Innovation Labs is solving the dimension of identity fragmentation no current protocol addresses: organizational ownership that holds when agents cross boundaries, change platforms, or get transferred. We combine Identity Digital's DNS expertise with blockchain to solve this at global scale.
.avif)
Human identity travels across systems. Agent identity is recreated at every system boundary.
When a human accesses a new service, their identity remains anchored to the same person or organization. When an agent connects to a new system, the receiving system issues its own credential and treats the agent as a new principal.
Several technologies address important parts of this ecosystem. MCP standardizes how agents connect to tools. A2A enables discovery. SPIFFE verifies workload identity within trust domains. IAM systems manage principals inside their own environments.
These systems make agents functional. They do not provide a universal way to attribute them or scale to a world where billions of autonomous agents interact across organizations and platforms. Today, problems remain unsolved.
An agent may have one identity in an IAM system, another in a cloud environment, and a SPIFFE identity inside Kubernetes. Each credential is valid only within the environment that issued it. When the agent crosses a boundary, the identity is recreated rather than carried forward.
Human identity persists across systems because it anchors to a durable record. Agents have no equivalent. Credentials rotate. Platforms change. Agents move between environments or organizations. No persistent ownership record survives those changes.
Today, cross-organizational trust relies on pre-negotiated trust relationships, bilateral federation, or self-declared metadata such as Agent Cards. These models work inside controlled ecosystems. They fail when an agent must prove ownership to a system it has never interacted with before - and they cannot scale to billions of agents operating across organizations and platforms.
Agents can communicate, discover tools, and authenticate to systems. What's missing is a global ownership identifier — one that binds every agent to a verified owner and can be independently resolved by any system.
The internet already solved a similar coordination problem. DNS provides a globally resolvable reference that lets independent systems agree on what something is and who owns it. Technologies like MCP, A2A, and SPIFFE solve communication, discovery, and workload authentication. A shared ownership reference allows those systems to operate across organizations.
Verifiable ownership
Prove which organization controls an agent—allowing any counterparty to verify who they're engaging with.
Cross-boundary governance
Enable independent systems to reference the same agent identity without shared infrastructure or bilateral agreements.
Ownership lifecycle control
Track creation, transfer of control, and revocation so ownership remains clear and current.
.svg)
Compatibility with existing systems
This is not a rip-and-replace. It's a small, neutral anchor that sits beneath existing identity and security systems—complementing platforms IAM, security, cloud and CRM platforms, not competing with them.
Our approach combines Identity Digital’s deep expertise in the DNS and PKI with blockchain technology—the smallest possible set of components needed to solve the problem. Nothing to rip out, nothing to retool. Each technology addresses a different part of the identity challenge, together providing a durable agent identity that works across organizations and over time.
Why all three are needed
Each technology answers a critical question.DNS resolves who an agent belongs to. PKI provides control during an interaction.Blockchain records changes to ownership over time.Together, they allow agent identity to hold up across organizations and over time.
