The token based delegation methods described above lend themselves to multi-layer delegation. In this case the delegation is with right to sub-delegate and the delegatee is able to request that further delegation tokens are created, or that an invitation is created.
For access authorization generally only the last step of a delegation chain is important, but for audit purposes the full chain is needed.
The flows and tokens associated with multi-layer delegation are a topic of research in the TAS3 project and will be further elaborated in a future version of this deliverable (D2.1 M30).