Chapter 07 of 08

The Standards Landscape

MCP, A2A, SLIM, OASF, AI Card. Five protocols building the Internet of Agents. Where they overlap, how they compose, and what to adopt now.

The agentic AI ecosystem consolidated rapidly in late 2025 and early 2026. Two of the five major protocols (MCP, A2A) moved to Linux Foundation governance. AGNTCY joined with Cisco, Dell, Google Cloud, Oracle, and Red Hat as formative members. The fragmentation that worried enterprises a year ago is resolving into a coherent — if still evolving — stack.

This chapter maps the landscape as of March 2026, explains how the protocols compose, and provides guidance on what to adopt now versus what to watch.

The Protocol Stack

The five protocols address different layers of the agent communication stack. They don't compete — they compose:

THE AGENTIC AI PROTOCOL STACK AI Card Unified metadata across protocols Linux Foundation · Draft OASF Agent description, skill taxonomy, directory AGNTCY · Schema finalized SLIM Cross-org messaging, SPIFFE identity, encryption AGNTCY / Linux Foundation · IETF draft · Production A2A Agent-to-Agent collaboration, task delegation, Agent Cards Linux Foundation · Google · 150+ orgs · v0.3 stable MCP Tool integration — how agents use tools Agentic AI Foundation / Linux Foundation · 10,000+ servers · Production Each layer builds on those below. MCP is the foundation. SLIM extends across organizations. AI Card unifies metadata.
LayerProtocolQuestion It AnswersGovernance
Tool IntegrationMCPHow does an agent use a tool?Agentic AI Foundation (Linux Foundation). Anthropic, Block, OpenAI.
Agent CollaborationA2AHow do two agents work together on a task?Linux Foundation A2A Project. Google, 150+ orgs.
Cross-Org MessagingSLIMHow do agents talk across organizational boundaries, securely?AGNTCY / Linux Foundation. Cisco, Dell, Google Cloud, Oracle, Red Hat.
Agent DescriptionOASFHow is an agent's identity, skills, and capabilities described?AGNTCY. Open Agent Schema Framework.
MetadataAI CardHow is agent metadata unified across protocols?Linux Foundation. Draft specification.

MCP — Model Context Protocol

What it is: An open standard for connecting AI models to external tools, data sources, and services. MCP defines how an agent discovers tools, invokes them, and processes results. Think of it as "USB-C for AI" — a universal connector.

Where it stands (March 2026): Donated by Anthropic to the Agentic AI Foundation (AAIF, a Linux Foundation directed fund) in December 2025. Co-founded with Block and OpenAI. Over 10,000 active public MCP servers covering developer tools to Fortune 500 enterprise deployments.

2026 roadmap priorities: Enterprise-managed auth (SSO-integrated flows replacing static client secrets), gateway and proxy patterns with authorization propagation, formalized Working Groups with contributor ladder, and configuration portability across deployments.

What it means for governance: MCP defines the tool call interface — which means every tool invocation has a well-defined structure (tool name, input, output) that governance can intercept. Per-tool authorization, audit logging, and rate limiting all operate at the MCP tool call boundary. Without MCP, agents invoke tools through ad-hoc integrations that governance can't see.

Enterprise readiness

Adopt now. MCP is production-ready with broad ecosystem support. The 2026 enterprise auth roadmap will strengthen SSO integration. The tool boundary it defines is the natural enforcement point for authorization, audit, and cost tracking.

A2A — Agent-to-Agent Protocol

What it is: A communication protocol for AI agents to collaborate on tasks. Agents publish Agent Cards (JSON metadata at /.well-known/agent.json) describing their capabilities. Other agents discover these cards and delegate tasks.

Where it stands (March 2026): Launched by Google in April 2025. Transferred to Linux Foundation. Version 0.3 is stable and considered the first enterprise-grade release. 150+ organizations support A2A including Microsoft (Azure AI Foundry, Copilot Studio), SAP (Joule), and Adobe.

Key capabilities: Agent Cards for discovery, JSON-RPC for task management (submitted → working → completed/failed), SSE streaming for real-time updates, file/data part exchange, and push notification support.

What it means for governance: A2A defines how agents collaborate — task delegation, status updates, artifact exchange. Governance needs to audit these interactions: who delegated what to whom, what artifacts were exchanged, what was the outcome. A2A's structured task lifecycle makes this auditable by design.

