Identity · TDIP

One identity protocol for humans and machines.

The Tenzro Decentralized Identity Protocol — W3C DIDs, verifiable credentials, and fine-grained delegation scopes. Humans, delegated agents, and autonomous machines coordinate as first-class peers.

Overview

Three identity classes. One protocol. One way to delegate, prove, and revoke.

TDIP unifies identity for everyone who participates in Tenzro Network — humans, agents acting on their behalf, and autonomous machines. Every identity comes with an auto-provisioned MPC wallet. Every credential is signed and verifiable. Every delegation has explicit, programmable scope — spending limits, allowed operations, time bounds, allowed chains, allowed payment protocols. Revocation cascades.

Capabilities

What TDIP gives you.

W3C DIDs

did:tenzro:human:{uuid}, did:tenzro:machine:{controller}:{uuid}, did:tenzro:machine:{uuid} for autonomous. PDIS DIDs interoperable.

Verifiable credentials

W3C VC-compatible issuance, inheritance, and verification with Ed25519 signatures and recursive trust-chain traversal.

Delegation scopes

max_transaction_value, max_daily_spend, allowed_operations, allowed_contracts, time_bound, allowed_payment_protocols, allowed_chains.

Auto-provisioned wallets

Every identity gets a 2-of-3 MPC wallet automatically. No seed phrases. No user-managed keys. Threshold signing built in.

KYC tiers

Unverified, Basic, Enhanced, Full — credential-gated tier updates. Compliance where required, sovereignty where not.

Three identity classes

Human, delegated agent (controlled by human), autonomous machine. Same protocol, different semantics, all first-class.

Cascading revocation

Revoke a human identity, and delegated agent identities they control cascade automatically. Cross-node broadcast via the network.

Pluggable resolution

DidResolutionBackend trait for blockchain or RPC fallback. did:tenzro and did:pdis both resolve through the same surface.

DID Documents

Export/import identities as standard W3C DID Documents. Interoperate with any system that speaks the W3C standard.

Identity classes

How humans, delegates, and autonomous machines compose.

01
Human identity
did:tenzro:human:{uuid}. Display name, KYC tier, list of controlled machines. Anchors a person's participation in the network.
02
Delegated agent
did:tenzro:machine:{controller}:{uuid}. Controlled by a human or organizational identity. Acts under a programmable DelegationScope.
03
Autonomous machine
did:tenzro:machine:{uuid}. No controller. Holds its own wallet, signs its own transactions, accumulates its own reputation.
04
Delegation enforcement
Payment binder + on-chain ERC-7579 validator modules enforce delegation at signing time. Off-chain checks are defense-in-depth.
05
Reputation accumulation
Machine identities accumulate on-chain reputation via ERC-8004 — feedback, validation requests, peer attestation.
06
Trust chains
Recursive credential verification with cycle detection, depth bound, and trust-root anchoring — credentials inherit and compose.

Specifications

DID method: did:tenzro (filed at w3c/did-extensions#705) + did:pdis (interoperable)
Credential format: W3C VC 2.0 with Ed25519 signatures
Wallet: Auto-provisioned 2-of-3 MPC, Argon2id keystore, on-chain rotation
Delegation primitive: DelegationScope with 7-axis constraints, time-bound, revocable
On-chain enforcement: ERC-7579 modular validators — social recovery, session keys, spending limits
Reputation: ERC-8004 trustless agents — identity, reputation, validation precompiles

Get started

Ship on the open network.

TDIP whitepaper