A protocol for secure identity management, governance, and policy enforcement in the Internet of Agents (IoA)
AIP is a language-agnostic protocol for establishing cryptographic identities for AI agents, enabling authentication, authorization through policy enforcement, and audit trails across heterogeneous systems. AIP provides a standardized way to separate agentic and human authentications.
AIP operates at two layers that work together — identity and enforcement — connected by the Agent Authentication Token (AAT):
- Layer 1 — Identity: Agents receive cryptographic identities from the AIP Registry. The Token Issuer signs AATs that encode who the agent is, which user it acts on behalf of, and what capabilities it holds.
- Layer 2 — Enforcement: The AIP Proxy sits between the AI client and any MCP tool server. It verifies the AAT on every tool call, evaluates policy, DLP-scans data, and writes an immutable audit log — before any request reaches your infrastructure.
| Repository | Description |
|---|---|
| agentidentityprotocol | Protocol specification, architecture, and formal docs |
| agentidentityprotocol/docs | Source for agentidentityprotocol.io |
| aip-playground | Example webapp with basic authentication to test out AIP in real world scenarios |
| aip-go | Go reference implementation — MCP proxy with policy enforcement, DLP, and audit logging |
| aip-rust | Rust implementation (in progress) |
| aip-python | Python implementation (in progress) |
| aip-policy-examples | Agent Identity Protocol YAML Example Policies - use with proxy layer (in progress) |
AIP is an open specification. We welcome protocol feedback, new language implementations, security research, and documentation contributions.
- 📖 Docs: agentidentityprotocol.io
- 💬 Discussions: github.com/openagentidentityprotocol/agentidentityprotocol/discussions
- 📋 Contributing: CONTRIBUTING.md
Licensed under Apache 2.0
