A design note: in my view, we should implement access control in a way which is intentionally agnostic as to whether the authorization in question is performed by an agent (with private information) or another object (without it) – otherwise we’d need two separate systems for these two cases, which seems more time-consuming to design and inelegant to use.
I sketched out a bit on this direction in this thread, but it may not be sufficiently clear to proceed – I’m happy to discuss it further, but I strongly recommend that we do not start implementing a system which deals only in cryptographic signatures and does not support objects themselves as authorizors, as I suspect we would have to ditch that system later anyways.