We present APIS v2.0 (Agent Passport Issuance Standard), a cryptographic identity framework for autonomous AI agents operating across organizational boundaries and agentic frameworks. APIS v2.0 defines a credential chain grounded in legal mandate doctrine, hardware trust anchors (TPM 2.0), and DNS-anchored identity for cloud-hosted agents. Each agent receives a realm-scoped Decentralized Identifier (DID) and a signed Passport JWT binding the agent to a named principal, a scoped mandate, and a verifiable machine identity. The framework introduces a tiered trust model accommodating physical TPM (Tier 1) through DNS-registered identity (Tier 2.5), enabling CMMC Level 2 compliance for AI agent operations. We describe the APIS-APP provisioning protocol — an ACME-equivalent automated passport issuance mechanism — and demonstrate interoperability across OpenHands, Claude Code, Codex, and custom agent frameworks. A reference implementation is available at passportalliance.org.
Cory M. Gibson (Sat,) studied this question.