Not necessarily, I’m in that dangerous territory of considering possibilities without specific use cases.
To clarify, I’m not interested in solving read access — as you say, membranes are the right place to control that sort of thing. When I referred to the inability to control read access, I just meant that it wouldn’t be sufficient to control write access to something simply by hoping that nobody would discover its hash, because everyone can eventually read everything.
It sounds like you’re saying that it’d be much simpler to control write access by controlling who can join the DHT, than implementing some sort of privileges system within the DHT. Fair enough, and I think that’s probably true for most applications.
Actually, I am thinking about a use case where you would want to have different privileges in a DHT… there are probably many others, but this one is salient because it relates to HoloREA.
Suppose I participate in a co-op. Within our little co-op DHT, all of us have permission to do whatever we like. But in interfacing with the outside world, only some of us have the authority to represent the co-op. And those people may leave the org and new ones may replace them.
So now let’s consider a global marketplace DHT. Those who are purchasing from / selling to me have to know that I have the right to represent the co-op. So in that global marketplace, the co-op has a record that makes its entity-ness known to the world, signed by its founders. This record indicates that anyone presuming to represent the co-op must carry a claim with them that has the signature of at least one of the founders, either directly or as part of a chain of claims.
I read a bit about JWT, and it sounds like they’re very similar to W3C Verifiable Claims/Credentials — in fact, you can format a VC as a JWT. So it sounds like we’re on the same page there (and that’s probably because I got the idea from you, many months ago). It strikes me that it’s not that different from an SSL cert too — it’s just a cryptographically signed way of communicating that some authority recognises some other entity and claims that they should have the right to do such-and-such a thing.
I did notice that JWT payloads are encrypted, though, which wouldn’t work for this use case because the details of the claim needs to be readable in order to be validated.