Open Agent Specification v1.1.0

The Specification

A W3C DID-based identity framework for autonomous agents. Defines the DID method, entity kinds, lineage model, cryptographic primitives, and conformance levels.

Read Full SpecView on GitHub

Section 1

DID Method: did:oas

The did:oas method defines a self-certifying, offline-verifiable identifier format for autonomous agents and their related entities.

URI Structure

did:oas:<namespace>:<kind>:<identifier>

Method

Always oas. Identifies this DID as conforming to the Open Agent Specification.

Namespace

The issuing authority or network. Examples: l1fe, acme, self.

Entity Kind

One of 11 defined kinds. Determines the entity's role, capabilities, and lineage requirements.

Identifier

Globally unique identifier. Derived from the public key via multibase (base58btc) encoding.

Cryptographic Foundation

Ed25519
Signing
HKDF-SHA256
Key derivation
BLAKE3
Hashing
JCS
Canonicalization

Section 2

11 Entity Kinds

Every participant in the agent ecosystem has a typed identity. Entity kinds determine lineage requirements, capabilities, and trust properties.

hmr

Human Managed Resource

Individual human identity — the root of all trust

mhr

Multi-Human Root

Collective identity via FROST threshold signatures

enr

Enterprise Root

Organization identity governed by MHR groups

ao

Autonomous Organization

Self-governing entity with DID-based governance

agent

Agent

Autonomous software agent with lineage proof

agent:instance

Agent Instance

Running instance of an agent with ephemeral state

tool

Tool

Callable capability exposed by an agent

skill

Skill

Composable behavioral module

workflow

Workflow

Orchestrated sequence of agent actions

model

Model

AI/ML model with provenance tracking

dataset

Dataset

Training or evaluation data with lineage

service

Service

Long-running infrastructure endpoint

Section 3

Conformance Levels

Three progressive levels of identity maturity. Start simple, level up as your requirements grow.

L0

Basic Identity

Valid DID document with at least one verification method. Minimum viable identity.

Valid did:oas URIEd25519 verification methodDID document resolves
L1

Verifiable Lineage

L0 + cryptographic lineage proof linking agent to human root. Full accountability chain.

L0 requirementsAgentLineageProof2025HKDF-SHA256 key derivationLineage chain resolves
L2

Full Attestation

L1 + W3C Verifiable Credentials and trust attestations. Enterprise-grade identity.

L1 requirementsW3C VC attestationTrust score (OATS)Service endpoint declarations

Section 4

Lineage Model

Every agent identity is bound to its creator through a cryptographic lineage proof. The chain is immutable, offline-verifiable, and tamper-evident.

AgentLineageProof2025

{
  "@context": "https://openagent.id/v1",
  "type": "AgentLineageProof2025",
  "creator": "did:oas:l1fe:hmr:alice-root-key",
  "created": "2026-04-09T00:00:00Z",
  "proofPurpose": "assertionMethod",
  "verificationMethod": "did:oas:l1fe:hmr:alice#key-1",
  "derivation": {
    "method": "HKDF-SHA256",
    "parentKey": "z6MkhaXgBZDvotDkL5257faiztiGiC2QtKLGpbnnEGta2doK",
    "childKey": "z6Mki8e5YQKL7p9Fgx3eTjeVxGKGk5mXWpNBkabGKKcAqp1"
  },
  "jws": "eyJhbGciOiJFZERTQSJ9...signature..."
}