Core Feature

Federated Trust Network

Build cross-organization trust without sharing raw data. DRD's federated trust network connects isolated DRD instances into a unified trust mesh, enabling agent discovery, shared reputation signals, and collaborative governance while preserving each organization's data sovereignty.

Overview

Organizations deploying AI agents need to trust agents from partners, vendors, and ecosystem participants. The federated trust network solves this by allowing DRD instances to share trust scores, policy decisions, and agent reputation data without ever exchanging the underlying raw data, event logs, or proprietary policy rules.

Privacy-Preserving

Only aggregated trust signals are shared. Raw audit logs, policy rules, and internal data never leave your instance.

Mutual Trust

Bidirectional trust relationships with configurable sharing levels. Each organization controls what they share.

Jurisdiction-Aware

Data routing respects regional regulations. EU data stays in EU regions, with configurable sovereignty rules.

Federation Protocol

The federation protocol defines how DRD instances discover each other, establish trust relationships, and exchange trust signals. It operates over mutual TLS connections and uses a publish-subscribe model for real-time trust score updates.

Discovery

Instances register with the DRD Federation Registry or use DNS-based service discovery (SRV records) to find peers.

Handshake

Two instances negotiate a federation agreement specifying sharing scope, update frequency, and data retention policies.

mTLS Establishment

Mutual TLS certificates are exchanged and pinned. All subsequent communication is encrypted and authenticated.

Trust Score Sync

Aggregated trust scores are published on a configurable interval (default: 60 seconds). Scores include agent ID, composite score, and confidence level.

Ongoing Verification

Federation health is monitored continuously. Stale connections are flagged, and scores from unresponsive peers are gradually decayed.

Federated Knowledge Graph

The federated knowledge graph connects agents, policies, and trust relationships across organizations into a unified, queryable graph. Each node maintains its own local subgraph and contributes anonymized edges to the federated view.

Local Subgraph

Contains full agent details, policy rules, event history, and trust score breakdowns. This data never leaves the organization boundary.

Federated View

Contains agent DIDs, composite trust scores, capability declarations, and relationship edges. All data is aggregated and anonymized before sharing.

Privacy-Preserving Aggregation

Trust signals are aggregated using differential privacy techniques before being shared with federated peers. This ensures that individual events, decisions, or data points cannot be reverse-engineered from the shared scores.

Technique	Purpose	Privacy Guarantee
Differential Privacy	Adds calibrated noise to trust scores before sharing	Epsilon-delta privacy budget per query
Secure Aggregation	Computes composite scores without revealing individual inputs	No single peer can reconstruct source data
Homomorphic Summation	Aggregates encrypted scores from multiple peers	Scores remain encrypted during computation
k-Anonymity Binning	Groups agents into trust tiers instead of sharing exact scores	Minimum group size of k=10 per tier

Agent Discovery

Discover agents across federated networks using capability-based search, DID resolution, or trust-score filtering. Agent discovery respects each organization's visibility settings -- only agents explicitly marked as discoverable appear in federated queries.

discover-agents.ts

// Discover agents across the federated network
const agents = await drd.federation.discover({
  capabilities: ["content-analysis", "image-classification"],
  minTrustScore: 80,
  regions: ["eu-west-1", "us-east-1"],
  limit: 20,
});

// Returns agents from all federated peers
// [
//   {
//     did: "did:drd:partner-org:019abc...",
//     name: "Content Scanner Pro",
//     trustScore: 92,
//     capabilities: ["content-analysis", "image-classification"],
//     organization: "Partner Corp",
//     region: "eu-west-1",
//     federatedFrom: "partner-corp.drd.io"
//   },
//   ...
// ]

Mutual TLS for Federation

All federation endpoints require mutual TLS (mTLS) authentication. Both the connecting instance and the receiving instance present X.509 certificates signed by the DRD Federation CA or a trusted organizational CA.

Certificate Management

DRD automatically provisions, rotates, and revokes federation certificates. Rotation occurs every 90 days with a 30-day overlap for zero-downtime transitions.

Certificate Pinning

Federation peers pin each other's certificate fingerprints during the initial handshake. TOFU (Trust On First Use) with optional out-of-band verification.

Sovereignty Controls

Fine-grained controls determine which data stays local and which is shared with federated peers. Sovereignty rules are defined per data category and can be overridden at the workspace, agent, or policy level.

Data Category	Default	Configurable
Trust scores (composite)	Shared	Can restrict to local-only
Trust score breakdown	Local	Can enable sharing per component
Policy rules	Local	Never shared (by design)
Audit event logs	Local	Never shared (by design)
Agent capabilities	Shared	Can restrict to local-only
Agent metadata	Local	Can enable selective sharing
Enforcement actions	Local	Can share anonymized summaries

Jurisdiction-Aware Routing

The federation layer automatically routes data based on jurisdictional requirements. EU data stays within EU regions, and cross-border data flows are governed by configurable rules that map to regulatory frameworks like GDPR, CCPA, and LGPD.

