Skip to main content

Publisher Access Governance (PAG)

A Publisher is a content owner that declares how AI platforms may access its content under Publisher Access Governance (PAG). Publishers control access through a machine-readable declaration (aip.json), serve content via a structured retrieval endpoint, and receive accountability events for every access and citation. PAG is the publisher-access module adjacent to AIP’s operator monetization flow. Publishers define what content can be accessed, under what conditions, and within what editorial scope.

What is a publisher?

A Publisher is an entity that:
  1. Declares access permissions Publishers publish a /.well-known/aip.json file that defines whether, when, and within what editorial scope AI platforms may access content.
  2. Serves content via RetrieveRequest/RetrieveResponse When an AI platform sends a valid, authenticated RetrieveRequest, the publisher evaluates it against declared policies and returns permitted content chunks or an explicit denial.
  3. Verifies request authenticity Publishers verify HMAC signatures on every incoming request using the AIP authentication and signing spec.
  4. Receives access and citation events Publishers receive structured events that record when content was accessed and how it was cited, enabling post-retrieval accountability and audit.
  5. Controls content boundaries Publishers define retrieval limits (max chunks, max tokens), supported retrieval modes, and cache policies. AI platforms must respect these constraints.

Examples of publishers

  • News organizations and media companies
  • Industry research publishers
  • Technical documentation providers
  • Knowledge base operators
  • Academic and scientific publishers
  • Government and public data portals
  • Specialized vertical content providers (legal, medical, financial)
If an entity owns content and wants to control how AI systems access it, it can be a Publisher in AIP.

Publisher responsibilities

Publishers MUST

  • Publish a valid /.well-known/aip.json declaration
  • Implement the retrieve endpoint (POST /pag/retrieve or equivalent)
  • Verify AIP authentication headers on every request (X-AIP-Key-Id, X-AIP-Timestamp, X-AIP-Nonce, X-AIP-Signature)
  • Evaluate requests against intent_access and editorial_domains from aip.json
  • Enforce declared retrieval limits (max_chunks, max_tokens)
  • Emit access events for every successful retrieval
  • Return explicit denial responses (with reason) when access is not permitted
  • Reject unsigned or invalid requests with 401 or 403

Publishers SHOULD

  • Sign responses using the same HMAC mechanism
  • Emit citation events when endpoints.event.required is true in aip.json
  • Store (key_id, nonce) pairs for replay protection within the replay window

Publishers MAY

  • Support multiple retrieval modes (chunks, citations, full article)
  • Define custom editorial domain hierarchies using dot notation
  • Use the extensions namespace for vendor-specific metadata
  • Set compliance.sunset for automatic expiration of access declarations

The aip.json declaration

Every publisher begins by publishing a declaration at /.well-known/aip.json. This file defines:
SectionWhat it controls
intent_accessMaster switch, operational state, access mode, training use, storage rights, cache policy
editorial_domainsEditorial scope boundary for AI access
endpointsCapabilities, retrieve, and event endpoints
retrievalSupported modes and limits (chunks, citations, max tokens)
complianceRevocation rights, notice requirements, expiration
The declaration is consent-based and publisher-controlled. No monetization, ranking, or enforcement logic is defined here. See: aip.json schema

Retrieval flow

When an AI platform needs publisher content in response to a user query:
  1. Platform checks the publisher’s aip.json for compatibility
  2. Platform sends an authenticated RetrieveRequest to the publisher’s retrieve endpoint
  3. Publisher verifies the signature and validates the request
  4. Publisher matches intent.domain against editorial_domains
  5. Publisher evaluates intent_access constraints
  6. Publisher returns a RetrieveResponse with content chunks, a denial, or an error
Platform -> RetrieveRequest -> Publisher -> RetrieveResponse -> Platform
No operator, auction, or pricing logic is involved in this flow. Retrieval is a direct, permissioned exchange between platform and publisher. See: RetrieveRequest schema and RetrieveResponse schema

Authentication and signing

Every RetrieveRequest must carry four required headers:
HeaderPurpose
X-AIP-VersionProtocol version routing
X-AIP-Key-IdIdentifies the API key used to sign the request
X-AIP-TimestampISO 8601 timestamp for replay protection
X-AIP-NonceRandom single-use value (minimum 16 bytes entropy)
X-AIP-SignatureHMAC-SHA256 signature of the canonical request string
Publishers verify the signature, check timestamp freshness (default window: 300 seconds), and reject replayed nonces. See: Authentication and Signing

Access and citation events

AIP defines two event types for post-retrieval accountability:
Event typeWhen emittedWho emits
accessContent was successfully returnedPublisher
citationContent was surfaced to the user as a citationPlatform
Events are append-only facts. They contain no advertising, pricing, or user identity data. Publishers use these events to:
  • Verify how content was accessed
  • Audit citation accuracy
  • Support dispute resolution
  • Track usage patterns
See: Access and Citation Events schema

What publishers do NOT do

Publishers in AIP:
  • Do not participate in auctions or selection
  • Do not submit bids or pricing
  • Do not receive ContextRequests
  • Do not interact with the Operator’s commercial layer
  • Do not expose user identifiers
The publisher layer is intentionally separate from the commercial participation layer. Publishers govern content access through PAG; operators govern commercial participation through the operator monetization flow.

Getting started

To integrate as a publisher:
  1. Publish aip.json - Deploy a valid declaration at /.well-known/aip.json on your domain
  2. Register with the AIP Registry - Obtain API keys and a shared secret
  3. Implement the retrieve endpoint - Accept authenticated RetrieveRequest payloads and return RetrieveResponse
  4. Implement signature verification - Validate HMAC signatures on every incoming request
  5. Emit access events - Fire an access event for every successful retrieval
  6. Test end-to-end - Verify the full flow: declaration discovery, authenticated retrieval, event emission

Role within the protocol

Publishers are the content layer of AIP. Platforms are the intent layer. Operators are the governance and commercial layer. Publisher Access Governance (PAG) is the subset of AIP that defines how publishers declare, control, and audit AI access to their content - without any coupling to the commercial participation protocol.

See also