Agent Actions and Permissions Protocol (AAPP)
Work in progress
V 0.1.01
Protocol Specification
Introduction
The Agent Actions and Permissions Protocol (AAPP) is designed to provide machine agents with rules to follow when interacting with web pages and web applications.
By including AAPP data on a web page, developers can instruct machine agents about the actions they are permitted to perform, as well as actions that are not allowed.
AAPP is inspired by Structured Data Markup, which provides information about web pages and web applications to search engines.
This protocol encodes information specifically for machine agents, and is not intended for humans to read or interpret.
Encoding AAPP Data
AAPP data should be encoded using a JSON-LD format, following the example of structured data markup. This allows for easy integration of the data with existing web technologies.
RDF and Microdata are also supported, but are not recommended.
Example
<script type="application/AAPP+json">
{
"@context": "https://schema.org/",
"@type": "WebPage",
"name": "Example Web Page",
"url": "https://example.com",
"permissions": [
{
"action": "read",
"allowedAgents": ["*"]
},
{
"action": "write",
"allowedAgents": ["SpecificAgent"]
},
{
"action": "delete",
"allowedAgents": ["None"]
}
]
}
</script>
Protocol Elements
The AAPP protocol includes the following key elements:
@context | The URL defining the AAPP vocabulary, such as "https://schema.org/". |
@type | The type of object being described, such as "WebPage" or "WebApplication". |
name | A descriptive name for the web page or web application. |
url | The URL of the web page or web application. |
permissions | An array of objects, each describing a specific action and the agents allowed to perform that action. |
Actions
Actions are the operations that machine agents can perform on the web page or web application.
Common actions include:
read | Accessing and processing the content of the web page or web application. |
write | Modifying the content or state of the web page or web application. |
delete | Removing content or data from the web page or web application. |
Defining Allowed Agents
The allowedAgents property specifies which machine agents are permitted to perform a given action.
This property can be set to:
"*" | All machine agents are allowed to perform the action. |
"SpecificAgent" | Only the specified agent(s) are allowed to perform the action. This can be a single agent identifier or an array of agent identifiers. |
"None" | No machine agents are allowed to perform the action. |
Example Use Case
Consider a web application that manages a user's personal finance data.
This application contains critical and sensitive information that should only be accessed by specific, trusted machine agents.
Using the AAPP protocol, the web application can specify which agents are allowed to read, write, or delete data within the application.
By providing this context information, the AAPP protocol helps to protect the user's data from unauthorized access and manipulation by untrusted machine agents.
<script type="application/AAPP+json">
{
"@context": "https://schema.org/",
"@type": "WebApplication",
"name": "Personal Finance Manager",
"url": "https://example.com/finance",
"permissions": [
{
"action": "read",
"allowedAgents": ["TrustedAgent1", "TrustedAgent2"]
},
{
"action": "write",
"allowedAgents": ["TrustedAgent1"]
},
{
"action": "delete",
"allowedAgents": ["None"]
}
]
}
</script>
Extensibility
The AAPP protocol is designed to be extensible, allowing developers to define custom actions and permissions as needed for their specific use cases. Custom actions can be included in the permissions array, along with the corresponding allowedAgents property.
Example of custom action:
<script type="application/AAPP+json">
{
"@context": "https://schema.org/",
"@type": "WebPage",
"name": "Custom Web Page",
"url": "https://example.com/custom",
"permissions": [
{
"action": "customAction",
"allowedAgents": ["SpecificAgent"]
}
]
}
</script>
Implementation Considerations
-
Developers should ensure that their web pages and web applications include the appropriate AAPP data to accurately convey the desired permissions and restrictions for machine agents.
-
Machine agents should be programmed to respect the AAPP data provided by web pages and web applications, following the specified rules and permissions.
-
Developers can use existing tools and libraries for working with JSON-LD data to simplify the process of implementing the AAPP protocol.
Conclusion
The Agent Actions and Permissions Protocol (AAPP) provides a standardized method for defining and communicating the rules and permissions that machine agents must follow when interacting with web pages and web applications.
By including AAPP data on their websites, developers can better control and protect their content and data from unauthorized access and manipulation.
This protocol is designed to be extensible and easily integrated with existing web technologies, making it a valuable tool for enhancing the security and usability of the modern web.
