Verified, Private, Attested.
OIDC 2.1, GNAP, Passkey sign‑in, W3C Verifiable Credentials (SD‑JWT, BBS+), device attestation, and graph‑native authorization—unified in one platform. The provable identity cloud.
< 10 ms p95
< 120 ms p95
< 150 ms p95
99.95%
OIDC 2.1 + GNAP
Hardened OAuth profiles (PAR · JAR/JARM · RAR · DPoP · mTLS), GNAP PoP & continuation, client key rotation.
Selective disclosure
Issue SD‑JWT & BBS+ VCs, verify via OID4VCI/VP, unlinkable presentations, revocation with StatusList2021 and Merkle proofs.
Zanzibar‑style checks
Relationship graph as fast path with PDP overlays (XACML · Cedar · OPA), obligations for redaction, masking, quotas, and consent.
How it works
1. Authenticate with passkey (FIDO2/WebAuthn)
2. Present minimal claims (OID4VP + SD‑JWT/BBS+)
3. Graph check + policy overlay → DPoP/mTLS‑bound tokenEvidence-bound clients with rotation and per-device DPoP binding.
Pluggable doc/biometric KYC → Proofing VC for onboarding & step‑up.
Artagon Identity Platform: Architecting the Future of Digital Trust
Trusted identity for machines and humans — Verified. Private. Attested.
The digital world is in an identity crisis. Perimeter security failed, and identity is split between human‑centric CIAM and ad‑hoc machine identity (M2M/IoT)—creating breach risk, friction, and eroding privacy.
Artagon is not another IdP. It's a next‑generation trust infrastructure that unifies three historically siloed domains:
High‑Assurance Identity
Passkey‑primary, phishing‑resistant authentication built on modern OpenID Connect and GNAP.
Decentralized & Verifiable Identity
A full Verifiable Credentials (VC) engine for issuing and verifying portable, holder‑controlled, privacy‑preserving credentials.
Next‑Generation Authorization
A high‑performance, graph‑based engine that fuses Zanzibar‑style ReBAC with Cedar/OPA (ABAC) for fine‑grained, contextual decisions.
The Artagon Difference
Verifiable Everything
Move from "asserted" to proven identity. Every attribute, device, and software client is cryptographically verifiable.
Zero‑Friction Security
Make the most secure path the easiest: passwordless passkey‑primary login and invisible, hardware‑level device & app attestation.
Privacy‑by‑Design
Selective disclosure (zero‑knowledge) lets users prove facts (e.g., "over 18") without exposing raw PII. Privacy is built into the protocol, not bolted on.
For developers
SDKs for Java · Rust · JS/TS · Go · Swift, GraphQL + REST APIs, and a conformance harness. Spin up a sandbox tenant in minutes and test OIDC, GNAP, and VC flows with real tokens.
curl -X POST https://id.artagon.com/oauth2/token \
-H "DPoP: <jwt>" -H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=authorization_code&code=..."Frequently asked questions
What is the Artagon Identity Platform?
Artagon combines an OIDC 2.1/OpenID Provider, a GNAP Authorization Server, verifiable credentials, device/app attestation, and Zanzibar‑style policy in one platform.
Does Artagon support OIDC 2.1 and GNAP?
Yes—OIDC 2.1 with hardened OAuth (PAR · JAR/JARM · RAR · DPoP · mTLS) and GNAP with proof‑of‑possession and continuation handles.
Do you support passkeys and verifiable credentials?
Yes—passkey/WebAuthn is primary auth, and we issue/verify SD‑JWT & BBS+ VCs via OID4VCI/OID4VP.
How does authorization work?
A Zanzibar graph powers fast relationship checks while policies in XACML, Cedar, or OPA apply fine‑grained controls and obligations.
Ready to Get Started?
Start building with Artagon's unified identity platform. Deploy passkey authentication, verifiable credentials, and graph-native authorization in minutes.
Get Started