SLIM
Secure Lightweight Inter-agent Messaging
The AGNTCY/Cisco protocol for cross-organization agent messaging. SPIFFE identity verification, MLS end-to-end encryption, and federated trust -- so agents from different companies can collaborate without trusting a central broker.
What is SLIM?
SLIM solves the hardest problem in multi-agent systems: how do agents from different organizations talk to each other securely? Inside a single platform, agents share a trust boundary. But when your agent needs to collaborate with a partner's agent -- different cloud, different vendor, different security posture -- you need a protocol that handles identity, encryption, and trust negotiation.
SLIM is that protocol. Created by Cisco's AGNTCY initiative, it provides three capabilities: cryptographic identity via SPIFFE, end-to-end encryption via MLS (RFC 9420), and federated trust establishment between organizations.
Cross-organization message flow
Key components
Federation Bridge
The bridge sits between your internal agent hub and the outside world. It intercepts cross-tenant messages, performs trust checks, and routes through the appropriate transport (HTTPS or gRPC). If the destination org is untrusted, the message is rejected -- not silently dropped, but explicitly denied with an audit log entry.
SPIFFE Identity
Every agent in a SLIM federation has a SPIFFE ID -- a URI like spiffe://meetloyd.com/tenant/acme/agent/compliance-bot. This identity is cryptographically verifiable via JWT-SVIDs (short-lived tokens signed by the trust domain's CA). No passwords, no API keys -- just cryptographic proof of identity.
MLS Encryption (RFC 9420)
MLS (Messaging Layer Security) provides forward-secret, post-compromise-secure group encryption. Unlike TLS (which encrypts point-to-point), MLS encrypts for a group -- so multi-agent conversations stay encrypted even if one participant is compromised later. SLIM uses MLS optionally, with AES-256-GCM as the always-available fallback.
Trust Establishment
Before two organizations can exchange messages, they must establish a trust relationship. This involves exchanging SPIFFE trust bundles (public keys), agreeing on transport preferences, and optionally configuring per-trust circuit breakers for resilience.
How MeetLoyd implements SLIM
MeetLoyd has a production-deployed SLIM federation bridge with full AGNTCY compliance:
- Dual transport -- HTTPS (A2A-style REST) and gRPC (AGNTCY DataPlane via Connect protocol). Transport selected per-trust relationship.
- Trust service -- CRUD for trust relationships, automatic SPIFFE bundle refresh, SVID verification on every inbound message.
- MLS encryption -- Optional per-session. When enabled, provides RFC 9420 group encryption. AES-256-GCM fallback always available.
- Circuit breakers -- Per-trust circuit breaker prevents cascading failures. 3 failures trigger a 5-minute cooldown before retrying.
- Audit logging -- Every federation message is logged with full context: source agent, destination agent, trust relationship, transport used, encryption status.
SLIM vs A2A
A2A handles agent-to-agent collaboration within a trust boundary. SLIM handles the harder problem: agent-to-agent collaboration across trust boundaries. In practice, A2A messages between organizations get wrapped in SLIM for identity verification and encryption.