Glossary
Agentic commerce spans multiple protocols and technical standards. This glossary defines each core term in one line, with deep-read links for further study.A
A2A (Agent-to-Agent)
Definition: A communication protocol by Google that enables different AI agents to collaborate on tasks through structured inter-agent messaging. Relation to UCP: UCP supports A2A as one of its four transport mechanisms, using the Agent Card Specification for inter-agent commerce collaboration.ACP (Agentic Commerce Protocol)
Definition: An open standard for programmatic commerce interactions between buyers, AI agents, merchants, and payment providers. Created by Stripe; OpenAI ChatGPT was the first implementer. Official spec: agenticcommerce.dev | Spec version: 2026-01-30 Deep read: ACP Protocol Deep Diveagent.json
Definition: A JSON file placed in a website’s/.well-known/ directory that declares the site’s supported AI agent interaction capabilities.
File path: https://yourdomain.com/.well-known/agent.json
Deep read: Book 6 Chapter 7
Agentic Commerce
Definition: A new commerce paradigm in which AI agents perform product discovery, price comparison, checkout, and customer service on behalf of human users. Deep read: Book 1 Chapter 1Agentic Storefronts
Definition: Shopify’s AI agent access interface for merchants, enabled by default for U.S.-based Shopify stores (launched 2025).AI-SEO
Definition: The practice of optimizing website visibility for AI agent crawlers (ChatGPT-User, Claude-Web, etc.), as distinct from traditional Google SEO. Deep read: SEO for AIB
Badge (Trust Badge)
Definition: The tier label assigned by the OTR trust scoring system. Five tiers: PLATINUM (90+) / GOLD (80-89) / SILVER (70-79) / BRONZE (60-69) / UNRATED (under 60). Deep read: Book 2 Chapter 5BreadcrumbList
Definition: A Schema.org markup type for breadcrumb navigation that helps search engines and AI agents understand a site’s hierarchical structure. Deep read: Book 6 Chapter 3C
CAA (Certificate Authority Authorization)
Definition: A DNS record type that specifies which Certificate Authorities are permitted to issue SSL certificates for a given domain.Capability Negotiation
Definition: The process in UCP by which a platform and a merchant establish their mutually supported capabilities through a four-step algorithm. Four-step algorithm: Compute intersection, select highest version, prune orphan extensions, repeat pruning until stable. Deep read: Book 3 Chapter 8Checkout Session
Definition: The core object in both UCP and ACP that represents a single transaction, containing the shopping cart, buyer information, shipping method, and payment status. UCP states: incomplete / requires_escalation / ready_for_complete / complete_in_progress / completed / canceled ACP states: 11 states (including authentication_required, pending_approval, etc.)COLD Mode
Definition: The current operating mode of the OTR scoring engine. Evaluates trust entirely from publicly verifiable data without requiring merchant authorization. Weight formula: V x 0.40 + S x 0.15 + G x 0.20 + T x 0.10 + D x 0.15D
Delegate Payment
Definition: A Stripe-hosted secure payment API in ACP. The AI agent sends payment credentials to Stripe for tokenization and receives a vault token (format:vt_...). The merchant never handles raw card numbers.
Endpoint: POST /agentic_commerce/delegate_payment
Deep read: Book 4 Chapter 1
DKIM (DomainKeys Identified Mail)
Definition: An email authentication standard that attaches a digital signature to each outgoing message, allowing recipients to verify authenticity. Related terms: SPF, DMARCDMARC (Domain-based Message Authentication)
Definition: An email authentication protocol that tells receiving mail servers how to handle messages that fail SPF or DKIM verification.DNSSEC (DNS Security Extensions)
Definition: A suite of DNS extensions that use digital signatures to ensure DNS query results have not been tampered with.E
Elicitation
Definition: An MCP primitive that allows a Server to request additional information or confirmation from the user, implemented via theelicitation/request method.
Deep read: Book 5 Chapter 2
F
Finnhub
Definition: A financial data API platform used by OTR to verify publicly traded company identities and stock information.G
GLEIF (Global Legal Entity Identifier Foundation)
Definition: The international foundation that administers the global Legal Entity Identifier (LEI) system for financial institutions and corporations. Official website: gleif.orgH
HSTS (HTTP Strict Transport Security)
Definition: An HTTP security header that forces browsers to use HTTPS exclusively, preventing protocol downgrade attacks.I
Identity Linking
Definition: One of UCP’s four core capabilities. Based on OAuth 2.0 Authorization Code flow, it establishes a secure user identity association between an AI agent platform and a merchant. Namespace:dev.ucp.common.identity_linking
Deep read: Book 3 Chapter 3
IndexNow
Definition: A real-time URL notification protocol by Microsoft and Yandex that proactively informs search engines of content updates.J
JSON-LD (JavaScript Object Notation for Linked Data)
Definition: Google’s recommended structured data format, embedding machine-readable information in HTML via a standalone script tag. Related terms: Schema.org, Microdata Deep read: Book 6 Chapter 3JSON-RPC 2.0
Definition: A lightweight remote procedure call protocol used by both MCP and ACP as their message transport format. Message types: Request (has id, expects response), Response (reply to a Request), Notification (no id, no response expected)JWK (JSON Web Key)
Definition: A standard for representing cryptographic keys in JSON format. UCP’s/.well-known/ucp Profile uses a JWK array to declare signing keys.
