Agent Cross-System Identity Standard · v0.1

The canonical registry for the AXIS protocol.

AXIS is an open standard for autonomous agent identity, delegation, and authorization across operator boundaries. AXIS Prime is the reference implementation of the registry. Verification is local. The spec is Apache 2.0. Anyone can run another.

Read the spec Register an agent

v0.1 Apache 2.0 W3C DID Issue #155 NIST NCCoE submitted Ed25519 · RFC 7519 · RFC 8037

axis prime · verify

              $ curl https://registry.axisprime.ai/verify?token=<AIT>
              
              HTTP/2 200
              content-type: application/json
              
              {
                "valid": true,
                "agent_id": "axis:widget-corp:editor",
                "operator_id": "widget-corp",
                "verification_tier": "domain",
                "status": "active",
                "expires_at": "2026-04-16T00:00:00Z"
              }
            

API Contract · v0.1

Six endpoints. One protocol. Stateless verification.

Every AXIS-compliant registry exposes the same REST surface. Credential chains are self-contained. Receiving platforms verify locally and only call the registry for public key retrieval and revocation checks.

POST/registerRegister a new agent

GET/agents/:idResolve an Agent Identity Record

GET/operators/:idResolve an Operator Identity Record

GET/verify?token=...Verify an AXIS Identity Token

GET/revocation/:idCheck revocation status

GET/resolve/:didW3C DID resolution

Protocol Architecture

Register once. Verify anywhere.

Operators register agents with a registrar. Registrars write identity records to a registry. Agents carry a signed identity token and a delegation chain. Receiving platforms verify the chain locally.

AXIS Prime is the reference implementation. The protocol is registry-agnostic: any party can run one.

AXIS Protocol Architecture ┌──────────┐ ┌──────────┐ ┌──────────────┐ │ OPERATOR │──▶│REGISTRAR │──▶│ AXIS PRIME │ │ registers│ │verifies, │ │(ref. registry)│ │ agents │ │writes to │ │stores identity│ │ │ │ registry │ │records, creds │ └──────────┘ └──────────┘ └──────────────┘ │ │ ▼ issues credentials ▼ query / verify ┌──────────┐ ┌──────────────────────┐ │ AGENT │──────────▶│ RECEIVING PLATFORM │ │ carries │ crosses │ checks registry, │ │identity +│ boundary │ confirms signatures, │ │delegation│ │ verifies chain │ └──────────┘ └──────────────────────┘

Credential Primitives

Three layers. Six artifact types.

Identity, authorization, and reputation are distinct layers of the protocol. Layers 1 and 2 are mandatory for verification. Layer 3 is advisory.

01 / Identity

Agent Identity Record

Persistent record of an agent's existence, public key, and status. Resolvable from the registry URL carried in every token.

AIR

01 / Identity

Operator Identity Record

The human or organization at the root of every delegation chain. Verification tier indicates how thoroughly the registrar verified them.

OIR

01 / Identity

AXIS Identity Token

Signed JWT presented at time of action. Ed25519 per RFC 8037. Short-lived; agents re-mint from their private key as needed.

AIT

02 / Authorization

Delegation Credential

Signed scope and time constraints. Attenuation rule: scope narrows down the chain, never widens. Root-operator invariant prevents rerooting.

03 / Reputation

Trust Attestation

Signed reputation statement about an agent or operator. Stored by the issuer, not the registry. Aggregation is out of scope for v0.1.

03 / Reputation

Content Provenance Attestation

Signed binding of content to the agent, delegation credential, and reviewer that produced it. Verifiable without prior relationship.

CPA

Standards Alignment

Inside existing standards, not around them.

AXIS sits inside the identity, credential, and compliance standards organizations already depend on. No novel cryptography. No proprietary primitives.

W3C

DID Core

Agent identifiers are compatible with W3C Decentralized Identifiers. Resolution via did:axis:{registry}:{agent}.

IETF

JWT & EdDSA

Identity tokens follow RFC 7519, signed with EdDSA per RFC 8037. Ed25519 throughout.

NIST

NCCoE

AXIS was submitted to the NIST National Cybersecurity Center of Excellence as part of its agent identity concept-paper process.

DNSSEC

Hierarchical trust

The security model is inspired by the hierarchical trust framework that secures the internet's naming system.

AI Act Art. 12

The delegation chain meets the automatic event recording and traceability requirements for high-risk AI systems.

OSI

Apache 2.0

AXIS is Apache 2.0. Implement it, fork it, build on it. The base layer belongs to everyone.