A group of people wants a strong ‘membrane’ around themselves — the power to invite people in and usher people out. This is important for the group integrity: the people who show up can influence governance, privacy, and quality of day-to-day interactions.
Create a ‘join’ privilege certificate type that grants an agent permission to join a DHT. An agent must include a valid certificate of this type in their agent ID entry. In order to be valid, it needs to be recognised by a legitimate authority that derives from the DNA’s root authority (see Progenitor for details). If the agent ID entry fails validation, the existing DHT peers will ban the agent from the network before they have the chance to access any privileged information.
The DHT isn’t entirely protected from the new agent’s eyes — they do need to know the IP addresses of a few existing nodes in order to connect to the network and publish their agent ID for validation. Depending on your group’s needs, this might create a privacy leak.
This pattern doesn’t specify any particular way for privileged members to deliver a certificate to invitees. The Lobby pattern can help with that.