Protocol Registry

Understand how MCP-I registries manage service discovery, credential linkage, and delegation chain resolution

Protocol Registry


What Is the Protocol Registry?

In MCP-I, the protocol registry acts as a central resolver and index for:

  • Issued credentials (VCs, DelegationCredentials)
  • Delegation chains
  • Trust relationships
  • Service discovery

It enables verifiers and services to validate where a credential was issued, who is trusted, and which chains exist between entities.


Registry Types

RegistryPurpose
Delegation RegistryStores, indexes, and resolves chained delegation relationships
Credential RegistryAssociates delegation with verifiable credentials
Service RegistryTracks participating MCP-I services and their capabilities
Trust RegistryMaintains allow/block/score-based trust data for DIDs or domains

Delegation Chain Resolution

Registries support walking a delegation chain, resolving each link by:

  • Subject → Issuer relationships
  • Credential status (revoked, expired)
  • Scope and timestamp
{
  "issuer": "did:web:user.vouched.dev",
  "subject": "did:web:agent.vouched.dev",
  "credentialId": "urn:vc:abc123",
  "scope": ["read:email"],
  "created": "2025-01-01T00:00:00Z"
}

Credential ↔ Delegation Linking

Every DelegationCredential may be:

  • Linked forward to the delegation registry
  • Linked backward from a credential to its original issuer or chain

This ensures that even stateless agents can be verified via registry resolution.


Example SDK APIs

await kyaOsClient.registry.delegation.resolveChain({
  subjectDid: "did:web:agent.vouched.dev",
});

await kyaOsClient.registry.trust.lookup("did:web:user.vouched.dev");

Privacy and Query Filters

Registries may be scoped or filtered:

  • By scope or action
  • By issuer/subject DID
  • By revocation status
  • By delegation depth or TTL

Access controls may apply (e.g. public vs. private graph query access).


Deployment Patterns

PatternDescription
CentralizedSingle internal registry used by all components
FederatedEach service maintains a syncable registry
PublicShared registry, e.g. knowthat.ai
EmbeddedRegistry lives inside Credential Service or Core orchestrator

See Also