]>> Yeah, man. I think you nailed it there.

[00:30:02]I mean, people are pretty bad at remembering numbers, which is how the internet actually works for routing. Um so, memorable names, you know, DNS, every domain name resolves through it.

[00:30:15]Um, and I think on the SSL side, um, you know, I think historically you've seen like locks on websites and, um, whatnot, but it's essentially just a way to secure, um, information going from your computer to a website. So, um, it's pretty much the backbone of, uh, internet security.

[00:30:41]>> Yeah, exactly. And because because DNS I love that explanation Keef could so simple that like anyone can understand because DNS is kind of like the naming convention for the internet then ANS is that natural progression. It's like okay this is how we did it for domain names.

[00:30:56]When you go to godaddy.com you have all these conventions for how you look up that record which to ordinary people when they're using their browser they're kind like okay yeah whatever. Um, but there are so many standards that are sitting between you and opening your browser and typing that record in. Like most people don't know that there are these things called IP addresses that connect and they're backed by a whole suite of systems between them. So it makes a lot of sense like hey this is the naming convention for the internet and ANS is that natural progression.

[00:31:27]Well now we're moving from the internet to the agenda internet. Sorry uh Connor you can go ahead.

[00:31:35]>> Awesome. Yeah. feel free to either of you hop in at any point if I gloss over something or get too technical. So, um I'm going to expand a little bit on the uh standards work that we've done so far. Um three of them specifically that I wanted to walk through. So, we have the IATF draft um which is uh the core um what an ANS registration actually is and it was co-authored with uh Cisco OASP and distributed apps.ai.

[00:32:04]Um and then this venue here um AIF and the Linux Foundation um essentially for cross vendor uh collaboration and then uh HS and HOL.

[00:32:20]Um, we have the ANS profile of HS14 and the HS27 draft. Um, which I'll get into a little bit more here in a minute, but they're essentially how anyone verifies a registration on chain without trusting uh, GoDaddy specifically.

[00:32:37]So, I can go to the next slide.

[00:32:41]So, HS14 uh, is the resolution standard given an agent identifier uh, which Michael briefly touched on earlier. Um it essentially tells you exactly how to go from the string to a verified endpoint.

[00:32:54]It's anchored in DNS um the same DNS like we were discussing that backs email uh certificates the web in general. Um there are two resolution modes direct where the endpoint and protocol are in the record and fetch where the record points to a protocol native manifest.

[00:33:17]Um, and then there's a few different verification tiers, uh, which clients can pick depending on the assurance level they need. Um, anywhere from just a DNS check to a full transparency log, uh, proof anchored on Hyera.

[00:33:32]Okay, so um, this is essentially what it looks like.

[00:33:39]We start with a a UID um, and we'll query the DNS for the ANS text record. Um this will land you on a verified um endpoint that was attested to when the agent was registered.

[00:33:53]Um and then optionally you can do a full transparency um proof where you verify the uh um inclusion proof from the transparency log which is essentially just a um a path of hashes to verify that nothing's changed from uh A to Z.

[00:34:15]So next slide.

[00:34:18]So here's a more concrete example. Um the identifier in this case is uh the first one. Um which has the agent ID and some attributes. Um the registry is ANS.

[00:34:30]Uh the software version of the agent and then the protocol. Um in this case it's A2A and then the native ID which is the fully qualified domain. Um and so you'll get the record back uh in step two from DNS. You query that ANS record um and that returns um the either the protocol native manifest or um just a direct connection endpoint. Um let's see was in here and then uh it in step three you just verify that the endpoint matches the fully qualified domain that you're expecting. Um and then four optionally uh you can query for the ANS badge record. Um that'll take you directly to the transparency log so you can validate that um all of the records match what was attested to at registration time.

[00:35:30]Um next slide.

[00:35:33]Okay. And then we have uh HS27 which is the anchoring layer. Um the transparency log on its own um you still essentially have to trust whoever's running it. Um and HS27 closes that gap.

[00:35:47]So the current state of the log um a fingerprint gets published as a type message on the Hyera consensus or on a uh Hideera consensus topic. Um these are all publicly available. they're ordered and network timestamped. Um, from there, anyone can prove a registration is in the log and that the log hasn't been rewritten or tampered with without calling us. Um, the footprint on Hyera is small uh on purpose. It's commitments only, not the full log entries. Um, essentially the minimal data set required to verify uh that an agent hasn't or an entry hasn't been changed.

[00:36:27]Next slide.

[00:36:31]So the log itself lives off the ledger.

