Tyche Institute URI Registry · Service type identifier
AgentRuntimeEndorser
| Registered | 2026-07-16 (version 1.0, current) |
|---|---|
| Registered by | Tyche Institute (Estonian non-profit research association, registry code 80673227), Tallinn, Estonia — scheme operator of the EATF Research Interoperability Scheme |
| Basis | ETSI TS 119 612 V2.4.1, clause 5.5.1.0, value (d): “any other URI value registered and described by the scheme operator or another entity”; Annex D.3 (Scheme registered URIs) |
| Related TSL field | Service type identifier (clause 5.5.1) |
| Machine-readable | meta.json |
Description
A service endorsing autonomous agent runtimes. An AgentRuntimeEndorser
- appraises hardware-rooted runtime attestation evidence for an autonomous software agent — for example, TPM quotes appraised into an EAT Attestation Result under the IETF Remote ATtestation procedureS (RATS) architecture (RFC 9334);
- verifies the mandate under which the agent is authorised to act, including the identity of the mandating party and the scope of the delegated authority; and
- issues machine-verifiable endorsement attestations — for example, MachineMandate credentials presented over OpenID for Verifiable Presentations — that cryptographically bind the attested runtime to that mandate.
Trusted-list semantics
When a trusted list conforming to ETSI TS 119 612 lists a service under this service type identifier, a relying-party verifier shall accept an endorsement attestation only if all of the following hold:
- the attestation validates against a service digital identity listed for a service of this type;
- the listed service’s current status is
http://uri.etsi.org/TrstSvc/Svcstatus/grantedat the relevant time (status values and service history per ETSI TS 119 612, clauses 5.5.4 and 5.5.10); - the scheme under which the trusted list is issued recognises this service type (see the applicable scheme rules).
A cryptographically valid signature from an issuer not listed in
this role is not sufficient: authority traces to the root of the trusted list, not
to possession of a key. Listing under a different service type (for example,
…/Svctype/CA/QC) does not authorise agent-runtime endorsement.
Rationale
No service type defined in ETSI TS 119 612 V2.4.1 (clauses 5.5.1.1–5.5.1.3) identifies a service that endorses an autonomous agent runtime on the basis of runtime attestation evidence. This identifier closes that gap for research and interoperability purposes. A reference implementation — a role-aware trusted-list validator and an end-to-end pipeline welding a live hardware-attestation verdict into a wallet-issued MachineMandate — is published as the EUDI verifier bench (Zenodo, 2026).
History
Earlier proof-of-concept artifacts (including the EUDI verifier
bench release of 2026-07-01) used the string
http://uri.etsi.org/TrstSvc/Svctype/AgentRuntimeEndorser/Q as an
explicitly illustrative placeholder. That string lies under the ETSI-registered
radix and was never a registered ETSI type; it should not be used. The URI defined
on this page is the canonical identifier as of 2026-07-16.
Scope and legal effect
This service type is published for research and interoperability experimentation within the EATF Research Interoperability Scheme. It is not a trust service type defined in Regulation (EU) No 910/2014, it does not appear in any EU Member State trusted list, and a listing under it confers no legal effect and no “qualified” status. Tyche Institute publishes research specifications and reference implementations; it does not provide trust services and does not operate as a trust service provider.