Agent assessment and classification

• Extract the token issuer from the iss claim
• If present, extract the token originator from the ori claim 
• Extract the agent platform from the apd.name claim
• If available, extract the apd.verifier claim. 
• If the apd.verifier is “Experian”, validate the value is identical to the ori claim
• If the apd.verifier is “Experian”, extract the apd.verification_status claim. The “VERIFIED” value may be used as part of a fraud risk score logic to infer some trust level for the agent
• Extract the Agent description from aid.name or btg claims

Some bot- and fraud-detection systems dynamically name agents or bots. The above claims can be used and combined to assign name, for example: 

iss: https://app.skyfire.xyz

ori: https://www.experian.com

apd.name: Acme Shopping Agent

aid.name: Deal Finder

Agent name: Skyfire-Experian-Acme Shopping Agent-Deal Finder

iss: https://app.skyfire.xyz

apd.name: Travel Agency

aid.name: flight Finder

Agent name: Skyfire-Travel Agency-Flight Finder

• Extract the values from the aid.source_ips claim and compare with the IP from which the agent’s request originates