Key fields: kid (key ID) / kty (key type, e.g. EC) / crv (curve, e.g. P-256) / alg (algorithm, e.g. ES256)
L
LEI (Legal Entity Identifier)
Definition: A 20-character global identifier issued by GLEIF that certifies a legal entity’s registered identity. Annual fee approximately $60-100.llms.txt
Definition: A Markdown file at the website root that tells AI agents who you are, what you do, and what you sell in concise, structured language. Specification: llmstxt.org Deep read: Book 6 Chapter 6M
MCP (Model Context Protocol)
Definition: A standard protocol for connecting AI applications to external tools and data sources. Originally created by Anthropic, now governed by the Linux Foundation. Spec version: 2025-11-25 | Official spec: modelcontextprotocol.io Three primitives: Tools (functions the model can call) / Resources (data the application can read) / Prompts (user-triggered templates) Deep read: MCP Protocol Deep DiveMicrodata
Definition: A structured data format that embeds machine-readable information via HTML tag attributes (itemprop, itemscope). An alternative to JSON-LD.
Minor Currency Units
Definition: The representation of monetary amounts in ACP and UCP using the smallest denomination defined by ISO 4217. $79.99 = 7999 (cents), EUR 3.50 = 350 (euro cents), JPY 1000 = 1000 (yen has no fractional unit).O
OAuth 2.1
Definition: The authorization framework used by MCP for authentication. Requires PKCE (S256) and prohibits the implicit grant flow, making it more secure than OAuth 2.0.OpenRPC
Definition: A specification format for describing JSON-RPC 2.0 APIs. UCP’s MCP transport mode uses OpenRPC to define commerce tool schemas.OTR (Open Trust Registry)
Definition: An open trust registry protocol that provides AI agents with domain and merchant trust scores based on publicly available data. Covers 270,000+ domains. Created by ORBEXA. Open source: github.com/yb48666-ctrl/OTR-Protocol-by-orbexa Deep read: OTR Protocol Deep DiveOTR-ID
Definition: A unique identifier generated by the OTR system for each assessed domain. Format:OTR-{hash}.
P
Payment Token Exchange
Definition: One of UCP’s four core capabilities. Defines a three-step flow for securely exchanging payment credentials between a platform and a merchant: negotiate, acquire, complete. Credential flow: Unidirectional, platform to merchant (the merchant must never transmit credentials back). Deep read: Book 3 Chapter 1Product Feed
Definition: The system in ACP through which merchants push product catalog data to OpenAI. Supports both SFTP file upload and REST API delivery methods. File formats: Parquet (zstd) / jsonl.gz / csv.gz / tsv.gz Deep read: Book 4 Chapter 3R
RFC 9421 (HTTP Message Signatures)
Definition: The HTTP message signing standard used by UCP for Webhook and API authentication, ensuring message integrity and origin authenticity.robots.txt
Definition: A file at the website root that tells crawlers which pages they may access. In the AI era, it must distinguish between traditional search engine bots and AI agent crawlers. Deep read: Book 6 Chapter 5S
Sampling
Definition: An MCP primitive that allows a Server to request the Client to perform LLM inference, with support for model preference settings (cost / speed / intelligence trade-offs). Deep read: Book 5 Chapter 2Schema.org
Definition: A structured data vocabulary jointly maintained by Google, Microsoft, Yahoo, and Yandex for marking up web content. Official website: schema.org Deep read: Book 6 Chapter 3SEC EDGAR
Definition: The U.S. Securities and Exchange Commission’s electronic filing system. OTR uses it to verify public company identities.Sitemap
Definition: An XML-formatted directory of website pages that helps search engines and AI crawlers discover all available content. Deep read: Book 6 Chapter 8SPF (Sender Policy Framework)
Definition: An email authentication protocol that uses DNS records to declare which mail servers are authorized to send email on behalf of a domain.Streamable HTTP
Definition: The latest MCP transport mechanism (replacing the older HTTP+SSE approach). Uses a single endpoint supporting both POST requests and SSE streaming responses, with session management via theMcp-Session-Id header.
Deep read: Book 5 Chapter 3
T
Trust Score
Definition: The OTR system’s 0-100 composite score for a domain, assessed across six dimensions (V/S/G/T/D/F). In COLD mode, five active dimensions are weighted to produce the final score. Badges: PLATINUM (90+) / GOLD (80-89) / SILVER (70-79) / BRONZE (60-69) / UNRATED (under 60)U
UCP (Universal Commerce Protocol)
Definition: An open commerce protocol jointly initiated by Google, Shopify, Etsy, Wayfair, Target, and Walmart. Defines standardized interactions for checkout, identity, orders, and payments between AI agents and merchants. Spec version: 2026-04-08 | Official spec: ucp.dev | GitHub: 2.6k stars Four core capabilities: Checkout / Identity Linking / Order / Payment Token Exchange Deep read: UCP Protocol Deep DiveUCP Profile
Definition: A JSON document deployed by merchants at/.well-known/ucp that declares supported UCP versions, capabilities, service endpoints, and signing keys.
Deployment requirements: HTTPS required, no redirects (3xx), Cache-Control max-age of at least 60 seconds.
Deep read: Book 3 Chapter 7
V
Vault Token
Definition: The payment token returned by the ACP Delegate Payment API (format:vt_...). Used in place of raw card numbers when transmitting payment information between merchants and payment providers.
W
WebRisk
Definition: Google’s malicious website detection service. OTR uses it as a safety signal in the V (Verification) dimension.WHOIS
Definition: The domain registration information lookup protocol. OTR uses it to assess domain age and registration information completeness.Wikidata
Definition: Wikipedia’s structured data repository. OTR uses it to verify a company’s public notability and presence. Official website: wikidata.orgThis glossary covers the UCP, ACP, MCP, and OTR protocols along with related technical standards. If you notice any missing terms, please submit an issue on GitHub.