Return-Path: <hello@1euroseo.com>
X-Original-To: web-bot-auth@mail2.ietf.org
Delivered-To: web-bot-auth@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1])
	by mail2.ietf.org (Postfix) with ESMTP id 87413FB7BC2D
	for <web-bot-auth@mail2.ietf.org>; Thu,  4 Jun 2026 23:18:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1;
	t=1780640285; bh=GTHlp606RrqiRWOs4icAsxwoSsYVFp/8QdkeQuPOl8I=;
	h=From:To:Subject:Date;
	b=df1pzDO/0ezC6wQETt9cFzBQb2e74ngU7KaODq7xO8luopnGxoo7SYaTN5RXccns+
	 vComeAmpqswMaNH+ACuYrJ0RB9JVsG5ir+9ZwVcxbZoSdqNUXbaBYvmI0jUP/yCfIy
	 bHjEzmn4ZzvdGR3FFtFTNqClDDG/sZkw6TRcdMi8=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level: 
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5
	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
	RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001,
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001,
	RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001,
	SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key)
	header.d=1euroseo.com
Received: from mail2.ietf.org ([166.84.6.31])
	by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id FmJB86xoDyHL for <web-bot-auth@mail2.ietf.org>;
	Thu,  4 Jun 2026 23:18:05 -0700 (PDT)
Received: from black.elm.relay.mailchannels.net
 (black.elm.relay.mailchannels.net [23.83.212.19])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256)
	(No client certificate requested)
	by mail2.ietf.org (Postfix) with ESMTPS id C9643FB7BC26
	for <web-bot-auth@ietf.org>; Thu,  4 Jun 2026 23:18:04 -0700 (PDT)
X-Sender-Id: hostingeremail|x-authuser|hello@1euroseo.com
Received: from relay.mailchannels.net (localhost [127.0.0.1])
	by relay.mailchannels.net (Postfix) with ESMTP id 6A201461EC9
	for <web-bot-auth@ietf.org>; Fri, 05 Jun 2026 06:17:57 +0000 (UTC)
Received: from de-fra-smtpout2.hostinger.io
 (trex-green-6.trex.outbound.svc.cluster.local [100.116.149.191])
	(Authenticated sender: hostingeremail)
	by relay.mailchannels.net (Postfix) with ESMTPA id AEFCD461522
	for <web-bot-auth@ietf.org>; Fri, 05 Jun 2026 06:17:56 +0000 (UTC)
X-Sender-Id: hostingeremail|x-authuser|hello@1euroseo.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: hostingeremail|x-authuser|hello@1euroseo.com
X-MailChannels-Auth-Id: hostingeremail
X-Shoe-Cold: 339f5b3e2e362701_1780640277266_3138456762
X-MC-Loop-Signature: 1780640277266:973166991
X-MC-Ingress-Time: 1780640277266
Received: from de-fra-smtpout2.hostinger.io (de-fra-smtpout2.hostinger.io
 [148.222.55.5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
	by 100.116.149.191 (trex/7.1.5);
	Fri, 05 Jun 2026 06:17:57 +0000
Received: from DESKTOP5U64HKU (unknown [212.104.180.72])
	(Authenticated sender: hello@1euroseo.com)
	by smtp.hostinger.com (smtp.hostinger.com) with ESMTPSA id 4gWrpB1Zysz3wgR
	for <web-bot-auth@ietf.org>; Fri,  5 Jun 2026 06:17:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1euroseo.com;
	s=hostingermail-a; t=1780640274;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type;
	bh=8mCysguK5I+ZiTuU4rwaHBf/kbnZqisn2AbkdiJychU=;
	b=nmZaP134kk98hbMrZ84bmUKZBMRDIkDNXW0wnAuHwGVtXc34rjt3Yvn2lnfqhz56EXcuCt
	uy0U1Vvv4t8Vxie4/9zNFUfHcnKsoqDh1oSpoctrGxByk26mofUYZ9f5uWXjUUt4wPoemw
	GZOnz5vjs0JMX8fcd9mdjyBTz+5NV0FVBU9vt6MHRs8Se6oFaqouu88fXpPyUhBbjf+TtH
	H/mbYsklgyoCDZV1Qob1imVjblqep2r4BKNd35MvHc4xwh3qimskyUixhXjdN09h7uN/Eb
	/o0WgkQS8hjUj800B2izNvIN2pjvTm2ox7TGZslJcKVj0mNDWZolvR1n9Qjw6g==
From: <hello@1euroseo.com>
To: <web-bot-auth@ietf.org>
Message-ID: <000a01dcf4b3$0c606700$25213500$@1euroseo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_000B_01DCF4C3.CFEBCF10"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: Adz0sgsLT5y5hYk0T8GxD8vmqIfHYA==
Content-Language: en-ie
Date: Fri,  5 Jun 2026 06:17:54 +0000 (UTC)
X-CM-Envelope: 
 MS4xfMMRy28fdVfx/9DY2+D8fY4L0NSJQl+GUn+wySb4FNgJ+YhG8r/RNDnwk/MZo6yWrRkDdf6xQzLKgPy0paX5E0fZflOXXT/9BGAquUKrd1hXgtyKAvTa
 9G8sXIteQmnX55K+MUUf6BaX70ZGNf9xWjQzhE325av64GL4TxuZNWzwLHEfr1bx0oOLxMSMbpucHw==
X-CM-Analysis: v=2.4 cv=etGNzZpX c=1 sm=1 tr=0 ts=6a226a12
 a=uiZDtdHB9/ZxIkrUC5n4sQ==:117 a=uiZDtdHB9/ZxIkrUC5n4sQ==:17
 a=DAwyPP_o2Byb1YXLmDAA:9 a=sgdMA9CmAAAA:8 a=NEAV23lmAAAA:8
 a=39EjZBMnVSjVRtSJlssA:9 a=QEXdDO2ut3YA:10 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8
 a=5hd6YaLqgEUOTpjc:21 a=gKO2Hq4RSVkA:10 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10
 a=frz4AuCg-hUA:10 a=xoenygJagHiBKFbFpmz6:22
X-AuthUser: hello@1euroseo.com
Message-ID-Hash: EUJ6ANC6524GGW73U7UBE7QLIYZJHL7P
X-Message-ID-Hash: EUJ6ANC6524GGW73U7UBE7QLIYZJHL7P
X-MailFrom: hello@1euroseo.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: =?utf-8?q?=5BWeb-bot-auth=5D_Proposal=3A_Domain_Root_Identity_Anchor_for_Ori?=
	=?utf-8?q?gin/Publisher_Metadata_Discovery?=
List-Id: Authentication of non-human users to human-oriented Web sites
 <web-bot-auth.ietf.org>
Archived-At: 
 <https://mailarchive.ietf.org/arch/msg/web-bot-auth/u5Ae0T0owgAo2HBPSnZSGQpiMMM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/web-bot-auth>
List-Help: <mailto:web-bot-auth-request@ietf.org?subject=help>
List-Owner: <mailto:web-bot-auth-owner@ietf.org>
List-Post: <mailto:web-bot-auth@ietf.org>
List-Subscribe: <mailto:web-bot-auth-join@ietf.org>
List-Unsubscribe: <mailto:web-bot-auth-leave@ietf.org>

