feat: ✨ Add Delegation

app/changelog/page.mdx

@@ -12,6 +12,7 @@ This page lists changes since Working Draft 03. {{ className: 'lead' }}
 
 - Rewrote the signature system from scratch to be simpler and not depend on dates.
 - Moved Likes and Dislikes to an extension.
+- Added [Delegation](/federation/delegation).
 - Renamed fields on several common entities like [Users](/entities/user) and [Notes](/entities/note).
 - Removed the `Patch` entity.
   - Useless since edits can just be sent to inboxes directly.

app/entities/delete/page.mdx

@@ -12,7 +12,7 @@ Signals the deletion of an entity. {{ className: 'lead' }}
 Implementations **must** ensure that the author of the `Delete` entity has the authorization to delete the target entity.
 
 Having the authorization is defined as:
-- The author is the creator of the target entity (including [delegation](/delegation)).
+- The author is the creator of the target entity (including [delegation](/federation/delegation)).
 - The author is the instance.
 
 ## Entity Definition

app/entities/instance-metadata/page.mdx

@@ -72,7 +72,7 @@ On all entities that have an `author` field, the `author` can be `null` to repre
                 ```
                 
                 - `algorithm`: Algorithm used for the public key. Can only be `ed25519` for now.
-                - `key`: Public key of the instance. Must follow the [Versia Public Key](/signatures) format.
+                - `key`: Instance public key, in SPKI-encoded base64 (from raw bytes, not a PEM format).
             </Property>
             <Property name="moderators" type="URI" required={false}>
                 URI to [Collection](/structures/collection) of instance moderators.

app/entities/user/page.mdx

@@ -71,9 +71,11 @@ Instance **must** be the host of the instance the user is on (hostname with opti
             A header image for the user's profile. Also known as a cover photo or a banner. Must be an image format (`image/*`).
         </Property>
         <Property name="public_key" type="PublicKey" required={true}>
-            The user's public key. Must follow the [Versia Public Key](/signatures) format. `actor` may be a URI to another user's profile, in which case this key may allow the user to act on behalf of the other user (see [delegation](/delegation)).
+            The user's public key. Must follow the [Versia Public Key](/signatures) format. `actor` may be a URI to another user's profile, in which case this key may allow the other user act on behalf of this user (see [delegation](/federation/delegation)).
 
-            `algorithm` must be `ed25519` for now.
+            - `algorithm`: Must be `ed25519` for now.
+            - `key`: The public key in SPKI-encoded base64 (from raw bytes, not a PEM format). Must be the key associated with the `actor` URI.
+            - `actor`: URI to a user's profile, most often the user's own profile.
 
             ```typescript
             type URI = string;

app/federation/delegation/page.mdx

@@ -0,0 +1,25 @@
+export const metadata = {
+    title: 'Delegation',
+    description: 'Delegation is used to authorize actions on behalf of another user',
+}
+
+# Delegation
+
+Delegation is used to authorize actions on behalf of another user. {{ className: 'lead' }}
+
+## Vocabulary
+
+- **Delegator**: The user that is delegating actions to another user. (The user that owns the key)
+- **Delegate**: The user that is being delegated actions. (The user that the key is pointing to)
+
+## The `actor` Field on Public Keys
+
+[Users](/entities/user)'s `public_key` property contains a field called `actor`. This field contains the URI to the **delegator** user, which is used to authorize actions on behalf of the **delegate** user.
+
+This means that the **delegator** user can sign requests with their private key, and any implementations should consider the **delegate** user as equivalent to the **delegator** user.
+
+## Implementation Details
+
+Any actions or entities created by the **delegate** should be attributed to the **delegator** user in clients transparently to end-users (e.g. showing the **delegator** user's name and avatar). This allows for a form of "consensual impersonation" that is authorized by the **delegators** and **delegates**.
+
+This is useful as a way to centralize all of a user's many "alt accounts" into a single, unified feed.

app/federation/page.mdx

@@ -16,4 +16,5 @@ Federation is built on the [HyperText Transfer Protocol (HTTP)](https://tools.ie
     <Guide name="HTTP Guidelines" href="/federation/http" description="Guidelines for HTTP communication in Versia." />
     <Guide name="Validation" href="/federation/validation" description="Validation rules for Versia implementations." />
     <Guide name="Discovery" href="/federation/discovery" description="How Versia instances can discover users, capabilities, and endpoints." />
+    <Guide name="Delegation" href="/federation/delegation" description="Authorizing actions on behalf of another user." />
 </Guides>

components/Navigation.tsx

@@ -260,6 +260,7 @@ export const navigation: NavGroup[] = [
             { title: "HTTP", href: "/federation/http" },
             { title: "Validation", href: "/federation/validation" },
             { title: "Discovery", href: "/federation/discovery" },
+            { title: "Delegation", href: "/federation/delegation" },
         ],
     },
     {