Dice Question Streamline Icon: https://streamlinehq.com

Revocation in decentralized, multi-hop agent delegation chains

Develop mechanisms to propagate revocation reliably across decentralized, multi-hop agent delegation chains that use offline-attenuated tokens such as Biscuits and Macaroons, ensuring timely termination of delegated authorities throughout the entire delegation path from the original user to all downstream sub-agents.

Information Square Streamline Icon: https://streamlinehq.com

Background

The paper highlights that revocation is a critical and largely unsolved problem when agents delegate authority across chains, particularly in decentralized architectures using offline-attenuated, object-capability style tokens (e.g., Biscuits and Macaroons). In such systems, sub-tokens can be derived without contacting the original issuer, making traditional centralized revocation difficult to propagate along the delegation path.

The authors note that if a user revokes a primary agent’s access, there is no clear immediate mechanism to propagate that revocation down a chain of offline tokens already further delegated. They discuss emerging standards like the Shared Signals Framework and OpenID Provider Commands as potential building blocks, and suggest bounding credentials by execution counts as a mitigation, but emphasize that a comprehensive, timely revocation solution remains unresolved.

References

A critical, and largely unsolved, problem in these architectures is revocation. In a decentralized system using offline-attenuated tokens, the problem is magnified.

Identity Management for Agentic AI: The new frontier of authorization, authentication, and security for an AI agent world (2510.25819 - South et al., 29 Oct 2025) in Section 3, Delegated Authorization and Transitive Trust — The Revocation Challenge