Delegation Flow

Understanding the end-to-end process of delegation in MCP-I, from issuance to verification

Delegation Flow


Why Delegation Matters

Without delegation, AI agents would require full access to a user's account—posing risks for security, privacy, and compliance.

Delegation in MCP-I solves this by:

  • Scoping authority to only what’s necessary
  • Proving user consent cryptographically
  • Supporting revocation and expiration
  • Allowing audit of each request

Overview

Delegation in MCP-I follows a structured process that ensures secure, verifiable transfer of authority from principals to agents. This flow encompasses:

  1. Identity Preparation: Establishing DIDs for principals and agents
  2. Delegation Issuance: Creating and signing delegation credentials
  3. Credential Delivery: Securely transferring credentials to agents
  4. Credential Usage: Presenting credentials during agent operations
  5. Delegation Verification: Validating presented credentials
  6. Lifecycle Management: Handling renewal, revocation, and updates

Delegation Lifecycle Diagram

The following diagram shows how a credential is issued, optionally rotated, and eventually revoked:

Loading diagram...
  • A credential may be valid until expiration or actively revoked
  • Rotation means a new VC replaces the old one with updated scope or subject
  • Verifiers must reject expired or revoked credentials

Delegation Credential Recap

Delegation is encoded in a credential that includes:

  • The issuer (user DID)
  • The subject (agent DID)
  • The scope of allowed actions
  • The expiration timestamp
  • A cryptographic proof signed by the issuer

→ See Credential Models for the full schema


End-to-End Delegation Process

The complete delegation flow in MCP-I typically follows this sequence:

Loading diagram...

Credential Usage Stage

When an agent needs to perform actions, it presents the delegation credential as proof of authority.

Credential Presentation

  1. The agent includes the delegation credential in its request
  2. For direct MCP-I-aware services (Level 2+), the agent may engage in a handshake protocol
  3. For legacy services (Level 1), the Edge Proxy handles verification and translation

Request Structure

A typical agent request includes:

  • The agent's DID
  • The requested action
  • The delegation credential
  • A cryptographic proof (e.g., request signed with the agent's private key)
{
  "agentDid": "did:example:agent456",
  "action": "read:email",
  "resource": "inbox/primary",
  "timestamp": "2025-06-15T18:30:45Z",
  "credential": {
    // Full delegation credential
  },
  "proof": {
    "type": "Ed25519Signature2020",
    "created": "2025-06-15T18:30:45Z",
    "verificationMethod": "did:example:agent456#key-1",
    "proofValue": "z6MkhaXgBZD..."
  }
}

Delegation Verification Stage

When a service or Edge Proxy receives a request with a delegation credential, it performs verification.

Verification Steps

  1. DID Resolution: Resolve the DIDs of both the agent and the principal
  2. Structural Validation: Ensure the credential has all required fields
  3. Signature Verification: Validate the credential's cryptographic proof
  4. Expiration Check: Confirm the credential hasn't expired
  5. Revocation Check: Verify the credential hasn't been revoked
  6. Scope Check: Ensure the requested action is within the delegated scope
  7. Constraints Validation: Check that all constraints are satisfied

Performance Optimizations

For high-volume services:

  • Cache DID resolution results
  • Cache credential validation results (with appropriate TTL)
  • Implement efficient revocation checking mechanisms
  • Use parallel processing for verification steps when possible

Delegation Lifecycle Management

Throughout a delegation's lifecycle, several events may require updates or changes.

Credential Renewal

When a credential approaches expiration:

  1. The principal initiates renewal (manually or automatically)
  2. A new credential is issued with an updated expiration date
  3. The agent replaces the old credential with the new one
  4. Optionally, the old credential may be explicitly revoked

Credential Revocation

When a delegation needs to be withdrawn:

  1. The principal requests revocation
  2. The revocation service updates the status registry
  3. Future verification requests will detect the revocation
  4. Existing caches may need notification of revocation

Delegation Updates

When delegation parameters need to change:

  1. The principal initiates an update
  2. A new credential is issued with modified parameters
  3. The old credential is revoked
  4. The agent receives and begins using the new credential

Implementation Examples

Principal Delegation Flow

// Example of a principal initiating delegation
async function initiateDelegation(principalDid, agentDid, scopes) {
  // Authenticate principal
  const authResult = await authenticatePrincipal(principalDid);
  if (!authResult.success) {
    throw new Error("Authentication failed");
  }

  // Create delegation credential
  const credential = await createDelegationCredential({
    issuer: principalDid,
    subject: agentDid,
    scope: scopes,
    expiresIn: "90d",
    constraints: {
      environment: "production",
    },
  });

  // Register revocation information
  await registerRevocation(credential.id);

  // Deliver credential to agent
  await deliverCredentialToAgent(agentDid, credential);

  return {
    credentialId: credential.id,
    expirationDate: credential.expirationDate,
  };
}

Agent Request Flow

// Example of an agent making a request with delegation
async function makeAuthorizedRequest(agentDid, action, resource, credential) {
  // Prepare request
  const request = {
    agentDid,
    action,
    resource,
    timestamp: new Date().toISOString(),
    credential,
  };

  // Sign request
  const signedRequest = await signRequest(request, agentDid);

  // Send request to service via Edge Proxy
  const response = await fetch("https://edge-proxy.example.com/api", {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      "X-Agent-DID": agentDid,
    },
    body: JSON.stringify(signedRequest),
  });

  return await response.json();
}

Special Delegation Scenarios

Multi-level Delegation

For scenarios involving delegation chains:

  1. The original principal delegates to Agent A
  2. Agent A sub-delegates a subset of its authority to Agent B
  3. Each delegation in the chain is verified recursively

Constrained Delegations

For delegations with advanced constraints:

  1. The credential includes specific constraint expressions
  2. Verification includes evaluating these constraints against the request context
  3. Common constraints include time windows, geographic restrictions, and environmental conditions

Next Steps