The .well-known path is a reserved directory at the root of a website’s domain (e.g., https://example.com/.well-known/).
It serves as a standardized location for hosting metadata files that provide information about the domain or its services. The standard ensures that clients can reliably find these files without needing to guess their location or query the server in non-standard ways.
This also enhances interoperability as it ensures that clients (e.g., browsers, bots, or APIs) can find and parse metadata consistently across domains. It also supports automation as it enables automated systems to discover information like security policies, verification files, or protocol configurations.
Here are some widely used files and directories under /.well-known/ and their purposes:
security.txt
- Purpose: Provides contact information for reporting security vulnerabilities.
- Example: https://example.com/.well-known/security.txt
- Content: A text file with details like email addresses, encryption keys, or preferred reporting methods.
- Use Case: Security researchers use it to report vulnerabilities responsibly.
change-password
- Purpose: Indicates the URL where users can change their passwords.
- Example: https://example.com/.well-known/change-password
- Use Case: Improves user experience by standardizing password management endpoints.
For the Agent2Agent (A2A) Protocol, introduced by Google in April 2025, the .well-known path is used to host the Agent Card, a JSON metadata document that enables AI agents to discover and interact with each other in a standardized, secure, and interoperable way - e.g. https://example.com/.well-known/agent.json
No comments:
Post a Comment