Integration Guide — Service Providers

This guide explains how service providers integrate with the #trstd <protocol> to demonstrate trustworthiness to AI agents visiting their website or API.

This document is non-normative. For requirements, see the specification documents in architecture/.

Step 1: Register with the Trust Authority

Contact the trust authority to begin the verification process. Provide:

• Your domain name
• Legal entity documentation (registration certificate, incorporation proof)
• Compliance certifications (if applicable)
• Contact information for verification

The authority verifies your claims and issues trust signals. You receive one or more entityId values for your verified scopes.

Step 2: Add Discovery

Add a link tag in your HTML <head> on every page:

<link
  rel="trstd-protocol"
  href="https://trust-authority.example.org/v1/entities/your-entity-id/trust-signals"
  type="application/json"
  title="Trust Verification"
>

The entityId parameter is pre-computed for the specific page — the trust authority provides these values during onboarding.

Multiple Entities

If your site has distinct sections verified separately (e.g., regional storefronts), the trust authority issues separate entityId values. Each page includes the link tag with its matching entity:

<!-- On pages under /de -->
<link
  rel="trstd-protocol"
  href="https://trust-authority.example.org/v1/entities/d6f2fdf4-f829-4ce6-a1cc-e2bd957709db/trust-signals"
  type="application/json"
  title="Trust Verification"
>

<!-- On all other pages -->
<link
  rel="trstd-protocol"
  href="https://trust-authority.example.org/v1/entities/09b765de-08ed-4b95-bd38-35d6d9ed9c19/trust-signals"
  type="application/json"
  title="Trust Verification"
>

Step 3: Maintain Your Signals

Trust signals are not static. Keep your verification current:

• Notify the authority when your legal entity details change
• Renew compliance certifications before they expire
• Respond to authority re-verification requests

The authority periodically re-verifies signals. Each signal's verifiedAt date reflects when the authority last checked it.

Verification Checklist

• <link rel="trstd-protocol"> tag is present in the <head> of every page
• The href URL uses HTTPS and includes an entityId query parameter
• The type attribute is application/json
• Each page uses the correct entityId for its verified scope
• The verify endpoint URL matches what the trust authority provided

References

• Discovery specification — Normative requirements for the link tag
• Security specification — Signature verification and response integrity
• ADR-001: Discovery Mechanism
• Roadmap — Planned future work (manifest, MCP, WebMCP)