The Four Layers
Human Identity, Entity Attestation, Agreement Integrity, and Agent Authorization -- the composable trust layers for agentic commerce.
Layer 1: Human Identity
A verifiable chain from agent action to human principal. The human is the ultimate accountability anchor -- every AI agent, every organizational entity, and every automated system traces back to a human who bears legal responsibility.
What it proves: There is an identifiable human behind this transaction.
Provider interface: "Is the human behind this agent identifiable at assurance level X?"
Fulfilled by: Stripe KYC, bank identity, government digital ID, Integra identity verification (SIWE, passport, mDL), biometric verification, and others.
Layer 2: Entity Attestation
Organizational structures connected to identifiable humans. Most commerce is conducted by organizations, not individuals. Entity attestation connects the organization to its identifiable humans and establishes its authority to transact.
What it proves: There is a verifiable entity behind this agent, attributable to identifiable humans.
Provider interface: "Is the entity behind this agent verifiable and attributable?"
Fulfilled by: Corporate filing verification, DNS-based identity, LEI (Legal Entity Identifier), sovereign digital credentials, Integra entity attestation, and others.
Layer 3: Agreement Integrity
Terms permanently recorded, independently verifiable, controlled by neither party. This is where the Agent Legal Context protocol has the strongest unique position. No other protocol provides neutral, permanent, independently verifiable agreement records.
What it proves: The terms of this agreement are authentic, unchanged, and will remain accessible regardless of what either party does.
Provider interface: "Are the terms permanently recorded, independently verifiable, and controlled by neither party?"
Fulfilled by: On-chain existence proofs and records (IntegraExistence + IntegraRecord in the Integra reference implementation) on any EVM chain, with contentHash as the universal reference.
The snapshot model ensures document integrity. The on-chain record ensures permanence. The API ensures accessibility. The content-addressing ensures verifiability.
Layer 4: Agent Authorization
Autonomous systems carrying verifiable, bounded authority. In the agentic world, authorization must capture both financial scope (spending limits) and legal scope (what terms the agent can accept).
What it proves: This agent carries verifiable, bounded authority from an identifiable principal.
Provider interface: "Does this agent carry verifiable, bounded authority from an identifiable principal?"
Fulfilled by: Tempo Account Keychain (financial bounds) + Integra tokenizer (legal bounds), ACP Shared Payment Tokens, UCP cryptographic mandates, EIP-7702 delegations, and others.
Layer-by-Tier Matrix
Each tier of the ALC protocol implements the four layers at different assurance levels:
| Trust Layer | Tier 1 (Implicit) | Tier 2 (Explicit) | Tier 3 (Negotiated) |
|---|---|---|---|
| L1: Human Identity | Inherited from payment rail (Stripe KYC, bank KYC, wallet identity) | Verified -- party must be identifiable before signing terms | Verified + attributable -- both principals must be identifiable |
| L2: Entity Attestation | Inherited from service registration (DNS, corporate filing) | Verified -- entity behind the agent must be attributable | Verified + auditable -- both entities' authority chains provable |
| L3: Agreement Integrity | Terms registry + contentHash in memo -- minimal but anchored | contentHash signed via EIP-712, IntegraRecord created | Full negotiation history, final terms in IntegraRecord |
| L4: Agent Authorization | Not required (implicit by transaction) | Required -- agent's delegation chain must be provable | Required + scoped -- terms policy must be provable |
Economic Deterrence
Trust in Depth restores the economic deterrence that single-layer systems lose. The white paper argues:
"A bad actor or a rogue agent would need to compromise all four layers simultaneously: forge a human identity, fabricate an entity, manipulate the agreement record, and circumvent the authorization chain."
This applies proportionally to each tier:
| Tier | Layers an Attacker Must Compromise | Deterrence Level |
|---|---|---|
| Tier 1 | Payment rail identity + terms registry | Low (proportional to low-value transactions) |
| Tier 2 | Human identity + entity attestation + EIP-712 signature + IntegraRecord | High |
| Tier 3 | All of Tier 2 + terms policy + negotiation history + mutual signatures + resolver framework | Very high |
The cost of attack scales with the value of the transaction. This is exactly the proportionality principle in action.
The Provider Pattern
A critical architectural principle: the protocol defines what questions must be answered about identity at each layer; the provider determines how.
This means the ALC protocol does not mandate specific identity solutions. It defines interfaces that different providers can fulfill. A vendor using Stripe KYC for Layer 1 and the Integra reference implementation for Layer 3 gets the same protocol guarantees as a vendor using government digital ID for Layer 1 and self-hosted resolvers for Layer 3.
The protocol is provider-agnostic. The trust guarantees come from the composition of all four layers, not from any specific provider at any single layer.