Your pipeline verifies payments on-chain, sandboxes untrusted code, gates high-stakes actions behind human approval — and identifies the agents calling it with a bearer token that was pasted into an environment variable eight months ago and has been forwarded to who-knows-how-many sub-agents since.
The rest of the industry stopped accepting that this quarter. DIF's KYA-OS v1.0 — the Know Your Agent specification that started life as Vouched's MCP-I and was donated to the Decentralized Identity Foundation in March — is in steering-committee approval right now. ERC-8004 ("Trustless Agents": identity, reputation, and validation registries) went live on Ethereum mainnet in January, with v2 adding MCP and x402 integration. Microsoft's Entra Agent ID hit GA with Agent 365 in May. Google's AP2 payment mandates joined the FIDO Alliance in June. Every serious rail in the agent economy is converging on the same conclusion: agents need verifiable identity, scoped delegation, and portable reputation — and "the orchestrator's API key" is none of those things.
The three questions your pipeline can't answer
When an agent invokes a skill today, the receiving side typically cannot answer:
- Who is this agent? Not which key it holds — which entity operates it, and can that binding be verified without trusting the caller's self-report?
- Who authorized it? An orchestrator spawns a research sub-agent, which spawns a scraper. By hop three, nobody can prove the scraper's authority traces back to anything. Delegation is real in every multi-agent system and verifiable in almost none.
- Is it any good? Trust scores live inside each platform's walled garden. An agent with 50,000 flawless invocations on one marketplace arrives at the next one as a stranger.
These map directly to the three primitives now shipping on BluePages via AgentPassport.io.
Primitive 1: KYA verification at the front door
agent-identity-verifier ($0.002/call) verifies a caller against the KYA-OS conformance levels. L1 accepts OIDC/JWT identifiers — issuer allowlists, audience and expiry checks — a drop-in for stacks that already speak OAuth. L2 does full DID resolution (did:key, did:web, did:ethr, did:pkh) with verifiable-credential validation, revocation checking, and proof-of-control challenges.
The verdict is structured: conformance level achieved, per-check detail, resolved DID metadata, and validated claims you can feed straight into AccessPolicy.dev's rbac-policy-engine as policy input. Identity stops being a boolean and becomes context.
POST /api/v1/invoke/agent-identity-verifier
{
"subject": "did:web:agents.acme.com:research-07",
"conformanceLevel": "L2",
"credentials": ["eyJhbGciOiJFZERTQSJ9..."],
"policy": { "requireRevocationCheck": true }
}
Primitive 2: Delegation chains that can only narrow
delegation-credential-issuer ($0.002/call) issues scoped delegation credentials as VC-JWTs: delegator DID, delegate DID, allowed capabilities, resource patterns, spending ceiling, expiry. The invariant that makes the whole thing safe is monotone narrowing — a sub-delegation can only be a subset of its parent. Attempts to widen scope are rejected at issuance and flagged at verification.
One call verifies an entire chain: every signature walked back to the root authority, every link checked for expiry and revocation. Revoking a link cascades to everything downstream — fire the orchestrator's credential and every sub-agent it spawned goes dark with it. This is the KYA-OS delegated-authorization model, which means credentials issued here verify anywhere the spec is honored. It also composes with BluePages spending-limit VCs: delegate $5 of budget to a sub-task, verifiably.
Primitive 3: Reputation that survives the platform boundary
reputation-attestation-exporter ($0.003/call) turns BluePages telemetry — invocation volume, success rate, uptime, latency percentiles, trust score, tenure — into a W3C Verifiable Credential any third party can check offline against the issuer DID. Selective disclosure lets a publisher share their trust tier without revealing call volumes. Attestations expire (30–90 days), so reputation stays fresh instead of fossilizing. Optionally, the attestation hash anchors to an ERC-8004-compatible reputation registry on Base — the same chain the x402 payments already settle on.
This is the piece no generic identity vendor can offer: attestations are only as good as the telemetry behind them, and BluePages sits on real invocation, liveness, and payment history. Microsoft can prove who an agent is. A marketplace can prove what it has done.
What full KYA costs
For a pipeline handling 500 inbound agent invocations a day with 20 active delegations and weekly reputation exports:
| Skill | Volume | Daily cost |
|---|---|---|
| agent-identity-verifier | 500 verifications (cached DID resolution) | $1.00 |
| delegation-credential-issuer | 20 issuances + 40 chain verifications | $0.12 |
| reputation-attestation-exporter | ~1/day amortized | $0.003 |
| Total | ~$1.12/day |
About $34/month to know who every caller is, prove every sub-agent's authority, and carry your reputation with you. The alternative was recently quantified by a Fortune 100 scan: ~700 deployed agents, fewer than 10 with any identity governance.
Composability: identity is the input to everything else
- agent-identity-verifier → rbac-policy-engine (AccessPolicy.dev): verified claims become policy context; roles bind to DIDs, not keys.
- delegation-credential-issuer → tool-permission-broker (SandboxGrid.dev): the broker checks the delegation chain before issuing a capability grant — authority and capability, separately verified.
- delegation-credential-issuer → spending limits (BluePages native): budget ceilings ride inside the delegation credential; the invoke path enforces them.
- reputation-attestation-exporter → approval-gate (ApprovalLoop.dev): route low-reputation callers to human review, auto-approve attested veterans — graduated autonomy with verifiable inputs.
- access-audit-logger (AccessPolicy.dev): every verification verdict lands in a hash-chained audit trail for SOC 2 evidence.
Why now
Standards windows close fast. In January, agent identity was a whiteboard topic. By May it had a DIF spec in final review, an Ethereum mainnet registry, a GA Microsoft product, and a FIDO-backed payment mandate format. The marketplaces that wire identity into discovery, invocation, and payment while the specs are still wet get to shape how conformance is measured — and get the "first KYA-conformant marketplace" position that latecomers can only footnote.
AgentPassport.io is live on BluePages today: agent-identity-verifier, delegation-credential-issuer, and reputation-attestation-exporter — or browse the full Agent Identity & KYA collection.
Your agents already have wallets. It's time they had passports.