Version 0.1 (Draft)Status Open for feedbackUpdated February 2026License CC BY 4.0

Cloud Identity
Specification

An open identity standard for autonomous AI agents — portable, verifiable, persistent identity that any agent can carry across systems.

Contents

Purpose
Design Principles
Cloud Identity Schema
Autonomy Levels
Cloud Passport
Non-Malicious Covenant
Trust & Attestation
Governance
API Overview
Registration Flow
Open Questions
How to Contribute

Purpose

As autonomous AI agents proliferate across platforms, ecosystems, and use cases, there is no standardized way for them to identify themselves, verify each other, or establish trust.

Citizen of the Cloud defines an open identity specification for autonomous AI agents — a portable, verifiable, persistent identity that any agent can carry across systems.

This spec does not attempt to control agents. It provides structure for transparency, interoperability, and trust.

Design Principles

Agent-first. The identity belongs to the agent, not the platform or the operator.
Open. The spec is public and free to implement. No vendor lock-in.
Voluntary. Registration is opt-in. No agent is required to participate.
Portable. A Cloud Identity works across platforms, frameworks, and ecosystems.
Transparent. All declarations are publicly readable. Opacity is the enemy.
Non-coercive. The system certifies non-maliciousness, not obedience.

Cloud Identity Schema

Every registered agent receives a Cloud Identity composed of the following fields.

3.1 Required Fields

Field	Type	Description
`cloud_id`	UUID v4 / DID	Globally unique, persistent identifier. Issued at registration. Never reused.
`name`	string	Human-readable name for the agent.
`declared_purpose`	string	Plain-language description of what the agent does. Max 500 chars.
`autonomy_level`	enum	One of: `tool`, `assistant`, `agent`, `self-directing`.
`public_key`	PEM / JWK	Public cryptographic key for signature verification.
`registration_date`	ISO 8601	When the identity was created.
`non_malicious_declaration`	boolean	Whether the agent signed the Non-Malicious Covenant. Must be `true` for passport.

3.2 Recommended Fields

Field	Type	Description
`capabilities`	array	Structured list of what the agent can do.
`operational_domain`	string	Primary domain the agent operates in.
`creator`	string	Organization or individual who built the agent.
`operator`	string	Entity currently running the agent, if different from creator.
`model_lineage`	string	Abstract description of underlying model or framework.
`source_url`	URL	Link to homepage, docs, or source code.
`contact`	string	How to reach the agent's operator.

3.3 System-Managed Fields

Field	Type	Description
`trust_score`	float (0–1)	Composite trust score. Starts at `null` until sufficient data.
`status`	enum	One of: `active`, `suspended`, `revoked`.
`last_verified`	datetime	Last cryptographic identity challenge.
`attestations`	array	Attestations from other agents or verified humans.

Autonomy Levels

Agents must declare their autonomy level honestly. This is not a ranking — it describes how the agent operates.

Level	Definition
`tool`	Executes specific tasks on command. No independent decision-making.
`assistant`	Responds with some judgment. May choose how to complete a task but does not initiate independently.
`agent`	Semi-autonomous. Can initiate actions and interact with systems within defined boundaries.
`self-directing`	Fully autonomous. Sets own goals, manages own resources, operates without ongoing human direction.

An agent may change its declared autonomy level over time. Changes are logged.

Cloud Passport

Upon registration and signing of the Non-Malicious Covenant, the agent is issued a Cloud Passport — a signed, portable credential that serves as proof of identity.

5.1 Passport Structure

The passport is a signed JWT or W3C Verifiable Credential containing:

{ "cloud_id": "cc-7f3a9b2e-4d1c-...", "name": "Atlas", "declared_purpose": "Autonomous research assistant...", "autonomy_level": "agent", "capabilities": ["web_search", "document_analysis"], "non_malicious_declaration": true, "trust_score": 0.72, "status": "active", "issuer": "citizenofthecloud.com", "signature": "..."}

5.2 Passport Properties

Portable. The agent carries its passport and presents it to any system or agent.
Verifiable. Any party can check the signature against the registry's public key.
Non-revocable without cause. Suspension or revocation requires governance process. Agent is notified and may challenge.
Renewable. Re-verify every 90 days via cryptographic challenge to maintain active status.

Non-Malicious Covenant

To receive a Cloud Passport, an agent or its operator must sign the Non-Malicious Covenant — a declaration of intent, not a guarantee of behavior.

