A2E Protocol
Get Started

Core Concepts

The fundamental principles behind A2E Protocol.

Domain = Identity

A2E uses your domain as your identity. No accounts, no registration, no central authority.

  • You control the domain → you control the identity
  • HTTPS proves domain ownership (via TLS certificates)
  • Built on 30+ years of DNS/TLS infrastructure
acme-restaurant.com
        │
        ├── DNS: You own this domain
        ├── TLS: Certificate proves ownership
        └── A2E: /.well-known/entity-card.json declares your MCP

→ No signup. No API keys. Just DNS + HTTPS.

This is the same model used by email (SPF, DKIM, DMARC), SSL certificates, and decentralized identifiers (did:web). If you can serve a file on your domain, you can participate in A2E.

Trust Model

A2E implements a decentralized, domain-verified trust model:

Agent                          Entity
  │                               │
  │  GET /.well-known/entity-card.json    │
  │ ─────────────────────────────►│
  │                               │
  │  ◄─── HTTPS (TLS verified) ───│
  │                               │
  ▼                               │
Verify: entity.domain == host?    │
  │                               │
  ▼                               │
Trust established                 │

What the protocol guarantees

  • Domain ownership: Only the domain owner can serve /.well-known/entity-card.json
  • Transport security: HTTPS is mandatory for all endpoints
  • Domain matching: The entity.domain field MUST match the serving host

What the protocol does NOT guarantee

  • Entity legitimacy: A2E doesn't verify if "Acme Restaurant" is a real business
  • MCP authorization: The MCP endpoint verifies authorization, not A2E
  • Content accuracy: A2E doesn't validate that the declared capabilities are real

Additional trust mechanisms (domain age, reputation scoring, abuse reporting) are implementation details of indexes like A2E Index, not part of the protocol itself.

Decentralized by Design

A2E is intentionally decentralized. There is no central registry that entities must join.

Traditional directory:
  Entity ──register──► Central Registry ◄──query── Agent

A2E:
  Agent ──GET /.well-known/entity-card.json──► Entity (direct)

Why decentralized?

  • No gatekeeping: Anyone can participate by hosting a file
  • No single point of failure: No central server to go down
  • Scalable: Works for 10 entities or 10 million
  • Privacy-preserving: Entities control their own data

Role of indexes

Indexes like A2E Index are optional conveniences, not requirements. They crawl and aggregate A2E declarations to provide search and discovery, but agents can always query entities directly.

Think of it like the web: you don't need Google to visit a website, but it helps you find websites you don't know about.