diff --git a/newsfragments/3513.feature.rst b/newsfragments/3513.feature.rst
new file mode 100644
index 000000000..d54a6b699
--- /dev/null
+++ b/newsfragments/3513.feature.rst
@@ -0,0 +1,2 @@
+Add ability for special context variable to handle Sign-In With Ethereum (EIP-4361)
+pre-existing sign-on signature to be reused as proof for validating a user address in conditions.
diff --git a/nucypher/policy/conditions/context.py b/nucypher/policy/conditions/context.py
index 0da9be989..4ed6aa44e 100644
--- a/nucypher/policy/conditions/context.py
+++ b/nucypher/policy/conditions/context.py
@@ -15,14 +15,16 @@ from nucypher.policy.conditions.exceptions import (
 USER_ADDRESS_CONTEXT = ":userAddress"
 USER_ADDRESS_EIP712_CONTEXT = ":userAddressEIP712"
 USER_ADDRESS_EIP4361_CONTEXT = ":userAddressEIP4361"
+USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT = ":userAddressExternalEIP4361"
 
 CONTEXT_PREFIX = ":"
 CONTEXT_REGEX = re.compile(":[a-zA-Z_][a-zA-Z0-9_]*")
 
 USER_ADDRESS_SCHEMES = {
-    USER_ADDRESS_CONTEXT: None,  # any of the available auth types
+    USER_ADDRESS_CONTEXT: None,  # TODO either EIP712 or EIP4361 for now, but should use the default that is eventually decided (likely EIP4361) - #tdec/178
     USER_ADDRESS_EIP712_CONTEXT: EvmAuth.AuthScheme.EIP712.value,
     USER_ADDRESS_EIP4361_CONTEXT: EvmAuth.AuthScheme.EIP4361.value,
+    USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT: EvmAuth.AuthScheme.EIP4361.value,
 }
 
 
@@ -90,6 +92,10 @@ _DIRECTIVES = {
         _resolve_user_address,
         user_address_context_variable=USER_ADDRESS_EIP4361_CONTEXT,
     ),
+    USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT: partial(
+        _resolve_user_address,
+        user_address_context_variable=USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT,
+    ),
 }
 
 
diff --git a/tests/unit/conditions/test_context.py b/tests/unit/conditions/test_context.py
index 24fc8dc12..9b5d5540f 100644
--- a/tests/unit/conditions/test_context.py
+++ b/tests/unit/conditions/test_context.py
@@ -8,6 +8,7 @@ from nucypher.policy.conditions.auth.evm import EvmAuth
 from nucypher.policy.conditions.context import (
     USER_ADDRESS_EIP712_CONTEXT,
     USER_ADDRESS_EIP4361_CONTEXT,
+    USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT,
     USER_ADDRESS_SCHEMES,
     _resolve_context_variable,
     _resolve_user_address,
@@ -136,16 +137,18 @@ def test_user_address_context_invalid_typed_data(
             [
                 USER_ADDRESS_EIP712_CONTEXT,
                 USER_ADDRESS_EIP4361_CONTEXT,
+                USER_ADDRESS_EIP4361_EXTERNAL_CONTEXT,
             ],
             [
                 EvmAuth.AuthScheme.EIP4361.value,
                 EvmAuth.AuthScheme.EIP712.value,
+                EvmAuth.AuthScheme.EIP712.value,
             ],
         )
     ),
     indirect=["valid_user_address_auth_message"],
 )
-def test_user_address_context_unexpected_scheme_data(
+def test_user_address_context_variable_with_incompatible_auth_message(
     context_variable_name, valid_user_address_auth_message
 ):
     # scheme in message is unexpected for context variable name