How does an user ensure that an indexing agent is really an indexing agent?

[lecoqlibre]

This is not a priority question but I put it here as a reminder.

An user will authorize indexing agents to access his/her POD.

It would be nice to check that the targeted agent has the right purpose otherwise the agent will be added but it won't index anything and might be malicious.

We can specify that the agent must return a specific header or value when the user adds it. But this is only a light check (an agent can claim it is an indexing agent even if it is not).

In the future we can image that agents will be certified and conform to a particular specification. Certification mechanisms like OpenBadge could be involved. Alternatively an user could use agents from a particular app store that he/she trust.

[FabienGandon]

We could also imagine something using Verifiable Credentials https://www.w3.org/2017/vc/WG/