[00:36:35]Um every registration version bump life cycle change thousands of entries. Uh through the Merkel construction all of it collapses to a single root hash. Um and that hash goes onto the on Hyera as an HS27 message with the tree size and any verifier pulls the entry off um off ledger the commitment from Hideera and then checks essentially just using math to verify that it hasn't been changed.

[00:37:03]If they line up the entry was in the log at the moment uh the commit was commitment was published.

[00:37:11]Go to the next. Yep. So, uh, why we brought this here? Um, I'm of the opinion that no great ideas are, um, formed in a vacuum. Specs get hardened by implementers other than the author.

[00:37:26]Um, and this is a community that already works on the primitives underneath ANS.

[00:37:31]Uh, decentralized identity, PKI, verifiable logs, um, you know, reviewing and public against real code on our side. Um, we ship the implementation alongside the spec. So, we have several different SDKs. Um, a reference implementation, which I'll go over uh in a little bit, and uh real fixtures to test against.

[00:37:56]Go. Next slide. Okay. So, um what's next? uh specifically around uh the Hideera uh consensus, we are going to be working on HS28.

[00:38:11]Um so in addition to actually let me take a step back there.

[00:38:15]So HS 14 finds an agent, HS27 anchors the log and HS27 covers what happens to registration over its lifetime. Um so a new version is shipped. uh old ones get deprecated, status changes, um issues with uh DNS records or any integrity findings.

[00:38:35]Um so a registration is a stream. It's not a single record. Um and same trust model as the HCS 27 um extended across time and we're currently uh working on drafting that.

[00:38:52]Next slide.

[00:38:54]Okay. So uh everything here is public.

[00:38:57]Um the IA IETF uh draft is on uh data tracker. Um we have a runnable reference implementation uh that has a full uh registration authority and a transparency log that you can just spin up and run on your machine. Um that's at github.com gods.

[00:39:18]>> Go ahead.

[00:39:18]>> It takes like four minutes to spin up or something like that. Is that right, Connor?

[00:39:22]Yeah, it's pretty quick. Um, it's fully functional. You can either run it, you know, against real DNS or you can run it uh um against a local DNS server. But it has the full life cycle, full support for um ANS issuing certificates, everything like that.

[00:39:41]Um let's see. And then we have the registry design docs. Uh that's under the ANS registry repo. Um and then we have three SDKs currently, one in Go, one in Java and one in REST. Uh these work against our implementation and also against the reference implementation.

[00:40:00]Um and then contributions are welcome.

[00:40:03]Um >> yes, please.

[00:40:05]>> We love feedback.

[00:40:09]>> Yeah, I think that was the really really great uh overview. Uh Connor and I think it goes without saying things like so many people are involved with ANS right it's this is not being built in a vacuum at all obviously number one you guys took the standard uh that was already built you had folks like OASP who had kind of helped design that standard took it off the shelf and then decided okay we're going to use this we're also going to make it better I know there's um there's a V2 draft that's being developed right now right and that's going through the IETF process process.

[00:40:43]Is that right?

[00:40:45]>> Yep. That was the link on that previous slide is to the V2 uh um ANS standard.

[00:40:53]Yeah, that I think that's that's so incredible because like uh for the folks who have been watching the news, uh you've got you've got this implementation ITF, you've got the inclusion with LFDT, I mean LF uh sorry, uh you do have these new standards and HCS, but also it's been a number of partnerships uh I've seen from Infolks to Cloudflare and other partners who are adopting and building on ANS at this point. So this is becoming a really big deal.

[00:41:22]And it's all open source. So like you said, you can just pull down the repo and in four minutes you have a working implementation.

[00:41:30]What happens you know under the hood for let's say somebody in this room wanted to run ANS? What are like some cool use cases that they might have for running their own version of it and how does that kind of tie into the broader ecosystem?

[00:41:48]>> You want to take that one?

[00:41:49]>> Yeah, sure. Um I mean I think kind of the cool thing is that you know even if you wanted to run a small you know ANS registry uh you could do that very quickly. Um uh the code is built I think well so you can adapt it uh with different adapters depending on how you want to hook it into your system whether it's storage or Merkel tree or um and so you could spin up quickly um add your agents register your agents and verify those agents and then um have those agents talk to each other right um that's kind of the I feel like in a lot of these talks that we have with people about ANS, there's not many people that are actually building agents. Um, so it's really powerful to see those agent agent communications and see it get actually get verified. Um, yeah, I would just encourage people to do that.

