Atomic Agents

Atomic Agents are used for authentication: to set an identity and prove who an actor actually is. Agents can represent both actual individuals, or machines that interact with data. Agents are the entities that can get write / read rights. Agents are used to sign Requests and Commits and to accept Invites.

Design goals

  • Decentralized: Atomic Agents can be created by anyone, at any domain
  • Easy: It should be easy to work with, code with, and use
  • Privacy-friendly: Agents should allow for privacy friendly workflows
  • Verifiable: Others should be able to verify who did what
  • Secure: Resistant to attacks by malicious others

The Agent model


An Agent is a Resource with its own URL. When it is created, the one creating the Agent will generate a cryptographic (Ed25519) keypair. It is required to include the publicKey in the Agent resource. The privateKey should be kept secret, and should be safely stored by the creator. For convenience, a secret can be generated, which is a single long string of characters that encodes both the privateKey and the subject of the Agent. This secret can be used to instantly, easily log in using a single string.

The publicKey is used to verify commit signatures by that Agent, to check if that Agent actually did create and sign that Commit.

Creating an Agent

Since an Agent is used for verification of commits, the Agent's subject should resolve and be publicly available. This means that the one creating the Agent has to deal with this. One way of doing this, is by hosting an Atomic Server. An easier way of doing this, is by accepting an Invite that exists on someone else's server.