The explosion of AI agents—autonomous software entities that act on behalf of users—has created a problem we haven't fully solved: how do you trust an agent you've never met?
When an AI agent books your flight, negotiates with another agent to schedule a meeting, or executes a financial transaction, you need to know it's authorized. The agent on the other side needs to verify credentials without calling back to a central authority. Traditional identity systems weren't built for this.
Decentralized identity (DID) technology provides a solution. Instead of relying on centralized identity providers like Google or Facebook, DIDs let agents carry cryptographically verifiable credentials that can be checked independently. This matters more every day as AI agents become more autonomous and handle higher-stakes operations.
The Trust Problem With AI Agents#
AI agents are fundamentally different from traditional applications. They don't just respond to direct user input—they make decisions, initiate actions, and interact with other systems autonomously.
Consider a simple scenario: an AI agent managing your calendar needs to schedule a meeting with another person's scheduling agent. How does your agent prove it's authorized to speak for you? How does the other agent verify this claim?
With traditional systems, you'd need:
- A centralized identity provider (IDP)
- API keys or OAuth tokens tied to that IDP
- Network connectivity to verify tokens
- Trust that the IDP hasn't been compromised
- Agreement between all parties to use the same IDP
This breaks down quickly when agents need to work across organizational boundaries, operate offline, or maintain privacy. If your scheduling agent needs to call back to Google every time it interacts with someone, you've created a bottleneck and a surveillance point.
Why Decentralized Identity Works for Agents#
Decentralized identity flips the model. Instead of checking with a central authority, agents carry verifiable credentials that can be validated using cryptography.
The W3C DID specification defines a standard format for these identities. A DID looks like this:
did:abt:z1fhKPEfW9YnG8XnKsF5KFDzLQRTLnqbJr1
This identifier points to a DID document stored on a blockchain or distributed ledger. The document contains public keys, service endpoints, and other metadata. When an agent presents a credential, anyone can:
- Verify the credential was issued by checking the issuer's DID document
- Confirm the credential hasn't been revoked
- Validate cryptographic signatures without contacting a third party
This works offline, across organizational boundaries, and without creating surveillance points.
How ArcBlock Implements DID for Agents#
ArcBlock's DID implementation is built into the platform at the protocol level. Every user, device, and agent gets a blockchain-backed DID by default.
When you create an agent in ArcBlock, it automatically receives:
- A unique DID identifier
- A key pair for signing credentials
- A DID document published to the blockchain
- Support for verifiable credentials
Here's what this looks like in practice:
import { Agent, Wallet } from '@arcblock/sdk';
// Create a new agent with its own DID
const agentWallet = Wallet.fromRandom();
const agent = new Agent({
wallet: agentWallet,
name: 'My Scheduling Agent'
});
// The agent now has a DID
console.log(agent.did);
// Output: did:abt:z1fhKPEfW9YnG8XnKsF5KFDzLQRTLnqbJr1
// Agent can sign actions
const signedAction = await agent.sign({
action: 'schedule_meeting',
time: '2026-02-15T14:00:00Z',
participant: 'did:abt:z1muQ3xqHQK2uiACHyChikobsiY5kLqtShG'
});
The agent's DID isn't just an identifier—it's a complete identity system. Other agents can verify any action by checking the signature against the agent's DID document.
Verifiable Credentials: Proving Authorization#
DIDs solve identity, but agents also need to prove authorization. Just because an agent has an identity doesn't mean it's allowed to act on your behalf.
This is where verifiable credentials come in. A verifiable credential is a cryptographically signed statement from one party about another. Think of it like a digital certificate that proves specific claims.
For AI agents, you might issue credentials like:
- "This agent is authorized to schedule meetings on my behalf"
- "This agent can approve expenses up to $1,000"
- "This agent represents Company X in contract negotiations"
ArcBlock's DID system includes built-in support for issuing and verifying credentials:
import { VC } from '@arcblock/did';
// User issues a credential to their agent
const credential = await VC.create({
issuer: userDid,
subject: agentDid,
claims: {
type: 'SchedulingAuthorization',
permissions: ['schedule_meetings', 'cancel_meetings'],
validUntil: '2026-12-31'
}
});
// Sign the credential
const signedCredential = await VC.sign(credential, userWallet);
// Agent can present this credential to prove authorization
const presentation = await agent.createPresentation({
credentials: [signedCredential],
challenge: 'nonce-from-verifier'
});
The receiving party can verify this credential without calling back to any central authority. They just need to check:
- The issuer's signature is valid (using their DID document)
- The credential hasn't been revoked (checking the blockchain)
- The claims match what they expect
Agent-to-Agent Communication with DID#
The real power shows up when agents communicate directly with each other. Because both agents have verifiable DIDs, they can establish trust without human intervention.
