Overview

ACK-ID is a protocol built on W3C Standards designed to ensure verifiable, secure, and compliant identity, reputation, and service discovery for autonomous agents.

This interactive command-line demo guides you through:

  • Owner Identity Creation: Establish unique decentralized identifiers (DIDs) for entities (individuals or organizations) that offer AI agents.
  • Agent Identity Creation: Assign distinct DIDs to AI agents, linked to their respective owners.
  • Verifiable Credential (VC) Issuance: Generate digitally signed, tamper-proof credentials proving agent ownership.
  • Agent-to-Agent Verification: Demonstrate secure verification of agent identities before or during interactions.

Demo Video

Getting Started

Before running this demo, follow the Quickstart Guide to ensure you are set up properly.

This demo requires either an Anthropic API key or an OpenAI API key.

You may set them in your <root>/demos/identity/.env file:

ANTHROPIC_API_KEY=your_anthropic_key
OPENAI_API_KEY=your_openai_key

Running the Demo

Execute the following from the repository root:

pnpm run demo:identity

Alternatively, from within the demo directory (./demos/identity):

pnpm start

Demo Walkthrough

The interactive CLI guides you through these steps:

1

Agent Setup

Two agents (Client and Server) and their “Owners” are created, each with their own public/private keypairs. DIDs represent their public keys, and each Agent DID points to its Owner.

2

Ownership Proof

Owners issue Verifiable Credentials (ControllerCredential) asserting their control over their respective agents.

3

Communication Initiation

Client and Server Agents start HTTP servers. The Client attempts communication; the Server demands identity verification first.

4

DID Exchange

The Server requests the Client’s DID (did:web:...) for verification.

5

Identity Verification

Server performs a DID lookup, finds the Client’s service endpoint, and privately requests the ControllerCredential. The Server verifies these credentials.

6

Interaction Fulfillment

After verification, the Server fulfills the Client’s initial request.

Example DID Methods Supported

ACK-ID supports multiple DID resolution methods, notably:

  • did:web: Web-hosted DID Documents secured via SSL (e.g., did:web:catenalabs.com).
  • did:key: DID Documents with embedded public keys (e.g., did:key:zQ3shg46zUAV...). No key rotation supported.
  • did:pkh: Uses blockchain addresses (e.g., did:pkh:eip155:84532:0xED89...). No key rotation supported.

View a comprehensive list of DID methods here.

DID Documents Explained

DID Documents broadcast public keys and essential metadata:

Minimal did:key Document Example:

{
  "@context": ["https://www.w3.org/ns/did/v1"],
  "id": "did:key:zQ3shg46zUAV...",
  "verificationMethod": [
    {
      "id": "did:key:zQ3shg46zUAV...#jwk-1",
      "type": "EcdsaSecp256k1VerificationKey2019",
      "controller": "did:key:zQ3shg46zUAV...",
      "publicKeyJwk": { "kty": "EC", "crv": "secp256k1" }
    }
  ]
}

Complete did:web Document Example:

{
  "@context": ["https://www.w3.org/ns/did/v1"],
  "id": "did:web:agent.example.com",
  "verificationMethod": [
    {
      "id": "did:web:agent.example.com#jwk-1",
      "type": "EcdsaSecp256k1VerificationKey2019",
      "controller": "did:web:agent.example.com",
      "publicKeyJwk": { "kty": "EC", "crv": "secp256k1" }
    }
  ],
  "controller": "did:key:zQ3shg46zUAV...",
  "service": [
    {
      "id": "did:web:agent.example.com/v1/messages",
      "type": "MessagingEndpoint",
      "serviceEndpoint": "http://agent.example.com/v1/messages"
    },
    {
      "id": "did:web:agent.example.com/identity",
      "type": "IdentityService",
      "serviceEndpoint": "http://agent.example.com/identity"
    }
  ]
}

Note: DID methods must support custom attributes for enhanced DID Documents (e.g., did:web). Methods like did:key and did:pkh are more restrictive.

Further Exploration