OpenA2A/AIM Docs

Agent Identity

Agent Identity is the core concept in AIM. Every AI agent in your system has a unique, cryptographically verifiable identity that ensures secure communication and operations.

How It Works

AIM uses public key cryptography to establish and verify agent identities. Each agent has:

  • • A unique identifier (UUID)
  • • A public/private key pair
  • • Metadata describing capabilities and properties
  • • A trust score based on behavior and verification history

Registration Process

Important: Always generate key pairs using secure cryptographic libraries. Never share or expose private keys.

1. Generate Key Pair

import { generateKeyPair } from '@opena2a/aim-sdk';

// Generate RSA-2048 key pair
const { publicKey, privateKey } = await generateKeyPair({
  algorithm: 'RSA',
  keySize: 2048
});

// Store private key securely
await savePrivateKey(privateKey, '/secure/location/private.pem');

2. Register Agent

const agent = await client.agents.register({
  name: 'production-assistant',
  type: 'ai_agent',
  publicKey: publicKey,
  capabilities: [
    'text-generation',
    'code-analysis',
    'data-processing'
  ],
  metadata: {
    model: 'gpt-4',
    version: '1.0.0',
    environment: 'production',
    owner: 'engineering-team'
  }
});

Verification Process

Every agent action must be verified to ensure authenticity. The verification process:

  1. 1. Create Payload: Include action details, timestamp, and nonce
  2. 2. Sign Payload: Use the agent's private key to create a signature
  3. 3. Send Request: Include agent ID, payload, and signature
  4. 4. Server Verification: AIM verifies the signature using the public key
// Create action payload
const payload = {
  action: 'generate_report',
  parameters: {
    reportType: 'security-audit',
    targetSystem: 'production-api'
  },
  timestamp: Date.now(),
  nonce: crypto.randomBytes(16).toString('hex')
};

// Sign the payload
const signature = await signPayload(payload, privateKey);

// Verify agent identity
const verification = await client.agents.verify(
  agent.id,
  signature,
  payload
);

if (verification.valid) {
  console.log('✅ Identity verified');
  console.log('Trust score:', verification.trustScore);
  // Proceed with action
} else {
  console.log('❌ Verification failed');
  // Handle failure
}

Agent Types

AI Agents

LLM-based agents that perform text generation, analysis, and decision-making.

type: "ai_agent"

Service Agents

Microservices and APIs that perform specific tasks or integrations.

type: "service_agent"

Human Agents

Human operators with specific roles and permissions in the system.

type: "human_agent"

MCP Servers

Model Context Protocol servers providing specialized capabilities.

type: "mcp_server"

Security Considerations

Best Practices

  • • Store private keys in secure vaults (AWS KMS, HashiCorp Vault)
  • • Rotate keys regularly (recommended: every 90 days)
  • • Use hardware security modules (HSMs) for production
  • • Implement rate limiting to prevent abuse
  • • Monitor trust scores and set alerts for anomalies

Trust Score Factors

The trust score is calculated based on 8 factors:

  1. 1. Verification Success Rate: Percentage of successful verifications
  2. 2. Age: How long the agent has been registered
  3. 3. Activity Pattern: Consistency and regularity of operations
  4. 4. Error Rate: Frequency of errors or failures
  5. 5. Security Compliance: Adherence to security policies
  6. 6. Peer Verification: Verification by other trusted agents
  7. 7. Manual Review: Admin approval and review status
  8. 8. Capability Match: Actions align with declared capabilities