Acting on Behalf of Others: Delegation, Consent, and Messy Reality
“Most digital systems were built around a simple model: one user, one identity, one device, one intent. If you need more than that, that’s what password sharing is for, right? (Note: that was sarcasm.) Who needs delegation?“
You can Subscribe and Listen to the Podcast on Apple Podcasts, or wherever you listen to Podcasts.
And be sure to leave me a Rating and Review!
Reality, which has definitely included sharing passwords, has always been messier.
From caregivers managing health portals, to coworkers submitting expense reports on behalf of others, to kids navigating school systems with help from their parents, the need for delegation is everywhere. But digital identity systems still mostly assume a clean one-to-one world. And when real life demands “acting for someone else,” we’re left cobbling together workarounds such as password sharing, manual overrides, and endless customer support calls.
Now, with the rise of agentic AI, where digital agents can take actions independently, the challenge of delegation has found new urgency. If humans already can’t delegate to other people cleanly in digital systems, what happens when software needs to do it?
Delegation isn’t new. But it’s getting urgent.
You may also be interested in some of my earlier posts, “Agentic AI and Authentication: Exploring Some Unanswered Questions” and “What AI Agents Can Teach Us About Fraud in Consumer Identity.”
Delegation: Beyond Permission Tokens and Role Switching
Delegation sounds simple: authorize one party to act on behalf of another. I wish it were that simple! Alas, today, “delegation” often gets boiled down to clumsy versions of permission tokens or role-switching.
Let’s take a real-world example. I’m paraphrasing from George Fletcher‘s LinkedIn article on Delegated Authorization (are you following George? You need to be following George).
Alice managed medical and supplement accounts for herself and her spouse Bob. After Alice’s death, Bob needed access to those accounts to make changes. But because most systems didn’t support delegation, the only option was for Bob to impersonate Alice, using her password, risking terms-of-service violations and creating an audit mess.
This is hardly rare. Across industries, you see:
- Healthcare: Caregivers trying to manage appointments and prescriptions without “breaking” patient portals.
- Workplaces: Expense approvals getting “proxy-approved” by executive assistants without clear delegation records.
- Education: Parents struggling to fill out school forms because online systems assume the student is the sole user.
- Customer Service: Agents needing to fix a customer’s problem but lacking any secure way to act on the customer’s behalf.
In these cases, systems often lean on role-switching (“pretend to be someone else”) or manual overrides (“fax us a form”). Neither solution is scalable, auditable, or user-friendly.
Why Agentic AI Turns the Pressure Up
If delegation was already broken for humans, AI makes the problem even harder. (The irony here, given AI is supposed to make everything easier, does not escape me.)
Picture an AI financial assistant you authorize to move money between your accounts. That AI is acting on your behalf, but today’s systems aren’t designed to distinguish “the customer” from “the customer’s agent.” There’s no standard way to represent delegated credentials. No clear audit trail showing who (or what) took which action.
Without robust delegation models, AI agents risk being blocked from useful actions or allowed to act too broadly without sufficient consent or guardrails.
This isn’t just a futuristic thought experiment. Real discussions (like those at The Identity Salon) have flagged problems ranging from AI in banking to AI-powered scheduling assistants accessing your work calendar.
Delegation Models (and Why They’re Still Not Enough)
We’ve tried to tackle delegation before. Some of the main models include:
- OAuth “Alice-to-Alice” Sharing: Useful for limited access (like “this app can see your calendar”), where you grant a service permission to act on your behalf. But even though another app is doing the work, the system still treats it as if you personally took the action, which isn’t the kind of clear, separate delegation we often need.
- User-Managed Access (UMA): A step forward in enabling a touch more complexity, UMA (a spec out of the Kantara Initiative) allows Bob to act for Alice with his own identity. Unfortunately, adoption of UMA has been slow.
- On-Behalf-Of Models in “OAuth 2.0 Token Exchange” (RFC 8693): Helpful for service-to-service delegation, but lacking lifecycle management and human-centric constraints.
- Persona Chaining: Several efforts have proposed ways to create sub-identities for delegation, but they tend to introduce ambiguity over time and often fail to take hold in real-world systems. Why? Because chaining authority adds complexity: it’s harder to define clear boundaries, enforce policy constraints, and ensure reliable audit trails as the chain grows. Without strong governance, persona chains risk becoming security liabilities instead of flexible solutions.
