I don't think the text here is enough to give a picture of what the
delegation chain is supposed to do. Later discussion suggests that it
is a way to change or augment the set of entities authorized to sign
(top-level) manifests, but this text seems to just talk about
"authorization functionality" and not what is being authorized. (It
also doesn't talk about what trust anchor the crypto chains to and
whether it needs to be the same thing that the manifest signatures chain
to, but that is perhaps excusable in an information model.)
Ben Kaduk wrote: