[Web-bot-auth] Proposal: Domain Root Identity Anchor for Origin/Publisher Metadata Discovery
hello@1euroseo.com Fri, 05 June 2026 06:18 UTC
Return-Path: <hello@1euroseo.com>
X-Original-To: web-bot-auth@mail2.ietf.org
Delivered-To: web-bot-auth@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 87413FB7BC2D for <web-bot-auth@mail2.ietf.org>; Thu, 4 Jun 2026 23:18:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1780640285; bh=GTHlp606RrqiRWOs4icAsxwoSsYVFp/8QdkeQuPOl8I=; h=From:To:Subject:Date; b=df1pzDO/0ezC6wQETt9cFzBQb2e74ngU7KaODq7xO8luopnGxoo7SYaTN5RXccns+ vComeAmpqswMaNH+ACuYrJ0RB9JVsG5ir+9ZwVcxbZoSdqNUXbaBYvmI0jUP/yCfIy bHjEzmn4ZzvdGR3FFtFTNqClDDG/sZkw6TRcdMi8=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=1euroseo.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FmJB86xoDyHL for <web-bot-auth@mail2.ietf.org>; Thu, 4 Jun 2026 23:18:05 -0700 (PDT)
Received: from black.elm.relay.mailchannels.net (black.elm.relay.mailchannels.net [23.83.212.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id C9643FB7BC26 for <web-bot-auth@ietf.org>; Thu, 4 Jun 2026 23:18:04 -0700 (PDT)
X-Sender-Id: hostingeremail|x-authuser|hello@1euroseo.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 6A201461EC9 for <web-bot-auth@ietf.org>; Fri, 05 Jun 2026 06:17:57 +0000 (UTC)
Received: from de-fra-smtpout2.hostinger.io (trex-green-6.trex.outbound.svc.cluster.local [100.116.149.191]) (Authenticated sender: hostingeremail) by relay.mailchannels.net (Postfix) with ESMTPA id AEFCD461522 for <web-bot-auth@ietf.org>; Fri, 05 Jun 2026 06:17:56 +0000 (UTC)
X-Sender-Id: hostingeremail|x-authuser|hello@1euroseo.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: hostingeremail|x-authuser|hello@1euroseo.com
X-MailChannels-Auth-Id: hostingeremail
X-Shoe-Cold: 339f5b3e2e362701_1780640277266_3138456762
X-MC-Loop-Signature: 1780640277266:973166991
X-MC-Ingress-Time: 1780640277266
Received: from de-fra-smtpout2.hostinger.io (de-fra-smtpout2.hostinger.io [148.222.55.5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.116.149.191 (trex/7.1.5); Fri, 05 Jun 2026 06:17:57 +0000
Received: from DESKTOP5U64HKU (unknown [212.104.180.72]) (Authenticated sender: hello@1euroseo.com) by smtp.hostinger.com (smtp.hostinger.com) with ESMTPSA id 4gWrpB1Zysz3wgR for <web-bot-auth@ietf.org>; Fri, 5 Jun 2026 06:17:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1euroseo.com; s=hostingermail-a; t=1780640274; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=8mCysguK5I+ZiTuU4rwaHBf/kbnZqisn2AbkdiJychU=; b=nmZaP134kk98hbMrZ84bmUKZBMRDIkDNXW0wnAuHwGVtXc34rjt3Yvn2lnfqhz56EXcuCt uy0U1Vvv4t8Vxie4/9zNFUfHcnKsoqDh1oSpoctrGxByk26mofUYZ9f5uWXjUUt4wPoemw GZOnz5vjs0JMX8fcd9mdjyBTz+5NV0FVBU9vt6MHRs8Se6oFaqouu88fXpPyUhBbjf+TtH H/mbYsklgyoCDZV1Qob1imVjblqep2r4BKNd35MvHc4xwh3qimskyUixhXjdN09h7uN/Eb /o0WgkQS8hjUj800B2izNvIN2pjvTm2ox7TGZslJcKVj0mNDWZolvR1n9Qjw6g==
From: hello@1euroseo.com
To: web-bot-auth@ietf.org
Message-ID: <000a01dcf4b3$0c606700$25213500$@1euroseo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_000B_01DCF4C3.CFEBCF10"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: Adz0sgsLT5y5hYk0T8GxD8vmqIfHYA==
Content-Language: en-ie
Date: Fri, 05 Jun 2026 06:17:54 +0000
X-CM-Envelope: MS4xfMMRy28fdVfx/9DY2+D8fY4L0NSJQl+GUn+wySb4FNgJ+YhG8r/RNDnwk/MZo6yWrRkDdf6xQzLKgPy0paX5E0fZflOXXT/9BGAquUKrd1hXgtyKAvTa 9G8sXIteQmnX55K+MUUf6BaX70ZGNf9xWjQzhE325av64GL4TxuZNWzwLHEfr1bx0oOLxMSMbpucHw==
