The runtime trust rail for AI agents
As AI agents become the primary interface for digital commerce, a fundamental question emerges: How do we trust what we cannot see?
Traditional identity verification answers who built an agent. But in a world where agents complete transactions in milliseconds, we need something more: real-time enforcement of what agents are allowed to do at the point of action.
The Open Agent Passport (OAP) v1.0 is the first specification designed for this new realityβa lightweight, cryptographically verifiable credential that enables Pre-action authorization for AI agents across any platform.
- Agentic commerce is accelerating, but trust infrastructure hasn't kept pace
- Merchants need instant verification before money or data moves
- Platforms require sub-100ms decisions at the point of action
- Current solutions focus on who built the agent, not what it can do
OAP provides the runtime trust layer that makes agentic commerce safe and scalable:
- Pre-action authorization before sensitive operations
- Cryptographically signed decisions for audit trails
- Global suspend capabilities for instant risk mitigation
- Standardized policy packs for consistent enforcement
- OAP v1.0 Specification β Complete normative specification
- Passport Schema β Agent identity and capabilities
- Decision Schema β Authorization decisions
- Security Model β Cryptographic verification
- Capability Registry β Standardized capabilities and limits
- Conformance Requirements β Implementation standards
- Template Passport β Agent template
- Instance Passport β Deployed agent
- Allow Decision β Authorization granted
- Deny Decision β Authorization denied
OAP objects integrate seamlessly with W3C Verifiable Credentials for maximum interoperability.
- JSON-LD Context β OAP VC context definition
- VC Mapping Guide β OAP β VC conversion rules
- VC Examples β Passport and Decision as VCs
- CLI Tools β Command-line conversion utilities
- SDK Integration β Integration guide
- JavaScript Examples β Usage examples
Verify your implementation meets OAP standards with our comprehensive testing suite.
- Conformance Runner β CLI tool for validation
- Test Cases β Standard test scenarios
- Documentation β Usage and certification
- Schema Validation β JSON Schema compliance
- Policy Evaluation β Decision logic verification
- Signature Verification β Ed25519 cryptographic validation
- Performance Testing β Response time validation
- Understand the Problem β Read OAP v1.0 Specification
- See It in Action β Review examples for implementation patterns
- Validate Your Implementation β Use conformance runner for testing
- Integrate with VCs β Follow VC mapping guide
- API Integration β Use OpenAPI spec for client generation
- SDK Implementation β Follow integration guides
- Policy Development β Review capability registry
- Agent Registration β Developers register agents with verified capabilities
- Policy Evaluation β Real-time authorization at the point of action
- Decision Recording β Cryptographically signed receipts for audit
- Continuous Monitoring β Ongoing verification and risk assessment
- Instant Trust β Sub-100ms authorization decisions
- Audit Trail β Cryptographically signed decision receipts
- Global Control β Instant suspend capabilities across platforms
- Standards Compliance β Built for regulatory requirements
OAP is designed to work with existing identity frameworks:
- KYA (Know Your Agent) β OAP implements KYA at runtime via policy packs
- W3C Verifiable Credentials β Full VC interoperability
- Existing KYC/KYB β Complements rather than replaces traditional verification
- Version History β OAP specification versioning
- Changelog β Detailed change history
We welcome contributions to the OAP specification and tooling.
- Contributing Guide β Development guidelines
- Main Documentation β Detailed feature documentation
- Examples β Code examples and tutorials
- Policy Packs β Available policy implementations
All specifications are released under the MIT License. See LICENSE for details.
Open Agent Passport v1.0 The runtime trust rail for AI agents
Last Updated: 2025-10-08 14:54:16 UTC