This document is a draft proposal intended to be a starting point for the specification of a robust, forward-compatible access control system to serve as a reference implementation of the DIF Hub protocol. We intend to work with other participants to assess the direction, security, and permissioning scheme of the identity capabilities specification drafts to generate a code-ready draft that can be implemented as an easily portable and reusable access control module for projects employing DID-based authentication and/or the DIF Hub protocol.
Per the hub specification, there is a need for a flexible, expressive, and simple permissioning system to represent authority over files stored by a hub. The goal of this proposal is to present an access control system which: