# Scoped Delegation

> Granting an agent a limited, explicit set of permissions to act on a principal's behalf — bounded in scope, budget and time.

_The Agentic Web Lexicon · /glossary/delegation · [JSON](/api/glossary/delegation) · [all The Agentic Web Lexicon](/glossary)_

- **term:** Scoped Delegation
- **category:** identity
- **short_def:** Granting an agent a limited, explicit set of permissions to act on a principal's behalf — bounded in scope, budget and time.
- **long_def:** Delegation answers the second half of agent identity: not just 'which agent?' but 'authorized to do what, for whom, within what limits?'. Scoped delegation expresses bounded authority — e.g. spend up to a cap, only with approved merchants, for a fixed window — and underpins agent payment mandates (AP2) and permissioned payment rails (MPP). It is the principle that keeps an autonomous agent from exceeding what its principal allowed.
- **see_also:** agent-identity, ap2, verifiable-credentials
- **etymology_origin:** — (verify-against-primary-at-build)
- **related_to:** agent-identity, ap2, verifiable-credentials, agent-as-buyer, mpp
- **contrast_with:** Unlike authentication, which proves who an agent is, scoped delegation defines what that agent is permitted to do on a principal's behalf — bounded authority, not identity; the two together gate any consequential agent action.
- **example:** An AP2 payment mandate is a form of scoped delegation: it authorizes an agent to spend only up to a set amount, only for a specified transaction, on the human's behalf.
- **source:** https://datatracker.ietf.org/doc/html/rfc6749
- **status:** emerging
- **why_it_matters:** Scoped delegation is the safety boundary of autonomous action; without it, granting an agent access means granting it unbounded authority — unacceptable for payments or writes.
- **sameAs:** —
- **bridge_entity:** protocols/identity/web-bot-auth
- **last_verified:** 2026-06-15
- **md_twin:** /glossary/delegation.md