Hessra Logo
< BACK_TO_BLOG
#identity-tokens#ai-agents#delegation#biscuit#machine-identity#authorization#non-human-identity

Using Hessra Identity Tokens for Delegated Agent Identities

Learn how to use Hessra's identity tokens to create secure, hierarchical identities for AI agents and sub-agents with cryptographic delegation.

by Jacob Valentic

Using Hessra Identity Tokens for Delegated Agent Identities

In the age of AI agents and autonomous systems, managing identities for machines that spawn other machines has become a critical challenge. How do you give an AI agent the ability to authenticate itself while maintaining security boundaries? How do you track which sub-agent performed which action when your main agent delegates work?

Hessra's identity tokens solve this with cryptographic delegation chains that create verifiable, hierarchical identities without ambient authority.

> The Challenge: Agents Creating Agents

Modern AI systems often work through delegation. A main agent receives a task, breaks it down, and spawns specialized sub-agents to handle specific portions. Each sub-agent might need to:

  • Access different APIs and services
  • Perform actions on behalf of the parent agent
  • Create its own sub-agents for further delegation
  • Leave an auditable trail of who did what

Traditional approaches force you to choose between security and functionality. Either you give all agents the same powerful credentials (dangerous), or you implement complex orchestration to mint new credentials for each agent (slow and centralized).

> Identity Tokens: Cryptographic Delegation Without Central Authority

Hessra identity tokens flip this model. Instead of ambient authority that grants permissions, identity tokens prove who you are. They can be delegated offline, creating a cryptographic chain of identity that gets more specific at each level.

Here's how it works in practice.

Step 1: Authenticate as Yourself

First, authenticate using mTLS to get your base identity token:

# Using the Hessra CLI tool
hessra identity authenticate \
  --server auth.example.com \
  --cert client.crt \
  --key client.key \
  --ca ca.crt \
  --save-as my-identity

This gives you an identity token that proves you are, say, urn:hessra:alice. This token has no permissions - it's purely identity.

Step 2: Create a Delegated Identity for Your Agent

Now, create a delegated identity for your AI agent without any network calls:

# Delegate to your main agent
hessra identity delegate \
  --from-token my-identity \
  --identity "urn:hessra:alice:main-agent" \
  --ttl 3600 \
  --save-as agent-identity

This creates a new token that:

  • Can only be used by urn:hessra:alice:main-agent
  • Proves it was delegated from alice
  • Works for 1 hour
  • Required no server communication

Step 3: Give the Agent Delegation Powers

If your agent needs to create sub-agents, give it access to the Hessra CLI:

# In your agent code
import subprocess
import json

class AIAgent:
    def __init__(self, identity_token):
        self.identity_token = identity_token
        self.identity = "urn:hessra:alice:main-agent"

    def spawn_sub_agent(self, task_name):
        # Create a unique identity for this sub-agent
        sub_identity = f"{self.identity}:{task_name}"

        # Delegate using the CLI
        result = subprocess.run([
            "hessra", "identity", "delegate",
            "--from-token", self.identity_token,
            "--identity", sub_identity,
            "--ttl", "300"  # 5 minutes for sub-tasks
        ], capture_output=True, text=True)

        sub_token = result.stdout.strip()

        # Spawn the sub-agent with its delegated identity
        return SubAgent(sub_identity, sub_token)

Step 4: Sub-Agents Can Delegate Further

Each sub-agent can create its own delegated identities:

class SubAgent:
    def __init__(self, identity, token):
        self.identity = identity
        self.token = token

    def create_worker(self, worker_id):
        # This creates urn:hessra:alice:main-agent:analyzer:worker-1
        worker_identity = f"{self.identity}:worker-{worker_id}"

        # Delegate further down the chain
        # ... (similar CLI call)

> The Security Model: Narrowing Scope at Every Level

The key insight is that each delegation narrows the scope. The identity token for urn:hessra:alice:main-agent:analyzer cannot be used to impersonate urn:hessra:alice or urn:hessra:alice:main-agent. It can only represent itself and delegate to identities below it in the hierarchy. These delegation chains also naturally form a tree, giving you the ability to "treeban" and prune entire portions for easy revocation.

