Getting Started with Iron Book

Welcome to Iron Book!

Iron Book by Identity Machines is a SaaS platform, API and SDK, enabling secure, compliant, and auditable deployment of AI agents in regulated enterprise environments. It provides a suite of features for identity-based control of agentic AI systems, applying zero-trust principles and fine-grained policy enforcement to AI agents.

This document details six core feature areas:

Agent Trust Profiling

Agent-Centric Zero Trust

Granular Policy Engine

Auditability & Compliance

Framework-Agnostic Architecture

Advanced Threat Detection

Each section covers the value proposition, architecture (leveraging DIDs, VCs, ZKPs, session management, etc.), developer integration guidance (with examples), mappings to standards (ISO 42001, GLBA, SOX, PCI DSS, SOC 2, HIPAA, GDPR), and interoperability notes (Azure Entra ID, OAuth2, AWS Cognito).

Design References

The above design is based on the novel zero-trust identity framework for AI agents and the Agent Name Service architecture, as well as Google's A2A and Anthropic's MCP protocols, all substantially extended and technically implemented for access control and zero trust-specific enterprise integration use cases.

The cited works propose using DIDs/VCs for rich agent identities and protocol-agnostic discovery mechanisms, which underpin Iron Book’s implementation. These sources, combined with standard IAM practices (OAuth2, Azure Entra ID, AWS Cognito) and compliance requirements, inform the integrations and mappings described.