# Delegation mask This section describes the iSHARE delegation request data model used in a valid request for delegation evidence response. The [Delegation Evidence section](/version-2.0.1/reference/delegation-evidence.md) describes the response data model to delegation request. To see full delegation request example please visit [Delegation Endpoint response example section](/version-2.0.1/authorisation-registry-role/delegation-endpoint.md). {% hint style="info" %} **Note** Visit [delegation endpoint section](/version-2.0.1/authorisation-registry-role/delegation-endpoint.md) to read API documentation that specifies how the `/delegation` endpoint should look like since delegation mask is not enough for full flow to work. {% endhint %} * `delegationRequest`\ **Object**. Root level.\ The request for any delegation evidence. * `policyIssuer`\ **String**. Contained in `delegationRequest`.\ iSHARE identifier of the delegator (the delegating entity). * `target`\ **Object**. Contained in `delegationRequest`.\ MUST for the root level contain an `accessSubject`. No other elements are allowed. It makes the entire delegation evidence applicable only to this accessSubject. * `accessSubject`\ **String**. Contained in `target`.\ iSHARE identifier of the delegate, also known as the entity that receives the delegated rights. * `policySets`\ **Array of Objects**. Contained in `delegationRequest`.|\ Container for one or more objects containing policy elements with an indication for further delegation. Note that policySet elements within one delegationRequest MUST not restrict each other, but rather offer a mechanism to express additional rights. They will be evaluated by the Authorization Registry in a *permit-override* manner, allowing a *Permit* if only one of the policySet elements evaluates to *Permit*. [Data model description and examples can be found at Policy Sets section](/version-2.0.1/reference/delegation-mask/policy-sets.md). * `delegation_path`\ **Array of Strings**. Root level. *Optional*.\ Container for one or more iSHARE identifiers values for a situation where multiple delegation policies need to be linked together. * `previous_steps`\ **Array of Strings**. Root level. *Optional*.\ Container for one or more pieces of evidence such that the client has legitimate reason to request delegation evidence. A single step contains either a previous delegationEvidence statement or a client\_assertion. The minimum is a client\_assertion value of the accessSubject, for example if the Service Provider requests `delegationEvidence` for an authorization in which he is neither the policyIssuer or the accessSubject. **Example:** ```json { "delegationRequest": { "policyIssuer": "EU.EORI.NL123456789", "target": { "accessSubject": "EU.EORI.NL987654321" }, "policySets": [ "object" ] }, "delegation_path": [ "string" ], "previous_steps": [ "string" ] } ``` {% hint style="info" %} ***Note*** *This page must be considered part of the iSHARE Trust Framework* {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://dev.ishare.eu/version-2.0.1/reference/delegation-mask.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.