This is enforced cryptographically using Biscuit tokens. Each delegation adds constraints that must ALL be satisfied:

// Original token constraint
check if actor($a), $a == "urn:hessra:alice" ||
         $a.starts_with("urn:hessra:alice:");

// Added by first delegation
check if actor($a), $a == "urn:hessra:alice:main-agent" ||
         $a.starts_with("urn:hessra:alice:main-agent:");

// Result: Only identities starting with "urn:hessra:alice:main-agent" work

> Using Delegated Identities for Authorization

Once an agent has its identity token, it can request authorization tokens for specific actions:

use hessra_sdk::Hessra;

// Configure the SDK with the delegated identity token
let client = Hessra::builder()
    .base_url("auth.example.com")
    .identity_token(&agent_identity_token)  // Use identity instead of mTLS
    .server_ca(&ca_cert)
    .build()?;

// Request an authorization token for a specific action
let auth_token = client
    .request_token("database", "read")
    .await?;

// Use the authorization token for the actual request
// The token proves both WHO (via delegation chain) and WHAT (specific permission)

> Practical Example: Document Processing Pipeline

Let's walk through a real scenario. You have an AI system that processes documents:

  1. Main Orchestrator (alice:orchestrator)

    • Receives document processing request
    • Creates delegated identity for analyzer

  2. Document Analyzer (alice:orchestrator:analyzer)

    • Examines document structure
    • Creates delegated identities for specialized extractors

  3. Data Extractors (alice:orchestrator:analyzer:extractor-1, etc.)

    • Each processes specific sections
    • Requests authorization tokens to write results

The audit trail shows the complete delegation chain. If extractor-1 misbehaves, you can revoke just that branch without affecting other agents.

> Implementation Tips

Token Lifetime Management

Balance security with performance:

  • Base identity tokens: 8-24 hours
  • Agent identities: 1-4 hours
  • Sub-agent identities: 5-30 minutes
  • Worker identities: 1-5 minutes

Delegation Patterns

Use consistent naming hierarchies:

urn:hessra:user:service:agent:task:subtask

This makes policy decisions and auditing clearer.

Error Handling

Identity tokens can be verified offline, making it easy to check delegation chains:

# Verify the delegation chain locally
try:
    client.verify_identity_token_local(
        token=worker_token,
        identity="alice:orchestrator:analyzer:worker-1"
    )
    print("Identity verified - delegation chain intact")
except:
    print("Invalid delegation - token may be expired or tampered")

> Beyond AI Agents: Other Use Cases

While AI agents are a compelling use case, delegated identities solve broader problems:

CI/CD Pipelines

Each job gets a delegated identity. The build job can't access deployment credentials, and the test job can't access production databases.

API Key Replacement

Instead of generating and tracking static API keys for your customers, you can instead create them an identity token that automatically expires. Your customer doesn't need to do anything differently. Or, your advanced users can self-delegate their API key to other teams/members.

Temporary Access

Instead of creating temporary users, delegate identity to contractors or automated tools with automatic expiration.

> Getting Started

To start using delegated identities in your system:

  1. Request beta access: email hello@hessra.net for access to our platform
  2. Install the Hessra CLI: Available for major platforms
  3. Set up mTLS: Your root authentication method
  4. Design your hierarchy: Plan your identity delegation structure
  5. Implement delegation: Add your client configuration to the gitops config files

Check out our documentation for detailed implementation guides and our GitHub repositories for SDK examples.

> The Future of Machine Identity

As systems become more autonomous and interconnected, the old model of static credentials and ambient authority becomes untenable. Delegated identity tokens provide a path forward: cryptographically secure, independently verifiable, and infinitely flexible.

At Hessra, we're building this future one delegation at a time. Join us in reimagining how machines prove who they are and what they're allowed to do.

Want to implement delegated identities in your system? Reach out or check our documentation to get started.