References

Normative References

• [RFC 2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
• [RFC 8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, May 2017.
• [RFC 8615] Nottingham, M., "Well-Known Uniform Resource Identifiers (URIs)", RFC 8615, May 2019.

---

Informative References

• [RFC 3161] Adams, C., et al., "Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)", RFC 3161, August 2001.
• [RFC 7800] Jones, M., Bradley, J., and Tschofenig, H., "Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)", RFC 7800, April 2016.
• [RFC 9421] Backman, A., et al., "HTTP Message Signatures", RFC 9421, February 2024.
• [RFC 9457] Nottingham, M., Wilde, E., and S. Dalal, "Problem Details for HTTP APIs", RFC 9457, July 2023.
• Fisher, D. and McCormack, B., "Identity, Trust, and the Legal Foundations of Agentic Commerce", March 2026.
• Stripe and Tempo Labs, "Machine Payments Protocol", IETF Internet-Draft, 2026.
• OpenAI and Stripe, "Agentic Commerce Protocol", v2026-01-30.
• Google, "Universal Commerce Protocol", v1.0, January 2026.
• Google, "Agent Payments Protocol (AP2)", v0.1, September 2025.
• Google, "Agent-to-Agent Protocol (A2A)", v1.0, 2025. (Donated to Linux Foundation June 2025; v1.0 released subsequently.)
• Anthropic, "Model Context Protocol", spec version 2025-11-25.
• Visa, "Trusted Agent Protocol", 2025.
• Mastercard and Google, "Verifiable Intent", v0.1, March 2026.
• Cloudflare, "Web Bot Auth", draft-meunier-web-bot-auth-architecture, 2025.
• Coinbase and Cloudflare, "x402 Protocol", 2025.
• [EIP-712] Bloemen, R., Logvinov, L., and Evans, J., "Typed structured data hashing and signing", Ethereum Improvement Proposal 712.