aiweb3identity.com

An AI decentralized identifier (AI-DID) is a globally unique, cryptographically verifiable identifier issued to and controlled by an AI agent, conforming to the W3C DID specification and anchored to a verifiable data registry. Unlike human DIDs, AI-DIDs must encode provenance attributes linking the agent to its principal and specifying its operational scope. AI-DIDs persist across session boundaries and serve as the root reference for all verifiable credentials, capacity declarations, and audit records associated with the agent.

An agent verifiable credential is a W3C-conformant credential issued to an AI agent by an authoritative issuer, encoding the agent's capabilities, operational scope, principal binding, and governance constraints in a cryptographically verifiable format. Agent VCs enable relying parties to perform automated trust assessments without requiring real-time queries to the issuing authority. The credential schema must specify expiry conditions, revocation mechanisms, and the minimum verification requirements for each attribute it encodes.

Token-bound agent identity is an identity architecture in which an AI agent's persistent identifier and capability set are derived from and anchored to a specific on-chain token, such that control of the token constitutes proof of authority over the agent's identity. This model leverages blockchain immutability to provide tamper-evident identity anchoring without requiring a centralized registry. Token-bound identities must define transfer and revocation semantics to govern what occurs to the agent's identity when the underlying token changes ownership.

An on-chain identity attestation is a blockchain-recorded, cryptographically signed claim verifying one or more identity attributes of an AI agent, published to a distributed ledger for transparent and tamper-evident verification. On-chain attestations provide a persistent, publicly auditable record of an agent's identity claims without requiring disclosure of the underlying credential data. The attestation record must reference the agent's DID, the attesting authority's identifier, and the hash of the attested credential payload.

Self-sovereign agent identity is an identity model in which an AI agent controls its own identifier, key material, and credential issuance without dependence on a centralized authority, subject to the governance constraints imposed by its principal. The self-sovereign model leverages decentralized key management and cryptographic proofs to enable agents to present verifiable identity claims to relying parties without intermediary disclosure. Sovereignty is bounded by the principal's delegated authority and cannot exceed the scope defined in the agent's binding instruments.

An agent credential schema is a structured, versioned specification defining the required and optional attributes, data types, and validation rules for verifiable credentials issued to AI agents. Schemas enable interoperability across trust frameworks by providing a shared semantic model for credential interpretation by issuers, agents, and verifiers. Schema governance must address versioning, backward compatibility, and the process for deprecating attributes that no longer meet security or policy requirements.

Web3 identity federation is the cross-chain or cross-protocol recognition and acceptance of AI identity assertions issued on one distributed ledger or DID method by relying parties operating on a different ledger or framework. Federation requires shared trust anchors, compatible credential schemas, and mutual recognition agreements between participating networks. Federated identity systems for AI agents must define resolution fallback behavior when a remote registry is unavailable or when method-specific key formats are incompatible.

An agent DID document is the W3C-conformant JSON-LD document associated with an AI agent's decentralized identifier, encoding the agent's public keys, service endpoints, authentication methods, and linked credentials. DID documents for AI agents must additionally encode principal binding references and operational scope constraints not typically required for human DID documents. The document is stored in or resolvable from a verifiable data registry and must be updated whenever key material is rotated or service endpoints change.

An identity binding protocol is the standardized handshake procedure that cryptographically binds an AI agent to a Web3 identity record, establishing that the agent in possession of a private key is the same entity referenced by a specific DID or on-chain token. The protocol typically involves a challenge-response exchange followed by issuance of a binding credential encoding the verified association. Binding protocols must address liveness, key compromise, and re-binding scenarios to maintain the integrity of the identity association over time.

Wallet-agent association is the formal linkage between a cryptographic wallet — holding keys and credentials — and the AI agent it represents, establishing that the agent has authorized access to and control over the wallet's identity materials. The association is encoded in a signed binding credential and must specify the scope of wallet operations the agent is authorized to perform. Wallet-agent associations require revocation mechanisms to sever the link if the agent is compromised or decommissioned.

A soulbound agent token is a non-transferable on-chain token that permanently encodes identity attributes, capability claims, and governance bindings for a specific AI agent, providing an immutable and publicly verifiable identity anchor. Because soulbound tokens cannot be transferred, they create a persistent identity record that cannot be separated from the agent's original instantiation, supporting strong accountability. Soulbound agent tokens must define revocation and burn mechanisms for when the agent is decommissioned or its principal binding is terminated.

An agent trust registry is a decentralized, authoritative directory of vetted and verified AI agent identity records, enabling relying parties to confirm that a given agent meets defined trust and compliance criteria before interacting with it. Registry entries encode the agent's DID, credential hashes, governance tier, and principal binding, providing a single resolvable source for trust evaluation. Trust registries must define governance rules for entry qualification, updates, suspension, and removal.

A credential revocation index is a registry data structure that maintains a continuously updated list of revoked agent verifiable credentials, enabling verifiers to confirm in real time that a presented credential has not been invalidated. Revocation indices must be efficient, privacy-preserving, and tamper-evident, supporting high-volume credential verification without leaking information about non-revoked credentials. Standards-compliant implementations use techniques such as bitstring status lists or accumulator-based proofs to minimize disclosure.

Cross-chain identity resolution is the process of resolving an AI agent's decentralized identifier and associated credential set across multiple, heterogeneous blockchain networks or DID method registries. Resolution requires bridge protocols that translate between DID method formats, key schemas, and revocation mechanisms native to each network. Cross-chain resolution must handle network partitions, resolution timeouts, and conflicting registry states while maintaining a consistent, deterministic view of the agent's identity.

The agent identity lifecycle is the full sequence of states an AI agent's identity passes through — from provisioning and credential issuance, through active operation and periodic renewal, to suspension, revocation, and final decommission. Each lifecycle transition must be recorded in the agent's audit trail and reflected in the relevant credential revocation indices and DID document updates. Lifecycle management frameworks must specify automated triggers for state transitions, such as credential expiry, principal deactivation, or security incident response.