Each model solves part of the puzzle. None solves it completely. Especially once you factor in:
- Contextual constraints (“only for this task,” “only until next Tuesday”).
- Transitivity (“Bob can act for Alice—but can’t pass that authority to Carol”).
- Auditability (“who did what, when, and why”).
- Lifecycle management (“delegation expires automatically when conditions change”).
Real-World Enterprise Reflections
Healthcare and personal AI agents are one thing, but don’t think the enterprise gets to avoid this pain.
In HR systems, managers often need to submit forms on behalf of employees. Without built-in delegation, companies end up granting broad admin rights, creating security risks and compliance headaches. (There’s a reason digital identity is one of the most successful attack vectors there is today.)
In expense systems, executive assistants often “act for” executives, but technically submit expenses “as” the executive. Good luck untangling that when auditors come knocking. Or not. You deserve at least a slap on the wrist if that’s what you’re doing.
Even in research settings, project leads sometimes need to act on behalf of students or postdocs to access grant portals or finalize submissions, but systems rarely support clear, limited delegation.
Delegation Isn’t Optional Anymore
As George Fletcher put it, we need ways for one party to prove:
- They have the right to act on someone else’s behalf.
- They are the specific person (or agent) authorized.
- Their actions are constrained by clear, enforceable policies.
Without this, delegation remains a patchwork of risky workarounds.
And with AI agents entering the mix, “I’ll just share my password” is no longer an acceptable fallback.
If we want a digital world that reflects real human (and increasingly agentic) relationships, delegation needs to be a first-class feature, not an afterthought. But it’s not going to be easy. Whatever new specifications technologists come up with will have to contend with legacy systems that have no idea how to implement those specifications (I wrote about the long-tail of implementation not too long ago). The technical debt here is crazypants.
In the next post, I’ll dive into where I think existing delegation models fall short and what a more complete, future-ready solution could look like.
📩 Want to stay updated? I write about digital identity and related standards—because someone has to keep track of all this! Subscribe to get a notification when new blog posts go live. No spam, just announcements of new posts. [Subscribe here]
Transcript
[00:00]
Welcome to A Digital Identity Digest, the audio companion to the blog at Spherical Cow Consulting. I’m Heather Flanagan, and every week I break down interesting topics in the field of digital identity—from credentials and standards to browser weirdness and policy twists.
If you work with digital identity but don’t have time to follow every specification or hype cycle, you’re in the right place.
Let’s get into it.
Delegation Sounds Simple — Until It Isn’t
[00:00:29]
Today, we’re diving into a problem that’s bigger than it sounds: delegation.
If that word makes your eyes glaze over, hang on. Because without solving the delegation problem, everything from caregiving to AI agents managing your bank accounts is held together with virtual duct tape and hope.
What Is Delegation, Really?
[00:01:03]
Digital systems were built on a simple model: one user, one identity, one device, one intent. Clean. Predictable.
But real life doesn’t work like that.
[00:01:17]
Delegation happens all the time. You hand your kid your phone to check in at the orthodontist. A coworker approves an invoice while you’re in the air. Your partner logs into the utility company’s website to pay a bill.
Delegation is normal behavior. It’s how families, companies, and governments function. Ever heard of a power of attorney? Same idea, different paperwork.
[00:01:48]
But our systems still assume we all live alone on little digital islands. One user, one device. No help allowed.
How People Actually Delegate
[00:02:00]
When you try to act for someone else, you usually end up doing one of three things:
- Share a password (bad, and you know it)
- Fill out a 1990s-style form
- Spend an afternoon lost in customer support limbo
[00:02:24]
Delegation isn’t a corner case. It’s everyday life. And as AI agents enter the mix, the cracks in our one-user model become more obvious—and more dangerous.
Real Life Example: Bob and Alice
[00:02:41]
Let’s talk about a real-world example, using Bob and Alice. Because in Identity Land, everyone is Bob and Alice.
[00:02:49]
Alice manages all the medical and supplement accounts for her household. When she dies, Bob needs to access those accounts to cancel services, update info, settle things.
