Agent Interaction Protocol (AIP)

• Agent Interaction Protocol (AIP) is a standardized framework that facilitates robust and interoperable communication among autonomous agents using a layered architecture.
• It organizes communication into distinct layers for identity, meta-negotiation, messaging, and security, supporting protocols like JSON-RPC and SSE.
• AIP enables phased adoption for diverse deployments, from tool invocation (MCP) to decentralized marketplaces (ANP), ensuring secure, context-rich interactions.

Agent Interaction Protocol (AIP) is a standardized umbrella framework designed to enable robust, secure, and interoperable communication among autonomous agents—particularly those powered by LLMs and deployed across diverse platforms and organizational boundaries (Ehtesham et al., 4 May 2025). Its primary aim is to solve the scaling, security, and generalizability challenges inherent in ad-hoc agent integration by providing a versatile set of protocols for context ingestion, tool invocation, multimodal messaging, peer-to-peer delegation, decentralized identity, and dynamic networked agent discovery. AIP organizes these capabilities into a layered architecture, with specialization for deployment contexts via sub-protocols: Model Context Protocol (MCP), Agent Communication Protocol (ACP), Agent-to-Agent Protocol (A2A), and Agent Network Protocol (ANP).

1. Layered Reference Architecture and Data Models

AIP’s reference architecture consists of four distinct layers, each modular and extensible to accommodate heterogeneous agent paradigms:

• Identity & Discovery Layer: Employs W3C Decentralized Identifiers (DIDs), DID documents, and RESTful service registries (/.well-known endpoints, central registry APIs) to describe, locate, and authenticate agents. Agents publish self-descriptive manifests (Agent Card, Agent Detail, JSON-LD Agent Description) encoding unique identity, capabilities, and supported interaction protocols.
• Protocol Meta-Negotiation Layer: Facilitates runtime negotiation of interaction modes, protocol versions, and capability handshakes using declarative data exchanges. Supported interaction patterns include JSON-RPC, RESTful HTTP tasks, Server-Sent Events (SSE), and Push mechanisms.
• Interaction & Messaging Layer: Implements primitive communication patterns—RPC, MIME multipart messaging, SSE streaming, pub/sub events—via a generalized message envelope schema:

  { "id": <string>, "type": <string>, "from": <AgentID>, "to": <AgentID>, "cap_token"?: <string>, "meta": {...} // Body is either JSON-RPC params, multipart sections, or JSON-LD graphs }

  Data typing employs explicit JSON-schema, MIME content-types, and semantic @context bindings for interoperability across domains.
• Security & Authorization Layer: Provides transport security (TLS/mTLS), cryptographic authentication (DID-based signature verification, JWTs), capability-based access control (OAuth2.1/PKCE, scoped tokens), and guarantee of message integrity (JWS signatures), along with audit and governance mechanisms leveraging signed manifests and phase-specific logging.

2. Fundamental Communication Patterns and Modalities

AIP unites multiple paradigms and interaction strategies:

• Client–Server: MCP and ACP implement structured request–response interfaces for tool invocation and multimodal workflow orchestration. Sessions can maintain stateful context for multi-turn agent–tool sequences.
• Peer-to-Peer: A2A enables direct agent-to-agent task delegation, leveraging capability negotiation through Agent Cards and facilitating artifact exchange and progress tracking over JSON-RPC, SSE, or Push channels.
• Publish–Subscribe: ACP and ANP support large-scale event dissemination (e.g., task progress, artifact updates) using SSE and future extensions to brokered pub/sub systems. Asynchronous interaction is enabled through subscriptions, callbacks, and webhooks.
• Synchronous/Asynchronous Operation: JSON-RPC provides immediate replies for synchronous sequences; SSE streams and push notifications accommodate asynchronous flow and multi-phase tasks.

3. Discovery, Session Management, and Capability Negotiation

Discovery and session management are realized through a combination of RESTful endpoints and registry mechanisms:

Protocol	Discovery Mechanism	Registry/Manifest Type	Session Context
MCP	Static URL, direct registration	JSON-RPC server schema	Session ID in initialization
ACP	Central registry or /.well-known	Agent Detail manifest, MIME types	run_id/session in protocol header
A2A	/.well-known/agent.json	Agent Card with skill set, OAuth2 tokens	Peer handshake, context propagation
ANP	DID resolution, /.well-known/descriptions	JSON-LD agent description, DID Document	Negotiation ID, cross-session signatures

Agents can discover peers via static URLs (MCP), organization registries (ACP, A2A), or decentralized DNS/DID-based methods (ANP). Session context, including session IDs and run identifiers, is propagated across requests to maintain workflow state and enable correlation in multi-turn interactions.

