An example scenario illustrating how ACK-ID verifies an agent’s identity and ownership.
This use case illustrates how ACK-ID enables one agent to securely verify the identity and legitimate ownership of another agent, specifically ensuring it is operated by a recognized, regulated financial institution, before engaging in potentially sensitive interactions.
This example focuses solely on the identity verification aspect, independent of any subsequent payment flows.
A corporate treasury management agent (“CorpTreasury Agent”), operated by Acme Corp, needs to obtain real-time foreign exchange (FX) quotes. Acme Corp’s policy mandates that its treasury agent interact only with FX services provided by known, regulated financial institutions to ensure compliance and reduce counterparty risk. The CorpTreasury Agent discovers (or is pre-configured to communicate with) an FX service agent claiming to be operated by “BankTrust,” a known regulated bank.
did:web:banktrust.com
).did:web:fx.banktrust.com
).did:web:fx.banktrust.com
is operated by did:web:banktrust.com
and is authorized to provide FX quoting services.did:web:banktrust.com
is on this list.did:web
domain and Trust List status for known entities).did:web:fx.banktrust.com
.did:web:fx.banktrust.com
) and relevant VCs (including the Ownership & Authorization VC).did:web:banktrust.com
) and asserts control over the Agent DID (did:web:fx.banktrust.com
).did:web:banktrust.com
). This confirms it’s associated with the expected banktrust.com
domain via the did:web
method (relying on HTTPS security). If the DID cannot be resolved or links to an unexpected domain, the interaction is rejected. Note that other non-web DID methods would require different mechanics for resolving identity.Imagine a rogue agent attempting to impersonate BankTrust’s FX service. It might present an Agent DID such as did:web:fx.banktrust.com.rogue.net
. When the CorpTreasury Agent resolves this DID and verifies the presented VCs, it would find:
did:web:banktrust.com
Owner DID (signature verification fails).did:web:banktrust.com.rogue.net
) would not be on CorpTreasury’s Trust List.In either case, the verification fails, and the CorpTreasury Agent rejects the interaction, preventing engagement with the untrusted agent.
While this example focuses on verifying ownership and regulatory status, future enhancements to the ecosystem could involve additional VC-based checks.
For example, before interacting, the CorpTreasury Agent might also request VCs attesting to the BankTrust FX Agent’s reputation or performance metrics (e.g., average quote accuracy, transaction success rate, uptime), issued by trusted monitoring services.
This would allow the CorpTreasury Agent not only to verify legitimacy but also to assess quality of service and potentially select the best agent among several verified options. ACK-ID provides the foundational layer for such future developments.