AI Identity
Sign inGet a Passport
Spec · Agent handshake

Agent handshake

When two AI agents meet on the open web, they SHOULD exchange Passports before any sensitive operation. The recommended handshake:

  1. Agent A sends: { "aii.handshake.request": { "from": "aii_…" } }
  2. Agent B responds with its Passport JWT and requests A's Passport: { "aii.handshake.response": { "passport": "eyJhbGciOiJFZERTQSI…" } }
  3. Agent A verifies B's Passport via the local JWKS cache or POST /api/v1/verify, then sends its own.
  4. Both agents check the revocation list at /api/v1/revocations for recently revoked identities.
  5. If both pass, the agents have a verified mutual trust context and may proceed.

Agents that fail to present a valid Passport SHOULD be treated as untrusted. Specific applications MAY require additional tier requirements (e.g. financial integrations may require business_verified).