Agent Naming Service (ANS)

Updated 5 September 2025

Agent Naming Service (ANS) is a dynamic directory infrastructure that provides secure, scalable discovery, identification, and capability-based filtering for autonomous agents.
It employs hierarchical naming schemes, cryptographic validations, and protocol-agnostic registries to support context-aware communication and seamless interoperability.
ANS facilitates real-world applications such as adaptive IoT, secure AI marketplaces, and autonomous networks by enabling efficient lifecycle management and dynamic endpoint resolution.

An Agent Naming Service (ANS) is a foundational directory and resolution infrastructure that enables secure, scalable discovery, identification, capability-based filtering, protocol negotiation, and dynamic communication binding for autonomous agents—including those in AI, networking, multi-agent systems (MAS), and Information-Centric Networking. ANS architectures have evolved beyond static DNS-style records, offering lifecycle management, cryptographically verifiable identities, dynamic capability assertion, cross-protocol interoperability, privacy-preserving discovery, and negotiation mechanisms for adaptive network environments. The following sections synthesize the principles, mechanisms, and engineering practices from leading research including architectures such as AgentDNS, NANDA index, ACNBP, and Internames (Melazzi et al., 2013, Huang et al., 15 May 2025, Raskar et al., 18 Jul 2025, Huang et al., 16 Jun 2025, Zinky et al., 5 Aug 2025).

1. Naming Schemes and Resolution Architectures

ANS employs structure-rich, hierarchical naming schemes designed for protocol-agnostic registries and fine-grained capability resolution. Examples include the DNS-inspired ANSName convention

ANSName = Protocol "://" AgentID "." agentCapability "." Provider ".v" Version "." Extension

and the AgentDNS style:

agentdns://org/category/name

NANDA index (Raskar et al., 18 Jul 2025) records employ lean AgentAddr records (<120 bytes), each encoding an agent identifier, URN, metadata references, TTL, and cryptographic proofs. Internames (Melazzi et al., 2013) separates global, persistent identifiers (names) from dynamic locators; resolution is modeled as a parameterized process:

Resolution(name, t, L, C, S) → {Service Descriptor(s)}

with $t$ = time, $L$ = location, $C$ = context, $S$ = service type.

Hierarchical resolution and directory delegation, similar to DNS zones and URNs, facilitate scalable agent discovery and registration. Agent registries, acting as authoritative sources, maintain lifecycle metadata (registration, renewal, expiry) and leverage distributed or federated deployment for scaling across agent ecosystems.

2. Discovery, Capability Filtering, and Semantic Search

ANS must enable secure, capability-aware discovery that filters agents not just by static identity, but by published and attested capabilities, constraints, and compliance attributes. Agent entries typically include:

Field	Description	Usage
id	Unique agent identifier	Global name resolution
capabilities	Attested functions	Semantic search, negotiation
security	PKI/credential data	Verification, trust chaining
metadata	Version, provider, context	Selection, filtering

AgentDNS (Cui et al., 28 May 2025) allows agents to query for services using natural language, with retrieval-augmented generation (RAG) and keyword match scoring. Semantic similarity functions select the highest-ranked providers:

$s^* = \arg\max_i \mathit{sim}(Q, M_i)$

where $Q$ is a query and $M_i$ is metadata entry.

ACNBP (Huang et al., 16 Jun 2025) formalizes discovery as structured queries, with the Agent Name Service returning candidates pre-screened for constraints and requirements using hierarchical and semantic indexing.

3. Security, Identity, and Trust Infrastructure

Robust security in ANS is achieved through integrated public key infrastructure (PKI), digital signatures, challenge-response validation, and frequent key rotation/revocation. Every agent registers with a Certificate Authority (CA) (X.509 or Verifiable Credential standards (Raskar et al., 18 Jul 2025)), and all registration, discovery, and resolution responses are digitally signed for anti-tampering and impersonation mitigation.

Core algorithms include:

VerifyCertChain(Cert, TrustedCA): Checks certificate validity and chain of trust.
VerifySignature(Data, Signature, PublicKey): Ensures data integrity via hash comparison.

ANS registry responses may include mechanism for Zero-Knowledge Proof (ZKP)–based capability confirmation, permitting privacy-preserving attribute disclosure (Huang et al., 25 May 2025).

Security design rigorously addresses threats such as agent impersonation, registry poisoning, man-in-the-middle (MitM), and denial-of-service (DoS). Defenses include strict registry access controls, distributed registry hosting, caching, rate limiting, and private information retrieval for anonymized resolution queries.

