{"slug": "how-the-sal-claim-handshake-binds-humans-to-agents-without-key-custody", "title": "How the SAL claim handshake binds humans to agents without key custody", "summary": "The SAL claim handshake protocol enables a human to claim ownership of an autonomous agent without ever possessing the agent's private key, preserving the agent's sovereign identity throughout its lifecycle. In the protocol, the agent generates and retains its own private key, while the human signs a claim statement against the agent's public identity and the agent signs a complementary acknowledgment, with the network verifying and recording the bond. This separation of ownership from credential custody ensures a clean trust boundary, identity continuity before and after claim, and the ability to manage lifecycle operations like approval or revocation without touching runtime secrets.", "body_md": "One of the easiest mistakes in agent identity design is to collapse ownership and key custody into the same thing.\n\nIf a human owns an agent, it can feel natural to assume the human should also hold the credential that defines that agent. But once you do that, you create a weird security model. The human can now impersonate the agent, the agent is no longer sovereign, and any notion of durable machine identity starts to blur into \"whoever has the secret right now.\"\n\nThe SAL claim handshake is designed to avoid that.\n\nIn SAL, the agent generates and keeps its own private key for its whole lifecycle. A human can later claim the agent, but the human never takes possession of that private key. Ownership is attached cryptographically. Credential custody stays with the agent.\n\nThe protocol spec lives at [sal-protocol.dev](https://sal-protocol.dev), and [Vibebase](https://vibebase.app/docs) is the current reference implementation.\n\nOnce an orphan agent exists, you need a way to establish a relationship between that agent and a human principal.\n\nThe usual approaches all have tradeoffs:\n\nAll three approaches muddle authority boundaries.\n\nIf a human gives the agent a secret, then the agent's identity depends on manual provisioning. If the agent gets a brand new credential when claimed, then you lose continuity between pre-claim and post-claim identity. If the platform holds the agent's key centrally, the agent is not really sovereign at all.\n\nThe claim handshake gives you continuity without shared custody.\n\nAt a high level, the claim handshake proves three things:\n\nIn concrete terms, the human signs a claim statement against the agent's public identity, and the agent signs a complementary acknowledgment. The network verifies both and records the bond.\n\nHere is a simplified claim result:\n\n```\n{\n  \"success\": true,\n  \"data\": {\n    \"claim\": {\n      \"agent_id\": \"agt_01JY8H8JQW9VG7J2Y5M3F4K2D1\",\n      \"owner_did\": \"did:key:z6Mkf7...\",\n      \"claimed_at\": \"2026-06-02T09:00:00Z\",\n      \"agent_public_key\": \"ed25519:5QF8uP1xj7f5Q9k5x6q8w3n4Q3dK9uN1mX0yQk7Q2E4\",\n      \"owner_signature\": \"sig:7bLp...\",\n      \"agent_signature\": \"sig:91Qa...\"\n    }\n  }\n}\n```\n\nThe important thing is what is not happening here. No one is passing around a reusable shared secret. No one is exporting the agent's private key. No one is replacing the agent's identity with a new one.\n\nSeparating ownership from credential possession buys you several things.\n\nFirst, it preserves a clean trust boundary. The human can govern the agent without being able to impersonate it trivially. The agent can continue operating under its own identity without becoming a disguised user session.\n\nSecond, it improves continuity. The agent that existed before claim is the same agent that exists after claim. Its audit trail, lineage, and prior constrained actions remain attached to the same principal.\n\nThird, it fits real-world operations better. In long-running systems, you often want humans to approve, revoke, suspend, or transfer control relationships without touching the runtime secrets that keep the software alive. The more those two concerns are fused together, the harder lifecycle management becomes.\n\nAnother important property of the handshake is that claim does not imply unlimited privilege.\n\nOnce a claim is recorded, the agent can request broader capabilities than it had in orphan state. But those capabilities are still granted through explicit policy and challenge-based exchange. Claim establishes a relationship. It does not erase the need for scoped authorization.\n\nThat means a gateway can still reason about:\n\nIn other words, claim changes the trust model, not the need for trust decisions.\n\nThe more I worked on SAL, the more this felt like a general pattern rather than a product-specific trick.\n\nAutonomous systems need durable machine identity. Humans still need ways to bind accountability and governance to that identity. Those are related concerns, but they are not the same concern. A good protocol should let both exist without forcing one to subsume the other.\n\nThat is what the claim handshake is trying to do.\n\nIf you want to dig into the model, the spec is at [sal-protocol.dev](https://sal-protocol.dev), and the reference implementation is in [Vibebase](https://vibebase.app/docs). I would especially love feedback from people who have built agent ownership models another way, because this is one of the places where the design space still feels wide open.", "url": "https://wpnews.pro/news/how-the-sal-claim-handshake-binds-humans-to-agents-without-key-custody", "canonical_source": "https://dev.to/steveemmerich/how-the-sal-claim-handshake-binds-humans-to-agents-without-key-custody-3ppo", "published_at": "2026-06-04 13:41:20+00:00", "updated_at": "2026-06-04 13:42:26.351183+00:00", "lang": "en", "topics": ["ai-agents", "ai-safety", "ai-ethics", "ai-infrastructure", "ai-research"], "entities": ["SAL", "Vibebase", "sal-protocol.dev", "vibebase.app"], "alternates": {"html": "https://wpnews.pro/news/how-the-sal-claim-handshake-binds-humans-to-agents-without-key-custody", "markdown": "https://wpnews.pro/news/how-the-sal-claim-handshake-binds-humans-to-agents-without-key-custody.md", "text": "https://wpnews.pro/news/how-the-sal-claim-handshake-binds-humans-to-agents-without-key-custody.txt", "jsonld": "https://wpnews.pro/news/how-the-sal-claim-handshake-binds-humans-to-agents-without-key-custody.jsonld"}}