Skip to content

cip: add Agentic Identity & Mandate-Bound Payments (Standards Track / Daml)#202

Open
hilarl wants to merge 1 commit into
canton-foundation:mainfrom
hilarl:tenzro/cip-agentic-identity
Open

cip: add Agentic Identity & Mandate-Bound Payments (Standards Track / Daml)#202
hilarl wants to merge 1 commit into
canton-foundation:mainfrom
hilarl:tenzro/cip-agentic-identity

Conversation

@hilarl
Copy link
Copy Markdown

@hilarl hilarl commented May 3, 2026

cip: add Agentic Identity & Mandate-Bound Payments (Standards Track / Layer: Daml)

Summary

This PR opens a Standards Track CIP specifying how DID-controlled
agents — both human-controlled and machine-controlled — bind to Canton
parties, and how an agent's payment mandate is carried in the meta
field of CIP-56 transfer instructions so that registries can validate
mandate-bound transfers at certification time.

The CIP defines three mechanisms:

  • A deterministic DID → Canton-party mapping (§2) supporting TDIP
    human and machine identities, the PDIS DIDs, did:web, and
    did:key.
  • A meta-key envelope (§3, 10 keys) for carrying delegation-scope,
    intent-mandate, and cart-mandate commitments alongside their
    detached signatures.
  • A two-layer mandate schema (§5) — IntentMandate authorizes a class
    of purchases over a window; CartMandate authorizes one specific
    purchase. The two compose under the AP2 intent-and-cart pattern.
  • A 5-clause registry-side validation predicate (§6) that enforces
    delegation ceilings, mandate aggregate ceilings, cart-nonce
    uniqueness, mandate-issuer signature validity, and counterparty
    binding.

The CIP is filed as Draft. Per CIP-0000, the author has not
self-assigned a number; the editor will assign one on merge.

This is the third in a four-part stack of contributions covering, in
order: (A) Multi-VM CIP-56 Bridge Pattern; (B) AI Training & Inference
Settlement; (C) the agentic identity and mandate-bound payments in
this PR; (D) TEE-Attested Confidential Compute Receipts. Each is filed
as a separate CIP and may be reviewed independently.

What this CIP specifies

  • DID → Canton-party mapping (§2) keyed on a SHA-256 derivation with
    domain-separation tag tenzro/agentic/party/v1. Seven DID methods
    enumerated normatively.
  • A meta-key namespace tenzro.network/agent.* (§3) with 10
    normative keys covering principal DID, controller DID,
    delegation-scope commitment, intent-mandate commitment,
    cart-mandate commitment, mandate issuer DID, mandate signature,
    off-ledger URI, and validity window.
  • DelegationScope schema (§4) with 9 fields: principal DID,
    controller DID, per-transaction ceiling, daily-spend ceiling,
    allowed operations, allowed payment protocols, allowed chains
    (CAIP-2), and time bounds.
  • IntentMandate (§5.1) and CartMandate (§5.2) schemas, both
    binding to instrumentId and carrying the per-cart nonce.
  • Registry-side validation predicate (§6) — five clauses (a-e)
    covering principal binding, delegation enforcement, intent
    aggregate enforcement, cart binding + signature + nonce, and
    amount equality.
  • Failure modes table (§7) — nine enumerated paths.
  • Forward-compatibility provisions for the v2 packages defined in
    CIP-112, including allocation-flow settlement.

What this CIP does NOT propose

  • No changes to CIP-56, the DAML standard library, the Canton
    protocol, or the Global Synchronizer.
  • No new on-chain templates or choices.
  • No specific DID resolver. Operators pin the resolution backend they
    trust per §Security considerations.

Reference implementation

The pattern is shipped and operating on the Tenzro Network testnet.
Live endpoints documented in §Reference implementation of the CIP
body.

TDIP DIDs and W3C DID Document export live at
crates/tenzro-identity/src/{did,identity,document,credential}.rs.
DelegationScope and the enforce_operation ceiling live at
crates/tenzro-identity/src/delegation.rs. AP2 mandate validation
lives at crates/tenzro-payments/src/ap2/mod.rs. The two-axis
ceiling (DelegationScope + runtime SpendingPolicy) lives at
crates/tenzro-payments/src/identity_binding.rs. The Canton
adapter that populates the meta keys at submission time lives at
crates/tenzro-bridge/src/canton.rs.

File layout

The CIP lives at cips/cip-hilarl-Agentic-Identity.md. The directory
convention used by numbered CIPs (cip-XXXX/) is also acceptable,
with the file moved on number assignment.

Process notes

  • Status: Draft (author-controlled per CIP-0000).
  • Type: Standards Track.
  • Layer: Daml.
  • License: Apache-2.0 (per CIP-0000 acceptable-license list).
  • Number: not self-assigned. Slug: cip-hilarl-Agentic-Identity.
  • Composes against: CIP-0056.
  • Forward-composes against: CIP-0112 (v2 packages).

Signed-off-by: Hilal Agil hilal@tenzro.com

@hilarl
cip: add Agentic Identity & Mandate-Bound Payments (Standards Track /…
8df29d4 
… Daml)

Specifies how autonomous AI-agent identities and the mandates that
constrain them are carried in the meta field of CIP-56 transfer
instructions, so that agent-initiated payments settle natively against
CIP-56 holdings under cryptographically-enforced authority.

Composes three published primitives — W3C DID Core 1.1 / VCDM 2.0 for
agent identity, ERC-8004 for cross-chain agent registration, and AP2
(Agent Payments Protocol, FIDO Alliance, since 28 April 2026) for
mandate semantics — onto CIP-56's two-step transfer flow without any
new on-chain templates.

Fixes a normative meta-key namespace (tenzro.network/agent.* and
tenzro.network/mandate.*, 12 keys), specifies the IntentMandate /
CartMandate / signed-VC schemas, and defines a 7-clause registry-side
validation predicate.

Filed as Draft. No number self-assigned. Slug:
cip-hilarl-Agentic-Identity.

Signed-off-by: Hilal Agil <hilal@tenzro.com>
@hilarl hilarl requested a review from a team as a code owner May 3, 2026 08:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tkatrichenko tkatrichenko Awaiting requested review from tkatrichenko tkatrichenko is a code owner automatically assigned from canton-foundation/admins

@hythloda hythloda Awaiting requested review from hythloda hythloda is a code owner automatically assigned from canton-foundation/admins

@stas-sbi stas-sbi Awaiting requested review from stas-sbi stas-sbi is a code owner automatically assigned from canton-foundation/admins

@waynecollier-da waynecollier-da Awaiting requested review from waynecollier-da waynecollier-da is a code owner automatically assigned from canton-foundation/admins

@isegall-da isegall-da Awaiting requested review from isegall-da isegall-da is a code owner automatically assigned from canton-foundation/admins

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hilarl