Linked-Data Permissions Notifications (LDPN) defines a minimal, append-only notification log for permission changes in Linked Data ecosystems. Each agent hosts an inbox container that contains two Turtle documents—sharedWithMe.ttl and sharedWithOthers.ttl—that record access grants and changes using the Linked Data Platform, ActivityStreams 2.0, and Web Access Control vocabularies. LDPN makes privacy and permission changes auditable, allowing end-users to track who has access to which resources and when those permissions changed.

This is an unofficial proposal.

This is a draft document and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to cite this document as other than a work in progress.

Introduction

Permission changes in Linked Data systems are often invisible to the people they affect. When access is granted or updated, the recipient typically has no standardized, machine-readable record of that change. LDPN addresses this gap by defining a predictable location and representation for permission change notifications, making privacy changes trackable and manageable by end-users.

This specification is intended for the following audiences:

The goals of this specification are to:

Readers are expected to be familiar with RDF 1.1, Turtle, and the Linked Data Platform.

Terminology

The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL in this document are to be interpreted as described in RFC 2119.

agent
A person, social entity, or software identified by a URI. WebIDs are a common form of agent identifier WebID.
resource
The target of an HTTP request identified by a URI.
container resource
A hierarchical collection of resources that contains other resources, including containers.
inbox container
An ldp:Container within an agent's personal data store that hosts LDPN notification logs as defined by LDP.
permissions notification
An immutable log entry that records a permission change affecting a particular agent and resource.
sharedWithMe log
The sharedWithMe.ttl document that records permissions granted to the inbox owner by other agents.
sharedWithOthers log
The sharedWithOthers.ttl document that records permissions changes the inbox owner grants to other agents.

Terminology from RFC 3986, RFC 9112, RDF 1.1, and LDP is used as defined in those specifications.

Conformance

This specification uses RDF 1.1 Turtle documents to represent permissions notifications.

The following prefixes are used throughout the document:

        PREFIX as: <https://www.w3.org/ns/activitystreams#>
        PREFIX acl: <http://www.w3.org/ns/auth/acl#>
        PREFIX dct: <http://purl.org/dc/terms/>
        PREFIX foaf: <http://xmlns.com/foaf/0.1/>
        PREFIX ldp: <http://www.w3.org/ns/ldp#>
        PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>
        PREFIX xsd: <http://www.w3.org/2001/XMLSchema#>

Notification Model

LDPN defines a pair of append-only logs stored in an agent-controlled inbox. Each permissions change is recorded as an ActivityStreams as:Offer entry that uses the Web Access Control vocabulary to describe the target resource and access modes.

Inbox container

Each agent MUST host an inbox container that is an ldp:Container as defined by the Linked Data Platform. The inbox MUST contain the two log files defined in this specification:

Servers SHOULD include ldp:contains statements in RDF representations of the inbox container.

The inbox location MUST be discoverable from the agent's profile document using the ldp:inbox predicate. If no ldp:inbox link is present, clients MUST assume the inbox is located at {webid-document}/inbox/, where {webid-document} is the agent WebID URI without a fragment identifier.

sharedWithMe.ttl

The sharedWithMe.ttl log records permissions granted to the inbox owner by other agents. The file MUST be an RDF document in Turtle syntax and MUST be served with media type text/turtle.

By default, sharedWithMe.ttl SHOULD allow public acl:Append access so that other agents (or servers acting on their behalf) can submit notifications. This behavior is STRONGLY RECOMMENDED to maximize interoperability. When an implementation allows public append, it MUST accept SPARQL Update PATCH requests with Content-Type: application/sparql-update. If public append is not desired, the inbox initialization process SHOULD explicitly grant acl:Append to the specific agents that are expected to send notifications. Implementations SHOULD reject updates that delete or replace existing notification entries, except for explicit log metadata nodes such as #lastAccess.

Each notification entry in sharedWithMe.ttl:

The log SHOULD be append-only: if permissions change again, a new entry is appended rather than modifying existing entries. A log metadata node such as #lastAccess MAY be used to record the most recent update time for the file.

sharedWithOthers.ttl

The sharedWithOthers.ttl log records permissions changes that the inbox owner grants to other agents. The file MUST be an RDF document in Turtle syntax, MUST be served with media type text/turtle, and is maintained by the inbox owner or their server.

Each resource for which permissions have been changed SHOULD appear as a subject node typed as ldp:Container (for containers) or ldp:Resource (for non-containers). Each such subject node MUST include one or more as:Offer links to notification entries.

Each notification entry in sharedWithOthers.ttl:

For entries referenced from a resource subject, the acl:accessTo value SHOULD resolve to the same resource IRI as that subject.

