# Delegation mask

This section describes the iSHARE delegation request data model used in a valid request for delegation evidence response. The [Delegation Evidence section](https://dev.ishare.eu/version-2.0.1/reference/delegation-evidence) describes the response data model to delegation request. To see full delegation request example please visit [Delegation Endpoint response example section](https://dev.ishare.eu/version-2.0.1/authorisation-registry-role/delegation-endpoint).

{% hint style="info" %}
**Note**

Visit [delegation endpoint section](https://dev.ishare.eu/version-2.0.1/authorisation-registry-role/delegation-endpoint) to read API documentation that specifies how the `/delegation` endpoint should look like since delegation mask is not enough for full flow to work.
{% endhint %}

* `delegationRequest`\
  **Object**. Root level.\
  The request for any delegation evidence.
  * `policyIssuer`\
    **String**. Contained in `delegationRequest`.\
    iSHARE identifier of the delegator (the delegating entity).
  * `target`\
    **Object**. Contained in `delegationRequest`.\
    MUST for the root level contain an `accessSubject`. No other elements are allowed. It makes the entire delegation evidence applicable only to this accessSubject.
    * `accessSubject`\
      **String**. Contained in `target`.\
      iSHARE identifier of the delegate, also known as the entity that receives the delegated rights.
  * `policySets`\
    **Array of Objects**. Contained in `delegationRequest`.|\
    Container for one or more objects containing policy elements with an indication for further delegation. Note that policySet elements within one delegationRequest MUST not restrict each other, but rather offer a mechanism to express additional rights. They will be evaluated by the Authorization Registry in a *permit-override* manner, allowing a *Permit* if only one of the policySet elements evaluates to *Permit*. [Data model description and examples can be found at Policy Sets section](https://dev.ishare.eu/version-2.0.1/reference/delegation-mask/policy-sets).
  * `delegation_path`\
    **Array of Strings**. Root level. *Optional*.\
    Container for one or more iSHARE identifiers values for a situation where multiple delegation policies need to be linked together.
  * `previous_steps`\
    **Array of Strings**. Root level. *Optional*.\
    Container for one or more pieces of evidence such that the client has legitimate reason to request delegation evidence. A single step contains either a previous delegationEvidence statement or a client\_assertion. The minimum is a client\_assertion value of the accessSubject, for example if the Service Provider requests `delegationEvidence` for an authorization in which he is neither the policyIssuer or the accessSubject.

**Example:**

```json
{
  "delegationRequest": {
    "policyIssuer": "EU.EORI.NL123456789",
    "target": {
      "accessSubject": "EU.EORI.NL987654321"
    },
    "policySets": [ "object" ]
  },
  "delegation_path": [ "string" ],
  "previous_steps": [ "string" ]
}
```

{% hint style="info" %}
***Note***

*This page must be considered part of the iSHARE Trust Framework*
{% endhint %}