[00:42:52]>> Yeah. So what I'm hearing from like a key takeaway is like download and install ANS locally. Give it a shot and start testing it with your agents. And that is so true. It's so true across the board, too. It's like it kind of goes back to what I was saying at the start.

[00:43:09]We we're at this infancy with the agentic internet. We have an idea of what it's going to look like. We have registries popping up. We have communication protocols popping up. We have reputation and signals popping up. But we're not at the point yet where people are actually running agents. We have experimentation with Open Claw and Hermes and other kinds of agents. What we're still not sure is like what is this going to look like? And a big obstacle there is obviously the token and consumption cost for regular person to run these things.

[00:43:44]That's going to come down. We have lots of open models being developed. I am a big fan of things like liquid AI actually. uh they're working on models and we have no affiliation with them by the way but it is just really exciting to see uh companies like liquid AI running models you can actually run on your MacBook or your phone even they made a phone based model and eventually uh I could see a world where you've got agents on GoDaddy using these local models and connecting talking to each other and as you're testing these things the best way to get started would be to start downloading some of these ANS SDKs and playing around with it and registering and communicating with each other. I think also more broadly there is risks uh that everyone is kind of worried about when it comes to that world once we get to that point. Um what are some of the like risks and mitigations that you guys are looking at with ANS?

[00:44:43]Uh I mean with like right now uh agentto agent communication is you know fairly manual. Um so I think it's a perfect time to solidify the trust models because um I think the real challenge comes in when agents start uh making decisions on their own you know uh contacting another agent deciding who they're going to transact with um uh stuff like that. So I yeah I think that this is very important to get done correctly up front so that um as things start to um get more autonomy. Um >> yeah we kind of like to bring that >> yeah great points kind um like to bring that up to the group too. Uh just kind of curious what what everyone is doing per delegation right now. Um like when you hand off some a workload to another a a agent um what are you using a registry um are you manually picking agents you know at compile time um how are you delegating because I think more important it'll it'll become more important later as things get more autonomous as Connor was talking about.

[00:46:10]Yeah, that's a great question. Oh, guys, in the audience, if you want to chime in on that, I guess uh raise your hand uh and we could bring you up uh for Q&A or also if you have uh other questions that you'd love to uh get answered from folks at the GoDaddy here or myself.

[00:46:40]Uh, not hearing anyone yet. Um, yeah, if you guys have any questions, Q&A or comments on um ANS and just wider AI initiatives, we'd love to hear them. Uh, if you are in the if you're watching from the YouTube session, there is a Zoom link that is on the meetup and that's where you can kind of ask questions. I also think, uh, we've got David here. If you see any comments come through, uh, let us know and we can bring them in. I see on the YouTube video that uh the comments might actually be disabled.

[00:47:14]So, not totally sure if you guys will be able to come in here without Oh, we've got a hand.

[00:47:20]Let's see. Uh Tony, hey guys.

[00:47:25]Hey, I apologize. I was I was late hopping on. I didn't see the link until just a few minutes ago. But maybe someone can give me a one minute kind of elevator pitch of the overview of this of the exact solution and and how it can be used by builders.

[00:47:47]>> Um I think my elevator pitch is uh it's kind of it ans is a passport for the openic internet. um really focusing on identity um and with some trust built on top.

[00:48:08]>> Okay. And and so in practice, how can I use that? Let's say I'm building agents for small businesses. Is there a value proposition for me as a consultant?

[00:48:21]Yeah, I think uh if you've registered uh your agent in ANS or any ANS instance um you'd be able to have this uh agent to agent communication that could be uh verifiable.

[00:48:38]>> You know which >> like two a two passports can you know or two agents can basically exchange passports and they would know each other, right?

[00:48:50]Yeah, I think adding on top of that too as you know we move forward through this space I think uh being able to show um you know regardless of the underlying trust system that um everyone's using like just being able to programmatically um verify uh the integrity of any given agent will be very important. Um and I imagine over time it will start to drive more adoption. um you know agents people will start to flock towards uh you know agents that do have verifiable trust just like uh you know how we sort of saw with the internet as um SSLs really became mandated everywhere you know people feel more comfortable interacting with a website that um you know is encrypted end to end so >> 100% 100% yeah this is a very cool venture that you guys are doing I've been following the hol Well, guys and their and their infrastructure and keeping a beat on how important it is that there is accountability and replayability of of what actually happened. So, it sounds like that's what you guys are are providing uh under the GoDaddy banner. That that that's huge, I think.