The log SHOULD be append-only to preserve historical context. Implementations SHOULD reject updates that delete or replace existing notification entries.

Notification lifecycle

When permissions are changed for a resource, the system applying the change MUST create notification entries in both logs:

If permissions are updated multiple times, each change MUST result in a new entry. This specification defines grant and update notifications using as:Offer.

Revocation notifications

A permission revocation MUST be represented using ActivityStreams as:Undo. The revocation entry MUST be appended to the same log(s) as a grant/update notification and MUST include the following:

In sharedWithOthers.ttl, revocation entries MUST also include as:target identifying the affected agent. Implementations SHOULD keep revocations append-only to preserve audit trails.

Operations

sharedWithMe.ttl Operations

Denoting granting of permissions to another agent's sharedWithMe.ttl

Notifications for sharedWithMe.ttl are appended via a SPARQL Update PATCH request. The following example adds a new permission notification entry to another agent's sharedWithMe.ttl: 

            PATCH https://a-WebId-url.com/datastore/inbox/sharedWithMe.ttl HTTP/1.1
            Content-Type: application/sparql-update

            INSERT DATA {
              <#Fzxhxu0U9g> a <https://www.w3.org/ns/activitystreams#Offer>;
                  <http://purl.org/dc/terms/creator> <http://localhost:3000/test/profile/card#me>;
                  <http://purl.org/dc/terms/created> "2025-09-08T17:07:25.654Z"^^<http://www.w3.org/2001/XMLSchema#dateTime>;
                  <http://www.w3.org/ns/auth/acl#accessTo> <http://localhost:3000/test/container/>;
                  <http://www.w3.org/ns/auth/acl#mode> 
                    <http://www.w3.org/ns/auth/acl#Read>,
                    <http://www.w3.org/ns/auth/acl#Append>,
                    <http://www.w3.org/ns/auth/acl#Write>;.
            }

Denoting revocation of previously granted permissions to another agent's sharedWithMe.ttl

To revoke permissions, a new entry with type as:Undo is appended that references the prior grant entry. The following example revokes the prior permission notification by referencing it with as:object. In this example, the agent revokes the previously granted acl:Write permissions for the resource: 

            PATCH https://a-WebId-url.com/datastore/inbox/sharedWithMe.ttl HTTP/1.1
            Content-Type: application/sparql-update

            INSERT DATA {
              <#UndoFzxhxu0U9g> a <https://www.w3.org/ns/activitystreams#Undo>;
                  <https://www.w3.org/ns/activitystreams#object> <#Fzxhxu0U9g>;
                  <http://purl.org/dc/terms/creator> <http://localhost:3000/test/profile/card#me>;
                  <http://purl.org/dc/terms/created> "2026-02-11T10:15:00Z"^^<http://www.w3.org/2001/XMLSchema#dateTime>;
                  <http://www.w3.org/ns/auth/acl#accessTo> <http://localhost:3000/test/container/>;
                  <http://www.w3.org/ns/auth/acl#mode> 
                    <http://www.w3.org/ns/auth/acl#Write>.
            }

sharedWithOthers.ttl Operations

Denoting granting of permissions to another agent on your sharedWithOthers.ttl

When the inbox owner grants or updates permissions of a resource for another agent, their server appends a new as:Offer entry associated with the affected resource. The following example adds an entry to the sharing agent's sharedWithOthers.ttl: 

            PATCH http://localhost:3000/test/inbox/sharedWithOthers.ttl HTTP/1.1
            Content-Type: application/sparql-update

            INSERT DATA {
              <#http://localhost:3000/test/container/> a <http://www.w3.org/ns/ldp#Container>;
                  <https://www.w3.org/ns/activitystreams#Offer> <#Fzxhxu0U9g>.
              <#Fzxhxu0U9g>
                  <https://www.w3.org/ns/activitystreams#target> <https://a-WebId-url.com/datastore/profile/card#me>;
                  <http://www.w3.org/ns/auth/acl#accessTo> <http://localhost:3000/test/container/>;
                  <http://www.w3.org/ns/auth/acl#mode>
                      <http://www.w3.org/ns/auth/acl#Read>,
                      <http://www.w3.org/ns/auth/acl#Append>,
                      <http://www.w3.org/ns/auth/acl#Write>;
                  <http://purl.org/dc/terms/created> "2025-09-08T16:18:38.002Z"^^<http://www.w3.org/2001/XMLSchema#dateTime>.
            }

Denoting revocation of previously granted permissions on your sharedWithOthers.ttl

The following example appends a revocation entry that undoes a prior offer by referencing it with as:object within the sharing agent's sharedWithOthers.ttl. The revoked permissions are mentioned in the undo entry. In this example, the agent revokes only acl:Write permissions for the resource. 

