Suppose I have an app that manages a form of contacts. My app manages private resources, but my user will want to share some managed resources with other users. So, my app should change the ACL of its managed resources. This require the acl:Control authorization.
Instead of requesting full acl:Control over the whole pod, @Smag0 showed me that the user can grant my app control access only over a specific container. The question is, is there a way to programmatically request that specific permission, without having access to the ACL? For instance, redirect the user to user.pod/my-app-container/.well-known/requestControl?app=my-app that would show a page: ‘Would you let my-app control my-app-container? yes/no’
Or of course, anything better that would be discoverable.