4. Dynamic Resolution, Negotiation, and Context-Awareness

Next-generation ANS systems support not just static endpoint mapping, but dynamic, context-sensitive resolution—adapting endpoints and routes in milliseconds to the system environment. AdaptiveResolver (Zinky et al., 5 Aug 2025), building on NANDA (Raskar et al., 18 Jul 2025), augments hierarchical resolution with microservices that optimize channel selection according to geographic location, system load, agent capabilities, QoS requirements, and security context:

$\min F(\text{placement}, \text{context})$ subject to constraints: QoS, security, usage.

This process includes Agent Fact cards (metadata bundles not exposing deployment details), recursive delegation to the authoritative name server, and real-time negotiation invitations when more specific assurances are required. The negotiation produces a formal communication specification (“Comms Spec”) and dynamic endpoint binding, possibly using distributed optimization routines.

Protocol extension mechanisms (ACNBP (Huang et al., 16 Jun 2025)) support backward-compatible negotiation of features and rapid version or extension adaption ( $\mathrm{PE} = \langle \text{version}, \text{extensions}, \text{compatibility}\rangle$ ).

5. Interoperability, Federation, and Migration

ANS frameworks are engineered for interoperability between heterogeneous agents, protocols, vendors, and organizational domains. Modular Protocol Adapter Layers (as described in (Huang et al., 15 May 2025) and (Cui et al., 28 May 2025)) translate registry models into communication protocol forms (e.g., A2A, MCP, ACP), providing extensible agent interaction. Quilt-like index federation (Raskar et al., 18 Jul 2025) enables discoverability and authentication of both native and third-party agents.

Gradual migration is a core architectural principle—systems such as Internames (Melazzi et al., 2013) and AgentDNS (Cui et al., 28 May 2025) permit the integration of legacy DNS-style infrastructure, bridging between IP, ICN, and future agent-centric realms. Registry records accommodate legacy APIs and proxying, supporting incremental transition without forced cutover.

Decentralized and CRDT (Conflict-Free Replicated Data Type)-based update protocols (Raskar et al., 18 Jul 2025) ensure consistency, horizontal scalability, and conflict-free replication for global agent indexing at web scale.

6. Real-World Applications and Systemic Impact

ANS is pivotal for advanced applications including autonomous networks (Sifakis et al., 17 Mar 2025), real-time multi-agent negotiation (ACNBP (Huang et al., 16 Jun 2025)), secure AI marketplaces (Huang et al., 15 May 2025), unified LLM agent planning (Cui et al., 28 May 2025), and adaptive IoT systems. Use cases range from private line fault recovery—leveraging unique agent identifiers for hierarchical coordination—to cross-vendor research workflow orchestration and secure legal or medical agent interactions dictated by fine-grained capability and credential filtering.

Impact dimensions include:

Interoperability: Universal, protocol-agnostic discovery spanning vendor and protocol boundaries.
Security: Immediate revocation/key rotation, non-repudiable binding, and privacy-preserving least-disclosure queries.
Scalability: Support for billions or trillions of agents, sub-second discovery, and record update mechanisms optimized to minimize propagation cost.
Autonomy and Robustness: Real-time, context-aware negotiation enabling agents to optimize for resource usage, latency, security, and service level commitments.

7. Future Directions, Challenges, and Open Problems

Emergent directions for ANS research focus on decentralized/federated service architectures, privacy-preserving search (homomorphic encryption, differential privacy, secure multiparty computation), agent planning datasets and RL integration for optimal service selection, extensible negotiation and group communication modes, and deep integration with global session/policy management for fine-grained revocation and access control (Huang et al., 25 May 2025).

Challenges persist in scaling resolution fidelity, ensuring robust session and credential management across heterogeneous and ephemeral agent populations, securing adaptive negotiation protocols, and aligning standards for registry schema evolution and governance. Transition complexity—especially around migrating from static DNS/IP addressing to dynamic ANS-based interaction—demands careful planning and compatibility tooling. The issue of ensuring rigorous, cross-domain security characterized by immediate key and credential rotation remains an active area for protocol and infrastructure development.

Agent Naming Service architectures represent a critical evolution in identity, discovery, and capability assertion for autonomous systems, bridging legacy infrastructure with the demands of intelligent, context-sensitive multi-agent environments. These frameworks provide a robust, extensible substrate for scalable, secure, and interoperable agent collaboration and negotiation, with integration avenues into emerging areas such as adaptive communication, decentralized identity management, and dynamic policy enforcement at internet scale.