Problem
The members of a DHT have a desire or need to protect their shared space by authorising certain agents to perform certain actions using Privilege Certificate. But they need a way to define exactly where this authority comes from in the first place. An appropriate solution would allow for shifting membership.
Solution
A ‘progenitor’ creates a new DNA, establishes herself as the ‘root’ authority for that DNA, and issues a Privilege Certificate for each power she wants to delegate, possibly including all the actions that the progenitor herself is capable of. The DNA itself designates her as the authority.
Implementation
Create a DNA that understands a concept of a Privilege Certificate. This DNA recognises a particular public key (specified in the properties
section of the DNA package) as belonging to ‘root’ authority. The first agent to instantiate this DNA and bootstrap the DHT controls the matching private key, and is called the progenitor.
The root authority may be the actual key pair that the progenitor uses for her identity in the DHT, or it may be an ‘ephemeral’ key pair whose private component gets thrown away after creating a root certificate for her. But either way, its public component must be in the DNA, and it must sign the root node of any privilege certificate chain.
The validation function for any action that requires a privilege checks that the certificate chain is valid. If certificate chain validation fails, the action will be considered invalid by association.