This is a multipart message in MIME format.

------=_NextPart_000_000B_01DCF4C3.CFEBCF10
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello WebBotAuth WG,

I would like to bring a proposal to the group for discussion regarding a =
standardized mechanism for conveying Origin/Publisher identity and =
metadata to automated clients using an existing, widely used identifier: =
the domain root.

Today, automated clients (including crawlers, AI agents, and retrieval =
systems) lack a deterministic, machine=E2=80=91readable way to discover =
the canonical identity of the Origin/Publisher behind a domain. Existing =
mechanisms such as robots.txt and llms.txt provide policy and =
content=E2=80=91level signals, but they do not establish a verifiable =
identity reference that bots can rely on for provenance, trust, or =
Origin/Publisher information.

The mechanism I am proposing defines a domain=E2=80=91root =
=E2=80=9CIdentity Anchor=E2=80=9D =E2=80=94 a machine=E2=80=91readable =
JSON/JSON=E2=80=91LD document discoverable via predictable endpoints and =
referenced from existing well=E2=80=91known files. This Anchor provides =
Origin/Publisher identity, organizational metadata, and optional =
cryptographic material, forming a stable identity layer that automated =
clients can use when interacting with a site. It also acts as a =
deterministic root=E2=80=91of=E2=80=91trust reference for verifying the =
provenance of site=E2=80=91level policies.

Key points:

=E2=80=A2 The Anchor is a discovery mechanism in v1, but its structure =
allows inclusion of a public key or link to a verifiable credential in =
future revisions.
=E2=80=A2 The mechanism is unidirectional in v1 (site =E2=86=92 bot), =
but is designed to support a bidirectional authentication loop where =
bots can bind their requests to the Origin/Publisher identity they have =
discovered.
=E2=80=A2 The Anchor can be complemented by an HTTP response header =
(e.g., =E2=80=9CBot=E2=80=91Operator=E2=80=91Identity=E2=80=9D or =
=E2=80=9COrigin=E2=80=91Identity=E2=80=91Anchor=E2=80=9D) for =
environments where header=E2=80=91level signaling is preferred.

