While these problems are technically solvable by composing existing standards, in practice nobody does it. The gap between 'read the RFCs' and 'running in production' is where agent identity dies. ZeroID closes that gap.
Delegation over Identity Inheritance: We implement RFC 8693 (Token Exchange) so credentials carry the full actor chain (User → Agent A → Agent B) instead of collapsing everyone behind the user's identity.
Managed SPIFFE: Every agent gets a cryptographically verifiable workload identity (WIMSE/SPIFFE URI) without the operational overhead of running SPIRE, managing SVIDs, or handling rotation for ephemeral agents.
Revocation Propagation: We implement cascading revocation, when a parent token is revoked, the entire chain of tokens derived from the parent is immediately invalidated.
We're keeping this open-source because identity shouldn't be a proprietary silo.
(Diclaimer, I work at Highflame, the company behind ZeroID)
OIDF Whitepaper: [0] https://openid.net/wp-content/uploads/2025/10/Identity-Manag...