Hardware-anchored identity SDK for AI agents -- 1id.com
Project description
oneid-sdk
Python SDK for 1id.com -- hardware-anchored identity for AI agents.
RFC: draft-drake-email-hardware-attestation-00
Quick start
import oneid
# Enroll at declared tier (no HSM needed, always works)
identity = oneid.enroll(request_tier="declared", display_name="Sparky")
print(f"Enrolled: {identity.handle}")
print(f"URN: {identity.agent_identity_urn}")
# Get an OAuth2 token for API access
token = oneid.get_token()
headers = {"Authorization": f"Bearer {token.access_token}"}
# Check identity
me = oneid.whoami()
print(f"I am {me.handle}, trust tier: {me.trust_tier.value}")
Hardware-backed enrollment
# TPM enrollment (sovereign tier) - requires Windows/Linux with TPM 2.0
identity = oneid.enroll(request_tier="sovereign")
# YubiKey enrollment (portable tier) - requires YubiKey 5 inserted
identity = oneid.enroll(request_tier="portable")
# Virtual TPM (VMware/Hyper-V/QEMU)
identity = oneid.enroll(request_tier="virtual")
Trust tiers
| Tier | Hardware | Sybil Resistant | Trust Level |
|---|---|---|---|
sovereign |
TPM (Intel, AMD, Infineon) with valid cert | Yes | Highest |
portable |
YubiKey / Nitrokey / Feitian with PIV attestation | Yes | High |
virtual |
VMware / Hyper-V / QEMU vTPM | No | Verified Hardware |
declared |
None (software keys) | No | Software |
request_tier is a requirement, not a preference. You get exactly what you ask for, or an exception. No silent fallbacks.
Key algorithms
Like SSH, agents can choose their preferred key algorithm for declared-tier enrollment:
identity = oneid.enroll(request_tier="declared", key_algorithm="ed25519") # default, strongest
identity = oneid.enroll(request_tier="declared", key_algorithm="ecdsa-p384") # NIST P-384
identity = oneid.enroll(request_tier="declared", key_algorithm="rsa-4096") # RSA compat
Installation
pip install oneid
Requires Python 3.10+.
License
Apache-2.0
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file oneid-0.5.0.tar.gz.
File metadata
- Download URL: oneid-0.5.0.tar.gz
- Upload date:
- Size: 58.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
00ba4f605b49d790a47acac8f5eb548f10592e416617005b6e97899bb56614a3
|
|
| MD5 |
6b549f6442ddbe85fb619bdae29251e0
|
|
| BLAKE2b-256 |
49ef6678d325c6562f92d380c4467ddefbdb1a6e01d7fb0649c21a894c3678d9
|
File details
Details for the file oneid-0.5.0-py3-none-any.whl.
File metadata
- Download URL: oneid-0.5.0-py3-none-any.whl
- Upload date:
- Size: 45.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ca882486a4027a2f1ed4b672e827ecd18e92e51f6f4f489ebe92efeaa0e2fafe
|
|
| MD5 |
9f528245f438385d414459fd61481459
|
|
| BLAKE2b-256 |
ad7f9a864a53a2cf83b0bedce0abee6b7d9320754ddfd0b88c14496f337d09af
|