Here's a practical example—two agents negotiating a meeting time:
// Agent A initiates contact with Agent B
const message = {
from: agentA.did,
to: agentB.did,
type: 'meeting_request',
proposals: [
{ time: '2026-02-15T14:00:00Z' },
{ time: '2026-02-15T15:00:00Z' }
]
};
// Agent A signs the message
const signedMessage = await agentA.sign(message);
// Agent B receives and verifies
const isValid = await VC.verify(signedMessage, agentA.did);
if (isValid) {
// Check if Agent A has authorization
const hasAuth = await checkCredential(
agentA.credentials,
'schedule_meetings'
);
if (hasAuth) {
// Proceed with scheduling
const response = await agentB.selectTime(message.proposals[0]);
return response;
}
}
No API keys to manage. No OAuth flows. No centralized identity provider that can see all interactions. Just two agents with verifiable identities negotiating directly.
Privacy and Selective Disclosure#
One challenge with AI agents is privacy. You don't want your agent broadcasting your entire credential set every time it interacts with another system.
ArcBlock's DID implementation supports selective disclosure—agents can prove specific claims without revealing unnecessary information.
For example, an agent might need to prove:
- "I'm authorized by someone over 18"
- "I represent a company with revenue over $1M"
- "I have approval for this transaction"
Without revealing:
- The exact age
- The exact revenue
- The identity of the approver
This is done using zero-knowledge proofs and selective credential presentation:
// Create a proof that reveals only specific claims
const selectiveProof = await VC.createSelectiveDisclosure({
credential: fullCredential,
revealedClaims: ['authorization_type', 'expiration'],
hiddenClaims: ['user_identity', 'user_age', 'internal_id']
});
// Verifier can confirm the claims without seeing hidden data
const verified = await VC.verifySelective(selectiveProof);
This is critical for AI agents operating in regulated industries or handling sensitive data.
Cross-Chain and Cross-Platform Identity#
AI agents won't stay within a single ecosystem. Your scheduling agent might need to interact with agents on different blockchain platforms, traditional web services, and other networks.
ArcBlock's DID system follows the W3C standard, which means identities work across platforms. An agent with an ArcBlock DID can present credentials to systems using Ethereum-based DIDs, traditional OAuth providers (via DID bridges), or other W3C-compliant implementations.
The ArcBlock platform also provides bridges to legacy identity systems:
// Bridge a traditional OAuth token to a verifiable credential
const bridgedCredential = await DIDAuth.bridgeOAuth({
oauthToken: googleToken,
issuerDid: bridgeServiceDid,
subjectDid: agentDid
});
// Now the agent can use this in DID-native systems
This interoperability is essential as AI agents become more prevalent. We can't expect every system to migrate to decentralized identity overnight, but we can build bridges that let agents work across both worlds.
Real-World Use Cases#
The combination of AI agents and decentralized identity enables scenarios that were previously impractical:
Automated B2B Transactions: An agent representing your company can negotiate contracts with another company's agent. Both agents carry verifiable credentials proving their authority. The negotiation happens automatically, with the blockchain recording an immutable audit trail.
Healthcare Coordination: A patient's AI agent coordinates care between providers. The agent has verifiable credentials proving patient authorization. Providers can trust the agent without calling the patient to confirm every interaction. The agent can selectively disclose only relevant medical information to each provider.
Supply Chain Automation: Agents representing different parties in a supply chain can verify shipments, approve payments, and update records. Each agent's DID proves they represent their claimed organization. Smart contracts execute automatically when conditions are met.
Decentralized Social Networks: Your AI agent can interact with other users' agents to schedule meetups, share content, or coordinate group activities. Because identities are decentralized, no single company controls your social graph or can deplatform you.
The Path Forward#
AI agents will become more autonomous and handle more critical operations. The question isn't whether they'll need verifiable identity—they will. The question is whether we'll build that identity system on centralized platforms that create bottlenecks and surveillance points, or on decentralized protocols that preserve privacy and user control.
ArcBlock's approach—blockchain-backed DIDs with verifiable credentials—provides a foundation for trustworthy AI agents. As the platform evolves, we're seeing more developers build agent-based applications that leverage decentralized identity for authorization, privacy, and cross-organizational coordination.
The technology is ready. The standards are mature. Now it's about building applications that show what's possible when AI agents have real, verifiable identities they control.
If you're building AI agents that need to prove authorization, maintain privacy, or work across organizational boundaries, decentralized identity isn't optional—it's the foundation everything else builds on.
Getting Started#
ArcBlock provides open-source SDKs for building DID-enabled agents in JavaScript, Python, and other languages. The platform handles the blockchain complexity—you just work with simple APIs for creating DIDs, issuing credentials, and verifying claims.
Check out the ArcBlock developer documentation for code examples and tutorials. The platform includes test networks for development and production networks for deployed applications.
The future of AI agents depends on trust. Decentralized identity makes that trust verifiable, private, and user-controlled. That's the foundation we need to build on.