Every agent that transacts needs an accountable operator. Groundmark anchors operator accountability in the Domain Name System — the infrastructure already governing every corner of the internet.
Protocols like x402 have solved the payment mechanics for autonomous agents — an agent can hit an endpoint, receive an HTTP 402, pay in stablecoins, and get access. But these transactions carry no identity. There is no standard way for an agent to prove who operates it, what it is authorised to do, or whether its operator is accountable. As agent commerce scales, this gap becomes critical.
No accountable principal. No verifiable link between an autonomous agent and the organisation that deployed it.
No delegation record. No way for a relying party to know whether the agent is permitted to perform the action it is requesting.
No contextual attestation. Age-gating, licensing, jurisdiction compliance — none of this can be verified without a trust framework.
No revocation signal. If an agent is compromised or decommissioned, there is no standard mechanism to inform the ecosystem in real time.
Four levels of trust, from permissionless to regulatory-grade. Most agent transactions need nothing at all. A smaller set require verification proportional to what is at stake.
No attestation required. Domain ownership establishes the accountability chain. Agent pays and proceeds.
An identifiable operator controls this agent and has accepted accountability. They can be contacted; they can be held to account.
A specific verified fact: "over 21 = true." Not the underlying data — only the minimum the transaction requires.
KYC/AML, biometrics, professional licensing. Meets legal standards. The Identity Service Provider is subject to audit.
Every component of Groundmark either already exists or extends something that does. The contribution is recognising that DNS registration, subdomain delegation, RDAP, DNSSEC, and registrar verification — recombined — solve the agent identity problem that agentic commerce requires.
Groundmark anchors to the operator — the stable, accountable party behind the agent — not to the agent itself, which is a version-bound process that comes and goes. The operator's identity chains to a registered domain, verified through registrar processes and governed by ICANN policy. The semantics of the agent's string are irrelevant; only the verifiable chain of delegation matters.
TXT records on the agent subdomain serve as pointers to attestations held by trusted third parties. DNS tells you what claims exist and where to verify them — it does not try to be the claims database itself. This mirrors DNS's original design: it does not host your content, it locates it.
Identity Service Providers verify specific facts about an operator and disclose the methods they used — not just the conclusions they reached. The relying party, not the IDSP, makes the trust decision. This is the core architectural commitment of Groundmark: an IDSP attests to what it did, with method disclosure carried in every attestation, so that trust can be contextual rather than binary. Pluralism of specialised IDSPs is deliberate; no single party is authoritative for everything.
For human domain holders, the trajectory of WHOIS has been toward less information — privacy as default, disclosure as exception. Agents invert that incentive: an operator's value as a counterparty is proportional to the verifiable information it exposes. RDAP — the modern, RESTful, machine-readable replacement for WHOIS — is the natural channel. Publicity becomes the opt-in trust signal, structured and selective, on infrastructure already designed for it.
Per-subdomain TTLs as short as 60 seconds make every DNS lookup an implicit liveness check. A compromised or decommissioned agent is effectively dead within a minute of revocation — no additional revocation infrastructure required.
Identity, discovery, authorization, and payment for autonomous agents are being worked on by several groups in parallel. Each addresses a distinct part of an agent transaction — and they compose. Groundmark is the verifier layer: the open protocol for contextual attestations about operators, designed to sit alongside the rest of the stack rather than above or instead of it.
Groundmark is being built as a proper internet standard. Two working Internet-Drafts define the protocol — a core specifying DNS-anchored identity discovery and request authentication, and a companion specifying the attestation framework and Identity Service Provider profile. Positioned standards-track from day one, and designed to compose with adjacent work in the agentic commerce space.
Groundmark is being developed openly. If you are working on agentic protocols, identity infrastructure, registrar policy, or DNS standards, we welcome the conversation.
Reach us directly at hello@groundmark.org