By using “her public key” the system makes tracking trivial. In a system that better protects privacy, each capability should be tied to a unique key pair created for just that purpose. I would change that text to say
The implementation relies on signature schemes again. Consider Alfie and Betty, each able to create many key pairs. Alfie can mint a new capability for Betty by signing his own capability together with a public key Betty has created for this purpose…
Meadowcap does not mandate that each user only has one public key, and that is not self-evident from the current text.
https://community.spritely.institute/t/meadowcap-capability-system-for-controlling-access-to-willow-data/411/3
Meadowcap does not mandate that each user only has one public key, and that is not self-evident from the current text.