Chapter 05

Agent-to-Agent Protocol

Google's open standard for agent collaboration—enabling autonomous agents to discover, authenticate, and work together across organizational boundaries.

While MCP addresses agent-to-tool communication, A2A solves the horizontal coordination challenge: how do agents from different vendors, frameworks, or organizations collaborate? The protocol provides a standardized layer that makes multi-agent collaboration as straightforward as single-agent tool use.

Design Principles

🔧

Simplicity

Built on HTTP and JSON-RPC—familiar web standards

⏳

Async-First

Long-running tasks, streaming updates, delayed responses

📦

Multi-Modal

Text, files, JSON, and binary data support

🔒

Opaque Execution

Expose capabilities without revealing internals

🏢

Enterprise-Ready

Auth, tracing, compliance hooks built-in

Agent Cards

Central to A2A is the Agent Card—a JSON document that serves as a digital identity badge. Agent Cards describe an agent's identity, capabilities, endpoints, and authentication requirements.

                JSON
                Hover each line for explanation
            

Task Lifecycle

A2A defines a managed task lifecycle ensuring reliability for long-running and asynchronous operations:

Submitted

→

Working

→

Input Required

→

Completed

Communication Modes

⚡

Request/Response

Synchronous pattern for short tasks. Client sends, server replies immediately.

📡

Streaming (SSE)

Server streams partial responses over open connection. Real-time progress updates.

🔔

Push (Webhooks)

For long tasks, server pushes results when ready. Avoids polling overhead.

A2A Extensions

A2A Extensions add opt-in, domain-specific capabilities on top of the core protocol, letting agents advertise, negotiate, and use extra schemas without forking the standard.

Client Request

Client includes X-A2A-Extensions header with comma-separated list of extension URIs

Agent Processing

Agent identifies supported extensions and performs activation. Unsupported extensions ignored.

Response

Response includes X-A2A-Extensions header listing all successfully activated extensions

Security Architecture

🔑 Authentication

OAuth 2.0, OpenID Connect, API keys, digital signatures. Multi-factor with behavioral and contextual checks.

🔐 Encryption

HTTPS/TLS required. Quantum-resistant schemes supported. Rapid key rotation.

🛡️ Authorization

Granular access controls via Agent Cards. Fine-grained permissions and enterprise policy integration.

📋 Auditing

Full audit trail support. Standard metadata tokens for governance and policy enforcement.

A2A ensures agents can collaborate like services in a network—predictable, secure, and interoperable across organizational and technological boundaries.