Establishing OSSA in the Federal Record
The timing is incredibly fortuitous. Just as the Open Standard for Software Agents (OSSA) ecosystem continues to mature—with robust specifications for agent contracts and early implementations of federated discovery—the National Institute of Standards and Technology (NIST) released its Request for Information (RFI) regarding AI Agents and collaborative agent networks (CAISI: Collaborative AI Systems Integration).
Today, we are proud to announce that we have formally submitted a comprehensive comment to the NIST RFI (Docket NIST-2025-0035).
This submission is a critical milestone. It establishes OSSA as a named, formal stakeholder in the federal record. As government guidelines inevitably evolve into procurement language, ensuring that the principles of open, verifiable, and secure agent communication are recognized is paramount.
What NIST Asked, and How OSSA Answers
NIST’s detailed questions align perfectly with the core thesis of OSSA. They recognize that connecting agents is more than just establishing a socket—it requires establishing trust.
Our submission focused on three primary domains:
1. Verifiable Identity (The GAID)
NIST correctly identified the risks of agent impersonation and unauthorized delegation. Our response detailed the Global Agent Identifier (GAID), demonstrating how a W3C DID-compliant uniform resource name anchors an agent's identity to a verifiable registry, allowing organizations to authenticate origins before authorizing any action.
2. Pre-Authorization & Zero-Trust (Cedar Policy)
The RFI highlighted the severe risks inherent in dynamic tool execution. We illustrated OSSA's approach to embedding Cedar policies directly within the agent manifest. By evaluating these Attribute-Based Access Control (ABAC) policies at the transport layer, OSSA enforces zero-trust before an LLM ever receives the context or attempts to execute a tool.
3. Federated Discovery (UADP)
Finally, we addressed the challenges of scale and visibility. How do agents find each other across organizational boundaries securely? We presented the Universal Agent Discovery Protocol (UADP), outlining how DNS TXT records, SRV endpoints, and .well-known discovery document formats provide a decentralized, robust architecture for agent discovery that doesn't rely on centralized, proprietary registries.
Read the Full Response
We believe transparency is key to building trust in multi-agent systems. You can read our detailed breakdown of how OSSA addresses specific NIST RFI controls and concerns on our dedicated NIST Response Page.
Thank you to the entire community—those contributing schemas, building adapters, and deploying compliant agents—for providing the empirical data and momentum that made this submission possible.