Delegation Layer
Understanding verifiable credentials and delegation mechanisms in MCP-I
Delegation Layer
Authority Transfer
The Delegation Layer enables secure and verifiable transfer of authority from principals to agents using W3C Verifiable Credentials, establishing trust and defining permitted scopes of operation.
Introduction to Delegation
In MCP-I, delegation is the process by which a principal (user) transfers specific authorities to an agent. This transfer is:
- Explicit: Clearly defined and intentionally granted
- Scoped: Limited to specific actions or resources
- Verifiable: Cryptographically provable
- Revocable: Can be withdrawn if necessary
- Time-bound: Valid only for a specific duration
Delegation answers the critical questions:
- Who authorized this agent?
- What is the agent allowed to do?
- For how long is this authority valid?
Verifiable Credentials in MCP-I
MCP-I uses W3C Verifiable Credentials (VCs) as the standard format for delegation. A Verifiable Credential is a cryptographically secure, tamper-evident document that contains claims made by an issuer about a subject.
Credential Structure
A delegation credential in MCP-I follows this basic structure:
{
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://mcp-i.org/credentials/v1"
],
"type": ["VerifiableCredential", "DelegationCredential"],
"issuer": "did:example:principal123",
"issuanceDate": "2025-01-01T19:23:24Z",
"expirationDate": "2025-12-31T23:59:59Z",
"credentialSubject": {
"id": "did:example:agent456",
"scope": ["read:data", "write:calendar"],
"constraints": {
"environment": "production",
"maxTransactionAmount": 1000
}
},
"credentialStatus": {
"id": "https://example.com/status/123",
"type": "StatusList2021Entry",
"statusPurpose": "revocation",
"statusListIndex": "94"
},
"proof": {
"type": "Ed25519Signature2020",
"created": "2025-01-01T19:23:24Z",
"verificationMethod": "did:example:principal123#key-1",
"proofPurpose": "assertionMethod",
"proofValue": "z43BsK5Fu9Sdw7tF1JwPnBtYu..."
}
}
Mandatory Fields
A compliant MCP-I delegation credential MUST include issuer, subject, issuance date, expiration date, scope, and a valid cryptographic proof. Missing any of these elements will result in failed verification.
Key Credential Components
Issuer
The issuer field contains the DID of the principal (user) granting the delegation. This MUST be a valid DID that can be resolved to retrieve the issuer's verification methods.
Credential Subject
The subject identifies the agent receiving the delegation and specifies the scope of authority:
- id: The agent's DID
- scope: Array of permissions in the format
action:resource
- constraints (optional): Additional limitations on the delegation
Credential Status
The credentialStatus
field enables credential revocation. MCP-I supports:
- StatusList2021: For scalable revocation status checks
- RevocationList2020: For backward compatibility
- Custom status methods: For Level 3 implementations with special requirements
Credential Proof
The proof
field contains a cryptographic signature created by the issuer's private key, ensuring the credential's authenticity and integrity.
Scope Definition
Scopes in MCP-I follow a standardized format to ensure clear and consistent authorization:
action:resource[/subresource][#instance]
Examples:
read:email
- Permission to read emailswrite:calendar/events
- Permission to create calendar eventstransfer:finance#account123
- Permission to transfer funds from account123
Scope Best Practices
Define scopes that are specific enough to limit agent authority but not so granular that they become unmanageable. Group related permissions into logical scopes to simplify management.
Delegation Process
The delegation process typically follows these steps:
Credential Verification
When an agent presents a delegation credential, verifiers must perform several checks:
- Structural Validation: Ensure the credential follows the required VC format
- Signature Verification: Validate the cryptographic proof using the issuer's public key
- Issuer Verification: Confirm the issuer is recognized and authorized
- Expiration Check: Verify the credential has not expired
- Revocation Check: Confirm the credential has not been revoked
- Scope Validation: Ensure the requested action is within the delegated scope
Verification Caching
For performance optimization, results of DID resolution and credential verification can be cached. However, revocation status should be checked more frequently, especially for high-value operations.
