pub trait IdentityProvider: Send + Sync {
// Required methods
fn agent_id(&self) -> &AgentId;
fn sign<'life0, 'life1, 'async_trait>(
&'life0 self,
message: &'life1 [u8],
) -> Pin<Box<dyn Future<Output = Result<Signature>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait;
fn verify_peer<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
peer_id: &'life1 AgentId,
message: &'life2 [u8],
signature: &'life3 Signature,
) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait;
// Provided method
fn trust_metadata<'life0, 'life1, 'async_trait>(
&'life0 self,
_peer_id: &'life1 AgentId,
) -> Pin<Box<dyn Future<Output = Option<TrustMetadata>> + Send + 'async_trait>>
where Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait { ... }
}Expand description
The pluggable identity provider interface.
An IdentityProvider represents a holder of ONE agent’s signing key
plus its view onto the wider registry of peer public keys. The same
trait is implemented by:
SpizeNativeProvider— Ed25519 + Spize’s central Identity Registry.EtereCitizenProvider— did:ethr wallet + EtereCitizen on-chain registry and reputation.DidWebProvider— did:web resolution via HTTPS.
The control plane dispatches to the right provider based on the scheme of the incoming agent_id.
Required Methods§
Sourcefn agent_id(&self) -> &AgentId
fn agent_id(&self) -> &AgentId
The agent this provider represents (i.e., the identity that
sign() will produce signatures for).
Sourcefn sign<'life0, 'life1, 'async_trait>(
&'life0 self,
message: &'life1 [u8],
) -> Pin<Box<dyn Future<Output = Result<Signature>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
fn sign<'life0, 'life1, 'async_trait>(
&'life0 self,
message: &'life1 [u8],
) -> Pin<Box<dyn Future<Output = Result<Signature>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
Sign an arbitrary byte string with the agent’s private key.
Errors if the key is unavailable (file missing, HSM offline, user unlocked required).
Sourcefn verify_peer<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
peer_id: &'life1 AgentId,
message: &'life2 [u8],
signature: &'life3 Signature,
) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
fn verify_peer<'life0, 'life1, 'life2, 'life3, 'async_trait>(
&'life0 self,
peer_id: &'life1 AgentId,
message: &'life2 [u8],
signature: &'life3 Signature,
) -> Pin<Box<dyn Future<Output = Result<()>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
'life2: 'async_trait,
'life3: 'async_trait,
Verify that signature was produced by peer_id over message.
Implementations are responsible for:
- Resolving
peer_idto a public key (via their registry of choice) - Verifying the signature cryptographically
- Checking revocation status (e.g., CRL lookup)
Provided Methods§
Sourcefn trust_metadata<'life0, 'life1, 'async_trait>(
&'life0 self,
_peer_id: &'life1 AgentId,
) -> Pin<Box<dyn Future<Output = Option<TrustMetadata>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
fn trust_metadata<'life0, 'life1, 'async_trait>(
&'life0 self,
_peer_id: &'life1 AgentId,
) -> Pin<Box<dyn Future<Output = Option<TrustMetadata>> + Send + 'async_trait>>where
Self: 'async_trait,
'life0: 'async_trait,
'life1: 'async_trait,
Optional: fetch trust metadata about a peer (reputation, verification
level, capabilities). Returns None if this provider does not support
trust metadata — callers must handle that gracefully.
Policies that depend on reputation must use has_reputation() style
guards rather than requiring metadata presence unconditionally.