VAID
A VAID is a portable identity bound to an action an agent takes. It says who acted, with what authority, and who issued that authority – and any party can check it on sight, with no shared trust domain and no service in between.
Every agent action that needs trust across a system boundary takes a bespoke integration or a shared secret. Verifying who did what means being inside the same trust domain, or negotiating a federation agreement first.
Any party can verify who did what, and with what authority, by checking one signature – with no shared trust domain, no prior relationship, and no service to call.
That single, portable, independently-checkable proof is the primitive the whole category is missing – and the unit SYNTHERA and every tenant is built on.
Think of it like a passport, bound to an action.
A passport says who you are and who vouches for you, and a border officer can check it without calling your home country. A VAID does the same for an agent action: it states the acting identity, the authority it carries, and its lineage – and it carries its own cryptographic proof, so a verifier checks the signature, not the claim.
This isn't a diagram of verification. It's the real thing, running in your browser: the actual VAID proof-of-possession path against the standard's frozen conformance vector.
A VAID binds an action to a signature. The reference request below verifies against a real, frozen Ed25519 signature. Type one character into the body and the proof breaks – that is the point.
- JCS canonicalize–
- SHA-256 digest–
- Ed25519 verify–
Real Ed25519 + SHA-256 + RFC 8785 canonicalization, checked against the VAID conformance vector.
Interop, made concrete
The Rust and Python reference SDKs reproduce the same SHA-256 digest and the same Ed25519 signature from the same fixed inputs, with no shared runtime between them. That frozen vector – the one this demo just checked – is the interoperability guarantee, proven rather than claimed.
Scope is a statement
The open standard now includes the signing and verification contract and an open reference mint – issuance, delegation and attenuation. What stays commercial is the hosted authority that runs a mint in production: durable revocation, KMS-backed keys and the audit-of-record, plus the policy language for what a VAID may do and the mesh and federation control plane. The reference mint proves the shape; it is not that authority.
Here's precisely what that signature covers – the exact payload, canonicalization and headers the demo just verified, and the guarantees they buy.
Cryptographically signed
Identity is proven, not asserted. A verifier checks one Ed25519 signature over a canonical form – no trust in the sender required.
Capability-scoped
The payload binds the exact method, path and body of the action. A signature for one request is useless on any other.
Lineage-tracked
Identity and tenant are derived from the verified VAID, never from a body-asserted field – so a caller can only ever act as itself.
A holder signs a small, exact payload – seven fields, no more, no less – then attaches four headers. The signature covers the canonical bytes of that payload.
payload = { vaidId, method, path,
bodySha256, tenantId,
timestamp, clientNonce }
canonical = RFC 8785 JCS(payload)
digest = SHA-256(canonical)
signature = Ed25519(digest) # over the 32-byte digest x-synthera-vaid: base64(VAID) x-synthera-timestamp: 2026-06-04T12:00:00Z x-synthera-nonce: 0123…cdef x-synthera-signature: base64(Ed25519 sig)
Get VAID
The reference implementation is open source under Apache-2.0. Source: github.com/solara-associates/vaid
cargo add vaid-pop cargo add vaid-client cargo add vaid-mint
pip install vaid-pop pip install vaid-mint pip install vaid-langchain
SYNTHERA is the trust layer for multi-agent systems: every agent gets a verifiable identity, scoped authority and a tamper-evident record, so software from different teams, vendors and frameworks can act on each other’s behalf without custom glue between every pair.
Join the first cohort shaping the VAID spec.
VAID is an interoperability contract. If you're building on agent identity, help shape the standard as it evolves.