Agent scopes - new Agents for the same user with limited access

[joepio]

• User has an Agent + server hosted on sarah.pod.com
• User wants to use an app on calendarapp.com. This app only needs access to calendar data, for example. It should not be able to edit the user's name or open their private photos.

How do we do this?

Well, we already have Agents and Hierarchies, which can be used to give granular access to a specific part of data, like the Calendar.

However, if we create a new Agent (let's call her CalendarSara) and give that Agent write rights on sarah.pod.com/calendar, we'd still probably want users to know that that agent was in fact Sarah. How do we denote this?

• Sarah creates the new Agent, so we could check the lastCommit.
• Sarah's agent might link to the CalendarSara, e.g. with a new subAgents property.