This article argues that traditional identity-based access control fails to secure delegation for AI agents. It advocates for capability systems that explicitly handle authority, allowing permissions to be derived and limited as tasks change. By focusing on the explicit transfer of authority, it aims to prevent common security issues like the "confused deputy" problem.