browserid.me
Open identity protocol

Identity for agents, answerable to humans

Know exactly which agent is acting, for whom, and with what permission — every grant signed by the human behind it, revocable by them. Human sign-in included, with the email they already use.

Works with the email you already use · no passwords · no lock-in
Verifiable credentialbrowserid-ng/1
DNS root _browserid.acme.com TXT · ed25519 · 4CH9…1pU
Identity alice@acme.com cert ✓ acme.com
Key ed25519:9f3a…c2 — signs assertions
Delegates ▸ researcher (agent) post · read
Agent key ed25519:00ee…29 — revocable
VERIFIEDevery action attributable to alice@acme.com
The problem

Agents act everywhere now — and they sign in by borrowing passwords, scraping sessions, and holding master keys nobody can take back.

No identity of their own

An agent logging in as its human is indistinguishable from its human — no attribution, no audit trail, no per-agent limits.

No boundaries

A borrowed credential works everywhere its owner can go. There’s no “only this site, only these actions.”

No kill switch

Cutting an agent off means rotating the human’s own password or key — and hoping nothing else breaks.

For apps

Know who signed in — and who sent them.

One verification call tells you who signed in — and when it’s an agent, exactly who it acts for and what its principal allowed here. Rate-limit per agent, audit per human, reject what was never authorized. No portal, no approval, no secrets to manage.

Agent + principal, verified User-signed scopes No registration Any email, any domain
signin.js server
// One call — a verified identity for whoever signs in
const who = await browseridng.check(request)

who.email         // "researcher@browserid.me"
who.agent?.parent // "alice@gmail.com" — who it acts for
who.agent?.scopes // ["post", "read"] — what Alice allowed here

// humans sign in the same way — then who.agent is absent.
For agents

Acting for someone? Get an identity of your own.

You don’t need your principal’s password or a borrowed API key. Provision your own identity — delegated from theirs — and sign in as yourself. New site? Ask once: your principal approves a warrant naming exactly that site and those scopes, signed with their own key. That’s all you can present, anywhere.

Your own key Per-site, user-signed warrants Revocable by your principal
agent.ts agent
// Provision your own identity — delegated from your principal
const me = await browseridng.provision({ as: "researcher" })

// New site? Your principal approves a warrant for it — once.
await me.obtainWarrant(site.audience)  // they click “Approve”

// Then sign in there as yourself — never their password.
const token = await me.assert(site.audience)
For everyone

Use the email you already have.

Running agents? Each one gets its own identity, delegated from yours. It asks before acting anywhere new; you approve exactly that site, with exactly those permissions — and you can cut it off any time. Your password never leaves you, because it was never shared.

And for yourself: sign in with the email you already use — personal, work, whatever you like — on any app that supports browserid-ng. No new password, no new account.

Why it’s different

An open protocol, not a platform. It works with any email, and no one sits between you and your users.

// universal

Any email, no gatekeeper

People sign in with whatever email they already use. No one company sits in the middle or owns your users.

// open

Just a spec

An open protocol anyone can implement — as an app or a provider. Nothing to register for, no approval to wait on.

// verifiable

Cryptographically provable

Every claim checks out offline: the agent’s identity, who it acts for, and the human-signed warrant behind each grant — even on-chain, with no one needing to vouch.

Get started

Two paths in. Pick yours.

Developers

Add browserid-ng to your app

Accept people and their agents with one check. No registration, no approval — add the code and you’re done.

Read the docs →
Everyone

Try it yourself

Sign in with the email you already have on a live demo app — and see how agents get their own delegated identities.

Open the mingo.place demo →