Holochain Forum

Benevolent Dictator

Problem

Sometimes a certain agent or group of agents needs to have exclusive privileges in a DHT, such as the power to change a global variable or create entries. This is useful for things like:

  • A blog that allows one agent to post and multiple agents to comment
  • A DHT that supports a traditional corporate hierarchy

A Privilege Certificate system isn’t appropriate for all use cases; it’s too complex for situations where the list of authorities isn’t expected to change.

Solution

Whitelist a public key or set of public keys that are authorised to write certain entry types.

Implementation

In the properties section of the DNA bundle, create an element that contains a public key or set of public keys of agents who are authorised to commit a certain entry type. The validation function for this entry type checks the entry’s author list against this whitelist. If an author is not whitelisted, validation fails.

Warnings

  • This pattern is not as versatile as Privilege Certificate, especially for cases where authorised members may come and go.
  • If a privileged user’s device is stolen, it’s impossible to revoke their public key’s authority unless the DNA also understands DPKI revocation.
  • In a peer-to-peer, agent-centric paradigm, this might be an anti-pattern. Consider re-designing your authorisation structure to support collective governance.
2 Likes