Reference implementation:
https://1euroseo.com/llms.txt=20
https://1euroseo.com/identity.jsonld

Draft specification (WICG Issue #295):
https://github.com/marin-popov/semantic-anchor

I believe this aligns with the WG deliverable to define mechanisms for =
conveying additional information about a requesting bot using =
domain=E2=80=91based identifiers, and I would appreciate feedback from =
the group on whether this work is appropriate for further discussion or =
development within WebBotAuth.

Best regards,
Marin


------=_NextPart_000_000B_01DCF4C3.CFEBCF10
Content-Type: text/html;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40"><head><meta =
http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8"><meta =
name=3DGenerator content=3D"Microsoft Word 15 (filtered =
medium)"><style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0cm;
	font-size:12.0pt;
	font-family:"Calibri",sans-serif;
	mso-ligatures:standardcontextual;
	mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
span.EmailStyle17
	{mso-style-type:personal-compose;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	mso-fareast-language:EN-US;}
@page WordSection1
	{size:612.0pt 792.0pt;
	margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]--></head><body lang=3DEN-IE =
link=3D"#0563C1" vlink=3D"#954F72" style=3D'word-wrap:break-word'><div =
class=3DWordSection1><p class=3DMsoNormal>Hello WebBotAuth =
WG,<o:p></o:p></p><p class=3DMsoNormal>I would like to bring a proposal =
to the group for discussion regarding a standardized mechanism for =
conveying Origin/Publisher identity and metadata to automated clients =
using an existing, widely used identifier: the domain =
root.<o:p></o:p></p><p class=3DMsoNormal>Today, automated clients =
(including crawlers, AI agents, and retrieval systems) lack a =
deterministic, machine=E2=80=91readable way to discover the canonical =
identity of the Origin/Publisher behind a domain. Existing mechanisms =
such as robots.txt and llms.txt provide policy and content=E2=80=91level =
signals, but they do not establish a verifiable identity reference that =
bots can rely on for provenance, trust, or Origin/Publisher =
information.<o:p></o:p></p><p class=3DMsoNormal>The mechanism I am =
proposing defines a domain=E2=80=91root =E2=80=9CIdentity =
Anchor=E2=80=9D =E2=80=94 a machine=E2=80=91readable =
JSON/JSON=E2=80=91LD document discoverable via predictable endpoints and =
referenced from existing well=E2=80=91known files. This Anchor provides =
Origin/Publisher identity, organizational metadata, and optional =
cryptographic material, forming a stable identity layer that automated =
clients can use when interacting with a site. It also acts as a =
deterministic <b>root=E2=80=91of=E2=80=91trust reference</b> for =
verifying the provenance of site=E2=80=91level =
policies.<o:p></o:p></p><p class=3DMsoNormal><b>Key =
points:</b><o:p></o:p></p><p class=3DMsoNormal>=E2=80=A2 The Anchor is a =
discovery mechanism in v1, but its structure allows inclusion of a =
public key or link to a verifiable credential in future =
revisions.<br>=E2=80=A2 The mechanism is unidirectional in v1 (site =
=E2=86=92 bot), but is designed to support a bidirectional =
authentication loop where bots can bind their requests to the =
Origin/Publisher identity they have discovered.<br>=E2=80=A2 The Anchor =
can be complemented by an HTTP response header (e.g., =
=E2=80=9CBot=E2=80=91Operator=E2=80=91Identity=E2=80=9D or =
=E2=80=9COrigin=E2=80=91Identity=E2=80=91Anchor=E2=80=9D) for =
environments where header=E2=80=91level signaling is =
preferred.<o:p></o:p></p><p class=3DMsoNormal>Reference =
implementation:<br><a =
href=3D"https://1euroseo.com/llms.txt">https://1euroseo.com/llms.txt</a> =
<br><a =
href=3D"https://1euroseo.com/identity.jsonld">https://1euroseo.com/identi=
ty.jsonld</a><o:p></o:p></p><p class=3DMsoNormal>Draft specification =
(WICG Issue #295):<br><a =
href=3D"https://github.com/marin-popov/semantic-anchor">https://github.co=
m/marin-popov/semantic-anchor</a><o:p></o:p></p><p class=3DMsoNormal>I =
believe this aligns with the WG deliverable to define mechanisms for =
conveying additional information about a requesting bot using =
domain=E2=80=91based identifiers, and I would appreciate feedback from =
the group on whether this work is appropriate for further discussion or =
development within WebBotAuth.<o:p></o:p></p><p class=3DMsoNormal>Best =
regards,<br>Marin<o:p></o:p></p></div></body></html>
------=_NextPart_000_000B_01DCF4C3.CFEBCF10--