[00:50:06]>> Yeah. I just want to reiterate that, you know, ANS as a standard is is open to everyone. GoDaddy doesn't own that. So, anyone can spin up their own instances.

[00:50:16]We hope a lot of people do.

[00:50:20]>> Awesome. Awesome. I'm going definitely going to check it out and see if I can use it.

[00:50:26]>> Yeah, take a look at the um open source uh reference implementation too. It's a fully working end to end instance of it too. So >> I think I saw a hand from uh Raphael earlier as well.

[00:50:45]Hey um sir I think you answered that uh I don't know if it was key that is uh the registration for ANS is open and so I was just I was going to ask about that like what's the process to uh create a registration um like an MX record NS and all I think that's a great question. Uh Connor, maybe you could take that one.

[00:51:20]>> Yeah. Just looking for like the the flow of what a standard registration looks like.

[00:51:28]>> Uh yep. For ANS if if it's the same like um I have the public IP and then map it to whatever name.

[00:51:39]>> Yeah. So uh >> Uhhuh. Yeah, it let's say you have an agent um and you have some DNS pointed towards it um you know let's say support agent.example.com example.com like we're using in our slides. Um you essentially will call an ANS service. Um so for instance like our Godaddy uh register endpoint um with some metadata about the agent um and you can either bring your own certificate um or we can issue one for you. Um, and along with that and some of the uh other information about the uh registration, you'll submit that and we'll return a set of DNS records for you to add to your um uh to your DNS zone. Um that'll include that ANS record that points to the actual endpoint and then um another record that goes to the ANS badge uh which will be the uh transparency log um information. And once that's done, um, you essentially just tell us that it's done. We'll validate the records and, um, then you can grab your certificates and that's pretty much it. Uh, we do have a CLI as well, um, that will make it a little bit easier for, uh, running through it the first time. And we have some other documentation on our developer site, but I think that's what Keith is showing here.

[00:53:05]>> Thanks. Yeah, I have Do you have I have the link? Oh, I see the link. Someone uh Kit posted the GitHub link. Is that the one where I can get the CLI?

[00:53:18]>> Yes.

[00:53:22]>> All right. Thank you. Thank you. And the coolest part because we're in the agenda era now and it's kind of taking off if you're using codeex or cloud code or copilot or anti-gravity you could probably just send them the GitHub to the uh ANS SDK and they'll be able to register themselves on ANS right by creating the same DNS records and so forth. Uh so it should be pretty pretty trivial for them to go and do that. Um, and I imagine at GoDaddy you guys are working on an expansive CLI to plug into DNS records inside the GoDaddy system too to make inentic interactions like updating DNS records so that it works with the ANS uh specification super easy. Is that right?

[00:54:13]>> Yeah. Yeah, for sure. Lots of uh moving parts right now.

[00:54:17]>> Interesting. Make it easy. How about for uh let's say a deployment an openclaw deployment. I've got a kind of a multi-tenant OpenClaw service I'm providing to to uh small businesses and I'm wondering how registration can um support kind of like e even just like the value proposition or the salailability of what I'm doing. It seems like it having agents registered on ANS would provide a layer of credibility, you know, to me as a as a consultant.

[00:54:53]Like is there a value proposition for openclaw deployments for registering on ANS?

[00:55:00]>> I don't know if I have a specific one for that. I do know that that's uh something we are looking into. I don't know if you have anything more to add to that, but just the open claw sort of integration.

[00:55:14]>> What do you think, Michael?

[00:55:17]>> Um, the way I see it, it's uh I don't see any reason why an open call agent couldn't register themselves on ANS, right? It's kind of the same thing. It's like if you can send your quad code a link to the SDK, you can send your open fly agent and see if it can register itself.

[00:55:35]>> Now, the tricky part is the permissions, right? Does it have permissions to access your DNS records and >> ensure that they're matching the specification for ANS?

[00:55:45]>> And I'm sure that the GoDaddy guys are working on that too, right?

[00:55:48]>> Um because that's kind of the world that we're stepping into is we're going to have all these agents and they're going to have to announce themselves. They're going to have owners and have domains associated with them.

[00:55:59]>> So, how do we create that authority? And some agents will live on our computers.

[00:56:04]they'll have access to our credentials already, you know, be kind of easy. But other agents like Open Claws will run on a digital ocean droplet or some server somewhere that they're paying $5 a month for to run their agent.

[00:56:16]>> And they'll need some kind of delegated permissions model so that they can still prove that they're owned by uh you know, myself or somebody else or Tony, right?

