Open Source · Apache 2.0

Identity Infrastructure for Autonomous Agents

Issue short-lived credentials. Delegate between agents with scope attenuation. Attest, audit, and revoke in real time. Built on OAuth 2.1, WIMSE/SPIFFE, and RFC 8693.

token-exchange.sh
# 1. Register an agent identity
curl -X POST https://control.highflame.ai/agents/register \
  -d '{"name": "research-agent", "identity_type": "agent"}'

# 2. Exchange API key for a scoped JWT
curl -X POST https://control.highflame.ai/oauth2/token \
  -d '{"grant_type": "api_key", "api_key": "zid_sk_..."}'

# JWT payload — SPIFFE identity + delegation chain
{
  "sub": "spiffe://highflame.ai/d3a8c1/f7b2e9/agent/research-agent",
  "scope": "agent:read agent:write",
  "act": { "sub": "spiffe://highflame.ai/d3a8c1/f7b2e9/agent/orchestrator" }
}

The problem

Agents need their own identity

OAuth was designed for humans. Service accounts are shared and opaque. When an agent spawns sub-agents across trust boundaries, you need verifiable delegation chains — not shared credentials.

Service AccountsOAuth / OIDCZeroID
Per-agent identity
Agent metadata (type, framework)
On-behalf-of delegation chain
Scope attenuation per hop
Delegation depth enforcement
Real-time revocation with cascade

Capabilities

Everything your agents need

From identity issuance to real-time revocation — built on industry standards, designed for autonomous workflows.

Unique Agent Identity

Every agent gets a stable, globally unique WIMSE URI. No more shared service accounts.

Delegation Chains

RFC 8693 token exchange with automatic scope attenuation at each hop. Full on-behalf-of audit trail.

Short-Lived Credentials

Issue scoped, time-bound access tokens. Configurable TTL, grant types, and delegation depth per policy.

Real-Time Revocation

CAE/SSF signals cascade through delegation chains. Revoke a parent and all children lose access instantly.

Credential Policies

Define max TTL, allowed grant types, required trust level, and delegation depth limits per identity class.

Federation Ready

Connect Okta, Auth0, Azure AD, or any OIDC/SAML provider. Map external claims into ZeroID identities.

Authorization

Policy-driven access for every agent action

Every token exchange and every tool call is evaluated against your Cedar policies. Control delegation, tool access, trust level requirements, and scope limits — declaratively, with a policy language AWS built for authorization.

  • Attribute-based rules over agent type, trust level, framework
  • Per-action policies: call_tool, process_prompt, connect_server
  • Delegation depth and scope attenuation enforced automatically
  • Real-time evaluation — no restart, no redeploy
agent-authz.cedar
// Allow first-party agents to call tools
permit(
 principal is Guardrails::Agent,
 action == Guardrails::Action::"call_tool",
 resource
) when {
 context.agent_trust_level == "first_party"
};

// Deny unverified agents from sensitive tools
forbid(
 principal is Guardrails::Agent,
 action == Guardrails::Action::"call_tool",
 resource
) when {
 context.agent_trust_level == "unverified" &&
 context.tool_is_sensitive == true
};

How it works

From zero to verified in minutes

01

Register an agent identity

Give your agent a name, type, and trust level. Get a WIMSE URI and API key.

02

Exchange for a scoped token

Use the API key to get a short-lived access token with exactly the scopes you need.

03

Delegate to sub-agents

Agent A exchanges its token for a narrower-scoped token for Agent B. Full chain tracked.

04

Enforce and audit

Set credential policies, verify at every boundary, and revoke access in real time.

Integrations

Connect your existing identity providers

Bring your own IdP. Map external identities into ZeroID agent credentials with standards-based federation.

OktaAuth0Azure ADAWS CognitoGoogle WorkspacePingIdentityOIDCSAML 2.0GitHub AppsAWS IAMGCP IAMGitLab

Coming soon

Ready to give your agents an identity?

Sign up for hosted ZeroID and have your first agent identity with a working access token in under 5 minutes. Free tier included.