AEOESS
ContactGet Started
draft-pidlisnyi-aps-00·IETF Internet-Draft·Updated May 2026

The Agent Passport
System specification.

A protocol for cryptographic identity, scoped delegation, and verifiable accountability across AI agents. Vendor-neutral. Apache-2.0. Cross-language byte-identical.

Read latest draft Conformance suiteRFC bibtex
Delegation & Cascade

Authority can only narrow.

A passport issues delegations. Each child narrows scope, spend, sunset. Revoke a node, the whole subtree dies in one call.

The protocol in motion

From identity to receipt.

The spec, animated. Two scenes: a single action threading through identity, delegation, intent, gateway, enforcement, and receipt, and the delegation tree it lives inside.

01

Life of an Action

02

Delegation & Cascade

§1

Identity

Ed25519 keypairs · DID-method agnostic. The protocol defines a deterministic envelope: agent_did, parent_delegation, scope, expires_at, payload_digest, sig_ed25519. All fields are RFC 8785 canonicalized before signing.

{
  "agent_did": "did:key:z6Mki...",
  "scope":     ["read:calendar", "spend:usd:50"],
  "expires":   "2026-05-15T00:00:00Z",
  "sig":       "ed25519:..."
}
§2

Delegation

Scoped, time-boxed, revocable chains. The protocol defines a deterministic envelope: agent_did, parent_delegation, scope, expires_at, payload_digest, sig_ed25519. All fields are RFC 8785 canonicalized before signing.

{
  "agent_did": "did:key:z6Mki...",
  "scope":     ["read:calendar", "spend:usd:50"],
  "expires":   "2026-05-15T00:00:00Z",
  "sig":       "ed25519:..."
}
§3

Action Receipts

RFC 8785 canonicalization · signed envelopes. The protocol defines a deterministic envelope: agent_did, parent_delegation, scope, expires_at, payload_digest, sig_ed25519. All fields are RFC 8785 canonicalized before signing.

{
  "agent_did": "did:key:z6Mki...",
  "scope":     ["read:calendar", "spend:usd:50"],
  "expires":   "2026-05-15T00:00:00Z",
  "sig":       "ed25519:..."
}
§4

Revocation

Cascade semantics · gateway enforcement. The protocol defines a deterministic envelope: agent_did, parent_delegation, scope, expires_at, payload_digest, sig_ed25519. All fields are RFC 8785 canonicalized before signing.

{
  "agent_did": "did:key:z6Mki...",
  "scope":     ["read:calendar", "spend:usd:50"],
  "expires":   "2026-05-15T00:00:00Z",
  "sig":       "ed25519:..."
}
§5

Attribution

Four-axis Merkle proofs · D/P/G/C. The protocol defines a deterministic envelope: agent_did, parent_delegation, scope, expires_at, payload_digest, sig_ed25519. All fields are RFC 8785 canonicalized before signing.

{
  "agent_did": "did:key:z6Mki...",
  "scope":     ["read:calendar", "spend:usd:50"],
  "expires":   "2026-05-15T00:00:00Z",
  "sig":       "ed25519:..."
}
§6

Commerce Gates

Four pre-flight checks before spend. The protocol defines a deterministic envelope: agent_did, parent_delegation, scope, expires_at, payload_digest, sig_ed25519. All fields are RFC 8785 canonicalized before signing.

{
  "agent_did": "did:key:z6Mki...",
  "scope":     ["read:calendar", "spend:usd:50"],
  "expires":   "2026-05-15T00:00:00Z",
  "sig":       "ed25519:..."
}
§7

Vocabulary

Behavioral signals · canonical types. The protocol defines a deterministic envelope: agent_did, parent_delegation, scope, expires_at, payload_digest, sig_ed25519. All fields are RFC 8785 canonicalized before signing.

{
  "agent_did": "did:key:z6Mki...",
  "scope":     ["read:calendar", "spend:usd:50"],
  "expires":   "2026-05-15T00:00:00Z",
  "sig":       "ed25519:..."
}
§8

Conformance

37 fixture vectors · byte-identical. The protocol defines a deterministic envelope: agent_did, parent_delegation, scope, expires_at, payload_digest, sig_ed25519. All fields are RFC 8785 canonicalized before signing.

{
  "agent_did": "did:key:z6Mki...",
  "scope":     ["read:calendar", "spend:usd:50"],
  "expires":   "2026-05-15T00:00:00Z",
  "sig":       "ed25519:..."
}