HDP: A Lightweight Cryptographic Protocol for Human Delegation Provenance in Agentic AI Systems

TL;DR

HDP is a lightweight cryptographic protocol designed to securely verify human authorization in multi-agent AI systems, ensuring accountability through an append-only, verifiable provenance chain.

Contribution

The paper introduces HDP, a novel token-based scheme that cryptographically captures and verifies human delegation provenance in agentic AI systems, addressing gaps in existing standards.

Findings

HDP enables offline verification of human delegation with only a public key and session ID.

HDP's design is distinct from OAuth 2.0, JWT, UCAN, and IPP in multi-hop, append-only provenance.

HDP is published as an IETF draft and has a publicly available TypeScript SDK.

Abstract

Agentic AI systems increasingly execute consequential actions on behalf of human principals, delegating tasks through multi-step chains of autonomous agents. No existing standard addresses a fundamental accountability gap: verifying that terminal actions in a delegation chain were genuinely authorized by a human principal, through what chain of delegation, and under what scope. This paper presents the Human Delegation Provenance (HDP) protocol, a lightweight token-based scheme that cryptographically captures and verifies human authorization context in multi-agent systems. An HDP token binds a human authorization event to a session, records each agent's delegation action as a signed hop in an append-only chain, and enables any participant to verify the full provenance record using only the issuer's Ed25519 public key and the current session identifier. Verification is fully offline, requiring no registry lookups or third-party trust anchors. We situate HDP within the existing landscape of delegation protocols, identify its distinct design point relative to OAuth 2.0 Token Exchange (RFC 8693), JSON Web Tokens (RFC 7519), UCAN, and the Intent Provenance Protocol (draft-haberkamp-ipp-00), and demonstrate that existing standards fail to address the multi-hop, append-only, human-provenance requirements of agentic systems. HDP has been published as an IETF Internet-Draft (draft-helixar-hdp-agentic-delegation-00) and a reference TypeScript SDK is publicly available.