[00:56:28]So, so I mean is it that my open claw could register on ANS and then actually engage with the other agents kind of in a safe accountable environment? Is that the case? Like is this a marketplace for agents? Like could my agent just automatically start working with the agents that are listed here on this on this search page?

[00:56:56]Yeah, I mean I think possibly some of the agents out there uh you know there's different ways to off right and >> you know there's O N and O Z. So, um, assuming that they have you on an allow list. Um, yeah.

[00:57:12]>> Interesting. Interesting.

[00:57:17]>> Cool. I'm going to check it out. See what I can do.

[00:57:22]>> Awesome. I saw some new folks jump in uh to the Zoom room. Uh, we're doing Q&A right now, so if you guys have any questions, uh, please uh raise your hand. We'd love to answer. who got some really cool ones in so far. Um, and also just kind of brought in the discussion.

[00:57:39]What we've been talking about is ANS, uh, what ANS is and how the specifications work and also the really cool collaboration uh, with Ironate CS where now uh, you've got these standards that agents can go and verify themselves with. So, uh there's actually a really cool clip online of Connor here uh where he talks about uh being able to uh not just trust but also verify uh the authenticity. That's that's kind of the big thing with these standards is you have agents who are creating DNS records now and those DNS records get built inside of this larger ANS service and anyone could run an ANS service. Now how do we trust that ANS service and blockchain fits in really really nicely with this?

[00:58:33]Because now you can go in you can look at the blockchain records you can look at these Merkel roots. Those who are familiar with the blockchain space, Marco roots are just basically a mathematical uh creation, the actual composition of that data that anybody can go and create these same hashes. So if the hashes that you put on chain match the hashes that GoDaddy has in their ANS implementation, you know, it hasn't changed, which is really cool, right? Um, and that enables us to kind of go and take that next step and say, "Yes, I know that this AI agent is owned by XYZ business, right? Maybe this is a business that provides medical advice.

[00:59:16]Maybe this is a business that provides financial advice." And then, you know, I was like, "Okay, so they're going to help me go and make trades and execute those trades and things like that. How do I know they're credible?" Well, now I know the name of the business. I can go look them up. Now I can go and figure that out. And now because everyone else knows the name of the business and they can look them up, they can create trust scores around these things. So now I found out I was like, "Oh, this is a trading agent that Robin Hood owns. We know who Robin Hood is. They have a high trust score and they've executed really, really well." Or this is another agent that's from Jane Street. We know Jane Street does a whole bunch of leverage uh fund trading uh and they've done really really well on this specific vertical.

[00:59:55]So they have this specific trust score for that specific thing. Um and that's why I love like the you know the initial slide that ge was talking about where ANS is kind of that passport you need that foundational layer you can go and make these connections without that foundational layer and especially without that foundational layer being owned by structures that we know and trust then it becomes difficult and one of those structures that we don't talk about enough that's really cool is root certificates right uh and GoDaddy actually runs a root certificate um that we all depend on and root certificates kind of like blockchain. It all comes back together are owned by a consortium of different organizations.

[01:00:39]So you don't have one company that's saying hey trust our SSL trust our security and saying we've got all these companies that are saying that and we have to trust all of them collectively and with that natural progression from DNS and uh the it just makes a lot of sense technical perspective um so I think you know we're at the top of the hour here I'll probably wave my hand a little bit here uh if you guys have any more questions feel free to raise your hands otherwise will probably close out here in a minute or two. And in the meantime, I guess um Keith, any closing thoughts or well, Tony, >> one more question for for Connor. How did you guys start down this path, Connor? And how long have you guys been working on this inside GoDaddy?

[01:01:32]Um I think we started >> uh last um was it August? Is that when we started? I actually No, it would have been May of last year. The time has really flown here. It all kind of blends together.

[01:01:50]>> What was what was the impetus for it becoming a priority inside the company?

[01:01:56]Um I think just seeing uh AI in general uh grow so rapidly across the internet. um you know we >> we have a pretty good view into that just you know being the world's largest register we see um different use cases and you know how domains are being used and um and like Keith brought up uh originally you know we the core of our business is really centered around identity and um you know trust I don't know if you have anything else to add there Keith but Oh, I mean, yeah, that sums it up pretty good. Um, identity naming is kind of our thing, right? Um, >> but yeah, I I I think initially too, um, you know, kind of scams that get run today on the internet. Um, you know, it the original draft of ANS coming from a Wasp. Um, and you know, that's pretty powerful. So, um, we all want to protect our grandmothers and, you know, grand grandfathers from getting scammed on the internet. Um, so that's I know a big motivator, uh, Scott has as well, our VP. But >> awesome.

