{ "dataset": "glossary", "record": { "id": "delegation", "term": "Scoped Delegation", "category": "identity", "short_def": "Granting an agent a limited, explicit set of permissions to act on a principal's behalf — bounded in scope, budget and time.", "long_def": "Delegation answers the second half of agent identity: not just 'which agent?' but 'authorized to do what, for whom, within what limits?'. Scoped delegation expresses bounded authority — e.g. spend up to a cap, only with approved merchants, for a fixed window — and underpins agent payment mandates (AP2) and permissioned payment rails (MPP). It is the principle that keeps an autonomous agent from exceeding what its principal allowed.", "see_also": [ "agent-identity", "ap2", "verifiable-credentials" ], "etymology_origin": { "value": null, "verify_status": "verify-against-primary-at-build", "source_hint": "https://datatracker.ietf.org/doc/html/rfc6749 — scoped delegation generalises OAuth 2.0 'scopes' and delegated authorization (RFC 6749, 2012) to AI agents; no single coiner for the agent-delegation sense" }, "related_to": [ "agent-identity", "ap2", "verifiable-credentials", "agent-as-buyer", "mpp" ], "contrast_with": "Unlike authentication, which proves who an agent is, scoped delegation defines what that agent is permitted to do on a principal's behalf — bounded authority, not identity; the two together gate any consequential agent action.", "example": "An AP2 payment mandate is a form of scoped delegation: it authorizes an agent to spend only up to a set amount, only for a specified transaction, on the human's behalf.", "source": "https://datatracker.ietf.org/doc/html/rfc6749", "status": "emerging", "why_it_matters": "Scoped delegation is the safety boundary of autonomous action; without it, granting an agent access means granting it unbounded authority — unacceptable for payments or writes.", "sameAs": [], "bridge_entity": "protocols/identity/web-bot-auth", "last_verified": "2026-06-15", "md_twin": "/glossary/delegation.md" } }