            PATCH http://localhost:3000/test/inbox/sharedWithOthers.ttl HTTP/1.1
            Content-Type: application/sparql-update

            INSERT DATA {
              <#UndoFzxhxu0U9g> a <https://www.w3.org/ns/activitystreams#Undo>;
                  <https://www.w3.org/ns/activitystreams#object> <#Fzxhxu0U9g>;
                  <https://www.w3.org/ns/activitystreams#target> <https://a-WebId-url.com/datastore/profile/card#me>;
                  <http://purl.org/dc/terms/created> "2025-09-11T10:15:00Z"^^<http://www.w3.org/2001/XMLSchema#dateTime>;
                  <http://www.w3.org/ns/auth/acl#accessTo> <http://localhost:3000/test/container/>;
                  <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Write>.
            }

Examples

Example sharedWithMe.ttl

          <#lastAccess> <http://purl.org/dc/terms/modified> "2025-09-08T17:04:41.534Z"^^<http://www.w3.org/2001/XMLSchema#dateTime>.
          <#NStqftOhhw> a <https://www.w3.org/ns/activitystreams#Offer>;
              <http://purl.org/dc/terms/creator> <https://triple.ilabt.imec.be/test/profile/card#me>;
              <http://purl.org/dc/terms/created> "2025-09-08T17:07:25.654Z"^^<http://www.w3.org/2001/XMLSchema#dateTime>;
              <http://www.w3.org/ns/auth/acl#accessTo> <https://triple.ilabt.imec.be/test/querycache/>;
              <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>.

Example revocation entry

          <#UndoNStqftOhhw> a <https://www.w3.org/ns/activitystreams#Undo>;
              <https://www.w3.org/ns/activitystreams#object> <#NStqftOhhw>;
              <http://purl.org/dc/terms/creator> <https://triple.ilabt.imec.be/test/profile/card#me>;
              <http://purl.org/dc/terms/created> "2026-02-11T10:15:00Z"^^<http://www.w3.org/2001/XMLSchema#dateTime>;
              <http://www.w3.org/ns/auth/acl#accessTo> <https://triple.ilabt.imec.be/test/querycache/>;
              <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>.

Example sharedWithOthers.ttl

          <#http://localhost:3000/test/inbox/> a <http://www.w3.org/ns/ldp#Container>;
              <https://www.w3.org/ns/activitystreams#Offer> <#MGopUTnDU7>.
          <#MGopUTnDU7> <https://www.w3.org/ns/activitystreams#target> <http://xmlns.com/foaf/0.1/Agent>;
              <http://www.w3.org/ns/auth/acl#accessTo> <./>;
              <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>;
              <http://purl.org/dc/terms/created> "2025-04-28T14:02:04.500Z"^^<http://www.w3.org/2001/XMLSchema#dateTime>.

          <#http://localhost:3000/test/querycache/queries.ttl> a <http://www.w3.org/ns/ldp#Resource>;
              <https://www.w3.org/ns/activitystreams#Offer> <#5a8BdN6g4o>.
          <#5a8BdN6g4o> <https://www.w3.org/ns/activitystreams#target> <http://xmlns.com/foaf/0.1/Agent>;
              <http://www.w3.org/ns/auth/acl#accessTo> <../querycache/queries.ttl>;
              <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>, <http://www.w3.org/ns/auth/acl#Append>, <http://www.w3.org/ns/auth/acl#Write>;
              <http://purl.org/dc/terms/created> "2025-09-25T13:31:23.839Z"^^<http://www.w3.org/2001/XMLSchema#dateTime>, "2025-09-25T13:43:02.617Z"^^<http://www.w3.org/2001/XMLSchema#dateTime>.
          
          <#http://localhost:3000/test/random/example.ttl> a <http://www.w3.org/ns/ldp#Resource>;
              <https://www.w3.org/ns/activitystreams#Offer> <#zazNPOfdyQ>.
          <#zazNPOfdyQ> <https://www.w3.org/ns/activitystreams#target> <https://triple.ilabt.imec.be/test/profile/card#me>;
              <http://www.w3.org/ns/auth/acl#accessTo> <../random/example.ttl>;
              <http://www.w3.org/ns/auth/acl#mode> <http://www.w3.org/ns/auth/acl#Read>;
              <http://purl.org/dc/terms/created> "2025-11-04T08:21:37.085Z"^^<http://www.w3.org/2001/XMLSchema#dateTime>.

Security & privacy considerations

Implementation guidance

Change log