Access Requests and Grants

Inrupt’s Enterprise Solid Server (ESS) supports an authorization mechanism based on Access Requests and Grants. With access requests and grants:

1. An agent sends an access request to the resource owner. In ESS, the access request is serialized as a VC. This request includes the specific access mode (e.g. Read, Write, Append), the resource(s) to access, etc.

2. The resource owner decides to deny or grant the access request:

   • For an approved request, ESS creates an access grant with an approved status.

   • For a denied request, ESS creates an access grant with a denied status.

   In ESS, the access grant is serialized as a VC, and the resource owner can revoke the access grant in the future.

3. If the requesting agent has an approved access grant, the requesting agent can exchange the access grant for an access token in order to access the resource.

inrupt-client-accessgrant

To handle access requests and grants, Inrupt’s Java Client Library provides the inrupt-client-accessgrant module:

• The inrupt-client-accessgrant module provides an AccessGrantClient to interact with the ESS Access Grant Service

• The inrupt-client-accessgrant module provides an AccessGrantSession that uses access grant(s) to interact with resources.

Next Steps

Create Access Requests/Grants	Create access requests and access grants.
Use Access Grants	Use Access Grants to access Pod resources.