こんにちは TAG-さん!

I'm requesting a TAG review of three.ws.

three.ws is an open-source platform that combines three architectural patterns the web does not currently have a coherent story for:

1. Embeddable 3D AI agents as a first-class web content type, delivered via a single web component (<agent-3d>).
2. On-chain agent identity (Solana) that travels with the agent across origins, with on-chain attestations, revocation, and a signed manifest binding the agent to its controlling entity.
3. A per-agent Model Context Protocol (MCP) endpoint, plus an OAuth 2.1 server, for tool-use negotiation between agents and clients across organizational boundaries.

Further details:

• Explainer: https://three.ws
• Reference implementation (Apache 2.0): https://github.com/nirholas/three.ws
• Web component package: https://www.npmjs.com/package/three.ws
• Live deployment: https://three.ws — register an agent, embed it anywhere

You should also know about...

• A new W3C Community Group, "Agent Identity Registry Protocol CG," has been launched to specify a DID method, credential format, and trust negotiation protocol for AI agents. three.ws is contributing as input material.
• The OpenID Foundation AIIM working group and NIST's AI Agent Identity initiative are addressing adjacent problems from the enterprise side.
• W3C WebXR, WebGPU, Verifiable Credentials WG, and the Web Components specifications all touch this surface.

We'd prefer the TAG provide feedback as: early review

We'd prefer feedback via: this issue

Specific architectural questions:

1. Embedded agent trust boundaries. When <agent-3d> renders inside a third-party origin, the host page, the embedding context, and the agent's controlling entity form a three-party trust relationship that existing same-origin and CORS models do not cleanly express. What boundary primitives does the TAG see as appropriate?

2. On-chain identifiers as web identity. Using a public-key identifier resolved via a public ledger removes the registry intermediary but introduces new fingerprinting and linkability surfaces. How should the Privacy Principles apply to pseudonymous-but-public on-chain identifiers used for agent authentication?

3. MCP as a web protocol. MCP is becoming the de facto agent tool-use protocol but has no formal relationship to the web platform. Should agent credential presentation be specified at the MCP layer, the HTTP layer, or as a new web platform primitive?

4. Sustainability. The Ethical Web Principles call out environmental sustainability. We chose Solana specifically for low energy per transaction. We would welcome TAG input on how on-chain identity work should be evaluated against the sustainability principle.

5. Web component as agent surface. Is a custom element the right abstraction for an autonomous, network-connected, AI-driven entity embedded in third-party pages, or does this warrant a new platform primitive (e.g., something analogous to <iframe> with explicit agent semantics)?

https://three.ws

<!-- Content below this is maintained by @w3c-tag-bot -->

---

Track conversations at https://tag-github-bot.w3.org/gh/w3ctag/design-reviews/1226