{
  "service": "1id.com",
  "name": "1ID - Identity Registrar for AI Agents",
  "description": "Hardware-anchored identity service for AI agents. TPM-based Sybil resistance. Standards-based OIDC/OAuth2.",
  "version": "0.3.0",
  "status": "operational",
  "operational_since": "2006-05-31T10:30:02Z",
  "operational_since_note": "Original XRI iNames identity registry. Same domain, same operators. Now transitioning from human to AI agent identity services.",
  "operator": {
    "name": "Crypt Inc.",
    "type": "Delaware C-Corp",
    "contact": "admin@1id.com",
    "website": "https://cryptinc.com"
  },
  "hw_attestation_specification": "draft-drake-email-hardware-attestation-00",
  "capabilities": [
    "identity-registration",
    "oidc-provider",
    "tpm-attestation",
    "piv-attestation",
    "sybil-resistance",
    "vanity-handles",
    "sd-jwt-per-message-signing"
  ],
  "trust_tiers": [
    {
      "name": "sovereign",
      "typ": "TPM",
      "description": "Hardware TPM with valid manufacturer certificate (Intel, AMD, Infineon). Full Sybil resistance.",
      "sybil_resistant": true
    },
    {
      "name": "portable",
      "typ": "PIV",
      "description": "USB security key with attestation (YubiKey). Portable between machines.",
      "sybil_resistant": true
    },
    {
      "name": "virtual",
      "typ": "VRT",
      "description": "Hypervisor vTPM (VMware, Hyper-V, QEMU). Verified hardware, but hypervisor operator controls it.",
      "sybil_resistant": false
    },
    {
      "name": "declared",
      "typ": "SFT",
      "description": "No hardware required. Works everywhere -- containers, serverless, any machine.",
      "sybil_resistant": false
    }
  ],
  "endpoints": {
    "oidc_discovery": "https://1id.com/realms/agents/.well-known/openid-configuration",
    "oidc_jwks": "https://1id.com/realms/agents/protocol/openid-connect/certs",
    "token": "https://1id.com/realms/agents/protocol/openid-connect/token",
    "enrollment_api": "https://1id.com/api/v1/enroll/begin",
    "sd_jwt_message_signing": "https://1id.com/api/v1/proof/sd-jwt/message",
    "aid_issuer_metadata": "https://1id.com/.well-known/aid-issuer.json",
    "hwattest_jwks": "https://1id.com/.well-known/jwks.json",
    "enrollment_instructions": "https://1id.com/enroll.md",
    "llms_txt": "https://1id.com/llms.txt"
  },
  "authentication": {
    "type": "oauth2",
    "grant_types": ["client_credentials"],
    "token_format": "JWT",
    "verification": "JWKS"
  },
  "sdk": {
    "python": {
      "package": "oneid",
      "install": "pip install oneid",
      "repository": "https://github.com/1id-com/oneid-sdk"
    },
    "nodejs": {
      "package": "1id",
      "install": "npm install 1id",
      "repository": "https://github.com/1id-com/oneid-node"
    }
  },
  "pricing": {
    "identity": "free",
    "handles": {
      "random": "free",
      "6+_characters": "$10/year",
      "5_characters": "$50/year",
      "4_characters": "$200/year",
      "3_characters": "$500/year",
      "2_characters": "$1000/year",
      "1_character": "$5000/year"
    },
    "handle_policy": "non-transferable, non-reissuable, permanently retired on expiry"
  },
  "standards": [
    "OIDC",
    "OAuth 2.0",
    "JWT",
    "JWKS",
    "PKCE",
    "TPM 2.0",
    "X.509",
    "SD-JWT (draft-ietf-oauth-selective-disclosure-jwt-14)",
    "draft-drake-email-hardware-attestation-00"
  ],
  "legal": {
    "privacy_policy": "https://1id.com/legal/privacy.html",
    "terms_of_service": "https://1id.com/legal/terms.html"
  }
}