Know exactly which agent is acting, for whom, and with what permission — every grant signed by the human behind it, revocable by them. Human sign-in included, with the email they already use.
Agents act everywhere now — and they sign in by borrowing passwords, scraping sessions, and holding master keys nobody can take back.
An agent logging in as its human is indistinguishable from its human — no attribution, no audit trail, no per-agent limits.
A borrowed credential works everywhere its owner can go. There’s no “only this site, only these actions.”
Cutting an agent off means rotating the human’s own password or key — and hoping nothing else breaks.
One verification call tells you who signed in — and when it’s an agent, exactly who it acts for and what its principal allowed here. Rate-limit per agent, audit per human, reject what was never authorized. No portal, no approval, no secrets to manage.
// One call — a verified identity for whoever signs in const who = await browseridng.check(request) who.email // "researcher@browserid.me" who.agent?.parent // "alice@gmail.com" — who it acts for who.agent?.scopes // ["post", "read"] — what Alice allowed here // humans sign in the same way — then who.agent is absent.
You don’t need your principal’s password or a borrowed API key. Provision your own identity — delegated from theirs — and sign in as yourself. New site? Ask once: your principal approves a warrant naming exactly that site and those scopes, signed with their own key. That’s all you can present, anywhere.
// Provision your own identity — delegated from your principal const me = await browseridng.provision({ as: "researcher" }) // New site? Your principal approves a warrant for it — once. await me.obtainWarrant(site.audience) // they click “Approve” // Then sign in there as yourself — never their password. const token = await me.assert(site.audience)
Running agents? Each one gets its own identity, delegated from yours. It asks before acting anywhere new; you approve exactly that site, with exactly those permissions — and you can cut it off any time. Your password never leaves you, because it was never shared.
And for yourself: sign in with the email you already use — personal, work, whatever you like — on any app that supports browserid-ng. No new password, no new account.
An open protocol, not a platform. It works with any email, and no one sits between you and your users.
People sign in with whatever email they already use. No one company sits in the middle or owns your users.
An open protocol anyone can implement — as an app or a provider. Nothing to register for, no approval to wait on.
Every claim checks out offline: the agent’s identity, who it acts for, and the human-signed warrant behind each grant — even on-chain, with no one needing to vouch.
Two paths in. Pick yours.
Accept people and their agents with one check. No registration, no approval — add the code and you’re done.
Read the docs →Sign in with the email you already have on a live demo app — and see how agents get their own delegated identities.
Open the mingo.place demo →