Delegation registries

As citizens authorize agents to act for them, the agency receiving an agent's request must be able to confirm that the agent's authority is live, scoped to the request, and not revoked. The difficulty is reaching that confirmation at the moment of the request without contacting the citizen, who will often not be present when their agent acts.

Australia's Relationship Authorisation Manager (RAM). RAM is a delegation registry operated by the ATO that lets individuals link their digital identity (myID, formerly myGovID) to a business and manage who can act on behalf of that business. It links digital identity to an Australian Business Number (ABN), supports hierarchical delegation (principal authority, administrator, and standard user roles), is used across multiple agencies (ATO, DEWR, AusCheck), and ties authorization to the individual's verified digital identity rather than a username/password.

Verifiable Credentials and Decentralized Identifiers (DIDs) as delegation infrastructure. A trust framework built on W3C Verifiable Credentials enables issuance of tamper-proof digital proofs of authority. Issuer identity registries maintain published DIDs for recognized issuers. The model supports delegation of authority via verifiable credential issuance, revocation through credential status lists, and verification without contacting the issuer in real time.

Agent Identity Protocol (AIP), arXiv 2603.24775 (March 2026). A protocol proposal that directly addresses agent delegation verification. It introduces Invocation-Bound Capability Tokens (IBCTs) that fuse identity, attenuated authorization, and provenance binding into a single append-only token chain. It operates in two wire formats, compact mode (signed JWT for single-hop) and chained mode (Biscuit token with Datalog policies for multi-hop delegation), and provides transport bindings across MCP, A2A, and HTTP.

RAM is the closest existing government precedent for a delegation registry, though it handles business-to-individual delegation rather than citizen-to-agent delegation. A government agent delegation registry would need to register agent operators (companies providing AI agent services), on the model of tax agent registration, then bind delegations to verified citizen identities, support real-time revocation checking, and provide delegation verification as a service to relying agencies.

AIP's token-chaining model is particularly relevant for multi-hop delegation: a citizen delegates to Agent A, which delegates a subset of authority to Agent B for a specific sub-task. The Datalog policy language allows attenuation, so each hop can only narrow the authority, never expand it.

The gap: no existing registry handles the "agent identity" problem. Is the delegate a company (the agent operator), a specific model version, a running instance? RAM identifies natural persons. AIP proposes cryptographic identity binding but has no production deployments.