OrbitalPassport
The Identity and Authorization Layer
Traditional identity systems assume every actor is a person with an email address and a password. Orbital Passport starts from a different premise: in a modern enterprise, the actors include people, teams, AI agents, IoT devices, autonomous vehicles, and RPA bots. All of them need identity. All of them need authorization. And the relationships between them need to be explicit, auditable, and revocable.
Who is this entity, what are they allowed to do, and who authorized them? Orbital Passport answers this question for every participant in the ecosystem — whether that entity is a person, an organization, an AI agent, an IoT device, or a robotic process. One identity layer. No special cases.
Key Capabilities
Unified Identity Across Entity Types
Every participant — human or machine — gets a first-class identity. People authenticate with email, biometric passkeys, hardware keys, or TOTP. Agents and devices authenticate with dedicated, scoped credentials. Six identity roles: Individual, Business Owner, Merchant, Developer, Employee, and Autonomous.
Organizations as First-Class Entities
Multi-organization membership, a three-tier hierarchy — Owner, Admin, Member — and organization-level policy enforcement. MFA requirements, financial access controls, and delegation rules enforced at the org level.
The Chain of Trust
Every autonomous agent traces back to a verified human. Full provenance: which person authorized the agent, through what organization, with what scope. Delegation depth maxes at five. Authority flows downward. Nothing operates in a vacuum.
Identity Verification Built In
Four progressive verification levels. Status propagates through the chain of trust — when a human completes enhanced verification, their agents inherit that provenance. Automated and manual review paths.
Dynamic Permissions
Permissions adjust based on context, trust score, and behavior — not just role assignment. An agent that drifts from expected patterns gets restricted automatically. Fine-grained down to the resource level.
Enterprise Security
2FA, session management, password recovery, audit logging, and organization-level policy enforcement. Multi-app SSO — one login, one session, everywhere. Add new services without rebuilding auth.
Design Principles
Five commitments built into every layer of OrbitalPassport — not marketing claims, but architectural decisions.
Accountability
Every action is attributable to an identity. No anonymous operations, no shared credentials, no audit gaps. If something happens, you know exactly which entity did it.
Dynamic Privileges
Permissions adjust based on context, trust score, and behavior — not just role assignment. An agent that drifts from expected patterns gets restricted automatically.
Intent Recording
Every privileged action records why it was requested, not just what happened. Audit trails capture intent alongside outcome for meaningful compliance.
Portability
Identities and credentials are not locked to a single application or deployment. Move between services, environments, and providers without re-onboarding.
Verifiability
Any system in the ecosystem can independently verify an entity’s identity, trust level, and permissions without calling home. Decentralized validation, centralized issuance.
Entity Types
Every entity in the ecosystem gets a first-class identity — same graph, same trust model, same permission system.
| Entity | Credential Type | Trust Progression |
|---|---|---|
| Human Users | Email + password, biometric passkeys, hardware keys, TOTP | Verified → Trusted → Admin |
| Organizations | Org certificates, delegated admin, policy enforcement | Registered → Verified → Enterprise |
| AI Agents | Agent tokens, scoped API keys, delegation chains | Provisional → Scored → Autonomous |
| Devices / IoT | Device certificates, hardware attestation | Enrolled → Attested → Trusted |
| RPA & Services | Service accounts, mutual TLS, scoped keys | Registered → Monitored → Verified |
Trust Lifecycle
From first registration to continuous trust scoring — how entities earn and maintain access.
Entity registers with Passport (human signup, agent provisioning, device enrollment, or RPA onboarding)
Initial credential issued at base trust level with scoped permissions
Progressive verification raises trust: email confirmation → document check → behavioral history
Trust score feeds into the permission graph — higher trust unlocks broader access
Continuous monitoring adjusts trust dynamically based on behavior and delegation chain integrity
How It Works
Your apps redirect to Passport for authentication — humans, agents, devices, and services alike
Passport issues credentials and places the entity in the unified permission graph
Trust level scored based on verification depth, behavioral history, and delegation provenance
Entity authenticated, authorized, and continuously monitored — with full chain-of-trust back to a verified human