EU (GDPR)

Data pinned to eu-west-1 and eu-central-1. Cross-border transfers require adequacy decision or SCCs.

US (CCPA/State Laws)

Data in us-east-1 and us-west-2. Opt-out signals are respected across federation peers.

APAC (PDPA/PIPL)

Data in ap-southeast-1 and ap-northeast-1. China-origin data requires explicit cross-border consent.

Brazil (LGPD)

Data in sa-east-1. Transfers to non-adequate countries require additional safeguards.

Multi-Region Deployment Patterns

DRD supports multiple deployment topologies for federated networks, from hub-and-spoke to fully meshed configurations. Choose the pattern that matches your organization's compliance requirements and latency targets.

Hub-and-Spoke

A central DRD instance acts as the federation hub. All peers connect to the hub, which aggregates and redistributes trust scores. Best for organizations with a clear hierarchy.

hub-and-spoke.txt

[Peer A] ──mTLS──> [Hub] <──mTLS── [Peer B]
                     │
                  [Peer C]

Full Mesh

Every DRD instance connects directly to every other instance. Provides the lowest latency and highest resilience but requires O(n^2) connections.

full-mesh.txt

[Peer A] ──mTLS──> [Peer B]
   │ \               │
   │  \              │
   v   v             v
[Peer C] <──mTLS── [Peer D]

Regional Clusters

Instances within the same jurisdiction form a full mesh, and clusters connect to each other via designated gateway nodes. Balances latency, compliance, and complexity.

regional-clusters.txt

┌─ EU Cluster ─┐     ┌─ US Cluster ─┐
│ [A] ── [B]   │     │ [D] ── [E]   │
│   \   /      │     │   \   /      │
│    [C]  ─────│─mTLS│──> [F]       │
└──────────────┘     └──────────────┘

Joining a Federation

join-federation.ts

// Join an existing federation network
import { DRD } from "@drd-io/sdk";

const drd = new DRD({ apiKey: process.env.DRD_API_KEY });

const federation = await drd.federation.join({
  // Federation network to join
  network: "enterprise-trust-network",
  registryUrl: "https://registry.federation.drd.io",

  // Your instance's identity
  instanceName: "acme-corp-production",
  region: "eu-west-1",

  // mTLS certificate (PEM-encoded)
  certificate: process.env.DRD_FEDERATION_CERT,
  privateKey: process.env.DRD_FEDERATION_KEY,

  // Sovereignty controls
  sharing: {
    trustScores: true,         // Share composite trust scores
    trustBreakdown: false,     // Keep component scores local
    agentCapabilities: true,   // Share agent capability lists
    agentMetadata: false,      // Keep internal metadata local
    enforcementSummaries: true // Share anonymized enforcement stats
  },

  // Jurisdiction rules
  jurisdiction: {
    dataResidency: "eu",
    crossBorderPolicy: "sccs-required",
    allowedRegions: ["eu-west-1", "eu-central-1"],
  },
});

console.log(federation);
// {
//   federationId: "fed-019abc-...",
//   instanceId: "inst-019def-...",
//   status: "active",
//   connectedPeers: 12,
//   syncInterval: 60,
//   joinedAt: "2026-02-14T10:00:00Z"
// }

Querying Federated Trust Scores

query-trust.ts

// Query trust scores from federated peers
const trustReport = await drd.federation.queryTrust({
  agentDid: "did:drd:partner-org:019abc-def0-7890",

  // Include scores from all federated peers
  includePeers: true,

  // Minimum confidence threshold (0-1)
  minConfidence: 0.7,
});

console.log(trustReport);
// {
//   agentDid: "did:drd:partner-org:019abc-def0-7890",
//   localScore: null,  // Not a local agent
//   federatedScore: {
//     composite: 89,
//     confidence: 0.94,
//     peerCount: 5,
//     lastUpdated: "2026-02-14T09:59:12Z",
//   },
//   peerScores: [
//     { peer: "partner-corp.drd.io", score: 91, confidence: 0.97 },
//     { peer: "vendor-inc.drd.io", score: 87, confidence: 0.92 },
//     { peer: "platform-co.drd.io", score: 88, confidence: 0.95 },
//     { peer: "agency-ltd.drd.io", score: 90, confidence: 0.91 },
//     { peer: "startup-xyz.drd.io", score: 89, confidence: 0.93 },
//   ],
//   aggregationMethod: "weighted-average",
//   privacyBudgetUsed: 0.12,
// }

// Use federated trust in a policy decision
const decision = await drd.guard.evaluate({
  action: "delegate_task",
  context: {
    delegateDid: "did:drd:partner-org:019abc-def0-7890",
    federatedTrustScore: trustReport.federatedScore.composite,
    taskSensitivity: "medium",
  },
  agentId: "01956abc-def0-7890-abcd-1234567890ab",
});

Federated Trust Network

Overview

Privacy-Preserving

Only aggregated trust signals are shared. Raw audit logs, policy rules, and internal data never leave your instance.

