Not necessarily, Iām in that dangerous territory of considering possibilities without specific use cases.
To clarify, Iām not interested in solving read access ā as you say, membranes are the right place to control that sort of thing. When I referred to the inability to control read access, I just meant that it wouldnāt be sufficient to control write access to something simply by hoping that nobody would discover its hash, because everyone can eventually read everything.
It sounds like youāre saying that itād be much simpler to control write access by controlling who can join the DHT, than implementing some sort of privileges system within the DHT. Fair enough, and I think thatās probably true for most applications.
Actually, I am thinking about a use case where you would want to have different privileges in a DHTā¦ there are probably many others, but this one is salient because it relates to HoloREA.
Suppose I participate in a co-op. Within our little co-op DHT, all of us have permission to do whatever we like. But in interfacing with the outside world, only some of us have the authority to represent the co-op. And those people may leave the org and new ones may replace them.
So now letās consider a global marketplace DHT. Those who are purchasing from / selling to me have to know that I have the right to represent the co-op. So in that global marketplace, the co-op has a record that makes its entity-ness known to the world, signed by its founders. This record indicates that anyone presuming to represent the co-op must carry a claim with them that has the signature of at least one of the founders, either directly or as part of a chain of claims.
I read a bit about JWT, and it sounds like theyāre very similar to W3C Verifiable Claims/Credentials ā in fact, you can format a VC as a JWT. So it sounds like weāre on the same page there (and thatās probably because I got the idea from you, many months ago). It strikes me that itās not that different from an SSL cert too ā itās just a cryptographically signed way of communicating that some authority recognises some other entity and claims that they should have the right to do such-and-such a thing.
I did notice that JWT payloads are encrypted, though, which wouldnāt work for this use case because the details of the claim needs to be readable in order to be validated.