[00:02:59]
But that’s not easy. Most sites don’t support real delegation. Bob’s options:
- Steal or guess Alice’s password (which is illegal)
- Fax around a death certificate like it’s 1997
[00:03:24]
Even if he gets in, the system doesn’t know Bob is acting with Alice’s consent.
[00:03:35]
This isn’t an extreme case. Parents managing care for kids, adult children helping with banking, executive assistants scheduling meetings—it’s all delegation.
We designed our systems as if these use cases don’t exist.
And Then Came AI Agents
[00:03:59]
Let’s make it even messier by adding AI.
[00:04:05]
Imagine you have an AI assistant that can act on your behalf: book flights, order groceries, pay bills, move money. Maybe it even negotiates your internet bill.
You’ve told it what it can do—and it works. Until it doesn’t.
[00:04:24]
When the AI tries to update your address or cancel a subscription, the system says: Who are you, and why should I trust you?
[00:04:56]
Right now, there’s no standard credential that says, “I’m an authorized agent.” No way to prove the agent isn’t just stealing your identity.
So you either get blocked at every step, or you let the AI act freely—with no oversight, audit trail, or way to revoke access.
[00:05:22]
Either scenario is a nightmare.
[00:05:24]
This isn’t theoretical. Visa and Mastercard are already testing AI agents that act on your behalf. People are plugging them into banking tools, medical apps, productivity workflows.
But the tools weren’t built for real delegation.
Existing Models Aren’t Enough
[00:06:04]
There have been attempts to fix this:
- OAuth 2.0 — Lets Alice share access, but it still looks like Alice did everything
- User Managed Access (UMA) — Great concept where Bob acts for Alice as Bob, with permission. But not widely adopted
- OAuth Token Exchange — Works well for backend services, but not for actual humans
- Persona Chaining — Create sub-identities, then lose track of them
[00:07:00]
Each solves part of the problem, but none cover the full picture—especially when you need context, limits, expiration, and audit trails.
Delegation in the Enterprise? Worse.
[00:07:25]
You’d think enterprises would have this figured out. Nope.
[00:07:30]
HR managers need to do things on behalf of employees. But instead of targeted delegation (like submitting vacation requests but not seeing salary), they get full admin rights.
[00:07:40]
Executive assistants submit expenses for executives all the time. That’s fine—until an audit shows $6,000 in upgrades and spa charges, and the system logs show the executive clicked “submit.”
Maybe they did. Maybe they didn’t.
[00:08:12]
Yes, this really happens. Especially in older ERP or expense systems, or in underfunded orgs without fine-grained access controls.
[00:08:49]
Even well-funded companies often rely on temporary access, shared accounts, and informal workflows that make real audit trails impossible.
[00:09:12]
Unless the system supports delegated authority as a first-class feature, it always looks like the executive made the request. Not the assistant.
Broken Delegation = Risk and Waste
[00:09:31]
Every time delegation is handled poorly, it:
- Slows down work
- Increases friction
- Creates security risks
- Forces people into workarounds
[00:09:48]
Delegation isn’t an edge case. It’s just life. And ignoring it breaks everything.
What Needs to Change
[00:10:02]
We need ways for people and agents to prove:
- They have the right to act for someone else
- They are who they say they are
- Their actions are constrained, auditable, and revocable
[00:10:28]
Without that, delegation stays chaotic—and automation doesn’t work.
[00:10:39]
Fixing this isn’t easy. It means:
- Updating protocols like OAuth and UMA
- Building support for verifiable credentials
- Creating governance models that aren’t just “hope and vibes”
[00:10:53]
And then there’s the technical debt—so large it might have its own zip code. Updating protocols doesn’t magically update software. Apps have to evolve too.
[00:11:17]
If we want digital systems that reflect real life, delegation has to be a first-class feature.
What’s Next
[00:11:25]
In Part Two, I’ll dig deeper into where today’s models fall short—and what it’ll take to build delegation that doesn’t suck.
Thanks for Listening
[00:11:42]
That’s it for this episode of A Digital Identity Digest.
If this helped make the messy world of digital identity a little clearer—or at least more interesting—please share it with a friend or colleague. Connect with me on LinkedIn @hlflanagan.
And if you enjoyed the show, subscribe and leave a review on Apple Podcasts or wherever you listen.
You can read the full post at sphericalcowconsulting.com.
Stay curious. Stay engaged. Let’s keep the conversation going.
