If you’re trying to make SPIFFE handle delegation, you’re forcing the wrong layer to do the wrong job. SPIFFE gives you workload identity and attestation, full stop. It’s PKI for machines — not a delegation framework.

A better model is to separate identity from capability:

SPIFFE/SPIRE handles who the agent is (short-lived, attested identity).

Capabilities / Macaroons / ZCAP-LD handle what that agent is allowed to do, and who delegated it.

OPA or Cedar enforces policy at runtime.

VCs come in only if you need cross-domain delegation (federated or multi-issuer trust).

So SPIFFE issues identities, and those identities mint or receive verifiable capabilities that describe explicit rights. You get composable, auditable delegation without breaking SPIFFE’s short-lived cert model or pretending it can do web-of-trust semantics.

Trying to bake delegation into SPIFFE itself is just reimplementing capability security badly.

I do understand what you are saying, but in my head feels a bit too overcomplicated to just tell any developer doing AI agents to do all this stuff, there most be a cleaner way to do it.