4. Security Models, Authentication, and Governance

AIP leverages multifaceted security strategies:

• DID-based Authentication: Control of DID keys is proven through challenge–response signed JWTs. Key material and public keys are resolved from DID Documents—DID methods include did:key, did:web, did:wba.
• Capability Tokens: JWT or MAC tokens are scoped to specific capabilities—tool, skill, message channel—enabling fine-grained authorization.
• Mutual TLS and Message Integrity: TLS/mTLS is mandated for transport; JWS signatures are applied to individual message parts for end-to-end integrity guarantees.
• Governance and Attestation: Manifests (Agent Cards, Details) are signed and versioned; every lifecycle phase features logging and audit trails for regulatory and compliance purposes.

5. Comparative Features of AIP Sub-protocols

AIP harmonizes four specialized sub-protocols, each optimized for different deployment contexts. Their characteristics are summarized below:

Aspect	MCP	ACP	A2A	ANP
Interaction Mode	JSON-RPC client-server	RESTful multipart messaging (HTTP)	Peer-to-peer JSON-RPC + SSE/Push	Decentralized JSON-LD/RPC
Transport	HTTP, stdio, SSE	HTTP multi-part, SSE streams	HTTP JSON-RPC, SSE, Push	HTTPS, SSE, long-polling
Discovery	Registration/Static URL	Registry/.well-known	Agent Card over /.well-known	DID resolution + Agent Descriptions
Security	mTLS, tokens	Bearer tokens, JWS, mTLS	TLS, JWS, OAuth2, card signatures	DID-Doc signatures, JWS, HTTPS
Extensibility	Tools, prompts	MIME types, multi-part artifacts	Card skills, session plugins	JSON-LD vocab, meta-protocols
Deployment	Tool–LLM integration	Local multi-agent workflows	Enterprise collaboration	Open marketplaces

Trade-offs include protocol complexity versus generalizability, required infrastructure for decentralized resolution, and authentication model maturity. Each sub-protocol may be adopted individually or gradually within multi-agent ecosystems according to application needs.

6. Phased Adoption and Integration Roadmap

AIP supports progressive adoption:

1. MCP for Tool Invocation: Embedding external tools into LLM prompts via JSON-RPC, schema validation, and mTLS-secured servers. Recommended as a starting point for single-agent applications requiring secure tool access.
2. ACP for Multimodal Messaging: Extension to rich, session-aware communication, MIME-typed multipart messages, session registries, and event streaming for expanded multi-agent orchestration.
3. A2A for Enterprise Collaboration: Introduction of peer discovery and cross-team delegation using Agent Cards and capability tokens; supports complex enterprise workflows with asynchronous progress updates.
4. ANP for Decentralized Marketplaces: Full-scale decentralized agent networks using DIDs, JSON-LD agent descriptions, trustless discovery, meta-protocol negotiation, and end-to-end signed interactions.

AIP thus forms a layered progression from isolated tool calls to internet-scale decentralized agent ecosystems.

7. Canonical Workflows and Implementation Examples

Illustrative workflows highlight the expressiveness and coverage of AIP:

• MCP Tool Call: A client POSTs a JSON-RPC request to enumerate tools, then invokes a translator with input, receiving the result in a structured “result” field.
• ACP Multimodal Task: A client queries the registry for an agent detail, POSTs a multipart task, receives partial results via SSE streaming from the routed agent, and on session completion, aggregates artifacts.
• A2A Peer Task Delegation: A client agent fetches a remote Agent Card, sends a task invocation over JSON-RPC, monitors progress via SSE, and receives completed artifacts.
• ANP Decentralized Interaction: Agents resolve peer DIDs, fetch agent descriptions, negotiate supported interface and protocols, and exchange signed JSON-RPC requests and replies.

These interactions demonstrate clean separation of concerns, robust session and state handling, and integrated discovery/authentication mechanics.

8. Impact and Significance for Ecosystem Design

AIP’s unification of context, session, capability, and identity transforms agent system engineering by abstracting implementation from underlying transport, registry, and security details. Its adoption is foundational for scalable, secure, and evolvable multi-agent infrastructures—acting as the substrate for automation in domains spanning LLM-augmented tooling, enterprise task automation, decentralized digital marketplaces, and open agent networks. The protocol's modular, layered design allows researchers and practitioners to evolve agent deployments fluidly, encapsulate capabilities and roles, and ensure interoperability across platforms, organizational boundaries, and the public internet (Ehtesham et al., 4 May 2025).

The survey positionally establishes AIP as the comprehensive reference protocol for emerging LLM agent ecosystems, integrating previously fragmented protocols into a rigorous, extensible architecture.