Delegation Flow
Understanding the end-to-end process of delegation in MCP-I, from issuance to verification
Delegation Flow
Authority Transfer Process
The Delegation Flow in MCP-I defines the complete lifecycle of a delegation, from initial authorization by a principal through issuance, delivery, usage, and verification of credentials.
Why Delegation Matters
Without delegation, AI agents would require full access to a user's account—posing risks for security, privacy, and compliance.
Delegation in MCP-I solves this by:
- Scoping authority to only what’s necessary
- Proving user consent cryptographically
- Supporting revocation and expiration
- Allowing audit of each request
Overview
Delegation in MCP-I follows a structured process that ensures secure, verifiable transfer of authority from principals to agents. This flow encompasses:
- Identity Preparation: Establishing DIDs for principals and agents
- Delegation Issuance: Creating and signing delegation credentials
- Credential Delivery: Securely transferring credentials to agents
- Credential Usage: Presenting credentials during agent operations
- Delegation Verification: Validating presented credentials
- Lifecycle Management: Handling renewal, revocation, and updates
Delegation Lifecycle Diagram
The following diagram shows how a credential is issued, optionally rotated, and eventually revoked:
- A credential may be valid until expiration or actively revoked
- Rotation means a new VC replaces the old one with updated scope or subject
- Verifiers must reject expired or revoked credentials
Delegation Credential Recap
Delegation is encoded in a credential that includes:
- The issuer (user DID)
- The subject (agent DID)
- The scope of allowed actions
- The expiration timestamp
- A cryptographic proof signed by the issuer
→ See Credential Models for the full schema
End-to-End Delegation Process
The complete delegation flow in MCP-I typically follows this sequence:
Credential Usage Stage
When an agent needs to perform actions, it presents the delegation credential as proof of authority.
Credential Presentation
- The agent includes the delegation credential in its request
- For direct MCP-I-aware services (Level 2+), the agent may engage in a handshake protocol
- For legacy services (Level 1), the Edge Proxy handles verification and translation
Request Structure
A typical agent request includes:
- The agent's DID
- The requested action
- The delegation credential
- A cryptographic proof (e.g., request signed with the agent's private key)
{
"agentDid": "did:example:agent456",
"action": "read:email",
"resource": "inbox/primary",
"timestamp": "2025-06-15T18:30:45Z",
"credential": {
// Full delegation credential
},
"proof": {
"type": "Ed25519Signature2020",
"created": "2025-06-15T18:30:45Z",
"verificationMethod": "did:example:agent456#key-1",
"proofValue": "z6MkhaXgBZD..."
}
}
Delegation Verification Stage
When a service or Edge Proxy receives a request with a delegation credential, it performs verification.
Verification Steps
- DID Resolution: Resolve the DIDs of both the agent and the principal
- Structural Validation: Ensure the credential has all required fields
- Signature Verification: Validate the credential's cryptographic proof
- Expiration Check: Confirm the credential hasn't expired
- Revocation Check: Verify the credential hasn't been revoked
- Scope Check: Ensure the requested action is within the delegated scope
- Constraints Validation: Check that all constraints are satisfied
Verification Requirements
All verification steps must succeed for the delegation to be considered valid. A failure at any step should result in request rejection.
Performance Optimizations
For high-volume services:
- Cache DID resolution results
- Cache credential validation results (with appropriate TTL)
- Implement efficient revocation checking mechanisms
- Use parallel processing for verification steps when possible
Delegation Lifecycle Management
Throughout a delegation's lifecycle, several events may require updates or changes.
Credential Renewal
When a credential approaches expiration:
- The principal initiates renewal (manually or automatically)
- A new credential is issued with an updated expiration date
- The agent replaces the old credential with the new one
- Optionally, the old credential may be explicitly revoked
Credential Revocation
When a delegation needs to be withdrawn:
- The principal requests revocation
- The revocation service updates the status registry
- Future verification requests will detect the revocation
- Existing caches may need notification of revocation
Delegation Updates
When delegation parameters need to change:
- The principal initiates an update
- A new credential is issued with modified parameters
- The old credential is revoked
- The agent receives and begins using the new credential
Implementation Examples
Principal Delegation Flow
// Example of a principal initiating delegation
async function initiateDelegation(principalDid, agentDid, scopes) {
// Authenticate principal
const authResult = await authenticatePrincipal(principalDid);
if (!authResult.success) {
throw new Error("Authentication failed");
}
// Create delegation credential
const credential = await createDelegationCredential({
issuer: principalDid,
subject: agentDid,
scope: scopes,
expiresIn: "90d",
constraints: {
environment: "production",
},
});
// Register revocation information
await registerRevocation(credential.id);
// Deliver credential to agent
await deliverCredentialToAgent(agentDid, credential);
return {
credentialId: credential.id,
expirationDate: credential.expirationDate,
};
}
Agent Request Flow
// Example of an agent making a request with delegation
async function makeAuthorizedRequest(agentDid, action, resource, credential) {
// Prepare request
const request = {
agentDid,
action,
resource,
timestamp: new Date().toISOString(),
credential,
};
// Sign request
const signedRequest = await signRequest(request, agentDid);
// Send request to service via Edge Proxy
const response = await fetch("https://edge-proxy.example.com/api", {
method: "POST",
headers: {
"Content-Type": "application/json",
"X-Agent-DID": agentDid,
},
body: JSON.stringify(signedRequest),
});
return await response.json();
}
Special Delegation Scenarios
Multi-level Delegation
For scenarios involving delegation chains:
- The original principal delegates to Agent A
- Agent A sub-delegates a subset of its authority to Agent B
- Each delegation in the chain is verified recursively
Constrained Delegations
For delegations with advanced constraints:
- The credential includes specific constraint expressions
- Verification includes evaluating these constraints against the request context
- Common constraints include time windows, geographic restrictions, and environmental conditions
Next Steps
- Explore the Verification Protocol for detailed verification procedures
- Learn about Audit Layer for tracking delegation activities