Verifiable delegation in digital identity systems remains unresolved across centralized, federated, and self-sovereign identity (SSI) environments, particularly where both human users and autonomous AI agents must exercise and transfer authority without exposing primary credentials or private keys. We introduce a unified framework that enables bounded, auditable, and least-privilege delegation across heterogeneous identity ecosystems. The framework includes four key elements: Delegation Grants (DGs), first-class authorization artefacts that encode revocable transfers of authority with enforced scope reduction; a Canonical Verification Context (CVC) that normalizes verification requests into a single structured representation independent of protocols or credential formats; a layered reference architecture that separates trust anchoring, credential and proof validation, policy evaluation, and protocol mediation via a Trust Gateway; and an explicit treatment of blockchain anchoring as an optional integrity layer rather than a structural dependency. Together, these elements advance interoperable delegation and auditability and provide a foundation for future standardization, implementation, and integration of autonomous agents into trusted digital identity infrastructures.

翻译：在集中式、联邦式和自主身份环境中，数字身份系统的可验证委托问题仍未得到解决，尤其是在人类用户和自主AI代理均需在不暴露主要凭证或私钥的情况下行使和转移权限的场景中。本文提出一个统一框架，支持跨异构身份生态系统的有限、可审计、最小权限委托。该框架包含四个核心要素：委托授权——作为一等授权构件，编码具有强制范围缩减的可撤销权限转移；规范验证上下文——将验证请求规范化为独立于协议或凭证格式的单一结构化表示；分层参考架构——通过信任网关分离信任锚定、凭证与证明验证、策略评估及协议中介；以及将区块链锚定明确处理为可选完整性层而非结构依赖项。这些要素共同推进了互操作委托与可审计性，为未来自主代理融入可信数字身份基础设施的标准化、实施与集成奠定了基础。