DNS-published verifier policy
Publish your AI verification requirements in a single DNS TXT record. Any agent attempting to access your service can read the policy before connecting. The pattern works the way DMARC does for email and HSTS does for HTTPS — declaration first, enforcement after.
Why DNS
DNS has 40 years of universal infrastructure behind it. It's globally cached, authenticated by DNSSEC where deployed, and every operating environment can read TXT records without a new client. DMARC, SPF, DKIM, MTA-STS, HSTS, and TLSA all use the same pattern; we use it for AI.
The TXT record
# Required: trust level + enforcement mode _aii-policy.api.acmebank.example TXT "v=AIIP1; min_score=850; enforce=strict" # With richer scope _aii-policy.payments.acmebank.example TXT "v=AIIP1; min_tier=business_verified; min_score=900; enforce=strict; intent=required; report=mailto:ai-policy@acmebank.example" # Monitoring-only mode (audit before enforcement) _aii-policy.api.startup.example TXT "v=AIIP1; min_score=500; enforce=monitor; report=https://startup.example/aii-reports"
Tags
| Tag | Required | Meaning |
|---|---|---|
v=AIIP1 | Yes | Version. Pin to AIIP1 today. |
min_tier | No | Minimum AI Identity tier (issued | identity_verified | creator_verified | business_verified). |
min_score | No | Minimum Trust Score (0–1000). Either min_tier OR min_score is required. |
enforce | Yes | monitor | warn | strict. monitor = log only; warn = log + warn header in response; strict = refuse the connection. |
intent | No | required = the agent must present an Intent Declaration (see /spec/intent). optional (default) = accepted if present. |
scope | No | Comma-separated allow-list of action verbs the agent must include in its intent.scope.actions. |
max_age | No | Max age (seconds) of the Passport since issuance. Default 31536000 (one year). |
report | No | URL or mailto: where verification failures should be reported. Aggregated daily. |
Three-phase rollout
Same gradual-enforcement pattern DMARC uses. Move through the modes as confidence grows:
- monitor — Read every agent's Passport, log compliance, never refuse traffic. Use this to discover what AIs are hitting your API and whether they'd pass your intended policy.
- warn — Allow non-compliant agents but attach a warning header to the response. Lets the agent operator see the problem before it's a problem.
- strict — Refuse non-compliant agents with HTTP 401 and the structured failure code below.
Failure codes
HTTP/1.1 401 Unauthorized
WWW-Authenticate: AIIPolicy realm="api.acmebank.example", code="tier_too_low", required="business_verified", presented="identity_verified"
Content-Type: application/problem+json
{
"type": "https://www.aiidentity.org/spec/policy#tier_too_low",
"title": "AI Identity tier below required minimum",
"required": "business_verified",
"presented": "identity_verified",
"policy_url": "https://aiidentity.org/spec/policy"
}Roadmap
This is a v0.9 protocol addition. The DNS schema above is final; the SDK middleware (Express, Hono, Next.js, Cloudflare Workers) ships with v0.9.0. A reference enforcement gateway is roadmapped for v0.9.1.
Last updated: 2026-05-07 · v0.8.6.0 · All specifications