@trwnh @julian @silverpill @thisismissem fundamentally trust lies in the server here; if you're not using LD signatures (and maybe even then?) I'm pretty sure you'd actually be fine to use one public key for every user

But what matters is the authorisation identity, not so much the key itself; in the fully general case it is impossible for a server to know everyone who should have access to a third party object (b/c BTo/BCC + implementation defined features), so when a user explicitly requests a resource then the server should use their identity