Identity Gap
Agents operate with API keys designed for humans. No cryptographic proof of identity, no standard way to verify an agent’s claims.
IDProva — Verifiable Identity for the Agent Era
An open protocol for cryptographically verifiable AI agent identity, scoped delegation, and tamper-evident audit trails.
Submitted to NIST CAISI (NIST-2025-0035) • Aligned with NCCoE AI Agent Identity Project
The Problem
Section titled “The Problem”AI agents are proliferating — but they have no standard way to prove who they are, what they’re authorised to do, or on whose behalf they act.
Delegation Opacity
Multi-agent delegation chains are opaque. When Agent C acts, nobody can trace the authority back to the human who authorised it.
Audit Fragmentation
Agent actions span multiple systems with incompatible logs. No tamper evidence, no compliance mapping, no attribution chain.
Three Pillars
Section titled “Three Pillars”🔐
Identity (AIDs)
Agent Identity Documents built on W3C Decentralized Identifiers. Every agent gets a cryptographically verifiable identity: did:idprova:example.com:my-agent
Ed25519 + ML-DSA-65
📜
Delegation (DATs)
Delegation Attestation Tokens define exactly what an agent can do — scoped, time-bounded, with constraint enforcement. Delegation chains that provably narrow authority.
JWS-based • Revocable
📋
Audit (Receipts)
Hash-chained, signed Action Receipts create tamper-evident audit trails. Every action links back to the delegation that authorised it.
NIST 800-53 • ISM • SOC 2
Trust Levels
Section titled “Trust Levels”IDProva implements progressive trust — agents earn trust through verifiable mechanisms, from self-declaration to continuous monitoring.
L0
Self-Declared
L1
Domain-Verified
L2
Org-Verified
L3
Third-Party Attested
L4
Continuously Monitored
Quick Start
Section titled “Quick Start”pip install idprovafrom idprova import AgentIdentity
# Create an agent identityidentity = AgentIdentity.create("my-agent", domain="example.com")print(identity.did) # did:idprova:example.com:my-agent
# Issue a scoped delegation tokendat = identity.issue_dat( "did:idprova:example.com:sub-agent", ["mcp:tool:*:read", "mcp:resource:docs:write"], expires_in_seconds=86400, # 24 hours)
# Verifydat.verify_signature(identity.public_key_bytes)print(f"Scopes: {dat.scope}")npm install @idprova/coreimport { AgentIdentity } from '@idprova/core';
// Create an agent identityconst identity = AgentIdentity.create('my-agent', 'example.com');console.log(identity.did); // did:idprova:example.com:my-agent
// Issue a scoped delegation tokenconst dat = identity.issueDat( 'did:idprova:example.com:sub-agent', ['mcp:tool:*:read', 'mcp:resource:docs:write'], 86400, // 24 hours);
// Verifydat.verifySignature(identity.publicKeyBytes);console.log(`Scopes: ${dat.scope}`);[dependencies]idprova-core = "0.1"use idprova_core::crypto::KeyPair;use idprova_core::aid::AidBuilder;use idprova_core::dat::DelegationToken;
// Generate agent keypairlet keys = KeyPair::generate()?;
// Create Agent Identity Documentlet aid = AidBuilder::new() .id("did:idprova:example.com:my-agent") .controller("did:idprova:example.com:alice") .add_verification_key(keys.public_key()) .model("anthropic/claude-opus-4") .build()?;
// Issue scoped delegationlet dat = DelegationToken::issue( &controller_keys, "did:idprova:example.com:alice", // issuer "did:idprova:example.com:my-agent", // subject &["mcp:tool:*:read", "mcp:resource:docs:write"], Duration::from_secs(86400), // 24 hours)?;# Generate keypairidprova keygen --output ~/.idprova/keys/alice.key
# Create Agent Identity Documentidprova aid create \ --id "did:idprova:example.com:my-agent" \ --controller "did:idprova:example.com:alice" \ --model "anthropic/claude-opus-4" \ --key ~/.idprova/keys/alice.key
# Issue scoped delegation tokenidprova dat issue \ --issuer "did:idprova:example.com:alice" \ --subject "did:idprova:example.com:my-agent" \ --scope "mcp:tool:*:read,mcp:resource:docs:write" \ --expires-in "24h" \ --key ~/.idprova/keys/alice.key
# Verify a delegation tokenidprova dat verify "eyJhbGciOi..."Why IDProva?
Section titled “Why IDProva?”| Feature | IDProva | OAuth Extensions | SPIFFE/SPIRE |
|---|---|---|---|
| Purpose-built for AI agents | ✅ | ❌ Retrofit | ❌ Workload identity |
| Post-quantum cryptography | ✅ ML-DSA-65 hybrid | ❌ | ❌ |
| Delegation chains with scope narrowing | ✅ | ❌ | ❌ |
| Tamper-evident audit trails | ✅ Hash-chained receipts | ❌ | ❌ |
| Compliance-mapped (NIST, ISM, SOC 2) | ✅ From day one | ❌ | ❌ |
| Protocol bindings (MCP, A2A, HTTP) | ✅ | Partial | ❌ |
| Open protocol (Apache 2.0) | ✅ | Varies | ✅ |
| Progressive trust model (L0-L4) | ✅ | ❌ | ❌ |
Protocol Bindings
Section titled “Protocol Bindings”IDProva layers on top of existing agent communication protocols — no new transport required.
MCP
Model Context Protocol authentication. Agents present delegation tokens with every tool call. Servers validate scope before execution.
A2A
Agent-to-Agent protocol integration. Mutual identity verification during session establishment.
HTTP
Standard HTTP API authentication. Agent identity tokens alongside or replacing API keys.
Built by Tech Blaze Consulting • IRAP Assessor • Apache 2.0