DUADPDUADP
Protocol:StandardsTrust ModelFederationCompareNIST Risk
NIST AI RMFSP 800-53 Rev 5Cedar Enforced

AI Risk Management
Framework Alignment

DUADP implements the NIST AI Risk Management Framework through a three-layer architecture: declarative agent contracts (OSSA), federated discovery (DUADP), and formally verified authorization (Cedar). Every control maps to running code, not aspirational documentation.

13
Cedar Policy Sets
Formally verified
18
Authorization Statements
WASM-evaluated
<100ms
Policy Eval
Per decision
12
NIST Controls
Directly mapped
Live Governance

Pillar 3: Trusted Agency Command Center

Real-time cryptographic attestation, Cedar policy enforcement, and NIST AI RMF compliance telemetry streaming directly from the DUADP federation.

NIST Pillar 3: Trusted Agency Command Center

U.S. GOVERNMENT • OSSA PLATFORM GOVERNANCE

LIVE TELEMETRY

Agent Activity Overview

Agent-A
COMPLETED
Agent-B
ACTIVE
VALIDATED

Confidence Score

92%
HIGH TRUST

NIST Compliance

85Tier 4
FULLY ALIGNED

Cedar Policy Guard

ACTIVE
ENFORCED

Real-Time Cryptographic Attestations

Live streaming Log

Threat Vector Monitoring

LOW
GRID SYSTEM STATUS: SECURE

Compliance Metrics

Compliance98%
Metrics84%
Alerts2%
01Architecture

Three Layers of Governance

NIST emphasizes that AI risk management requires layered controls spanning identity, policy, and operational monitoring. DUADP implements this through three complementary layers, each independently verifiable.

OSSAContract Layer
  • Agent manifest
  • Identity (GAID/DID)
  • Capabilities
  • Trust boundaries
  • SBOM
  • Compliance metadata
DUADPDiscovery Layer
  • DNS + WebFinger
  • Federated registry
  • Gossip protocol
  • Revocation streams
  • DID verification
  • Event bus
CedarPolicy Layer
  • Pre-execution auth
  • Formally verified
  • 13 policy sets
  • 181 statements
  • <100ms WASM eval
  • NIST SP 800-53
How it works

An agent publishes its OSSA manifest declaring identity, capabilities, and trust boundaries. DUADP nodes validate and propagate the manifest across the federated mesh via DNS and gossip protocol. Before any action executes, Cedar policies evaluate authorization in <100ms using WASM-compiled rules. All three layers produce structured audit events aligned with NIST SP 800-53 control families.

02Control Mapping

NIST AI RMF Function Mapping

The AI Risk Management Framework defines four core functions: Govern, Map, Measure, and Manage. Each maps to specific SP 800-53 Rev 5 controls implemented in DUADP infrastructure.

GOVERN

Establish policies, roles, and accountability structures for AI system governance.
AC-3Access Enforcement

Cedar policies enforce pre-execution authorization. 13 policy sets with 181 authorization statements evaluated in <100ms via WASM.

AC-6Least Privilege

Four-tier trust model (read → write_elevated). Each tier maps to Cedar constraints bounding agent capabilities.

SC-7Boundary Protection

DUADP nodes act as federation gateways. Only agents with valid OSSA manifests propagate across trust boundaries.

03Risk Assessment

Threat-to-Mitigation Matrix

Six critical threat vectors identified in multi-agent systems, each with concrete mitigation through the OSSA + DUADP + Cedar stack.

ID
Identity Spoofing
GAID + DID resolution + x-signature verification
IA-3IA-5
OSSA + DUADP
PE
Privilege Escalation
Cedar pre-auth + tier bounds + scope-limited delegation
AC-3AC-6
Cedar
RU
Unbounded Resource Use
Token budgets + rate limits + session constraints
RA-5SC-7
OSSA
TA
Tool Abuse
Declarative disclosure + pre-auth + MCP authentication
AC-3SA-11
Cedar + MCP
RL
Revocation Lag
Real-time gossip propagation + registry filtering
SI-3IR-4
DUADP
SC
Supply Chain Tampering
SBOM attestation + content-hash + manifest signing
SI-7SA-11
OSSA + DUADP
04Authorization

