Agentic Zero Trust Protocol (AZTP)
A Standard for Secure, Verifiable Agent Interactions Across Trust Boundaries
AZTP is an open protocol designed to solve the challenge of authenticating and authorizing agents (humans, AI, services, tools) as they interact across organizational and cloud boundaries. It provides a robust, verifiable chain of trust for every request—no matter how many agents or services are involved.
Why AZTP?
- Modern distributed systems (especially those with AI agents) often require multiple agents to work together across different organizations and clouds.
- Traditional authentication (like simple API keys or single-hop OAuth) breaks down when requests pass through chains of services or agents.
- AZTP creates a standardized, auditable way to pass identity and authorization through every hop, so every service can verify the full chain of trust.
How AZTP Works (in a Nutshell)
- Identity for Every Agent: Each agent or service gets a cryptographically-verifiable identity, using SPIFFE (opens in a new tab) IDs and certificates.
- Direct Connections: Adjacent services authenticate with each other using mutual TLS (mTLS) and X.509 certificates.
- Chained Requests: When a request passes through multiple agents/services, each one adds its own signed JWT token, creating a chain of tokens.
- Token Chain: This chain of nested JWTs allows any service to verify the full path the request has taken, who was involved, and what each agent is allowed to do.
- Trust Domain Federation: AZTP supports secure collaboration across different organizations by federating trust domains and validating identities from other domains.
Key Concepts
- SPIFFE Integration: Every agent/service gets a SPIFFE ID and certificate from its own trust domain.
- Token Chaining: Each service validates the previous token, adds its own, and passes the chain along. The chain is verifiable end-to-end.
- Capabilities & Constraints: Each token describes what actions are allowed (capabilities) and any limits (constraints) on delegation.
- Auditability: Every action is traceable through the full chain of tokens.
- Security: Cryptographic signatures, short-lived tokens, and strict validation prevent forgery, replay, and privilege escalation.
Why Agent Developers Should Care
- Build secure, multi-agent workflows that cross organizational boundaries.
- Delegate authority safely: Pass only the minimum required permissions, and limit how far they can propagate.
- Trace every action: Know exactly which agents and services were involved in every request.
- Integrate with open standards: Works with SPIFFE, mTLS, JWT, and OAuth 2.1.
Triangle of Trust
AZTP is built on the "Triangle of Trust" model:
- Identity: Every agent and service has a strong, verifiable identity (using SPIFFE IDs and certificates).
- Policy: Every action is governed by explicit, auditable policies that define what is allowed, where, and when.
- Control: The system enforces policy decisions at every step, ensuring that only authorized actions are performed, and every request is traceable.
This model ensures that trust is never assumed—it's always established, enforced, and auditable at every hop.
Read the full AZTP spec by Frederick Kautz (AZTP spec author) (opens in a new tab). Frederick Kautz is a recognized leader in cloud-native security, Zero Trust, and open-source communities. Read Frederick's full bio (opens in a new tab)
aztp-client SDK: Unlocking Agentic Zero Trust with astha.ai
The aztp-client (npm/pip) SDK gives you access to all the power of AZTP, including:
- Zero Trust Security: Every connection is authenticated and authorized—no more weak links.
- Universal Identity: Humans, AI agents, and services all get unique, verifiable digital identities.
- Plug-and-Play: Integrates with your favorite identity providers (Google, Auth0, Azure, etc.) and open standards (OIDC, JWT, mTLS, SPIFFE).
- Policy-Driven: Define exactly what each agent or user can do, where, and when—with fine-grained, auditable policies.
- Cross-Domain & Multi-Cloud: Securely connect and collaborate across organizations, clouds, and trust domains.
- Auditability & Compliance: Every action is logged and traceable, supporting your security and compliance needs.
- Developer Friendly: Real-world examples, quick start guides, and support for both npm (TypeScript/JavaScript) and pip (Python).
- Scalable & Flexible: Works for everything from a single agent to global, multi-cloud enterprise deployments.
How It Works
- Authenticate: Users and agents log in using trusted providers (OIDC, SSO, etc.).
- Get a Secure Identity: Each agent or user receives a unique, verifiable digital identity (AZTP ID + certificate).
- Connect & Collaborate: All communications are protected with mutual TLS (mTLS) and signed tokens (JWT), ensuring only trusted parties can interact.
- Enforce Policies: Every action is checked against your rules—no unauthorized access, ever.
- Audit Everything: Full traceability for every request, every agent, every time.
At a Glance
[User/Agent] --(Login/OIDC)--> [AZTP] --(Secure Identity: x509/JWT)--> [Trusted Network]
| |
|<-- Policy, Audit, Compliance -----------------|Who Is It For?
- Agent Developers: Effortlessly build, deploy, and manage AI agents, tools, and services with secure, verifiable identity and zero trust access. Integrate open standards and focus on innovation—AZTP handles the security.
- Enterprises: Transform your organization with unified, policy-driven identity and access for humans, agents, and workloads. Enforce zero trust, ensure compliance, and enable secure collaboration across clouds, teams, and partners.
aztp-client: The Official SDK
aztp-client on npm (opens in a new tab) | aztp-client on PyPI (opens in a new tab)
The aztp-client SDK is the official way to integrate Agentic Zero Trust Protocol (AZTP) into your agents, tools, and services. It provides secure identity management, policy enforcement, and cross-domain collaboration for both human and AI agents, with support for both TypeScript/JavaScript and Python.
Installation
npm install aztp-client # TypeScript/JavaScript
pip install aztp-client # PythonSee the Quick Start for full setup and usage instructions, including agent integration, trusted domains, and advanced flows.