Data GUIDs may represent some controlled access data and offer no specific ACL schema. Can we help instruct clients on how to implement access control for data represented by a given GUID? If data is meant to be private, should it be kept in a separate namespace?
I think this information can potentially be included on a per URL basis in the records? We could simply have a secondary URL that leads to a landing page which describes how to access the data. This would be useful because you may have data in say a requestor pays bucket on GCP and open access on AWS in addition to things like ACLs.
We could facilitate a second record that states something about automatic negotiation means too? In Gen3 we actually split this responsibility so Indexd is only in charge of maintaining GUID -> URL mapping and Fence is responsible for understanding how to process the URLs in a way that it can allow access.