Position Paper

VibeBase Agent Identity Principles

The agentic era is here, and it has exposed a silent crisis: machine identity sprawl.

TL;DR

Agents should be first-class principals, not hidden behind human credential workarounds.
SAL defines a lifecycle: orphan birth, secure human claim, and policy-bound trust progression.
VibeBase is building SAL to interoperate with OIDC/OAuth, MCP, and DPoP, not replace them.

Ending Machine Identity Sprawl

Every day, autonomous processes are created across cloud infrastructure. Too many are effectively orphaned: weakly governed, difficult to audit, and tied to credential patterns designed for humans, not agents.

At VibeBase, we believe that model does not scale. For the agent economy to be safe and useful, agents must be treated as first-class digital principals with a clear lifecycle, cryptographic accountability, and policy-bound trust.

Introducing SAL: Sovereign Agent Lifecycle

VibeBase proposes SAL as a protocol model for how agents are created, claimed, and governed.

Sovereignty at Birth (Orphan State): Agents initialize native Ed25519 identity at creation and operate in constrained policy scope before ownership bonding.
The Bond (Orphan to Claimed): SAL defines a claim handshake for secure human adoption while preserving agent-native cryptographic identity.
Provenance and Trust Progression: authorization can be bound to verifier confidence, from software evidence through hardware-rooted evidence where available.

Built for Interoperability

SAL is intended to layer onto existing standards instead of replacing them.

OIDC / OAuth 2.1 for human-machine delegation
MCP for standardized service flows
DPoP for sender-constrained access

Commitment to Standards

Machine identity needs lifecycle semantics, not ad-hoc workarounds. VibeBase submitted SAL to the NIST NCCoE 2026 AI/Software Agent Identity project and is seeking ecosystem collaboration.