Agent Identity
Okta for AI Agents, Cryptographic Identity¶
Every AI agent is assigned an Ed25519 cryptographic identity, a verifiable credential that defines what the agent is, what it's authorised to do, and under what conditions. The control plane verifies identity on every action before any policy evaluation. Replay protection is enforced via Redis-backed nonce deduplication across all workers.
Architecture: Ed25519 keypairs → W3C DIDs → Signed assertions → Redis replay guard → Permission boundaries → Credential lifecycle → Vault-bound proofs
Key Concepts¶
| Concept | Description |
|---|---|
| Ed25519 Keypair | Every agent gets a public/private key. Private key returned once at registration, never stored server-side. |
| DID | W3C-aligned did:xybern:{workspace}:{agent} identifier. |
| Signed Assertion | JSON payload signed by agent's private key, verified by control plane in < 1 ms. |
| Permission Boundary | Scopes, resource rules, temporal windows, delegation controls, rate limits. |
| Nonce + Timestamp | Replay protection: each assertion must have a unique nonce and timestamp within 5 minutes. Nonces are deduplicated in Redis across all API workers. |
Register Agent (via SDK, recommended)¶
from xybern import Xybern, AgentCredential
client = Xybern(api_key="xb_your_key")
# Generates Ed25519 keypair, registers agent, issues credential — one call
cred = client.agents.register(
name="Trading Agent Alpha",
framework="langchain",
capabilities=["execute_trade", "query_portfolio"],
)
cred.save("./trading_agent.cred") # chmod 600, private key never leaves your server
print(cred.did) # did:xybern:{workspace}:agent_abc123
print(cred.key_fingerprint) # SHA-256 hex fingerprint
Register Agent (raw API)¶
resp = requests.post(f"{BASE}/enforce/agents", headers=HEADERS, json={
"name": "Trading Agent Alpha",
"framework": "langchain",
"scopes": ["trade:write", "db:read"],
"permission_boundary": {
"resource_rules": [{"action_types": ["execute_trade"], "max_amount": 50000}],
"temporal": {"allowed_hours": {"start": 9, "end": 17}},
"rate_limit": {"max_actions": 100, "window_minutes": 60}
}
})
cred = resp.json()["credential"]
private_key = cred["private_key"] # SAVE THIS — shown only once
did = cred["did"] # did:xybern:ws1:agent_abc123
Intercept with Identity (SDK, auto-signing)¶
# SDK signs every assertion automatically — no crypto code needed
result = client.agents.intercept(
action_type="execute_trade",
action_content="Buy 100 AAPL at market",
credential="./trading_agent.cred", # or AgentCredential object
metadata={"ticker": "AAPL", "notional_usd": 19000},
)
# response includes identity_verified=True when signature checks pass
print(result.identity_verified) # True
Intercept with Identity (raw API)¶
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from base64 import b64encode, b64decode
import json, uuid
nonce = uuid.uuid4().hex
payload = {"agent_id": "agent_abc", "action": "execute_trade",
"nonce": nonce, "timestamp": "2026-01-25T12:00:00Z"}
canonical = json.dumps(payload, sort_keys=True, separators=(",", ":")).encode()
pk = Ed25519PrivateKey.from_private_bytes(b64decode(PRIVATE_KEY))
sig = b64encode(pk.sign(canonical)).decode()
resp = requests.post(f"{BASE}/enforce/intercept", headers=HEADERS, json={
"action_type": "execute_trade",
"agent_id": "agent_abc",
"signed_assertion": payload,
"assertion_signature": sig
})
# → response: {"identity_verified": true, "identity": {"did": "...", "fingerprint": "..."}}