From f1feddac4c08e9408e4544db0f67aa63f300546c Mon Sep 17 00:00:00 2001
From: Jon Staab <shtaab@gmail.com>
Date: Wed, 19 Feb 2025 11:00:10 -0800
Subject: [PATCH] Add some guidelines about delegation

---
 46.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/46.md b/46.md
index 4de51ce5..7d73794a 100644
--- a/46.md
+++ b/46.md
@@ -115,6 +115,8 @@ Each of the following are methods that the _client_ sends to the _remote-signer_
 
 The `delegate` method MUST provide a comma-separated list of allowed permissions and return a bunker url representing a fresh session. The bunker MUST NOT allow this session to request additional permissions, returning an error message for any requests that are not allowed by the initial `perms` string.
 
+Signers MUST revoke delegated sessions when the parent session is invalidated. Signers MUST NOT allow delegated sessions to create nested delegated sessions.
+
 ## Response Events `kind:24133`
 
 ```json