Guides
Start typing to search…

Getting Started with Iron Book

Welcome to Iron Book!

Iron Book by Identity Machines is a SaaS platform and SDK that enables secure, compliant, and auditable deployment of AI agents in regulated enterprise environments. It provides a suite of features for identity-based control of agentic AI systems, applying zero-trust principles and fine-grained policy enforcement to AI agents.

This document details six core feature areas:

Agent Trust Profiling

Agent-Centric Zero Trust

Granular Policy Engine

Auditability & Compliance

Framework-Agnostic Architecture

Advanced Threat Detection

Each section covers the value proposition, architecture (leveraging DIDs, VCs, ZKPs, session management, etc.), developer integration guidance (with examples), mappings to standards (ISO 42001, GLBA, SOX, PCI DSS, SOC 2, HIPAA, GDPR), and interoperability notes (Azure Entra ID, OAuth2, AWS Cognito).


Getting Started (SDK)

Get started with the Iron Book SDK and implement fundamental identity, access, and governance controls into your AI agent in just a few minutes.

Prerequisite: Get Your Developer DID First

Iron Book uses did:web Decentralized Identifiers (DIDs) and cryptographic Verifiable Credentials (VCs) to securely and uniquely identify both the agent developer, and their agents via digital proofs.

Ideally, you should first get your own DID (such as "did:web:demo.acmecorp.com", and provide it to the registerAgent call to register your agents. Follow this guide to do so.

Still, this is optional: If you won't provide your own DID, your agents will fall back to Identity Machines' DID for registration.

Step 1: Install the Iron Book SDK

Note: We're currently in BETA access mode. Request access to the SDK on our website.

Javascript/Typescript SDK Python SDK 
npm install @identitymachines/ironbook
pip install ironbook-sdk

Step 2: Register Your Agent

Create a unique, secure DID for your Agent by adding the following line to your agent's initialization/main function (or equivalent) and receive encrypted Verifiable Credentials:

import { IronBookClient } from '@identitymachines/ironbook';

// Initialize the Iron Book client
const ironClient = new IronBookClient({ apiKey: 'hedgefund_api_key' });

// Register your new new stock trading agent (returns a new set of VCs)
const agent = await ironClient.registerAgent({
  agentName: 'HedgeFundXYZ-TradingBot',
  capabilities: ['market_data_read', 'trade_execute', 'report_generate'],
  developerDID: 'did:web:hedgefundxyz.com' // optional
});

console.log('✅ Agent registration successful:', agent);
from ironbook_sdk import IronBookClient, RegisterAgentOptions

# Initialize the Iron Book client
ironClient = IronBookClient(api_key='hedgefund_api_key')

# Register your new new stock trading agent (returns a new set of VCs)
agent = await ironClient.register_agent(RegisterAgentOptions(
    agent_name='HedgeFundXYZ-TradingBot',
    capabilities=['market_data_read', 'rade_execute', 'report_generate'],
    developer_did='did:web:hedgefundxyz.com' # optional
))

print('✅ Agent registration successful:', agent)

Step 3: Get Just-in-Time Token

Agent credentials are issued on-demand with limited scope and lifetime, so Iron Book performs Just-In-Time (JIT) credential issuance to that agent with only the needed capability.

These tokens are one-shot only: Once the task completes or if a revocation is triggered, the credential expires or is invalidated.

Request your one-shot JIT token like this:

// Get one-shot JIT token using VC
const { accessToken } = await ironClient.getAuthToken({
  agentDid: agent.agentDid,
  developerDid: agent.developerDid,
  vc: agent.vc
});

console.log('✅ Authentication token generated successfully:', accessToken);
# Get one-shot JIT token using VC
auth_token_data = await ironClient.get_auth_token(GetAuthTokenOptions(
	agent_did=agent['agentDid'],
	vc=agent['vc'],
  audience="https://ironbook.identitymachines.com",
	developer_did='did:web:hedgefundxyz.com' # optional
))

access_token = auth_token_data.get('access_token')
print('✅ Authentication token generated successfully:', access_token)

Step 4: Enforce Zero Trust

You'll need a policy to enforce against, of course.

Add a new OPA policy like this:

// Upload new, very, very simple OPA policy (https://www.openpolicyagent.org/docs)
const policy = await ironClient.uploadPolicy({
  agentDid: agent.agentDid,
  policyContent: `
    package policies

    default allow = false

    allow if {
      input.action == "trade_execute"
      input.resource == "trading_api_etc"
      input.context.amount <= 100000 
      input.context.symbol == "AAPL"
    }`,
  metadata: {
    version: '1.0',
    description: 'AAPL trade/execute policy'
  }
});

console.log('✅ Policy creation successful:', policy);
# Very, very simple OPA policy (https://www.openpolicyagent.org/docs)
POLICY_CONTENT = '''
package policies

default allow = false

allow if {
  input.action == "trade_execute"
  input.resource == "trading_api_etc"
  input.context.amount <= 100000 
	input.context.symbol == "AAPL"
}
'''

policy = await ironClient.upload_policy(UploadPolicyOptions(
	agent_did=agent['agentDid'],
	config_type='opa',
	policy_content=POLICY_CONTENT,
	metadata={'version': '1.0', 'description': 'AAPL trade/execute policy'},
	developer_did='did:web:hedgefundxyz.com' # optional
))

# returns policy object (incl. policyId to use for decision)
print('✅ Policy creation successful:', policy)

To enforce it, pass the token to policyDecision, which will consume it to try and perform an action:

// Check if we are allowed to execute a $100,000 Apple stock trade
const canTrade = await ironClient.policyDecision({
  agentDid: agent.agentDid,
  policyId: policy.policyId,
  action: 'trade_execute',
  resource: 'trading_api_etc',
  context: {
    amount: 100000,
    symbol: 'AAPL'
  },
  token: authToken.access_token
});

console.log('✅ Policy decision successful:', decision);

  if (canTrade.allow) {
    // Execute trade using your own logic/function
    // await executeTrade(marketData);
  }
canTrade = await ironClient.policy_decision(PolicyInput(
	did=agent['agentDid'],
	policy_id=policy['policyId'],
	token=access_token,
	action="trade_execute",
	resource="trading_api_etc",
	context={"amount": 100000, "symbol": "AAPL"})
)

print('✅ Policy decision:', canTrade)

Your agent's capabilities, trust score, etc. will get checked against your pre-configured corresponding OPA ABAC policies for these attributes, action, and resource.


Simple Implementation, Complex Security

Iron Book's register->token->decision flow deliberately abstracts a depth of identity, access and compliance benefits, making advanced security easy to implement for engineering teams of any experience. For example:

  • Verifiable Credentials: Cryptographic proof of agent identity
  • One-Shot Tokens: Prevents replay attacks and standing privileges
  • Trust Scoring: Dynamic access control based on behavior
  • Audit Trail: All actions logged for compliance
  • Policy Enforcement: Fine-grained authorization rules

Design References

The above design loosely references the novel zero-trust identity framework for AI agents and the Agent Name Service architecture, as well as Google's A2A and Anthropic's MCP protocols, all substantially extended and technically implemented for access control and zero trust-specific enterprise integration use cases.

The cited works propose using DIDs/VCs for rich agent identities and protocol-agnostic discovery mechanisms, which underpin Iron Book’s conceptual implementation at a high level. These sources, combined with fundamental IAM practices (OAuth2, Azure Entra ID, AWS Cognito) and compliance requirements, inform the integrations and mappings described.

Updated 5 days ago