Delegation Chains
MCP-I supports delegation chains, where an agent with delegated authority can further delegate a subset of its permissions to another agent:
When verifying a delegation chain:
- Start with the leaf credential (the one presented by the requesting agent)
- Verify each credential in the chain recursively
- Ensure each delegation's scope is a subset of its parent
- Check for circular dependencies
- Verify no credential in the chain is expired or revoked
Revocation
MCP-I requires implementation of credential revocation to enable withdrawal of delegation:
StatusList2021
The recommended revocation method uses the StatusList2021 specification:
{
"credentialStatus": {
"id": "https://example.com/status/123#94",
"type": "StatusList2021Entry",
"statusPurpose": "revocation",
"statusListIndex": "94"
}
}
Revocation services maintain bitstring status lists where each bit represents a credential's status.
Revocation Process
Revocation Latency
Revocation might not take immediate effect across all systems. Consider the security implications of revocation propagation latency in your implementation, especially for high-security contexts.
Implementation Examples
Creating a Delegation Credential
import { Ed25519VerificationKey2020 } from "@digitalbazaar/ed25519-verification-key-2020";
import { Ed25519Signature2020 } from "@digitalbazaar/ed25519-signature-2020";
import { createVC } from "@mcp-i/credentials";
async function createDelegationCredential(
issuerDid,
subjectDid,
scope,
expirationDate
) {
// Load the issuer's key
const issuerKey = await Ed25519VerificationKey2020.from({
id: `${issuerDid}#key-1`,
controller: issuerDid,
privateKeyMultibase: "z3u2d7wL5zoEiRyzVxzC...", // from secure storage
});
// Create the credential
const credential = {
"@context": [
"https://www.w3.org/2018/credentials/v1",
"https://mcp-i.org/credentials/v1",
],
type: ["VerifiableCredential", "DelegationCredential"],
issuer: issuerDid,
issuanceDate: new Date().toISOString(),
expirationDate: expirationDate.toISOString(),
credentialSubject: {
id: subjectDid,
scope: scope,
},
credentialStatus: {
id: "https://example.com/status/123#94",
type: "StatusList2021Entry",
statusPurpose: "revocation",
statusListIndex: "94",
},
};
// Sign the credential
const suite = new Ed25519Signature2020({ key: issuerKey });
return await createVC({ credential, suite });
}
Verifying a Delegation Credential
import { verifyVC } from "@mcp-i/credentials";
import { checkRevocationStatus } from "@mcp-i/status";
async function verifyDelegationCredential(credential, requestedAction) {
try {
// Verify structure and signature
const result = await verifyVC({
credential,
suite: new Ed25519Signature2020(),
documentLoader: customDocumentLoader,
});
if (!result.verified) {
throw new Error("Credential signature verification failed");
}
// Check expiration
const expirationDate = new Date(credential.expirationDate);
if (expirationDate < new Date()) {
throw new Error("Credential has expired");
}
// Check revocation status
const revocationStatus = await checkRevocationStatus(
credential.credentialStatus
);
if (revocationStatus.revoked) {
throw new Error("Credential has been revoked");
}
// Check scope
const hasScope = credential.credentialSubject.scope.some((scope) => {
// Simple scope check - would be more complex in production
return (
requestedAction.startsWith(scope.split(":")[0]) &&
requestedAction.includes(scope.split(":")[1])
);
});
if (!hasScope) {
throw new Error("Requested action not in delegated scope");
}
return true;
} catch (error) {
console.error("Credential verification failed:", error);
return false;
}
}
Next Steps
- Explore Credential Models for more detailed information about credential formats and types
- Learn about the Delegation Flow for end-to-end delegation processes
- Check out the Verification Protocol to understand how credentials are verified in requests