Enterprise readiness

Adopt now. A2A v0.3 is stable. Microsoft and SAP adoption means your existing enterprise stack likely supports it already. Agent Cards are the natural extension of service catalogs into the agent world.

SLIM — Secure Low-Latency Interactive Messaging

What it is: A next-generation communication framework for secure, real-time messaging between AI agents across organizational boundaries. SLIM provides the transport layer with identity verification, encryption, and many-to-many interaction patterns.

Where it stands (March 2026): Part of AGNTCY, which joined the Linux Foundation with Cisco, Dell Technologies, Google Cloud, Oracle, and Red Hat as formative members. Over 75 companies contributing. IETF draft submitted (draft-mpsb-agntcy-slim-00). Production use cases at Swisscom (telecom), SRE automation tools (30% workflow automation), and voice AI applications.

Key capabilities: gRPC-based transport, many-to-many interaction patterns, voice/video support, real-time guarantees, SPIFFE-based identity verification, and a post-quantum cryptography roadmap.

What it means for governance: SLIM solves the hardest governance problem — cross-org trust. When your agent talks to a partner's agent, SLIM verifies identity via SPIFFE trust bundles, encrypts the channel, and provides structured audit points for both organizations. Without SLIM (or equivalent), cross-org agent collaboration requires manual trust establishment (phone calls, API key exchanges, NDAs).

Enterprise readiness

Plan for it. SLIM is production-ready for early adopters (Swisscom, SRE automation). For most enterprises, it becomes relevant when partners also support it. Build your identity infrastructure (SPIFFE) now so you're ready when federation demand arrives.

OASF — Open Agent Schema Framework

What it is: A standardized schema for describing AI agents — their identity, skills, capabilities, and interaction patterns. Part of the AGNTCY stack. Think of it as "a LinkedIn profile for AI agents" — machine-readable and verifiable.

Where it stands: Schema finalized. Decentralized Agent Directory operational. Integrated with AGNTCY's identity service. Used for agent discovery and capability matching in federated environments.

What it means for governance: OASF provides the metadata layer that enables governance at scale. When an agent publishes its capabilities via OASF, governance systems can: verify that the agent is authorized for those capabilities, match incoming requests to qualified agents, and track capability changes over time.

How They Compose

ScenarioProtocols UsedFlow
Agent uses a toolMCPAgent → MCP tool call → tool executes → result returned
Agent delegates task to another agent (same org)A2AAgent A → discovers Agent B via Agent Card → delegates task → receives result
Agent collaborates with agent in another orgA2A + SLIMAgent A → discovers remote Agent B → SLIM establishes trust + encrypted channel → A2A task exchange
Agent registers in federated directoryOASF + SLIMAgent publishes OASF description → registered in decentralized directory → discoverable by remote agents
Full enterprise scenarioAll fiveAgent uses tools (MCP), delegates to team agents (A2A), collaborates with partner (SLIM), described by (OASF), metadata unified by (AI Card)

What to Adopt Now vs. Later

ADOPTION READINESS — MARCH 2026 ADOPT NOW PLAN FOR IT EVALUATE WATCH MCP 10K+ servers · Production A2A 150+ orgs · v0.3 stable SLIM IETF draft · Early prod OASF AI Card Build on MCP + A2A today. Prepare SPIFFE identity for SLIM federation. Monitor OASF and AI Card.
ProtocolRecommendationRationale
MCPAdopt nowProduction-ready. 10K+ servers. Linux Foundation governance. The tool integration standard.
A2AAdopt nowv0.3 stable. Microsoft/SAP/Adobe. Agent Cards are trivial to implement.
SLIMPlan for itProduction at early adopters. IETF draft. Build SPIFFE identity now; federation when partners are ready.
OASFEvaluateSchema finalized but ecosystem is early. Useful for large organizations with many agents.
AI CardWatchDraft specification. Monitor Linux Foundation progress.

Chapter Summary

The agentic AI standards landscape has consolidated around five complementary protocols governed by the Linux Foundation and its directed funds. MCP and A2A are production-ready and should be adopted now. SLIM addresses cross-org trust and is ready for early adopters. OASF and AI Card are maturing. The key architectural decision: build on these open standards today, even while they evolve, to avoid proprietary lock-in and position your organization for the Internet of Agents.

The final chapter provides the Decision Framework — build vs. buy analysis, TCO comparison, and the 40 questions to ask any agent platform vendor.