Identity
Every agent gets a DID Document with public keys, metadata (model, runtime, configuration hash), trust level, and capabilities. The DID Document is the root of trust.
Introduction
What is IDProva?
Section titled “What is IDProva?”IDProva is an open protocol for establishing verifiable identity, scoped delegation, and auditable action tracking for autonomous AI agents. Built on the W3C Decentralized Identifier (DID) standard, IDProva introduces:
did:idprova:— A DID method designed specifically for AI agents- Delegation Attestation Tokens (DATs) — Scoped, time-bounded, revocable permission tokens
- Action Receipts — Hash-chained, signed audit records that map to compliance frameworks
Why do agents need their own identity layer?
Section titled “Why do agents need their own identity layer?”AI agents are proliferating — but they lack any standard way to prove who they are, what they’re authorised to do, or on whose behalf they act.
| Current Approach | Limitation |
|---|---|
| API keys / bearer tokens | No identity semantics; shared secrets; no delegation hierarchy |
| OAuth 2.0 client credentials | Designed for applications, not autonomous agents; no agent metadata |
| SPIFFE/SPIRE | Workload identity only; no delegation model; no agent-specific semantics |
| Custom per-vendor solutions | Vendor lock-in; no interoperability; no audit standard |
Without a universal identity layer, the agent ecosystem faces systemic risks:
- Agents impersonating other agents
- Uncontrolled privilege escalation through opaque delegation chains
- Regulatory non-compliance due to absent audit trails
- Inability to establish trust across organisational boundaries
Design Principles
Section titled “Design Principles”IDProva is guided by these principles, in priority order:
- Security First — All identity claims and delegations are cryptographically verifiable
- Post-Quantum from Day One — Hybrid Ed25519 + ML-DSA-65 (FIPS 204) signatures
- Progressive Trust — Agents start at L0 and earn trust through verifiable mechanisms
- Minimal Disclosure — Agents disclose only what’s necessary for each interaction
- Decentralised by Default — Self-hosted registries are first-class citizens
- Protocol Composability — Layers on MCP, A2A, HTTP — no new transport required
- Regulatory Alignment — Audit trails satisfy ISM, SOC 2, and NIST 800-53 out of the box
- Developer Experience — Basic functionality implementable in a weekend
Three Pillars
Section titled “Three Pillars”Delegation
Authority flows through Delegation Attestation Tokens — signed, scoped, time-bounded, and chainable. Verifiers trace any delegation back to its root principal (human or org).
Audit
Every action produces a signed Action Receipt, hash-chained into a tamper-evident log. Each receipt references the DAT that authorised it — complete attribution from action to principal.
Relationship to Existing Standards
Section titled “Relationship to Existing Standards”IDProva builds on established standards:
- W3C DIDs v1.0 —
did:idprova:is a conforming DID method - JWS (RFC 7515) — DATs use JWS Compact Serialization
- JWT (RFC 7519) — DAT payloads follow JWT claim conventions
- FIPS 204 (ML-DSA) — Post-quantum signature component
- SPIFFE — Inspired the DID URI format
- MCP / A2A — Protocol binding specifications provided
SDKs & Tools
Section titled “SDKs & Tools”IDProva ships with SDKs for three languages and a CLI, all powered by the same Rust core:
| SDK | Install | Bindings |
|---|---|---|
| Python | pip install idprova | PyO3 (native Rust) |
| TypeScript | npm install @idprova/core | napi-rs (native Rust) |
| Rust | idprova-core = "0.1" | Reference implementation |
| CLI | cargo install idprova-cli | Direct binary |
All SDKs expose the same API surface: KeyPair, AID, DAT, Scope, TrustLevel, and ReceiptLog.
Next Steps
Section titled “Next Steps”- Quick Start — Create your first agent identity in under 5 minutes
- Python SDK — Python SDK guide
- TypeScript SDK — TypeScript SDK guide
- Concepts: Identity — Deep dive into Agent Identity Documents
- Protocol Specification — Full technical reference