Agent Assessment and Classification

• Extract the token issuer from the iss claim
• If present, extract the token originator from the ori claim 
• Extract the agent platform from the apd.name claim
• If present, extract the apd.verifier claim
• • If the apd.verifier is “Experian”:
  • • Validate the value is identical to the ori claim
    • Extract the apd.verified claim
    • • This value may be used as part of a fraud risk score logic to infer some trust level for the agent

Agent Name Extraction

• Extract the Agent description from:
• • aid.name, or
  • btg

Some bot- and fraud-detection systems dynamically name agents or bots. The above claims can be used and combined to assign name.

Example 1

iss: https://app.skyfire.xyz

ori: https://experian.com

apd.name: Acme Shopping Agent

aid.name: Deal Finder

Agent name: Skyfire-Experian-Acme Shopping Agent-Deal Finder

Example 2

iss: https://app.skyfire.xyz

apd.name: Travel Agency

aid.name: flight Finder

Agent name: Skyfire-Travel Agency-Flight Finder

Source IP Validation

• Extract the values from the aid.source_ips claim and compare with the IP from which the agent’s request originates.