Delegation Layer

Understanding verifiable credentials and delegation mechanisms in MCP-I

Delegation Layer

Introduction to Delegation

In MCP-I, delegation is the process by which a principal (user) transfers specific authorities to an agent. This transfer is:

  • Explicit: Clearly defined and intentionally granted
  • Scoped: Limited to specific actions or resources
  • Verifiable: Cryptographically provable
  • Revocable: Can be withdrawn if necessary
  • Time-bound: Valid only for a specific duration

Delegation answers the critical questions:

  1. Who authorized this agent?
  2. What is the agent allowed to do?
  3. For how long is this authority valid?

Verifiable Credentials in MCP-I

MCP-I uses W3C Verifiable Credentials (VCs) as the standard format for delegation. A Verifiable Credential is a cryptographically secure, tamper-evident document that contains claims made by an issuer about a subject.

Credential Structure

A delegation credential in MCP-I follows this basic structure:

{
  "@context": [
    "https://www.w3.org/2018/credentials/v1",
    "https://mcp-i.org/credentials/v1"
  ],
  "type": ["VerifiableCredential", "DelegationCredential"],
  "issuer": "did:example:principal123",
  "issuanceDate": "2025-01-01T19:23:24Z",
  "expirationDate": "2025-12-31T23:59:59Z",
  "credentialSubject": {
    "id": "did:example:agent456",
    "scope": ["read:data", "write:calendar"],
    "constraints": {
      "environment": "production",
      "maxTransactionAmount": 1000
    }
  },
  "credentialStatus": {
    "id": "https://example.com/status/123",
    "type": "StatusList2021Entry",
    "statusPurpose": "revocation",
    "statusListIndex": "94"
  },
  "proof": {
    "type": "Ed25519Signature2020",
    "created": "2025-01-01T19:23:24Z",
    "verificationMethod": "did:example:principal123#key-1",
    "proofPurpose": "assertionMethod",
    "proofValue": "z43BsK5Fu9Sdw7tF1JwPnBtYu..."
  }
}

Key Credential Components

Issuer

The issuer field contains the DID of the principal (user) granting the delegation. This MUST be a valid DID that can be resolved to retrieve the issuer's verification methods.

Credential Subject

The subject identifies the agent receiving the delegation and specifies the scope of authority:

  • id: The agent's DID
  • scope: Array of permissions in the format action:resource
  • constraints (optional): Additional limitations on the delegation

Credential Status

The credentialStatus field enables credential revocation. MCP-I supports:

  • StatusList2021: For scalable revocation status checks
  • RevocationList2020: For backward compatibility
  • Custom status methods: For Level 3 implementations with special requirements

Credential Proof

The proof field contains a cryptographic signature created by the issuer's private key, ensuring the credential's authenticity and integrity.

Scope Definition

Scopes in MCP-I follow a standardized format to ensure clear and consistent authorization:

action:resource[/subresource][#instance]

Examples:

  • read:email - Permission to read emails
  • write:calendar/events - Permission to create calendar events
  • transfer:finance#account123 - Permission to transfer funds from account123

Delegation Process

The delegation process typically follows these steps:

Loading diagram...

Credential Verification

When an agent presents a delegation credential, verifiers must perform several checks:

  1. Structural Validation: Ensure the credential follows the required VC format
  2. Signature Verification: Validate the cryptographic proof using the issuer's public key
  3. Issuer Verification: Confirm the issuer is recognized and authorized
  4. Expiration Check: Verify the credential has not expired
  5. Revocation Check: Confirm the credential has not been revoked
  6. Scope Validation: Ensure the requested action is within the delegated scope

Delegation Chains

MCP-I supports delegation chains, where an agent with delegated authority can further delegate a subset of its permissions to another agent:

Loading diagram...

When verifying a delegation chain:

  1. Start with the leaf credential (the one presented by the requesting agent)
  2. Verify each credential in the chain recursively
  3. Ensure each delegation's scope is a subset of its parent
  4. Check for circular dependencies
  5. Verify no credential in the chain is expired or revoked

Revocation

MCP-I requires implementation of credential revocation to enable withdrawal of delegation:

StatusList2021

The recommended revocation method uses the StatusList2021 specification:

{
  "credentialStatus": {
    "id": "https://example.com/status/123#94",
    "type": "StatusList2021Entry",
    "statusPurpose": "revocation",
    "statusListIndex": "94"
  }
}

Revocation services maintain bitstring status lists where each bit represents a credential's status.

Revocation Process

Loading diagram...

Implementation Examples

Creating a Delegation Credential

import { Ed25519VerificationKey2020 } from "@digitalbazaar/ed25519-verification-key-2020";
import { Ed25519Signature2020 } from "@digitalbazaar/ed25519-signature-2020";
import { createVC } from "@mcp-i/credentials";

async function createDelegationCredential(
  issuerDid,
  subjectDid,
  scope,
  expirationDate
) {
  // Load the issuer's key
  const issuerKey = await Ed25519VerificationKey2020.from({
    id: `${issuerDid}#key-1`,
    controller: issuerDid,
    privateKeyMultibase: "z3u2d7wL5zoEiRyzVxzC...", // from secure storage
  });

  // Create the credential
  const credential = {
    "@context": [
      "https://www.w3.org/2018/credentials/v1",
      "https://mcp-i.org/credentials/v1",
    ],
    type: ["VerifiableCredential", "DelegationCredential"],
    issuer: issuerDid,
    issuanceDate: new Date().toISOString(),
    expirationDate: expirationDate.toISOString(),
    credentialSubject: {
      id: subjectDid,
      scope: scope,
    },
    credentialStatus: {
      id: "https://example.com/status/123#94",
      type: "StatusList2021Entry",
      statusPurpose: "revocation",
      statusListIndex: "94",
    },
  };

  // Sign the credential
  const suite = new Ed25519Signature2020({ key: issuerKey });
  return await createVC({ credential, suite });
}

Verifying a Delegation Credential

import { verifyVC } from "@mcp-i/credentials";
import { checkRevocationStatus } from "@mcp-i/status";

async function verifyDelegationCredential(credential, requestedAction) {
  try {
    // Verify structure and signature
    const result = await verifyVC({
      credential,
      suite: new Ed25519Signature2020(),
      documentLoader: customDocumentLoader,
    });

    if (!result.verified) {
      throw new Error("Credential signature verification failed");
    }

    // Check expiration
    const expirationDate = new Date(credential.expirationDate);
    if (expirationDate < new Date()) {
      throw new Error("Credential has expired");
    }

    // Check revocation status
    const revocationStatus = await checkRevocationStatus(
      credential.credentialStatus
    );
    if (revocationStatus.revoked) {
      throw new Error("Credential has been revoked");
    }

    // Check scope
    const hasScope = credential.credentialSubject.scope.some((scope) => {
      // Simple scope check - would be more complex in production
      return (
        requestedAction.startsWith(scope.split(":")[0]) &&
        requestedAction.includes(scope.split(":")[1])
      );
    });

    if (!hasScope) {
      throw new Error("Requested action not in delegated scope");
    }

    return true;
  } catch (error) {
    console.error("Credential verification failed:", error);
    return false;
  }
}

Next Steps