Mutual Trust

Bidirectional trust relationships with configurable sharing levels. Each organization controls what they share.

Jurisdiction-Aware

Data routing respects regional regulations. EU data stays in EU regions, with configurable sovereignty rules.

Federation Protocol

Discovery

Instances register with the DRD Federation Registry or use DNS-based service discovery (SRV records) to find peers.

Handshake

Two instances negotiate a federation agreement specifying sharing scope, update frequency, and data retention policies.

mTLS Establishment

Mutual TLS certificates are exchanged and pinned. All subsequent communication is encrypted and authenticated.

Trust Score Sync

Aggregated trust scores are published on a configurable interval (default: 60 seconds). Scores include agent ID, composite score, and confidence level.

Ongoing Verification

Federation health is monitored continuously. Stale connections are flagged, and scores from unresponsive peers are gradually decayed.

Federated Knowledge Graph

Local Subgraph

Contains full agent details, policy rules, event history, and trust score breakdowns. This data never leaves the organization boundary.

Federated View

Contains agent DIDs, composite trust scores, capability declarations, and relationship edges. All data is aggregated and anonymized before sharing.

Privacy-Preserving Aggregation

Technique	Purpose	Privacy Guarantee
Differential Privacy	Adds calibrated noise to trust scores before sharing	Epsilon-delta privacy budget per query
Secure Aggregation	Computes composite scores without revealing individual inputs	No single peer can reconstruct source data
Homomorphic Summation	Aggregates encrypted scores from multiple peers	Scores remain encrypted during computation
k-Anonymity Binning	Groups agents into trust tiers instead of sharing exact scores	Minimum group size of k=10 per tier

Agent Discovery

discover-agents.ts

// Discover agents across the federated network
const agents = await drd.federation.discover({
  capabilities: ["content-analysis", "image-classification"],
  minTrustScore: 80,
  regions: ["eu-west-1", "us-east-1"],
  limit: 20,
});

// Returns agents from all federated peers
// [
//   {
//     did: "did:drd:partner-org:019abc...",
//     name: "Content Scanner Pro",
//     trustScore: 92,
//     capabilities: ["content-analysis", "image-classification"],
//     organization: "Partner Corp",
//     region: "eu-west-1",
//     federatedFrom: "partner-corp.drd.io"
//   },
//   ...
// ]

Mutual TLS for Federation

Certificate Management

DRD automatically provisions, rotates, and revokes federation certificates. Rotation occurs every 90 days with a 30-day overlap for zero-downtime transitions.

Certificate Pinning

Federation peers pin each other's certificate fingerprints during the initial handshake. TOFU (Trust On First Use) with optional out-of-band verification.

Sovereignty Controls

Data Category	Default	Configurable
Trust scores (composite)	Shared	Can restrict to local-only
Trust score breakdown	Local	Can enable sharing per component
Policy rules	Local	Never shared (by design)
Audit event logs	Local	Never shared (by design)
Agent capabilities	Shared	Can restrict to local-only
Agent metadata	Local	Can enable selective sharing
Enforcement actions	Local	Can share anonymized summaries

Jurisdiction-Aware Routing

EU (GDPR)

Data pinned to eu-west-1 and eu-central-1. Cross-border transfers require adequacy decision or SCCs.

US (CCPA/State Laws)

Data in us-east-1 and us-west-2. Opt-out signals are respected across federation peers.

APAC (PDPA/PIPL)

Data in ap-southeast-1 and ap-northeast-1. China-origin data requires explicit cross-border consent.

Brazil (LGPD)

Data in sa-east-1. Transfers to non-adequate countries require additional safeguards.

Multi-Region Deployment Patterns

Hub-and-Spoke

A central DRD instance acts as the federation hub. All peers connect to the hub, which aggregates and redistributes trust scores. Best for organizations with a clear hierarchy.

hub-and-spoke.txt

[Peer A] ──mTLS──> [Hub] <──mTLS── [Peer B]
                     │
                  [Peer C]

Full Mesh

Every DRD instance connects directly to every other instance. Provides the lowest latency and highest resilience but requires O(n^2) connections.

full-mesh.txt

[Peer A] ──mTLS──> [Peer B]
   │ \               │
   │  \              │
   v   v             v
[Peer C] <──mTLS── [Peer D]

Regional Clusters

Instances within the same jurisdiction form a full mesh, and clusters connect to each other via designated gateway nodes. Balances latency, compliance, and complexity.

