Re: [HDP] Agentic delegation provenance with DID principal binding

Thank you for the nudge and reminder.

The selective disclosure direction still feels like the most
interesting next step here.

One thing that might be useful to clarify early is what exactly needs
to survive when the full chain isn’t disclosed. Is the intent to
selectively reveal parts of the chain itself, or to derive a smaller
set of claims from it (for example, that valid authorization exists
within a given scope) without exposing the full lineage?

That distinction seems important in light of the points raised about
revocation and obligation propagation. If those semantics primarily
live in the chain, then reducing the lineage via selective disclosure
risks breaking the chain of responsibility. The question then becomes
how to ensure that, even when identities are hidden, the relevant
obligations remain verifiable and portable.

Even within a provenance-focused design, making that boundary explicit
would likely help with how HDP composes with VC-style presentations
and downstream verifier expectations.

/sankarshan

On Sat, 4 Apr 2026 at 03:00, Siri Dalugoda <siri@helixar.ai> wrote:
>
> Hi Sankarshan,
>
> Just following up: I sent a reply to your feedback on March 31 but it looks like it may not have reached your inbox.
>
> Here's the original response for convenience:
>
> Hi Sankarshan,
>
> Thanks for the feedback.HDP v0.1 already supports principal with id_type: "did" for binding to existing decentralized identity infrastructure. DID resolution is application-defined and optional.That framing expressing derived agent authority as a Verifiable Presentation from the root token maps well onto the existing chain model. The current design provides full tamper-evident traceability via the signed delegation chain (Ed25519 + RFC 8785). For cases where only proof of authorization is needed (credential minimization via selective disclosure of specific claims or hops rather than the full lineage), this is worth exploring as a v0.2 extension.
>
> Siri
>
> Alan also chimed in with a great point about using opaque identifiers for privacy while still enabling step-by-step revocation, which aligns nicely with the selective disclosure direction.
> We're keeping HDP focused on the execution audit trail and provenance. Would welcome any further thoughts from you.
>
> Siri
> Helixar
>
>
>
>
>
> From: Alan Karp <alanhkarp@gmail.com>
> To: "sankarshan"<sankarshan.mukhopadhyay@gmail.com>
> Cc: "Siri Dalugoda"<siri@helixar.ai>, "public-credentials"<public-credentials@w3.org>
> Date: Sat, 04 Apr 2026 05:35:31 +1300
> Subject: Re: [HDP] Agentic delegation provenance with DID principal binding
>
> On Fri, Apr 3, 2026 at 5:13 AM sankarshan <sankarshan.mukhopadhyay@gmail.com> wrote:
>
> The VC alignment is interesting. Expressing agent authority as a
> Verifiable Presentation derived from the root token makes sense. It
> may also be worth exploring whether parts of the chain, or claims
> derived from it, can be selectively disclosed rather than always
> sharing the full delegation lineage, especially in cases where only
> proof of authorization is needed rather than full traceability.
>
>
> Even if you only need proof of authorization to know whether to honor a request, you need more information to revoke a delegation in the middle of the chain.  You can achieve your privacy goals by using an opaque identifier when delegating.  Each delegate can be held responsible by its delegator step by step along the chain without revealing actual identities.
>
> --------------
> Alan Karp
>
>
> On Fri, Apr 3, 2026 at 5:13 AM sankarshan <sankarshan.mukhopadhyay@gmail.com> wrote:
>
> The VC alignment is interesting. Expressing agent authority as a
> Verifiable Presentation derived from the root token makes sense. It
> may also be worth exploring whether parts of the chain, or claims
> derived from it, can be selectively disclosed rather than always
> sharing the full delegation lineage, especially in cases where only
> proof of authorization is needed rather than full traceability.
>
> /sankarshan
>
> On Tue, 31 Mar 2026 at 01:30, Siri Dalugoda <siri@helixar.ai> wrote:
> >
> > Hi Credentials CG Team,
> >
> > I'd like to share a protocol that addresses a gap in the agentic AI space that I believe is directly relevant to this group's work on Verifiable Credentials and decentralized identity.
> >
> > HDP (Human Delegation Provenance Protocol) defines a signed token chain that creates a cryptographic audit trail from an authorising human to every AI agent acting downstream.
> > The principal identity model supports id_type: "did" natively, meaning a W3C DID can be used as the root authorising identity binding HDP delegation chains to existing decentralised identity infrastructure.
> >
> > IETF draft: https://datatracker.ietf.org/doc/draft-helixar-hdp-agentic-delegation/
> > Spec:       https://helixar.ai/about/labs/hdp/
> > Repository: https://github.com/Helixar-AI/HDP
> >
> > Key properties:
> > - Ed25519 signatures over RFC 8785 canonical JSON
> > - Fully offline verification, no registry or network dependency
> > - DID-compatible principal binding at the root token level
> > - Compact enough for HTTP header transport (X-HDP-Token)
> >
> > I see a natural alignment between HDP's delegation model and the VC data model, specifically around how an AI agent's authority could be expressed as a Verifiable Presentation derived from the root delegation token.
> > I'm actively exploring this in the next draft revision and would welcome input from this group on how best to formalise that binding.
> >
> > Happy to answer questions or take feedback on the draft.
> >
> > Best regards,
> > Siri
> > Helixar Limited

-- 
sankarshan mukhopadhyay
<https://about.me/sankarshan.mukhopadhyay>

Received on Monday, 6 April 2026 03:25:00 UTC