Delegation & Authorization

Letting a person give an AI agent permission to act for them, in a way an agency can check is real and bounded. A delegation defines how much the agent can do and for how long. What is new is the citizen who would once have shown up and acted in person, and now sets an agent going and steps away, leaving software to act in their name across services and over time.

This surfaces new challenges: a citizen needs to hand authority to an agent and take it back at will, and an agency needs to know, each time an agent acts, that a real grant from the citizen stands behind it. Government sits on the other side of the same shift, acting through agents of its own under delegated institutional authority, so a real and bounded grant has to be checkable whichever side the agent acts for.

01 Policy challenge

As citizens begin authorizing AI agents to act for them across government services, the agency has to establish that any given delegation is genuine, still in force, and limited to what the citizen actually granted.

The identity and authorization infrastructure it has was built for a person proving they are who they say, not for a person handing scoped authority to a piece of software and later withdrawing it. That gap widens as the same agent acts for one citizen across many services and as the stakes of a delegated action rise.

02 Design challenge

Let a citizen grant scoped, revocable, time-bound authority to an agent.

Make sure the citizen, not the agent, stands behind a sensitive or irreversible action, to a degree proportionate to the stakes.

Let an agency verify that grant is real, current, and bounded without contacting the citizen in real time.

Keep a path open for people who can't set up or operate an agent, or who must act through a trusted person instead.

Patterns in this territory

11 shown

2.1

Fine-grained scope negotiation

A consent screen that renders a scope object as a plain-language permission a citizen can grant or narrow, with a sensible default bundle.

Live surface

2.2

Digital power of attorney

An attorney-facing screen that mints a time-limited, organization-specific access code from a registered delegation, which a relying organization enters to verify authority.

2.3

Consumer data rights consent flows

A bank-hosted consent screen reached by redirect that lists the requested scopes in plain language and feeds a standing consent dashboard for review and revocation.

2.4

Consent receipts and records

A delegation receipt screen that renders the machine-readable consent record as a plain-language summary of scope, parties, temporal bounds, and an action log.

2.5

Delegation registries

A delegation-management dashboard backed by a verification service that agencies query to confirm an agent's authority and revocation status in real time.

2.6

Identity binding to verified identity

An identity-provider flow that issues a delegation credential binding a verified citizen identity to an agent operator, which relying agencies verify.

2.7

Step-up re-authorization for sensitive actions

A government service that classifies each requested action by sensitivity and, for sensitive ones, pauses the agent and pushes a confirmation or re-authentication challenge to the citizen.

2.8

Nominated-agent authorization model

A client-authenticated nomination screen that registers a chosen agent at a typed authorization level, supporting several concurrent agents for different services.

2.9

User-defined access policies

A policy-management console where a citizen sets conditional sharing rules in advance that the authorization server evaluates when an agent later requests access.

2.10

Healthcare delegation models

An advance-directive style flow that records a primary and secondary agent with explicit excluded actions and stores the credential where clinical or institutional workflows can read it.

2.11

Managed agent identity

A plain-language agent-management interface layered over a cryptographic identity protocol, showing what the agent may do, what it has done, and a stop control.