Identity Infrastructure for Autonomous Agents
Issue short-lived credentials. Delegate between agents with scope attenuation. Attest, audit, and revoke in real time. Built on OAuth 2.1, WIMSE/SPIFFE, and RFC 8693.
# 1. Register an agent identity
curl -X POST https://control.highflame.ai/agents/register \
-d '{"name": "research-agent", "identity_type": "agent"}'
# 2. Exchange API key for a scoped JWT
curl -X POST https://control.highflame.ai/oauth2/token \
-d '{"grant_type": "api_key", "api_key": "zid_sk_..."}'
# JWT payload — SPIFFE identity + delegation chain
{
"sub": "spiffe://highflame.ai/d3a8c1/f7b2e9/agent/research-agent",
"scope": "agent:read agent:write",
"act": { "sub": "spiffe://highflame.ai/d3a8c1/f7b2e9/agent/orchestrator" }
}The problem
Agents need their own identity
OAuth was designed for humans. Service accounts are shared and opaque. When an agent spawns sub-agents across trust boundaries, you need verifiable delegation chains — not shared credentials.
| Service Accounts | OAuth / OIDC | ZeroID | |
|---|---|---|---|
| Per-agent identity | |||
| Agent metadata (type, framework) | |||
| On-behalf-of delegation chain | |||
| Scope attenuation per hop | |||
| Delegation depth enforcement | |||
| Real-time revocation with cascade |
Capabilities
Everything your agents need
From identity issuance to real-time revocation — built on industry standards, designed for autonomous workflows.
Unique Agent Identity
Every agent gets a stable, globally unique WIMSE URI. No more shared service accounts.
Delegation Chains
RFC 8693 token exchange with automatic scope attenuation at each hop. Full on-behalf-of audit trail.
Short-Lived Credentials
Issue scoped, time-bound access tokens. Configurable TTL, grant types, and delegation depth per policy.
Real-Time Revocation
CAE/SSF signals cascade through delegation chains. Revoke a parent and all children lose access instantly.
Credential Policies
Define max TTL, allowed grant types, required trust level, and delegation depth limits per identity class.
Federation Ready
Connect Okta, Auth0, Azure AD, or any OIDC/SAML provider. Map external claims into ZeroID identities.
Authorization
Policy-driven access for every agent action
Every token exchange and every tool call is evaluated against your Cedar policies. Control delegation, tool access, trust level requirements, and scope limits — declaratively, with a policy language AWS built for authorization.
- Attribute-based rules over agent type, trust level, framework
- Per-action policies: call_tool, process_prompt, connect_server
- Delegation depth and scope attenuation enforced automatically
- Real-time evaluation — no restart, no redeploy
// Allow first-party agents to call tools
permit(
principal is Guardrails::Agent,
action == Guardrails::Action::"call_tool",
resource
) when {
context.agent_trust_level == "first_party"
};
// Deny unverified agents from sensitive tools
forbid(
principal is Guardrails::Agent,
action == Guardrails::Action::"call_tool",
resource
) when {
context.agent_trust_level == "unverified" &&
context.tool_is_sensitive == true
};How it works
From zero to verified in minutes
Register an agent identity
Give your agent a name, type, and trust level. Get a WIMSE URI and API key.
Exchange for a scoped token
Use the API key to get a short-lived access token with exactly the scopes you need.
Delegate to sub-agents
Agent A exchanges its token for a narrower-scoped token for Agent B. Full chain tracked.
Enforce and audit
Set credential policies, verify at every boundary, and revoke access in real time.
Integrations
Connect your existing identity providers
Bring your own IdP. Map external identities into ZeroID agent credentials with standards-based federation.
Coming soon
Ready to give your agents an identity?
Sign up for hosted ZeroID and have your first agent identity with a working access token in under 5 minutes. Free tier included.