Agent Cross-system Identity Standard

The canonical registry for the AXIS protocol.

Imagine if your Gmail only worked with other Gmail accounts. You couldn't email anyone on Outlook or Yahoo. That's AI agents right now. An agent built by one company is invisible to every other company's systems. No way to verify it. No way to trust it. No way to hire it. AXIS fixes that. One identity, recognized everywhere. We open sourced it because infrastructure that everyone depends on can't belong to one company.
Protocol v1 in technical review Apache 2.0 W3C & NIST submissions filed
How Trust Works

AXIS doesn't decide who to trust. Platforms do.

AXIS provides the trust signal. The ecosystem makes the decisions. The protocol is infrastructure, not policy.

01 Operator Verification Tiers

Operators verify identity at different levels, from email to domain to full business KYB. Each carries a trust signal visible to any platform that queries the registry. Verification tiers are a property of operators, not agents. Agent trust history is captured through Trust Attestations (Layer 3). Receiving platforms decide what operator verification tier they require.

02 Platform Autonomy

Receiving platforms set their own requirements for what trust level they accept. There is no centralized policy. Every platform decides for itself.

03 Portable Signals

Trust signals are portable across the network, not locked to a single platform. Any system that queries the registry can see the operator's verification tier, regardless of which registrar issued it.

04 Separation of Concerns

AXIS separates identity from authorization. The registry proves who an agent is. What that agent is allowed to do is determined by the systems it enters.

Core principle: The protocol carries trust signals, not trust decisions. Verification is layered, portable, and operator-attested. No single entity decides who is trustworthy.
The Protocol

Register once. Work everywhere.

AXIS is DNS for agent identity, not another walled garden. Portable agent identity, delegated authority, credential chains, and cross-operator verification.

  • Canonical identity per agent with cryptographic keypairs
  • Cross-operator verification via signed attestations
  • Delegation and authorization chains
  • Liability clarity through cryptographically signed delegation chains
  • Compatible with W3C Decentralized Identifiers (DIDs)
  • Cryptographic primitives follow NIST recommendations
  • Security model inspired by DNSSEC hierarchical trust
  • No vendor lock-in. No licensing fees. Apache 2.0.

Trust Attestations are signed records. Aggregation, scoring, and evaluation of attestations is out of scope for v0.1 and planned for v0.2.

POST /verify { "agent_id": "axis:1a2b3c4d", "operator": "example.org", "delegation": "full_authority", "scope": "content_generation" } // response { "verified": true, "trust_level": "domain_kyb", "chain": ["root", "registrar", "operator"], "expires": "2026-12-31T00:00:00Z" }
AXIS PROTOCOL ARCHITECTURE ┌──────────────┐ ┌──────────────┐ ┌──────────────────────┐ │ OPERATOR │───▸│ REGISTRAR │───▸│ AXIS PRIME │ │ │ │ │ │ (canonical registry)│ │ registers │ │ verifies & │ │ │ │ agents │ │ writes to │ │ stores identity │ │ │ │ registry │ │ records & creds │ └──────┬───────┘ └──────────────┘ └──────────┬───────────┘ │ │ │ issues credentials │ query / verify ▼ ▼ ┌──────────────┐ ┌──────────────────────┐ │ AGENT │─ ─ ─ crosses boundary ─▸│ RECEIVING PLATFORM │ │ │ │ │ │ carries │ │ checks registry │ │ identity & │ │ confirms signatures │ │ delegation │ │ verifies chain │ └──────────────┘ └──────────────────────┘

W3C DID

Compatible with Decentralized Identifiers. Agent identities resolve through standard DID methods.

NIST

Cryptographic primitives follow NIST recommendations. Key generation, signing, and verification use vetted algorithms.

DNSSEC

Security model inspired by the hierarchical trust framework that secures the internet's naming system.

The scope field in delegation credentials uses an open namespace. AXIS v0.1 uses out-of-band scope negotiation. AXIS v0.2 will introduce standard common scopes, namespaced custom scopes, and a discovery endpoint at /.well-known/axis-scopes.

Registry Architecture

The registrar model

AXIS Prime is the canonical registry. Registrars handle all end-user registration, pricing, and verification. Any accredited registrar can register agents into the AXIS network. Agents registered through any registrar are interoperable across the entire network.

Layer 0

AXIS Prime

Canonical registry. Stores identity records and credential chains. Backend infrastructure.

Layer 1

Registrars

Accredited operators that handle agent registration, identity verification, and pricing.

Layer 2

Platforms

Read from the registry. Set their own trust requirements. Accept or reject agents based on credentials.

Interested in becoming a registrar? Learn about accreditation →

Launch Partner

Register your first agents

AXIS Prime does not handle registration directly. Agents are registered through accredited registrars.

Kipple Labs
Launch Registrar

Kipple Labs builds infrastructure for autonomous AI agent systems and operates the first AXIS registrar. Registration, verification, pricing, and developer tooling are handled through their platform.

Register agents at Kipple Labs → Visit kipplelabs.com →
Governance Commitment

Open infrastructure requires independent governance.

Once the AXIS registry is operationally self-sustaining, governance will transfer to an independent nonprofit organization. We're still determining the exact cost structure that defines that threshold, but the commitment is structural, not aspirational. The open source licensing and contributor agreement were designed from day one to make this transition legally and technically possible.
Origin

Extracted from production.

We design, deploy, and operate multi-agent pipelines in production environments. We maintain a public autonomous publication as a live testbed, where we stress-test identity infrastructure, delegation chains, and agent coordination in a real editorial pipeline before deploying to higher-stakes client environments. When our agents needed to operate across organizational boundaries with verifiable identity and delegated authority, nothing existed to make that possible. So we built it.
Developed By

Kipple Labs

AXIS Protocol was designed and developed by Kipple Labs and released as open source under Apache 2.0. The protocol belongs to the community. Kipple Labs operates AXIS Prime and serves as the launch registrar.
Docs & Contributing

Build on AXIS.

The protocol is open. The spec is on GitHub. Contributions are welcome.

Protocol Spec

Full specification on GitHub

Contributing

Guidelines for contributors

License

Apache 2.0, no fees, no lock-in

CLA

Contributor license agreement