[01:03:17]>> And I just want to I I did want to say uh big big props to Michael um and HOL.

[01:03:24]Um, they've just been a great partner.

[01:03:29]Um, and I love the fact that we're, you know, we have this bridge that they built. Um, and we're just, you know, we're onboarding to the bridge. So, it's it's pretty awesome that we have this bridge from web two to web 3. I think there's going to be, you know, all kinds of bridges that are going to be needed in the future. Um, so awesome job building that initial bridge, Michael, and HOL team. and did want to say a big props to the ANS team at GoDaddy. Um, you know, it's not just Connor and I working on this thing. Uh, you know, we have a huge list of u developers and engineers and um people working on standards and um so just really appreciate everyone on on the team.

[01:04:20]>> Thanks, Keith. Yeah, we appreciate that a lot. It's I think the work that you guys are doing is probably some of the most important foundational work that we need for this new agentic internet. A lot of what we're seeing in AI is like let's go fast. Let's put these rockets in the moon and let's just make it happen. But the problem is that we are creating rockets and we're riding these rockets but we don't have any seat belts, right? It's kind of like just being in a rocket without a seat belt and we're just hoping and praying that we're going to land on the moon. uh which might might happen uh or we run into these loops, right? Sometimes the things that you kind of hear when you're talking to folks is like, "Hey, we're going to fix hallucinations to AI."

[01:05:02]Okay, how are you going to fix it? We're going to have another AI agent that's going to verify those hallucinations.

[01:05:08]Okay, who's going to verify that AI agent? And you, this kind of can keep spinning infinitely as you kind of see this cycle. Um and then you're like, wait, wait, wait, wait. Why don't we just step back for a second and like what if we just had trust built into the layers that we all know and understand?

[01:05:26]That's why at HOL um we find this so important to work on and kind of support on good ID side. It's kind of like there's a layer that's being built and through that layer through the foundations of DNS uh and SSL and things like OAS for those who don't know OAS is the open worldwide application security uh project. So the fact that this standard originally came from them which is an organization that literally uh is focused on security and creating secure foundations for the internet and then the fact that GoDaddy has gone and adopted that standard means a lot. This isn't something that was grown uh without kind of like thinking about all the implications that come with it. You can see that there's been a lot of trust factors in the security side that we've kind of like started integrating into this. And the best part is everyone in this room can now run their own ANS registry, try it off themselves. You can look for the issues and then you can raise those on the GitHub and you can come in and become a maintainer and through this work because it's all being done in the open. That is really different than Rails that we used to see on the internet. If you were to tell a company is like, "Oh, I'm going to go you should go and open source this thing and just put it out." um they would look at you like why would I open source my IP? Why would I do that? That's a terrible idea. Um, but with the Linux Foundation, there's a saying, and David, you could probably correct me if I'm wrong with how it said, but um, it goes along the lines something like there's by creating open-source software and putting out in the public is actually becomes a lot stronger than this private software uh, that is usually developed.

[01:07:18]Um so that's why it's such a big deal too is building it through these foundations and we're seeing more and more projects come into the Linux Foundation Linux Foundation uh decentralized trust with the same thought process like hey if we're going to ship something and it's going to be really important for the agendic we're going to do it right. Um and that's very different than just putting up the weights of an open source model. Um, it's actually this is how the thing works inside and out and anybody on the planet can now embed it and look for those issues collectively. Um, with that I think we're probably good to close out. Maybe uh Connor, anything that you want to say at the end here? Any closing thoughts or interesting things that you'd like to see from the community um before we head out of here?

[01:08:08]Um I just I think the big thing is just contributions and review. Um you know the more eyes that are on the uh problem at hand the better the solution will be.

[01:08:22]>> Absolutely. Um well I think we'll close out from here. Um David, anything that we need to do before we head out here?

[01:08:30]>> No, no. Thank you everyone for dialing in and thank you Yeah, Michael, Keith, and Connor. And no, this is great. Uh um we'll close out. The link to the recording will be the same link as the live stream and I'll also send an email out to everyone who registered for this with the details as well. So I think we're all set.

[01:08:50]>> All right. Thanks so much guys. It's been lovely uh being here with you. Uh and then I guess just have a great day.

[01:08:58]>> Great. Thanks all. Thanks all. Thanks for having us.

[01:09:01]>> Cheers.