In some of the Holochain prototypes I've built, certain state changes are more critical than others.
For some, you might allow "what you know" security (ie. the agent knows your private key).
For other, you might demand "what you know + what you have" security (ie. the agent knows your private key and has provable access to your device). I used various proof of knowledge constructs, such as the ability to read "Private" Holochain entry data (that only exist on-device, and not in the DHT), and demonstrate this by providing the hash or PKI signature of the private data (which is published to the DHT, in an entry provably before the private data being proven was written). There are other ways.
For yet others, you might want that, plus "who you know" security, in which case we do all of the above, and ask some previously defined Agents to also sign the transaction before it is allowed to be written to the Agent's source-chain.
So, the requirement for logical, physical or relational levels of security are available to Holochain / Holo hApps. This is higher security than is available for physical devices like cars, and is even better than provided by devices like Apple iPhone and Watch -- because you retain control over releasing the lock (if you forget your password and lose access to your email address, your Apple device is locked, forever).
For some, you might allow "what you know" security (ie. the agent knows your private key).
For other, you might demand "what you know + what you have" security (ie. the agent knows your private key and has provable access to your device). I used various proof of knowledge constructs, such as the ability to read "Private" Holochain entry data (that only exist on-device, and not in the DHT), and demonstrate this by providing the hash or PKI signature of the private data (which is published to the DHT, in an entry provably before the private data being proven was written). There are other ways.
For yet others, you might want that, plus "who you know" security, in which case we do all of the above, and ask some previously defined Agents to also sign the transaction before it is allowed to be written to the Agent's source-chain.
So, the requirement for logical, physical or relational levels of security are available to Holochain / Holo hApps. This is higher security than is available for physical devices like cars, and is even better than provided by devices like Apple iPhone and Watch -- because you retain control over releasing the lock (if you forget your password and lose access to your email address, your Apple device is locked, forever).