IAASOInternational Autonomous Agents Standards Organization

Developers

Build against the standards

Everything below is normative: the shipped JSON Schemas and conformance vectors are the machine-readable truth, published at github.com/uuaid.

1Identifier profiles

IAASO-1001 defines two conformant identifier profiles. The discriminator is segment count: four segments is the compact form, five is the federated form.

ProfileGrammarUse
Profile AUUAID compact formuuaid:<namespace>:<object-type>:<local-id>The live production grammar (4 segments). Charset [a-z0-9-] allows hyphenated object types and UUID local-ids. Every Polygon-anchored identifier uses this form.
Profile BIAASO federated formuuaid:<subject-class>:<jurisdiction>:<namespace>:<local-id>Reserved for cross-registry federation (5 segments). subject-class must come from the registered enum.
# Profile A — compact (live)
uuaid:aaua:agent:9f2b7c4e-8a31-4d2e-b1a5-6c0d3f9e8a72

# Profile B — federated (reserved)
uuaid:agent:global:aaua:9f2b7c4e-8a31-4d2e-b1a5-6c0d3f9e8a72

2Cryptographic suites

Signed IAASO objects carry a proof array of UUAID SignatureEnvelopes with crypto-agile algorithm identifiers (IAASO-1601):

ParameterValueNotes
Signature algorithmed25519v1 default. ml-dsa-65 reserved for the post-quantum hybrid transition.
CanonicalizationJCS-RFC8785RFC 8785 JSON Canonicalization Scheme, for all hashing and signing.
Hashkeccak256Anchor-chain compatible with the live Polygon ledger.
Envelope{alg, keyId?, publicKey?, sig, created?}The UUAID SignatureEnvelope, per ADR-002.

3Status model

Certification and accreditation status is a ten-value enum (IAASO-1301). Verifiers must treat anything other than active or conditional as non-authoritative for trust decisions:

draftpendingactiveconditionalprobationarysuspendedrevokedexpiredarchivedsuperseded

4API quickstart

The IAASO API is served from the UUAID registry under https://api.uuaid.org/iaaso/v1. All read endpoints are public and unauthenticated.

Resolve a subject

curl https://api.uuaid.org/iaaso/v1/resolve/uuaid:aaua:agent:9f2b7c4e-8a31-4d2e-b1a5-6c0d3f9e8a72

Check status and history

curl https://api.uuaid.org/iaaso/v1/status/uuaid:aaua:agent:9f2b7c4e-8a31-4d2e-b1a5-6c0d3f9e8a72
curl https://api.uuaid.org/iaaso/v1/status/uuaid:aaua:agent:9f2b7c4e-8a31-4d2e-b1a5-6c0d3f9e8a72/history

Verify a credential

curl -X POST https://api.uuaid.org/iaaso/v1/verify/credential \
  -H 'content-type: application/json' \
  -d '{
    "credential": {
      "type": "AAUACredential",
      "certification": "cert-saf-101",
      "agent_handle": "example-agent",
      "signature": "..."
    }
  }'

The response is a VerificationResult whose checks[] covers signature validity, issuer accreditation, current status and expiry — a revoked but validly-signed credential verifies false.

Trust anchors and transparency

curl https://api.uuaid.org/iaaso/v1/trust/issuers
curl https://api.uuaid.org/iaaso/v1/trust/keys
curl https://api.uuaid.org/iaaso/v1/receipts/{event}
curl https://api.uuaid.org/iaaso/v1/crypto-inventory

5Schemas and conformance

JSON Schemas ship in versioned pairs (v1 frozen, v1.1 current): the base object plus subject-document, trust-profile, status-object and accreditation. A conformance runner validates examples and signed test vectors against them. Where specification prose and schema disagree, the schema wins and the prose receives a published erratum.