That's an interesting idea... instead of storing the bearer tokens associated with your internally-pointing ocaps (held by external users), salt and hash them. That way if your server is compromised the ocaps that other people hold to you internally can still be valid.
I would be interested in your feedback
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!