Concepts

This section covers the core concepts behind ZeroID's identity model. Read these before designing your production tenant or writing authorization logic — the terminology and models here appear throughout the SDK, token payloads, and policy configuration.

• Identity Model — How agents, services, applications, and MCP servers are modeled as first-class identities. Covers tenant structure, identity types, sub-types, trust levels, WIMSE/SPIFFE URIs, and the owner/principal/actor distinction.

• Token Flows — The OAuth 2.0 grant types ZeroID supports (api_key, client_credentials, jwt_bearer, token_exchange, authorization_code, refresh_token) and when to use each one.