MACAWMACAW|Research
Research/Guide
Download
Guide

How AI agents act on behalf of users

Delegated Authentication

Overview

Delegated authentication allows AI agents to act on behalf of users while maintaining complete audit trails and security boundaries. This enables scenarios like:

  • Support agents handling tickets on behalf of customers
  • Automated services performing scheduled tasks for users
  • Administrative operations with proper authorization chains

The Delegation Triangle

   Delegator (User/Principal)
         /\
        /  \
       /    \
      /      \
   Grant    Audit
    /          \
   /            \
Delegate      Resource
(Agent)       (System)

Key Concepts

Delegation Token

A cryptographically signed credential containing:

Field Description
Delegator The principal granting authority
Delegate The agent receiving authority
Scope Specific operations and resources allowed
Expiration Time limit for the delegation
Purpose Human-readable reason for delegation
Chain For multi-hop delegations

Delegation Chain

Tracks the full authorization path for audit:

User → Support Agent → Automation Bot

Each hop is recorded, validated, and can be revoked.

Scope Definition

Precisely defines what the delegate can do:

  • Operations: read, update, create_note
  • Resources: customer_profile, support_tickets
  • Conditions: max_amount, time_window, ticket_ids

Security Model

Principle of Least Privilege

Delegated permissions are the intersection of:

  1. What the delegator grants
  2. What the delegate already possesses

This prevents privilege escalation through delegation.

Security Guarantees

  • Cryptographic verification: Tokens are signed and validated
  • Scope enforcement: Delegates cannot exceed granted permissions
  • Audit trail: Complete "who did what for whom" tracking
  • Expiration handling: Time-based security boundaries
  • Chain limits: Prevent deep delegation chains

Use Cases

Customer Support

Support agents access customer data with:

  • Scoped permissions (view profile, update billing)
  • Time-limited access (shift duration)
  • Full audit trail for compliance

Microservices

Services maintain user context across calls:

  • User → API Gateway → Order Service → Payment Service
  • Each hop tracked in delegation chain
  • Original user identity preserved

Scheduled Jobs

Background processes run with user permissions:

  • User authorizes nightly backup
  • Automation service acts on user's behalf
  • Time-windowed access (2am-4am only)

Compliance Benefits

Audit Trail

Every delegated operation records:

  • Who: Complete identity chain (delegator → delegate)
  • What: Exact operations and data accessed
  • When: Precise timestamps
  • Why: Purpose and context

Regulatory Support

  • HIPAA: Patient data access with delegation context
  • PCI-DSS: Financial operations with approval chains
  • GDPR: Data access with clear legal basis
  • SOX: Financial controls with separation of duties

Copyright MACAW Security. All rights reserved.

Ready to implement agentic access control?

Start with the Developer tier - free forever with full security features.

Get Started FreeContact Sales