Agents who want to enter a privileged DHT with access controlled by Membership by Invitation need some way of getting the right credentials from an authority in that privileged DHT. But if they can’t join the DHT, they can’t talk to the authorities, and if they can’t talk to the authorities, they can’t join the DHT.


Create a ‘lobby’ DHT associated with the privileged DHT. Anyone can become a member of the lobby, and all authorities that have power to grant access to the privileged DHT are already members of the lobby.

Using some sort of messaging mechanism in the lobby DHT, Alice (an unprivileged agent) asks Bob (an authority in the privileged DHT) for permission to join the privileged DHT. Using his bridge to the privileged DHT, Bob creates a signed proof (for example, a Privilege Certificate) that grants Alice permission to join. This can happen in two ways:

  • Bob supplies the proof to Alice, who it in her agent ID entry, according to the Membership by Invitation pattern.
  • Bob commits the proof to the privileged DHT, then notifies Alice that she can try to join. When Alice’s existing neighbours validate her agent ID entry, they can access the proof and confirm her membership.