To configure access control restrictions, implementations MUST follow the recommendations of Web Access Control. Currently a root level ACL is implied but not explicitly referenced in the RDF of the root container. To comply with SOLID WEBAC a root level ACL should be explicitly defined in accordance with https://github.com/solid/web-access-control-spec#default-inherited-authorizations. In other words it is my reading that a default root acl should be created on startup. Users should be able to override the link (with a PATCH) in order to update the root ACL link or change the contents of the root acl.