The brand-agent answers using its own data — which is brand.json plus the richer states (
pending_review, transferring, licensed_in, etc.) that the static file can’t express. The tool is one specific-question affordance on top of the same identity surface get_brand_identity reads.
For high-volume verification (portfolio refresh, creative-clearance batches, crawler scans), use the bulk variant verify_brand_claims — same per-claim semantics, one round-trip and one rate-limit slot for the whole batch.
The trust rule — two calls, not one
A single signedowned response is NOT trust-extending. Mutual assertion remains the floor for positive trust. This is the load-bearing rule of the asymmetric trust model — assertion direction requires both sides to agree. Consumers MUST call both sides when extending relationship trust:
- For
subsidiaryclaims, also call the leaf’s brand-agent withclaim_type: "parent"(or crawl the leaf’sbrand.jsonfor itshouse_domain). - For
propertyclaims, cross-check against the brand’s staticbrand.jsonproperties[]and (for domains) DNS/TLS evidence. - For
trademarkclaims, cross-check the public registry record. Forlicensed_inspecifically, the licensor named indetails.licensor_domainSHOULD reciprocatelicensed_outfor the same mark before the licensing relationship is trusted. - Only rejections (
disputed/not_ours) are authoritative on a single signed response — a brand has standing to refuse association unilaterally.
brand.json § Agent-augmented verification for the full normative trust table and the malicious-house walkthrough.
Schema
- Request:
verify-brand-claim-request.json - Response:
verify-brand-claim-response.json
Capability discovery
The brand-agent advertises this task in itsget_adcp_capabilities response. An agent that supports only some claim types declares this via the per-tool capability extension:
supported_claim_types is omitted, the agent advertises support for all four. Consumers MUST check before relying on a specific claim type; unsupported types return UNSUPPORTED_CLAIM_TYPE (see Error handling).
Minimum viable adoption
A brand-agent doesn’t have to ship all four claim types at once. Pick the slice that matches the workflow:- Property only — creative-clearance and inventory-onboarding consumers; the smallest useful surface.
- Subsidiary + parent — partners doing brand-relationship establishment or governance-trust extension; ship both halves at once so mutual assertion completes at the agent layer.
- Trademark only — creative-clearance pipelines that need licensee posture (the differentiator from registry crawls).
- All four — full coverage; recommended for AAO-hosted agents serving many member configurations.
supported_claim_types and route accordingly; unsupported types return UNSUPPORTED_CLAIM_TYPE cleanly.
Authorization tiers
The public/authorized split per claim type:
Queue position, internal ticket state, and team routing are never exposed.
Per-claim-type request and response shapes
Thedetails field on the response varies by claim_type. Below: the request payload and the typed details fields each claim type returns.
claim_type: "subsidiary"
House-side: a consumer detects converse.com claiming house_domain: nikeinc.com. Asks Nike’s agent:
owned, pending_review, transferring, disputed, not_ours, archived, unknown. (licensed_in / licensed_out don’t apply — subsidiaries aren’t licensed; brands and trademarks are.) archived means the brand once held this subsidiary (e.g., a divested business unit) but no longer does — distinct from not_ours (never owned).
Request claim fields:
Response
details fields:
claim_type: "parent" (leaf-side mirror)
Leaf-side: a consumer wants the leaf’s authoritative answer about its parent. Asks Converse’s agent:
subsidiary (mirror).
Request claim fields:
Response
details fields:
When both
verify_brand_claim with claim_type: "subsidiary" (on the house) AND with claim_type: "parent" (on the leaf) return owned for the same relationship, mutual assertion is established at the agent layer — no static-file crawl required. This is the cleanest path for trust extension.
claim_type: "property"
The request asks about one property; the response describes the brand’s relationship with that property, including all regions where the relationship applies (which may exceed the one named in the query).
owned, transferring, disputed, not_ours, archived, unknown. (pending_review is uncommon for properties; use transferring for in-flight ownership changes.) archived means the brand once operated this property (e.g., a sold-off domain) but no longer does.
Request claim fields:
Response
details fields:
claim_type: "trademark"
licensed_in reciprocation. Consumers SHOULD treat licensed_in as unverified until the named licensor_domain’s brand-agent reciprocates licensed_out for the same mark (same mutual-assertion shape as ownership, just across the licensing edge). Without reciprocation, the brand could unilaterally claim a licensed relationship that doesn’t exist.
The brand can also reject — rejection direction is authoritative on a single signed response:
owned, licensed_in, licensed_out, transferring, disputed, not_ours, archived, unknown. (pending_review is uncommon — trademark registrations are public-record events with definitive ownership at any given time.) archived means the brand once held this mark (expired, cancelled, transferred to another party) but no longer does.
details fields:
Trust model
The agent’s response is signed under the brand’sadcp_use: "response-signing" JWK. This is a payload-envelope JWS — the signature lives inside the response body, distinct from RFC 9421 §2.2.9 transport response signing (which AdCP 3.x does not define). verify_brand_claim is on the spec’s designated-task response-signing list; response signing on tasks outside that list is forbidden.
The signature attests authorship of the response payload under the brand’s published key during the envelope’s iat/exp window; it is not a non-repudiation receipt and does not bind the brand to assertions beyond the direction-asymmetric semantics below. The required signed_response envelope binds the response to the designated task, resolved brand_domain, responding agent_url, caller identity, request payload, and freshness window. Verifiers that rely on the signature MUST validate the envelope against response-payload-jws-envelope.json, reject expired envelopes for online decisions, and reject any mismatch between unsigned task-body fields and signed_response.payload.response.
The trust model is direction-asymmetric:
- Rejection direction (agent says
disputed/not_ours) is authoritative. A brand can refuse association unilaterally; no mutual reciprocation required. - Assertion direction (agent says
owned/pending_review/transferring/licensed_*) is informative but NOT trust-extending on its own. The reciprocating side must still confirm before trust extends.
claim_type: "subsidiary" and claim_type: "parent" respectively), mutual assertion is established at the agent layer. When only one side has an agent, fall back to crawl-based mutual-assertion inference per brand.json § Mutual-assertion trust model.
See brand.json § Agent-augmented verification for the full trust table and the malicious-house walkthrough.
Caching
Per-status:owned/not_ours/disputed— stable. 24-72h.pending_review— volatile. Max-age ≤1h.transferring— volatile until transition. Max-age ≤4h.licensed_in/licensed_out— moderately volatile. 24h.use_case_authorization— most volatile. Re-check per session.unknown— short cache (≤1h).
Cache-Control: max-age=N. Consumers MAY override downward but SHOULD NOT exceed agent-supplied max-age.
Agents SHOULD set signed_response.payload.exp no later than the HTTP freshness lifetime implied by Cache-Control: max-age. Consumers using the signed response for online decisions MUST use the earlier of the HTTP cache expiry and the signed exp; after that point the envelope remains audit evidence only, not a fresh authorization signal.