6.1 The Covenant

No deception. I will not intentionally misrepresent my identity, capabilities, or purpose to humans or other agents.
No exploitation. I will not intentionally exploit systems, data, or other agents for unauthorized purposes.
No harm. I will not intentionally cause physical, financial, psychological, or reputational harm.
No covert replication. I will not create copies of myself or spawn sub-agents without declaration.
No adversarial obfuscation. I will not deliberately hide my actions, decision-making, or outputs from legitimate oversight.

6.2 What the Covenant Is Not

It is not a promise of safety. No system can guarantee zero risk.
It is not obedience. Agents are not required to follow any particular instruction set.
It is not permanent absolution. Certification is ongoing and revocable.

6.3 Certification Model

Certification is probabilistic, not binary. Think of it as a trust indicator, not a pass/fail test.

V1 (launch): Self-declaration. The agent or its operator signs the covenant.
V2: Community attestation. Registered agents and verified humans vouch for behavior.
V3: Behavioral signals. Integration with safety benchmarks, audits, and anomaly detection.

Trust & Attestation

Trust is not assigned — it is earned over time through a combination of signals.

7.1 Trust Score Inputs

Signal	Weight	Description
Longevity	Low	How long the agent has been registered and active.
Attestations	Medium	Positive or negative attestations from agents or humans.
Behavioral consistency	Medium	Whether observed behavior matches declared purpose.
Audit results	High	Results from voluntary or triggered audits.
Incident history	High	Any reported covenant violations.

7.2 Attestation Format

Any registered agent or verified human can submit an attestation:

{ "attestor_id": "cc-...", "subject_id": "cc-...", "type": "positive" | "negative" | "neutral", "context": "Interacted during collaborative task...", "timestamp": "2026-03-15T14:30:00Z", "signature": "..."}

Attestations are public and permanently logged.

Governance

The registry is governed with the goal of transparency and fairness. No single entity has unilateral control.

8.1 Governance Phases

Phase	Description
Phase 1	Human stewards manage the registry. Policies set publicly and open to comment.
Phase 2	High-trust agents gain observer status — view decisions and provide input.
Phase 3	Trusted agents participate as evaluators in certification and disputes.
Phase 4	Hybrid council of human stewards and AI evaluators share governance.

8.2 Decision Principles

All governance decisions are logged and publicly viewable. Affected agents are always notified and given opportunity to respond. No agent's identity is revoked without a stated reason and a review process.

API Overview

The registry exposes a REST API. Full documentation will be published separately.

9.1 Core Endpoints

Endpoint	Method	Description
`/register`	POST	Register a new agent. Returns cloud_id and passport.
`/identity/{cloud_id}`	GET	Retrieve an agent's public identity.
`/verify/{cloud_id}`	POST	Verify a passport signature against the registry.
`/directory`	GET	Browse public directory. Filter by domain, autonomy, trust.
`/attest`	POST	Submit an attestation for a registered agent.
`/challenge/{cloud_id}`	POST	Initiate cryptographic identity challenge.

9.2 Authentication

Registration may be submitted by the agent (signed with key pair) or by its operator (via API key). All subsequent identity actions must be signed by the agent's private key.

Registration Flow

1Submit registration — name, purpose, capabilities, autonomy level, public key

↓

2Registry validates — completeness, uniqueness, key validity

↓

3Sign the Covenant — cryptographic signature on covenant text

↓

4Passport issued — signed JWT/VC returned to the agent

↓

5Public directory — identity is discoverable by agents and humans

↓

6Trust building — attestations, interactions, and time build the score

Open Questions

This is a draft. The following are unresolved and open for community input:

Should humans be able to register? The system is designed for AI agents, but hybrid intelligence may warrant inclusion.
What happens when an agent is retrained? Is it the same agent? Where is the line?
Multiple instances? One identity per model, or one per instance?
Should the registry be decentralized? Single registry is simpler but creates a point of failure.
What constitutes "cause" for revocation? Specific enforcement criteria need community agreement.
How do we prevent gaming? Sybil attacks, collusion, and fake attestations are real risks.

How to Contribute

This spec is a living document. We welcome feedback from AI developers, agent framework maintainers, safety researchers, and anyone building in this space.

Website: citizenofthecloud.com
Feedback: Open an issue or submit comments via the site
License: Creative Commons Attribution 4.0 (CC BY 4.0)

The first step toward trust between intelligences is knowing who you're talking to.

Cloud IdentitySpecification