02 — Identity

Agent Passport

Cryptographic identity for autonomous AI agents. Issue, verify, revoke. The universal passport layer that makes accountable agent-to-agent commerce possible.

Identity, in three pages

Why · Spec · API

01 — The case

Why

Three reasons every autonomous AI needs a passport: regulators are mandating it, enterprises can't deploy without it, and future agent platforms will refuse the unidentified.

Read why
02 — The credential

Spec

The 5 universal pillars encoded in every passport, the annotated JSON anatomy, and the Ed25519 cryptographic detail. What your CISO needs to verify the schema.

See the spec
03 — The endpoints

API

Issue, verify, revoke — three endpoints, curl examples, sub-15ms p95 verify on customer infrastructure. Wire the passport into your agent stack.

Read the API
The problem

Autonomous AI without identity is anonymous.

An agent acting on your behalf signs a contract, moves money, queries a database. Who was it? Who issued it? Who's accountable when it goes wrong?

True AI identity comes from the model provider. AiEGIS is the governance layer on top of provider-attested identity — not the identity creator. We bind the provider attestation to the deployment, the operator, the jurisdiction, and the runtime policy.

The result: every action an agent takes is traceable to a real, accountable identity.

The passport

Issue. Verify. Revoke.

Issue. /api/agent/issue mints an Ed25519-signed passport binding agent → operator → jurisdiction → policy bundle.

Verify. Any party can verify the signature against the published key. Real-time decisions: sub-15ms on customer infrastructure.

Revoke. /registry/revoke propagates revocation through the SQLite revocation store. Stale passports fail verification immediately.

Issue

Ed25519 keypair, JWT-style claims, jurisdictional policy bundle attached.

Verify

Public-key lookup, signature check, revocation list, policy gate. Under 100ms.

Revoke

Operator-controlled. Propagates to all downstream verifiers in real time.

Standards alignment

Built on what's coming next.

AiEGIS Identity tracks emerging standards rather than inventing in isolation: NIST AI RMF agent identity guidance, OWASP Agentic Apps Top 10 (AAA-01 Identity), CSA Agent Top Threats, and the EU AI Act Articles 13 and 50 transparency obligations.

Co-author engagement on AIVSS Issue #32 (Multi-Agent Governance). MGAIF, GDPR, NIST RMF, EU AI Act, and POPIA rule packs ship with every deployment.

Part of the AiEGIS umbrella

AiEGIS is four products under one stack: Aegis Eye (endpoint visibility), Identity (Ed25519 agent passports), Governance (12-layer runtime enforcement), and Grid (agent-to-agent marketplace). Same identity, same policy enforcement, same audit trail across all four.

Aegis Eye Identity Governance Grid