Mention how authorization might be handled

[lanthaler]

_Raised by Thomas Hoppe:_

Authorization is a major concern and therefore I would also like to see a chapter which describes how access to a hydra-driven API can can restricted.

I think the obvious strategy is to "render" hydra-core documents with only the operations which are allowed for by the requesting client. This may sound natural but I think it is essential information for someone exploring the matters.

[elf-pavlik]

Maybe @deiu has suggestions? @all please check Andrei's thesis Data Ownership and Interoperability for a Decentralized Social Semantic Web

@bblfish @seebi with others have done IMO very interesting work on Authorization Delegation and I already plan that we will run daemons heavily with capabilities like XOperator

I really find it this topic crucial for adoption in projects like SpaceAPI which already connect to SpaceFed (both already deployed and used)

[lanthaler]

PROPOSAL: Mention that links can be shown/hidden based on the current user's permissions and add an example to the specification to illustrate it. Other than that, authorization is out of scope for the Hydra Core vocabulary but it would make a lot of sense to create a separate vocabulary for this.