Sometimes a certain agent or group of agents needs to have exclusive privileges in a DHT, such as the power to change a global variable or create entries. This is useful for things like:
- A blog that allows one agent to post and multiple agents to comment
- A DHT that supports a traditional corporate hierarchy
A Privilege Certificate system isn’t appropriate for all use cases; it’s too complex for situations where the list of authorities isn’t expected to change.
Whitelist a public key or set of public keys that are authorised to write certain entry types.
properties section of the DNA bundle, create an element that contains a public key or set of public keys of agents who are authorised to commit a certain entry type. The validation function for this entry type checks the entry’s author list against this whitelist. If an author is not whitelisted, validation fails.
- This pattern is not as versatile as Privilege Certificate, especially for cases where authorised members may come and go.
- If a privileged user’s device is stolen, it’s impossible to revoke their public key’s authority unless the DNA also understands DPKI revocation.
- In a peer-to-peer, agent-centric paradigm, this might be an anti-pattern. Consider re-designing your authorisation structure to support collective governance.