In development
Agent identity
Give agents an acting ID,
not your user's OAuth token.
OAuth tells your API which user account signed in. It does not tell you a human authorized the agent, what scope the agent may use, or how to revoke that authority without kicking the human offline.
lemma.id is building human-backed agent passports: a site-private acting ID for the agent, rooted in a verified human's consent and your scope policy, verifiable locally on your backend.
The agent auth gap
Sites integrating AI agents today face a choice: give the agent the user's OAuth token (full user authority, no attenuation, hard to revoke cleanly) or build a custom service-account layer (no human provenance, no standard revoke path).
Neither answers the question regulators and trust teams are starting to ask: which verified human authorized this agent to do this, on this site, with this scope?
The model
isHuman proves the human. The acting ID proves the agent.
One issuance approval, one credential bundle, one local verify call on your backend.
Verified human (L1)
isHuman assurance ties the delegation to one verified person. Same person-root binding as signup enforcement, not a logged-in session guess.
Human consent (L2)
The human unlocks their wallet and approves the agent for your site. Consent is recorded with a passkey anchor, not a checkbox.
Scoped delegation (L3)
The agent receives a site-private acting PPID (did:lemma:aap_…) bound to your scope and resource bounds. Proof-of-possession on every request.
Operator controls (L4)
For teams running agents in their own infrastructure: runtime kill, taint epochs, and audit trails via Agent Ops. Relying sites verify L1–L3 locally; L4 is optional.
OAuth gives the user's token. Lemma gives an agent principal.
Typical OAuth / MCP
- Agent acts as the user
- Bearer token replays if stolen
- Revoke means logging the human out
- No per-request proof-of-possession
- IdP can correlate across apps
Lemma agent acting ID
- Agent has its own site-private principal
- Cryptographically bound to human + scope
- Revoke the agent without touching the human
- PoP on every request
- Pairwise: your site sees only its AAP
What exists today vs what's coming
Shipping now (operator-only): Agent Ops tooling for teams running AI agents in their own infrastructure: scoped Ed25519 credentials, proof-of-possession, taint epochs, runtime kill switches, and JSONL audit trails. This is not part of relying-site integration.
In development (relying-site integration): Human-backed agent passports and agent acting PPIDs that compress the human + consent + scope chain into one verifiable credential your backend checks locally, the same way isHuman works for signup today.
Not competing with: OAuth MCP gateways for enterprise SSO. Lemma is the proof layer underneath, for sites that need human provenance on agent actions.
Building for the agentic web
If your platform needs to know a verified human authorized an agent, and you want that answer verifiable on your own servers, we'd like to hear from you.