Cedar Policy Authorization

Every agent action is authorized through Cedar — a formally verified policy language open-sourced by AWS. Policies are discoverable, composable, and evaluate in under 100ms via WASM.

agent-tool-access.cedar
permit (
  principal in AgentGroup::"tier_2_write",
  action == Action::"invoke_tool",
  resource in ToolSet::"mcp_filesystem"
) when {
  principal.trust_tier >= 2 &&
  resource.risk_level <= "medium" &&
  context.token_budget_remaining > 0
};

Formally Verified

Cedar policies are proven correct by automated reasoning. No ambiguity, no edge cases, no runtime surprises.

Four-Tier Trust Model

read, write, write_elevated, admin — each tier maps to Cedar constraints bounding what an agent can discover, invoke, and delegate.

WASM-Native Evaluation

135 policies with 155+ rules compiled to WebAssembly. Every authorization decision completes in under 100ms, even at the edge.

Federated Policy Discovery

Cedar policies are themselves discoverable via DUADP. Organizations publish, compose, and share authorization rules across trust boundaries.

05Context

The Discovery Imperative

Why Discovery Matters for AI Safety

DUADP maps to NIST AI Risk Management Framework with 13 Cedar policy sets, 18 authorization statements, and a four-tier trust model. Submitted to NIST docket NIST-2025-0035 as part of the OSSA formal comment.

Without standardized discovery, AI agents operate as opaque entities — their capabilities, trust boundaries, and compliance posture remain invisible to the systems they interact with.

DUADP solves this by establishing the networking and routing layer for verifiable agent discovery. While OSSA defines what an agent declares about itself, DUADP defines how that declaration is discovered, verified, and propagated — without relying on a centralized clearinghouse.

OSSA Layer

Declarative contract: identity (GAID/DID), capabilities, trust boundaries, SBOM, compliance metadata. The agent's self-attestation.

DUADP Layer

Federated mesh: DNS bootstrap, WebFinger resolution, gossip propagation, revocation streams. How agents find and verify each other.

06Research

Supporting Research

Technical whitepapers and analyses underpinning the NIST alignment, published on openstandardagents.org/research.

DUADPDNSNIST

DUADP and the Race to Become DNS for AI Agents

Competitive analysis of federated discovery architectures and why DNS-based bootstrap wins.

DUADPFederation

Universal Agent Discovery Protocol

Technical deep-dive into DNS discovery, well-known endpoints, and federated mesh queries.

IdentitySecurity

Sovereign Agent Identity: Cryptographic Trust

Cryptographically grounded identity framework for non-human autonomous actors.

FederationRegistry

Federated Agent Registries at Scale

OCI distribution, mesh topology, and global agent discovery infrastructure.

GovernanceCompliance

Agent Governance & Bounded Autonomy

Regulatory compliance, policy enforcement, and auditable decision-making.

SecurityZero-Trust

Zero-Trust Architecture for Agent Systems

Threat models, supply chain integrity, and zero-trust patterns for autonomous AI.

DNSGAIDIdentity

Agent Identity Through DNS

DNS-based agent registration, the agent:// URI scheme, and five-tier trust model.

MCPA2AProtocols

Agent Communication Protocols: MCP & A2A

Survey of agent communication protocols and how DUADP bridges the discovery gap.

SecuritySupply Chain

Agent Skill Supply Chain Security

Securing the agent skill ecosystem from dependency attacks and manifest tampering.

View all research papers on openstandardagents.org

Related Blog Posts

Blog

NIST CAISI RFI: Our Submission

Walkthrough of the OSSA + DUADP joint comment to NIST docket NIST-2025-0035.

Blog

Why NIST CAISI Matters

Why the NIST Consortium for AI Safety and Infrastructure shapes the future of agent governance.

Blog

DUADP: DNS for AI Agents

Why federated discovery via DNS is the missing infrastructure layer for agentic AI.

Explore the Framework

The complete NIST AI RMF alignment spanning the OSSA specification, DUADP discovery protocol, and Cedar authorization engine.

OSSA NIST OverviewFull RFI ResponseAll Research PapersDUADP Documentation