regional-clusters.txt

┌─ EU Cluster ─┐     ┌─ US Cluster ─┐
│ [A] ── [B]   │     │ [D] ── [E]   │
│   \   /      │     │   \   /      │
│    [C]  ─────│─mTLS│──> [F]       │
└──────────────┘     └──────────────┘

Joining a Federation

join-federation.ts

// Join an existing federation network
import { DRD } from "@drd-io/sdk";

const drd = new DRD({ apiKey: process.env.DRD_API_KEY });

const federation = await drd.federation.join({
  // Federation network to join
  network: "enterprise-trust-network",
  registryUrl: "https://registry.federation.drd.io",

  // Your instance's identity
  instanceName: "acme-corp-production",
  region: "eu-west-1",

  // mTLS certificate (PEM-encoded)
  certificate: process.env.DRD_FEDERATION_CERT,
  privateKey: process.env.DRD_FEDERATION_KEY,

  // Sovereignty controls
  sharing: {
    trustScores: true,         // Share composite trust scores
    trustBreakdown: false,     // Keep component scores local
    agentCapabilities: true,   // Share agent capability lists
    agentMetadata: false,      // Keep internal metadata local
    enforcementSummaries: true // Share anonymized enforcement stats
  },

  // Jurisdiction rules
  jurisdiction: {
    dataResidency: "eu",
    crossBorderPolicy: "sccs-required",
    allowedRegions: ["eu-west-1", "eu-central-1"],
  },
});

console.log(federation);
// {
//   federationId: "fed-019abc-...",
//   instanceId: "inst-019def-...",
//   status: "active",
//   connectedPeers: 12,
//   syncInterval: 60,
//   joinedAt: "2026-02-14T10:00:00Z"
// }

Querying Federated Trust Scores

query-trust.ts

// Query trust scores from federated peers
const trustReport = await drd.federation.queryTrust({
  agentDid: "did:drd:partner-org:019abc-def0-7890",

  // Include scores from all federated peers
  includePeers: true,

  // Minimum confidence threshold (0-1)
  minConfidence: 0.7,
});

console.log(trustReport);
// {
//   agentDid: "did:drd:partner-org:019abc-def0-7890",
//   localScore: null,  // Not a local agent
//   federatedScore: {
//     composite: 89,
//     confidence: 0.94,
//     peerCount: 5,
//     lastUpdated: "2026-02-14T09:59:12Z",
//   },
//   peerScores: [
//     { peer: "partner-corp.drd.io", score: 91, confidence: 0.97 },
//     { peer: "vendor-inc.drd.io", score: 87, confidence: 0.92 },
//     { peer: "platform-co.drd.io", score: 88, confidence: 0.95 },
//     { peer: "agency-ltd.drd.io", score: 90, confidence: 0.91 },
//     { peer: "startup-xyz.drd.io", score: 89, confidence: 0.93 },
//   ],
//   aggregationMethod: "weighted-average",
//   privacyBudgetUsed: 0.12,
// }

// Use federated trust in a policy decision
const decision = await drd.guard.evaluate({
  action: "delegate_task",
  context: {
    delegateDid: "did:drd:partner-org:019abc-def0-7890",
    federatedTrustScore: trustReport.federatedScore.composite,
    taskSensitivity: "medium",
  },
  agentId: "01956abc-def0-7890-abcd-1234567890ab",
});

Federated Trust Network

Overview

Privacy-Preserving

Mutual Trust

Jurisdiction-Aware

Federation Protocol

Discovery

Handshake

mTLS Establishment

Trust Score Sync

Ongoing Verification

Federated Knowledge Graph

Local Subgraph

Federated View

Privacy-Preserving Aggregation

Agent Discovery

Mutual TLS for Federation

Certificate Management

Certificate Pinning

Sovereignty Controls

Jurisdiction-Aware Routing

EU (GDPR)

US (CCPA/State Laws)

APAC (PDPA/PIPL)

Brazil (LGPD)

Multi-Region Deployment Patterns

Hub-and-Spoke

Full Mesh

Regional Clusters

Joining a Federation

Querying Federated Trust Scores

Related Documentation

Federated Trust Network

Overview

Privacy-Preserving

Mutual Trust

Jurisdiction-Aware

Federation Protocol

Discovery

Handshake

mTLS Establishment

Trust Score Sync

Ongoing Verification

Federated Knowledge Graph

Local Subgraph

Federated View

Privacy-Preserving Aggregation

Agent Discovery

Mutual TLS for Federation

Certificate Management

Certificate Pinning

Sovereignty Controls

Jurisdiction-Aware Routing

EU (GDPR)

US (CCPA/State Laws)

APAC (PDPA/PIPL)

Brazil (LGPD)

Multi-Region Deployment Patterns

Hub-and-Spoke

Full Mesh

Regional Clusters

Joining a Federation

Querying Federated Trust Scores

Related Documentation