Permission templates - declaring default ACLs for objects when created

[anarchivist]

Tagging @jcoyne. We need to document our needs around permission templates, which are the default ACLs for an object when it is created.

• Should permission templates be stored in Fedora? (@jcoyne says no; I'm not sure I agree).
• Does acl:defaultForNew make sense here? What is the expectation/relation to what actually gets persisted to Fedora? (see here for more info on default perms)

[anarchivist]

See Slack discussion onward.

[anarchivist]

Decisions from 10/24 call (following sprint planning):

Should permission templates be stored in Fedora? (@jcoyne says no; I'm not sure I agree).

No, they should not go in Fedora (for now) -- it's faster to do this from the database, and @jcoyne suggested that we view the permission templates as ephemeral objects. However, this should be flagged by someone (@jcoyne? @mjgiarlo?) for discussion either in a Hydra tech call or with the Architecture Working Group.

Does acl:defaultForNew make sense here? What is the expectation/relation to what actually gets persisted to Fedora? (see here for more info on default perms)

No, it doesn't make sense to use acl:defaultForNew. Based on the above answer, and the assumption that we're doing copy on create (see AWG notes), we might want to mint a new predicate if we want to reference the permissions template in some way, or if it ultimately gets persisted in Fedora. (I'll document it as a MAY, with some notes that point to this issue.)