AI Agents

Delegation Chains

View as Markdown

Delegation chains are the authorization framework for AI agents in IDA. They provide cryptographically verifiable proof that an agent is authorized to act on behalf of a human or organization, with precise scope limitations.

Delegation Model

Core Principles

1. Scope Attenuation

Each hop in a delegation chain can only narrow scope, never widen it.

This is enforced via Datalog policies in Biscuit tokens. If a human delegates “purchase groceries, max $200/week”, the agent:

  • CAN sub-delegate “compare grocery prices only” (narrower)
  • CANNOT sub-delegate “purchase electronics” (wider — different category)
  • CANNOT sub-delegate “purchase groceries, max $500/week” (wider — higher budget)

2. Chain Verification

Every delegation can be verified back to its root (a human or org DID). Verifiers check:

  1. Root delegator is a valid, active human/org DID
  2. Each hop’s delegation VC is signed by the delegator at that level
  3. Each hop’s scope is a subset of the parent scope
  4. No delegation VC in the chain is revoked or expired

3. Depth Limits

Delegation chains have configurable maximum depth to prevent unbounded sub-delegation:

Autonomy LevelMax Delegation Depth
Intern0 (cannot delegate)
Junior0 (cannot delegate)
Senior1 (can delegate to one sub-agent)
Principal3 (deep chains allowed)

Delegation VC Schema

1{
2  "@context": [
3    "https://www.w3.org/2018/credentials/v1",
4    "https://ida.infinia.io/ns/agent/v1"
5  ],
6  "type": ["VerifiableCredential", "AgentDelegationCredential"],
7  "issuer": "did:adi:human001...",
8  "issuanceDate": "2026-03-15T09:00:00Z",
9  "expirationDate": "2026-09-15T00:00:00Z",
10  "credentialSubject": {
11    "id": "did:adi:agent:shop01...",
12    "delegator": "did:adi:human001...",
13    "delegate": "did:adi:agent:shop01...",
14    "scope": [
15      "purchase-groceries",
16      "compare-prices",
17      "manage-shopping-list"
18    ],
19    "constraints": {
20      "maxSpendPerWeek": 200,
21      "currency": "USD",
22      "authorizedMerchants": ["FreshMart", "OrganicCo"],
23      "geographicRestriction": "US",
24      "timeWindow": {
25        "start": "08:00",
26        "end": "22:00",
27        "timezone": "America/New_York"
28      }
29    },
30    "attenuatedFrom": null,
31    "delegationDepth": 0,
32    "maxDepth": 1
33  },
34  "proof": { "..." }
35}

Delegation Flow

Human to Agent

Issue Delegation

1POST /api/v1/delegations/issue
2Content-Type: application/json
3Authorization: DIDAuth <human-signed-challenge>
4
5{
6  "delegatorDid": "did:adi:human001...",
7  "delegateDid": "did:adi:agent:shop01...",
8  "scope": ["purchase-groceries", "compare-prices"],
9  "constraints": {
10    "maxSpendPerWeek": 200,
11    "currency": "USD",
12    "authorizedMerchants": ["FreshMart", "OrganicCo"]
13  },
14  "expirationDate": "2026-09-15T00:00:00Z",
15  "maxDepth": 1
16}

Agent to Sub-Agent (Attenuated)

1POST /api/v1/delegations/issue
2Content-Type: application/json
3Authorization: DIDAuth <agent-signed-challenge>
4
5{
6  "delegatorDid": "did:adi:agent:shop01...",
7  "delegateDid": "did:adi:agent:price01...",
8  "scope": ["compare-prices"],
9  "constraints": {
10    "authorizedMerchants": ["FreshMart", "OrganicCo"],
11    "readOnly": true
12  },
13  "attenuatedFrom": "urn:uuid:parent-delegation-vc-id",
14  "expirationDate": "2026-06-15T00:00:00Z",
15  "maxDepth": 0
16}

The API validates attenuation:

  • scope is a subset of parent’s scope
  • constraints are equal or stricter
  • expirationDate is not later than parent’s
  • maxDepth does not exceed parent’s remaining depth

Chain Verification

Verify a Delegation Chain

1POST /api/v1/delegations/verify-chain
2Content-Type: application/json
3
4{
5  "agentDid": "did:adi:agent:price01...",
6  "requiredScope": "compare-prices",
7  "delegationChain": [
8    { "credentialId": "urn:uuid:root-delegation" },
9    { "credentialId": "urn:uuid:sub-delegation" }
10  ]
11}

Response

1{
2  "valid": true,
3  "chain": [
4    {
5      "hop": 0,
6      "delegator": "did:adi:human001...",
7      "delegate": "did:adi:agent:shop01...",
8      "scope": ["purchase-groceries", "compare-prices"],
9      "valid": true
10    },
11    {
12      "hop": 1,
13      "delegator": "did:adi:agent:shop01...",
14      "delegate": "did:adi:agent:price01...",
15      "scope": ["compare-prices"],
16      "valid": true,
17      "attenuated": true
18    }
19  ],
20  "rootDelegator": {
21    "did": "did:adi:human001...",
22    "type": "person",
23    "active": true
24  },
25  "effectiveScope": ["compare-prices"],
26  "effectiveConstraints": {
27    "authorizedMerchants": ["FreshMart", "OrganicCo"],
28    "readOnly": true
29  }
30}

Scope Attenuation Examples

Valid Attenuations

Parent ScopeChild ScopeValid?Reason
[shopping, prices][prices]YesSubset of parent
maxSpend: 200maxSpend: 100YesStricter limit
merchants: [A, B, C]merchants: [A, B]YesFewer merchants
expires: Sepexpires: JunYesEarlier expiry

Invalid Attenuations

Parent ScopeChild ScopeValid?Reason
[prices][prices, shopping]NoAdded capability
maxSpend: 200maxSpend: 500NoHigher limit
merchants: [A, B]merchants: [A, B, C]NoAdded merchant
expires: Junexpires: SepNoLater expiry

Revocation

Revoke a Delegation

1POST /api/v1/delegations/revoke
2Authorization: DIDAuth <delegator-signed-challenge>
3
4{
5  "delegationId": "urn:uuid:root-delegation",
6  "reason": "no_longer_needed"
7}

When a delegation is revoked:

  1. The delegation VC is marked as revoked in the Revocation Registry
  2. All sub-delegations derived from it become invalid
  3. All active IBCTs based on this delegation are invalidated
  4. The agent (and sub-agents) can no longer present this chain

Narrowing an Active Delegation

1POST /api/v1/delegations/narrow
2Authorization: DIDAuth <delegator-signed-challenge>
3
4{
5  "delegationId": "urn:uuid:root-delegation",
6  "newScope": ["compare-prices"],
7  "newConstraints": {
8    "maxSpendPerWeek": 100
9  }
10}

This revokes the old delegation and issues a new, narrower one in a single atomic operation.