VORIM
We use cookies

We use cookies to analyze site traffic and improve your experience. You can choose to accept all cookies or only essential ones. See our Privacy Policy.

ProtocolStandardsIETFIdentityInfrastructure

An Open Identity Protocol for the Agentic Web

S
Vorim AI Team
April 11, 2026 · 10 min read

Every Platform Shift Needs a Trust Protocol

The web scaled because SSL gave users confidence that their connection was private. APIs scaled because OAuth gave services a standard way to delegate access. Cloud scaled because IAM gave enterprises granular control over who could do what.

We're in the middle of the next platform shift. AI agents are becoming autonomous participants in business processes — accessing data, making decisions, executing transactions, communicating with other agents.

But there's no trust protocol for the agentic web. No standard way to answer: who is this agent, what is it allowed to do, and what did it actually do?

VAIP: The Vorim Agent Identity Protocol

VAIP is an open protocol designed for this moment. It defines:
  • Agent Identity — Ed25519 keypairs with structured identifiers and SHA-256 fingerprints
  • Permission Model — 7 hierarchical scopes with time-bounded grants, rate limiting, and conditional constraints
  • Audit Trail — Append-only event ledger with ULID ordering, content hashing, and signed export bundles
  • Trust Scoring — 5-factor algorithm producing a 0-100 score, publicly verifiable
  • Credential Delegation — Secure OAuth token delegation with encrypted vault and cascading revocation
  • Ephemeral Identity — W3C did:key for short-lived agents with automatic cleanup

Standards-Based, Not Proprietary

VAIP is built on widely adopted cryptographic standards:
  • Ed25519 (RFC 8032) — the same algorithm used by SSH, Signal, and major blockchain protocols
  • SHA-256 (RFC 6234) — industry standard for data integrity verification
  • JSON (RFC 8259) — universal data interchange format
  • W3C did:key — self-certifying decentralized identifiers
  • OAuth 2.0 (RFC 6749) — framework for credential delegation

The protocol is implementation-agnostic. Any system can implement VAIP regardless of programming language, database, or deployment model.

The IETF Path

VAIP has been submitted as an IETF Internet-Draft (draft-nyantakyi-vaip-agent-identity). The specification is being presented to relevant IETF working groups including OAuth, RATS, SCIM, and WIMSE. The goal is to establish VAIP as an Internet standard — the same way OAuth and TLS became standards. Not proprietary. Not vendor-locked. A protocol that anyone can implement.

5 Conformance Levels

VAIP defines 5 conformance levels to enable incremental adoption:
LevelNameWhat It Requires
1IdentityAgent registration with Ed25519 keypairs
2PermissionedLevel 1 + scoped permissions
3AuditedLevel 2 + append-only audit trail
4TrustedLevel 3 + trust scoring + public verification
5SealedLevel 4 + signed bundles + event signatures

You don't have to implement everything. Start with Level 1 (just identity) and add layers as your needs grow.

Reference Implementations

- TypeScript SDK: npm install @vorim/sdk
  • Python SDK: pip install vorim
  • MCP Server: npm install @vorim/mcp-server
  • Protocol Spec: github.com/Vorim-AI-Labs/vorim-protocol

The Future

Every agent deployed today will eventually need verifiable identity. The question is whether that identity will be proprietary and fragmented, or open and standardized. VAIP is our bet on open. The protocol is published. The SDKs are available. The IETF draft is submitted. Now we need the ecosystem to adopt it. vorim.ai

Ready to build with agent identity?

Free plan: 3 agents, 10K auth events/month, full SDK access. No credit card.