This is a beta (i.e. in progress) version of the manual. Content/features are subject to change.

Authorization and Access Management

An authorization system determines whether someone has access to perform a given action on a particular resource. Authorization systems require that users/agents authenticate themselves to establish their identity.

ESS implements the WebACL specification.

Access Control List (ACL)

An Access Control List (ACL) is a list of entries that define an agent’s access to a resource.

  • An agent is identified by the agent’s WebID.

  • Access includes:


    An agent is able to view data.


    An agent is able to create, modify, or delete data.


    An agent is able to add new information but not delete existing data.


    An agent is able to modify ACL resources, changing who has access to which resources.

  • Resource can be a container of resources or specific resource.