I my use case orbitdb is running in a local network. Now it could happen that a node is taken oven by some internal malicious attacker and is producing invalid data. Since all peer databases are synced with each other, i.e. basically replicating each other, this node is threatening the whole cluster. Is it possible to revoke such a peer e.g. bases on the peer identity?

If you are talking about granting/revoking write access by a particular peer then, yes, you can use OrbitDBAccessController to add/remove write access to peers. https://github.com/orbitdb/orbitdb/blob/main/docs/ACCESS_CONTROLLERS.md

I think this does not solve the issue. I have e.g. 20 peers. Each peer has its own database and is also only writing to its own database. All peers are connecting with all peers. A malicious peer 21 is now joining and all peers are syncing with this new peer and are copying all data from peer 21 into their databases. The malicious peer can insert incorrect data or overwrite data. I.e. it is more a question how to remove the peer to prevent that a peer is syncing with a different peer. Manually I could use signatures, e.g. I use libp2p to gossip the db addresses and only a signed db address with a trusted certificate will be used to create a new connection. And by using revocation certificates this node could be blacklisted later. But maybe there is a smarter way.

It could be that my approach is wrong and only one database instead of 20 should be created and all peers should have write access. But this would look like that one peer is special and not all are the same anymore. If a peer has write access can this peer also define the write access in this database, e..g. in the case that the owner peer dies and the keys are lost?

I will change my architecture to overcome this problem and just use one database for all nodes. This simplifies this problem.