Skip to content

Commit 90c13e4

Browse files
arun-superdomarun-superdom
committed
chore(docs): APoP's Unique Position
1 parent d08eb41 commit 90c13e4

1 file changed

Lines changed: 58 additions & 10 deletions

File tree

README.md

Lines changed: 58 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -104,23 +104,71 @@ See [examples/](examples/) for 9 industry-specific policy templates.
104104

105105
---
106106

107-
## Ecosystem Positioning
107+
## APoP's Unique Position
108108

109-
APoP is the **authorization layer** that complements the broader agentic protocol ecosystem:
109+
APoP is the **missing consent & authorization layer** in the agentic web stack. Every protocol above assumes the agent has the right to act. APoP is what makes that assumption **explicit, verifiable, and enforceable**.
110110

111-
| Protocol | What It Does | How APoP Relates |
112-
| -------------------------------------------------------------------- | --------------------------------------------------------- | ----------------------------------------------------------------------------------------------- |
113-
| **[MCP](https://modelcontextprotocol.io/)** (Model Context Protocol) | Defines how agents invoke tools and access context | APoP gates _which_ MCP tools an agent may call. `interop.mcpServerUrl` links to MCP endpoint. |
114-
| **[A2A](https://google.github.io/A2A/)** (Agent-to-Agent Protocol) | Defines how agents communicate with each other | APoP enforces access rules _before_ A2A delegation. `interop.a2aAgentCard` links to Agent Card. |
115-
| **[WebMCP](https://anthropic.com/research/webmcp)** | Exposes browser-side tools via `navigator.modelContext` | APoP determines _if_ a WebMCP tool may execute. `interop.webmcpEnabled` declares support. |
116-
| **[AP2](https://protocols.ai/ap2)** (Agent Protocol v2) | Agent lifecycle and identity using Verifiable Credentials | APoP supports AP2's VC-based verification via `verifiable-credential` method. |
117-
| **[APAAI](https://apaai.org/)** | Accountability and audit logging for agent actions | APoP works alongside APAAI for compliance. `interop.apaaiEndpoint` links to audit endpoint. |
118-
| **[UCP](https://ucp.dev/)** (Universal Commerce Protocol) | Agent-mediated commerce transactions | APoP governs `automated_purchase` actions. `interop.ucpCapabilities` links to UCP profile. |
111+
```
112+
┌─────────────────────────────────────────────────────────────────┐
113+
│ THE AGENTIC WEB STACK │
114+
├─────────────────────────────────────────────────────────────────┤
115+
│ │
116+
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
117+
│ │ WebMCP │ │ MCP │ │ A2A │ │ AP │ │
118+
│ │ (tools) │ │ (tools) │ │ (agents) │ │ (tasks) │ │
119+
│ └────┬─────┘ └────┬─────┘ └────┬─────┘ └────┬─────┘ │
120+
│ │ │ │ │ │
121+
│ └──────────────┴──────┬───────┴──────────────┘ │
122+
│ │ │
123+
│ ┌────────▼────────┐ │
124+
│ │ APoP │ ← Consent & Access │
125+
│ │ (authorization │ Governance Layer │
126+
│ │ & consent) │ │
127+
│ └────────┬────────┘ │
128+
│ │ │
129+
│ ┌─────────────────────┼─────────────────────┐ │
130+
│ │ │ │ │
131+
│ ┌────▼─────┐ ┌────────────▼──────┐ ┌──────────▼───┐ │
132+
│ │ UCP │ │ AP2 │ │ APAAI │ │
133+
│ │(commerce)│ │ (payments) │ │(accountability)│ │
134+
│ └──────────┘ └──────────────────┘ └───────────────┘ │
135+
│ │
136+
│ ┌──────────────────┐ │
137+
│ │ Website / │ │
138+
│ │ robots.txt │ │
139+
│ └──────────────────┘ │
140+
└─────────────────────────────────────────────────────────────────┘
141+
```
119142

120143
> **MCP/WebMCP solve _how_ agents invoke tools. A2A solves _how_ agents talk to each other. APoP solves _whether they're allowed to_.**
121144
122145
---
123146

147+
## Current Protocol Landscape
148+
149+
| Protocol | Purpose | Gap APoP Fills |
150+
| ----------------------------- | ----------------------------------------------------------- | -------------------------------------------------------------------------------------- |
151+
| **WebMCP** (Google/Microsoft) | Browser-native tool contracts for agent-website interaction | No consent management; assumes permission already granted |
152+
| **MCP** (Anthropic) | Server-side tool/data integration for LLMs | No website-level policies; focuses on backend services |
153+
| **A2A** (Agent-to-Agent) | Inter-agent communication standard | No resource owner authorization; agents need permission to access underlying resources |
154+
| **AP2** (Agent Payments) | Payment flows for agent transactions | Doesn't address whether agent should access resource before payment |
155+
| **APAAI** (Auditing Protocol) | Post-hoc agent action auditing | Reactive, not preventive; APoP provides proactive control |
156+
| **UCP** (Universal Commerce) | Standardized e-commerce for agents | No access control; APoP gates which agents can use commerce tools |
157+
158+
### Interoperability
159+
160+
APoP links directly to these protocols via the `interop` field in your policy:
161+
162+
| Field | Links To |
163+
| ------------------------- | ------------------------- |
164+
| `interop.mcpServerUrl` | Your MCP server endpoint |
165+
| `interop.a2aAgentCard` | Your A2A Agent Card |
166+
| `interop.webmcpEnabled` | WebMCP tool availability |
167+
| `interop.ucpCapabilities` | Your UCP commerce profile |
168+
| `interop.apaaiEndpoint` | Your APAAI audit endpoint |
169+
170+
---
171+
124172
## Why It Matters
125173

126174
AI agents are already browsing, summarizing, and interacting with the web — but websites have no standardized way to express **consent or control**. APoP introduces a simple, open mechanism that brings **balance** between innovation and ownership.

0 commit comments

Comments
 (0)