Open Standards for Verifiable AI Agent Identity

Passport Alliance governs APIS v2.1, the Agent Passport Issuance Standard for agent identity, scoped delegation, trust anchors, public proof records, and registry-ready agent profiles.

The Core Questions

When you interact with an autonomous agent, you need answers to fundamental questions:

1

Who is the agent?

Verifiable identity proving the agent is who it claims to be, issued by a trusted authority.

2

Who authorized it?

Clear delegation chain showing the principal (human or organization) that authorized the agent's actions.

3

What can it do?

Explicit scope defining the boundaries of the agent's authority and permitted actions.

4

Can we revoke it?

Revocable credentials enabling immediate termination of agent authority when needed.

Three Pillars of Trust

APIS v2.1 establishes a foundation for agent identity, authorization, trust signaling, public verification, and revocation.

Identity

Realm-scoped DIDs and Agent Passports that bind an agent key to an issuer, principal, mandate, trust tier, and public verification context.

Authorization

Principal-signed mandates that define what an agent is permitted to do, on whose behalf, and under what constraints.

Accountability

Signed agent actions, proof artifacts, and revocation by nonce increment for trust enforcement.

How It Works

A trust chain from Realm Issuers to principals, mandates, delegates, profiles, and public verification records.

Realm Issuer

Issues credentials and trust metadata

Principal

Owns authority and scope

Delegate

Acts under passport and mandate

Why Now?

Enterprise and public-sector risk demands standardized agent identity

Autonomous agents are proliferating

Organizations are deploying AI agents for increasingly sensitive operations, from financial transactions to data access.

Regulatory pressure is increasing

Compliance frameworks increasingly require demonstrable control and auditability of automated systems.

No existing standard addresses this

Current identity standards were designed for humans and services, not autonomous delegated agents. APIS v2.1 fills this gap with explicit credential, mandate, and verification semantics.

Ready to get started?

Join the effort to establish identity and authorization standards for AI agents.