← Articles

UCP Trust Infrastructure Matures: Eligibility, Attestation, and Totals

UCP Trust Commerce March 15, 2026 · Ilya Grigorik & Contributors

This week's UCP activity reveals a coherent strategy: building the trust infrastructure that enables enterprise adoption of agentic commerce. Three significant developments — eligibility verification, attestation extensions, and formalized totals contracts — address different facets of the same problem: how do businesses trust AI agents enough to transact with them?

Key Contributors

Ilya Grigorik (Google) continues as the primary spec author, driving eligibility claims and totals formalization. douglasborthwick-crypto contributes the attestation extension proposal, bringing cryptographic verification expertise to the ecosystem.

The Trust Problem in Agentic Commerce

When a human shops online, businesses have multiple trust signals: browser cookies, login history, shipping address consistency, payment method verification. When an AI agent shops on behalf of a human, most of these signals vanish. UCP must recreate — and improve upon — these trust mechanisms at the protocol level.

The Core Challenge: AI agents need to prove they represent legitimate users without exposing user identity. Businesses need fraud prevention without user friction. The protocol must enable both simultaneously.

This Week's Progress

March 13
Eligibility Claims & Verification Contract Merged

PR #250 establishes the contract for eligibility verification — how agents prove customer qualifications (student, employee, member) without revealing identity.

March 13
Attestation Extension Proposed

PR #264 adds cryptographic attestation for eligibility claims — enabling third parties to vouch for customer status with verifiable signatures.

March 12
Totals Contract Formalization

PR #261 formalizes how order totals are calculated and communicated — ensuring agents and businesses agree on pricing before checkout.

Eligibility Verification Deep Dive

The eligibility system enables restricted discounts (student pricing, employee discounts, membership perks) to work in agentic commerce without exposing personal data:

{
  "eligibility": {
    "claims": [{
      "type": "student",
      "issuer": "university.edu",
      "verified_at": "2026-03-01T00:00:00Z"
    }],
    "attestations": [{
      "claim_hash": "sha256:...",
      "attestor": "sheerid.com",
      "signature": "..."
    }]
  }
}

The key insight: attestation is separate from claims. A university issues the claim ("this person is a student"), and a verification service attests to its validity without needing the underlying identity data.

Why Totals Formalization Matters

Cart totals seem straightforward until you consider edge cases:

PR #261 establishes a polymorphic totals contract — a flexible structure that can represent all these scenarios while giving AI agents deterministic expectations about what they'll pay.

The Emerging Trust Stack

Taken together, recent UCP developments form a coherent trust stack:

  1. Authorization signals (PR #203) — Platform attestations about request authenticity
  2. Eligibility claims (PR #250) — Customer qualification proofs
  3. Attestation extensions (PR #264) — Third-party verification
  4. Totals contracts (PR #261) — Pricing transparency and agreement
  5. Message signing (previously merged) — Request authenticity and integrity

Each layer addresses a specific trust gap. Together, they provide the security infrastructure that enterprises require before allowing AI agents to transact at scale.

Implications for Implementers

Businesses implementing UCP should prepare for:

The specification is converging toward a stable trust model. Early implementers should track these PRs closely — the patterns established now will define agentic commerce for years.

View open UCP proposals →