X-CM-Analysis: v=2.4 cv=etGNzZpX c=1 sm=1 tr=0 ts=6a226a12 a=uiZDtdHB9/ZxIkrUC5n4sQ==:117 a=uiZDtdHB9/ZxIkrUC5n4sQ==:17 a=DAwyPP_o2Byb1YXLmDAA:9 a=sgdMA9CmAAAA:8 a=NEAV23lmAAAA:8 a=39EjZBMnVSjVRtSJlssA:9 a=QEXdDO2ut3YA:10 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=5hd6YaLqgEUOTpjc:21 a=gKO2Hq4RSVkA:10 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=frz4AuCg-hUA:10 a=xoenygJagHiBKFbFpmz6:22
X-AuthUser: hello@1euroseo.com
Message-ID-Hash: EUJ6ANC6524GGW73U7UBE7QLIYZJHL7P
X-Message-ID-Hash: EUJ6ANC6524GGW73U7UBE7QLIYZJHL7P
X-MailFrom: hello@1euroseo.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Web-bot-auth] Proposal: Domain Root Identity Anchor for Origin/Publisher Metadata Discovery
List-Id: Authentication of non-human users to human-oriented Web sites <web-bot-auth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/web-bot-auth/u5Ae0T0owgAo2HBPSnZSGQpiMMM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/web-bot-auth>
List-Help: <mailto:web-bot-auth-request@ietf.org?subject=help>
List-Owner: <mailto:web-bot-auth-owner@ietf.org>
List-Post: <mailto:web-bot-auth@ietf.org>
List-Subscribe: <mailto:web-bot-auth-join@ietf.org>
List-Unsubscribe: <mailto:web-bot-auth-leave@ietf.org>
Hello WebBotAuth WG, I would like to bring a proposal to the group for discussion regarding a standardized mechanism for conveying Origin/Publisher identity and metadata to automated clients using an existing, widely used identifier: the domain root. Today, automated clients (including crawlers, AI agents, and retrieval systems) lack a deterministic, machine‑readable way to discover the canonical identity of the Origin/Publisher behind a domain. Existing mechanisms such as robots.txt and llms.txt provide policy and content‑level signals, but they do not establish a verifiable identity reference that bots can rely on for provenance, trust, or Origin/Publisher information. The mechanism I am proposing defines a domain‑root “Identity Anchor” — a machine‑readable JSON/JSON‑LD document discoverable via predictable endpoints and referenced from existing well‑known files. This Anchor provides Origin/Publisher identity, organizational metadata, and optional cryptographic material, forming a stable identity layer that automated clients can use when interacting with a site. It also acts as a deterministic root‑of‑trust reference for verifying the provenance of site‑level policies. Key points: • The Anchor is a discovery mechanism in v1, but its structure allows inclusion of a public key or link to a verifiable credential in future revisions. • The mechanism is unidirectional in v1 (site → bot), but is designed to support a bidirectional authentication loop where bots can bind their requests to the Origin/Publisher identity they have discovered. • The Anchor can be complemented by an HTTP response header (e.g., “Bot‑Operator‑Identity” or “Origin‑Identity‑Anchor”) for environments where header‑level signaling is preferred. Reference implementation: https://1euroseo.com/llms.txt https://1euroseo.com/identity.jsonld Draft specification (WICG Issue #295): https://github.com/marin-popov/semantic-anchor I believe this aligns with the WG deliverable to define mechanisms for conveying additional information about a requesting bot using domain‑based identifiers, and I would appreciate feedback from the group on whether this work is appropriate for further discussion or development within WebBotAuth. Best regards, Marin