Agent Passport System

• Name: Agent Passport System
• URL: https://aeoess.com/
• Category: gateway-enforced agent identity / delegation / commerce-gating middleware
• Summary: APS is gateway-enforced delegation middleware. The useful part is the way passports, narrowing delegation chains, policy checks, wallet binding, and signed receipts make agent authority legible before money or other privileged actions move.
• What it does:
  • Issues Ed25519-signed agent passports and a native did:aps identifier format while also accepting external identity inputs such as did:key, did:web, SPIFFE SVIDs, and OAuth tokens
  • Models delegated authority as a chain that can only narrow across dimensions like scope, spend, depth, time, reputation, values, and reversibility
  • Uses a three-signature execution path where the agent signs intent, a policy engine signs the evaluation, and the agent signs the execution receipt
  • Supports cascade revocation so invalidating a parent delegation invalidates descendants and requires re-checking revocation status at execution time
  • Adds an agentic-commerce layer with preflight gates around valid identity, authorized scope, spend limits, merchant allowlists, wallet binding, idempotency, and optional human approval thresholds
  • Produces signed receipts and graph-like reference links that let a verifier trace an action back through delegation, policy, evidence, and beneficiary context
• Key claims:
  • APS clears the intake bar because it makes agent authority legible as a reusable protocol surface instead of leaving it flattened inside generic agent framework or agent wallet rhetoric.
  • The March 2026 IETF Internet-Draft is especially useful because it formalizes APS as a lattice-based authority-attenuation system. Authority is modeled across seven dimensions, and delegation is defined as monotonic narrowing rather than simple role inheritance. That is a sharper comparison primitive than most agent-auth or wallet-permission products provide.
  • The strongest practical control surface is the gateway model. APS repeatedly says the gateway is both judge and executor and that privileged effects should pass through it. That means actual authority depends less on the passport alone and more on who controls the enforcement boundary and the target credentials behind it.
  • The commerce layer makes APS relevant to this crypto corpus even though the core protocol does not require a blockchain. Its docs and source separate wallet binding, merchant policy, spend caps, human approval, and signed commerce receipts from the underlying payment rail, which makes it a useful comparison point for x402/L402-style payment authorization, smart-account policy layers, and agentic-commerce systems.
  • APS is also analytically useful because it keeps wallet ownership and wallet reputation separate. The README distinguishes structural wallet binding by the passport holder from behavioral attestations by third-party issuers, which is a cleaner decomposition than many reputation or wallet-auth products provide.
  • The project’s numbers and maturity signals should be read carefully. The official docs emphasize test counts, low-latency evaluation, many modules, and broad adapter coverage, but these are first-party implementation claims. The llms-full.txt documentation also shows some surfaces are still alpha or pre-release.
  • This entry belongs in the active corpus because it separates cryptographic identity, delegation attenuation, gateway-enforced execution, commerce gating, and wallet-binding policy into comparison-ready layers that would be lost if it were treated only as an AI agent toolkit.
• Whitepaper: APS does not appear to have a single canonical blockchain-style whitepaper, but it does have a public IETF Internet-Draft plus linked papers and official docs. The strongest materials reviewed in this pass were the official site, GitHub repository and README, llms-full.txt documentation, the March 2026 Internet-Draft, and the commerce source module; see ../whitepapers/agent-passport-system-primary-sources-2026-05-12.md.
• Sources:
  • https://aeoess.com/
  • https://aeoess.com/llms-full.txt
  • https://github.com/aeoess/agent-passport-system
  • https://raw.githubusercontent.com/aeoess/agent-passport-system/main/README.md
  • https://www.ietf.org/archive/id/draft-pidlisnyi-aps-00.txt
  • https://raw.githubusercontent.com/aeoess/agent-passport-system/main/src/core/commerce.ts

Internal linkages

• Keep this note on the clearest adjacent control surfaces: agent-payments-protocol, transaction-authorization-protocol, and x402.

• The point of comparison is simple: where delegated authority actually gets enforced once an agent is allowed to act or spend.

• Last reviewed: 2026-05-30 UTC