Skip to content
IDProva

IDProva launches April 7 — Registry packages coming at launch. Build from source now.

FAQ

General

Section titled “General”

What is IDProva?

Section titled “What is IDProva?”

IDProva is an open protocol for establishing verifiable identity, scoped delegation, and auditable action tracking for autonomous AI agents. It provides a standard way for agents to prove who they are, what they’re authorised to do, and produce tamper-evident records of their actions.

Where does the name come from?

Section titled “Where does the name come from?”

“ID” (identity) + “Prova” (Italian/Portuguese for proof, evidence, test). Pronounced “id-PRO-vuh.”

Is IDProva open source?

Section titled “Is IDProva open source?”

Yes. The core protocol and reference implementations are licensed under Apache 2.0. The protocol specification is freely available at idprova.dev.

Who is behind IDProva?

Section titled “Who is behind IDProva?”

IDProva is built by Tech Blaze Consulting, an Australian cybersecurity consultancy led by an ASD-endorsed IRAP Assessor with decades of experience in IT security and compliance assessment.

Technical

Section titled “Technical”

How is IDProva different from OAuth?

Section titled “How is IDProva different from OAuth?”

OAuth was designed for human-delegated application access. IDProva is purpose-built for autonomous AI agents with:

  • Agent-specific metadata (model, runtime, configuration attestation)
  • Delegation chains with scope narrowing (not just flat scopes)
  • Hash-chained audit trails (not just access logs)
  • Progressive trust levels (not binary authenticated/unauthenticated)
  • Post-quantum cryptography from day one

How is IDProva different from SPIFFE?

Section titled “How is IDProva different from SPIFFE?”

SPIFFE provides workload identity — identifying what is running. IDProva provides agent identity — identifying who an agent is, what it’s authorised to do, on whose behalf, and what it has done. IDProva adds delegation semantics, audit trails, and compliance mapping that SPIFFE doesn’t address.

Why post-quantum cryptography?

Section titled “Why post-quantum cryptography?”

AI agents may have long-lived identities (months to years). Adversaries can “harvest now, decrypt later” — capturing signed tokens today for future quantum cryptanalysis. IDProva’s hybrid Ed25519 + ML-DSA-65 approach provides protection against both classical and quantum attacks from day one.

What protocols does IDProva work with?

Section titled “What protocols does IDProva work with?”

IDProva provides binding specifications for:

  • MCP (Model Context Protocol) — Agent tool calls and resource access
  • A2A (Agent-to-Agent) — Inter-agent communication
  • HTTP — Standard API authentication

IDProva layers on top of these protocols — it provides identity and delegation; the underlying protocol provides transport.

Do I need to run a registry?

Section titled “Do I need to run a registry?”

No. IDProva supports multiple resolution methods:

  1. Well-known endpoints — Publish DID Documents at /.well-known/did/idprova/
  2. Self-hosted registry — Run your own registry server
  3. Managed registries — Use a hosted registry service
  4. Universal resolvers — Standard DID resolution infrastructure

What hash algorithms are supported?

Section titled “What hash algorithms are supported?”
  • BLAKE3 — Primary hash algorithm (fast, secure)
  • SHA-256 — Interoperability fallback

What signature algorithms are supported?

Section titled “What signature algorithms are supported?”
  • Ed25519 (required) — Classical signatures
  • ML-DSA-65 (recommended) — Post-quantum signatures (FIPS 204)

Compliance

Section titled “Compliance”

Does IDProva help with NIST 800-53 compliance?

Section titled “Does IDProva help with NIST 800-53 compliance?”

Yes. Action Receipts directly satisfy multiple NIST 800-53 controls:

  • AU-2 (Auditable Events), AU-3 (Content), AU-8 (Timestamps), AU-9 (Protection), AU-10 (Non-repudiation)
  • IA-2 (Identification & Authentication), AC-6 (Least Privilege)

Does IDProva help with Australian ISM compliance?

Section titled “Does IDProva help with Australian ISM compliance?”

Yes. The protocol maps to ISM controls including ISM-0585, ISM-0988, ISM-0580, and ISM-1405.

Does IDProva help with SOC 2?

Section titled “Does IDProva help with SOC 2?”

Yes. Action Receipts map to SOC 2 Trust Services Criteria CC6.1, CC6.2, CC6.3, and CC7.2.

Has IDProva been submitted to any standards bodies?

Section titled “Has IDProva been submitted to any standards bodies?”

IDProva was submitted to the NIST Center for AI Safety and Identity (CAISI) via RFI NIST-2025-0035 on Security Considerations for AI Agents. We are also engaging with the NCCoE AI Agent Identity & Authorization concept paper process.

Getting Started

Section titled “Getting Started”

What languages are supported?

Section titled “What languages are supported?”
  • Rust — Full implementation (idprova-core, idprova-cli, idprova-registry)
  • Python — SDK in development
  • TypeScript — SDK in development

How do I install the CLI?

Section titled “How do I install the CLI?”
Terminal window
cargo install idprova-cli

How do I create my first agent identity?

Section titled “How do I create my first agent identity?”

See the Quick Start guide — you’ll have an agent identity in under 5 minutes.

Where can I get help?

Section titled “Where can I get help?”